Privacy Policy

Privacy Policy

Last updated: 26 March 2026

This Privacy Policy explains how BritishAmerican Business (“we”, “us”, “our”) collects, uses, stores, and shares personal data, and explains your rights under applicable data protection laws, including the UK GDPR, the EU GDPR, and the Privacy and Electronic Communications Regulations.

1. Who we are

BritishAmerican Business (BRITISH AMERICAN BUSINES INC OF NEW YORK AND LONDON) is the data controller responsible for your personal data.

Registered address: Chancery House 53-64 Chancery Lane, London, WC2A 1QS
Company/Charity number: FC022630

If you have any questions about this policy or how we use your data, you can contact us at:

Email: dparker@babinc.org

2. How we collect personal data

We collect personal data in the following ways:

  • Directly from you (e.g. when you become a member, register for events, or contact us)
  • From your organisation or employer (in connection with membership)
  • From event partners or sponsors (where relevant)
  • Automatically through our website (e.g. cookies and analytics tools)

3. What personal data we collect

Depending on your relationship with us, we may collect and process the following categories of personal data:

  • Identity data: name, title
  • Contact data: email address, postal address, telephone number
  • Professional data: organisation, job title, sector
  • Membership data: membership status, history, and payment status
  • Event data: registrations, attendance history, dietary and accessibility requirements (where provided)
  • Communications data: correspondence and preferences
  • Marketing data: subscription status and opt-outs
  • Financial data: payment information (processed securely by third-party providers)
  • Images and recordings: photographs, video, or audio recordings taken at events
  • Technical data: IP address, browser type, and cookies/analytics data

Special category data

In limited circumstances, we may collect information relating to dietary or accessibility requirements, which may reveal health data. Where this occurs, we process this information only with your explicit consent (Article 9(2)(a)).

We do not intentionally collect personal data relating to children. If you believe a child’s data has been provided to us, please contact us.

4. How we use your data and our legal bases

We only use personal data where we have a lawful basis to do so under data protection law.

Membership administration

  • Purpose: Managing memberships, delivering benefits, and communicating with members
  • Data used: Identity, contact, professional, membership, communications data
  • Legal basis: Contract (Article 6(1)(b)) and Legitimate Interests (Article 6(1)(f))

Member communications and newsletters

  • Purpose: Sending updates, newsletters, and event invitations relevant to our mission
  • Data used: Identity, contact, professional, marketing data
  • Legal basis: Legitimate Interests

You can opt out at any time.

Event registration and administration

  • Purpose: Managing event registrations, logistics, payments, and follow-up
  • Data used: Identity, contact, professional, event, and financial data
  • Legal basis: Contract and Legitimate Interests

Event-related communications

  • Purpose: Informing attendees about similar events or related activity
  • Data used: Identity, contact, professional, event data
  • Legal basis: Legitimate Interests

You may object at any time.

Marketing where consent is required

  • Purpose: Sending marketing communications where required by law
  • Legal basis: Consent (Article 6(1)(a))

You can withdraw consent at any time.

Photography and recordings at events

  • Purpose: Promoting our events and activities
  • Data used: Images, video, audio
  • Legal basis: Legitimate Interests

We will provide clear notice at events where photography or recording takes place. If you do not wish to be recorded, you may inform a member of staff or avoid recorded areas.

Website analytics and cookies

  • Purpose: Operating and improving our website
  • Legal basis:
    • Legitimate Interests (for essential cookies)
    • Consent (for non-essential cookies)

Further details are set out in our Cookie Policy on our website.

5. Legitimate interests

Where we rely on legitimate interests, these include:

  • Communicating with members and stakeholders
  • Promoting and evaluating our events and activities
  • Maintaining accurate records
  • Improving our services

We balance these interests against your rights and provide opt-out mechanisms where appropriate.

6. Who we share your data with

We