Digital Forge

Connecting Buildings & People

Privacy notice

Forge are committed to respecting your privacy. This privacy statement describes why and how we collect, use, store and who we may disclose your personal data (information) with during your visit to this website or when you give your personal information to us along any channel.

In summary your personal data is important to us and we are committed to protecting it in line with the Data Protection Act 2018 and the GDPR. Personal Data which you give to us is safe and confidential, securely stored and only shared as documented in this document.

We are Forge Ltd, a UK company registered at The Long Barn 1, Tickenham, Bristol BS21 6RY. You can reach us at privacy@weareforge.io, or call us on +44 (0)800 368 7727 if you have any privacy concerns.

 

Why and how do we process your data

Personal information means information that could identify (with other information that we hold) a living individual. When we are the Data Controller we collect:

  • Name
  • Phone Number
  • Email address

In order that we can offer our services (which is primarily a visitor management service) we will need to process (for example, collect, use, hold, transfer) your personal data. We only collect personal information necessary to fulfil the service/activity you select. We will not collect special categories or children’s personal information. All information you provide is at your discretion.

We only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where there is a contract in place, for example, for the purposes of providing the Forge Bluepoint services to you and our Data Controllers.
  • Where it is in the legitimate interest of yourself and We are Forge Ltd, and whereby your fundamental rights are not overridden.
  • Where we have a Legal Obligation, for example: We (the Data Processor) have an obligation to the Data Controller (the Site team, Landlord or owners) to provide accurate data about those who will, are and have visited their sites
  • Where it is in your Vital Interests: This applies when you are an active Visitor or Contractor on a Forge Bluepoint site, generally for Health and Safety purposes; to make sure we have a record of you on Site, ensure you’ve agreed to any relevant safety inductions and to ensure you are protected in the event of fire or other emergency warranting evacuation or similar.

Your rights

You need to know what your rights are regarding your personal data.

 

Your Right to be Informed

This privacy document keeps you informed about how we store and process your personal data. You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. These rights are described below:

 

Access to your personal data and data portability

You have the right to access and receive a copy of the personal information we hold about you, this is called a ‘Subject Access Report.’ This will provide you with all personal data we hold about you, subject to some limited exemptions.

For example; you will not be necessarily entitled to access third party information.

If you are using our Forge Bluepoint product you can view and update all of your personal data, such as profile details, visits performed across all our Sites. See “Signing into Forge Bluepoint”.

You have the right to data portability. Under this right for information you can request that your personal data is provided to you (or another organisation) in a portable, electronic format from ourselves or;

For example;

  • Download your profile information and history from the Forge Bluepoint Profile page.
  • Use our Search page to search and download all visits, deliveries etc where you were featured.

Change, restrict, delete

You may also have rights to change, restrict the use of, or delete your personal information (Unless this right is overridden by a legal obligation or vital interests.

For example; You have the right to prevent all notifications (email, SMS etc) via your Forge Bluepoint Profile page or by invoking the relevant link available in all Forge Bluepoint emails sent to you.

Object

You can object to us processing your information based on our legitimate interests. In such cases, we will delete your personal information within a month of receipt of the objection, unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal obligation or vital interests.

For example; As a Visitor, on entry to a building you cannot object to having your data stored. In the event of an evacuation, we need to know everyone on site for their own safety.

You can object to this decision by raising a complaint directly with the ICO (Information Commissioners Office).

Who do we share your information with

Under the data protection regulation when Forge are the ‘Controller’, that means that we are responsible for the protection of your information, including where it is shared with other organisations or persons that help us deliver our services to you (‘processors’).

  • Forge is a Data Controller when processing Account & Website Data.
  • We act as a Data Processor on behalf of our customers (who are the Data Controller) when processing visitor personal data. We comply with their Data Privacy Policies when we are the Data Processor.

Third Party Access

We don’t provide your personal data to any third parties for marketing or any other purposes, unless governed by any other Laws to do so, which override Data Protection Act 2018/the GDPR.

How long we keep the information for

Your personal information is only kept for as long as necessary to provide you with our services. However, we may also be required to retain your information to comply with legal and regulatory obligations, to resolve disputes, and to enforce agreements. We keep a record of all, of our processing activities which will document our retention process. If you use Bluepoint your account/identity will be stored indefinitely until you choose to delete it, if applicable. You can invoke your Right to Restrict at any time.

Complain

You can contact us at We are Forge Ltd, The Long Barn 1, Tickenham, Bristol BS21 6RY. privacy@weareforge.io, or call us on +44 (0)800 368 7727 if you have any privacy concerns.

If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority. In the UK that is the Information Commissioner’s Office (ICO). Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

What are Cookies and how are they used

Cookies are small files that websites put on your device to make visits quicker, easier and more relevant. Some cookies are necessary for this website to work while others remember things about you and help us to improve our services.

This website places cookies on your computer or handheld device (“your device“). This is standard practice for all websites.

There are two broad classes of cookie used on this website, and they are session and permanent:

Session cookies – these are used to keep track of information needed by a user and their browser on their journey through a website. The session cookies on this website have a short lifetime and expire within a few minutes of you leaving the site. Occasionally we will use 30 day cookies which are similar to session cookies but last a bit longer.

Permanent cookies – these are stored on your device and are not deleted when your browser is closed. This is so they can retain your preferences for this website, allowing those preferences to be used in future browsing sessions. Permanent cookies are used to analyse users’ behaviour, and as such help us to improve our services and allows us to prioritise enhancements to this website.
By using this website, you consent to cookies being used in accordance with this policy. If you do not consent, you must disable cookies or stop using this website. To view further information on the specific cookies used on this website or how to disable them please view our cookies policy.

Third party cookies
The following cookies store information used by Google Analytics and help us track user activity on the site.
_gid, -gat, AMP_TOKEN, _gac_<property-id>
The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

These cookies store information used by Google maps
1P_JAR, APISID, CONSENT, DV, HSID, NID, SAPISID, SID, SIDCC, SSID, UULE

This cookie is used by the cookie consent pop-up
cookieconsent_status

For an overview of privacy at Google visit https://policies.google.com/privacy. You may delete and block all cookies from this site, but parts of the site may not work as a result. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.

Hyperlinks

If our web site contains links or references to other companies that we do not control and to which our Privacy Statement does not apply, please be sure that you read the Privacy Statement of every web site you visit. We are not responsible for your interactions with these web sites. For example: Linkedin.

Data Security

Forge follow strict security procedures in the storage and disclosure of information that you have given us. We take all reasonable steps to protect the personal data processed from the loss, misuse, and unauthorised access, disclosure, alteration, or destruction. Remember that no method of transmission is completely secure against interception.

All personal data is stored securely in European Microsoft Azure data centres across a mixture of Azure SQL and CosmosDb. We use active breach detection, at rest encryption and complex authentication credentials with limited IP endpoint access, rotating monthly.

All data is transmitted using SSL TLS 1.2 2048 bit encryption over HTTPS.

We perform PEN tests on an annual basis using our excellent partners at RedScan – the latest test results are available on request.

We actively monitor our infrastructure and storage for signs of data breach. If we suspect a breach, we will immediately investigate and raise details of the breach to the Intellectual Commissioners Office (ICO) within 72 hours. If you are affected by the breach you will be contacted automatically.

If you suspect a breach of your personal data, please contact We are Forge Ltd, The Long Barn 1, Tickenham, Bristol BS21 6RY. privacy@weareforge.io, or call us on +44 (0)800 368 7727.

Where we store it

We store all our data from go.bluepoint.uk.com in Microsoft’s West Region data centre based in Northern Ireland. Some system telemetry does go to the East Coast region data centre in the United States, but this contains no personal data.

Contact Us

If you have any questions or concerns regarding the protection of your personal information, you can contact us at We are Forge Ltd, The Long Barn 1, Tickenham, Bristol BS21 6RY, privacy@weareforge.io , or call us on +44 (0)800 368 7727.

Changes

Forge reserves the right to amend this Statement at any time. The Privacy Notice does not create any contractual or other legal right on behalf of any party.

This Privacy Notice was last updated September 2019.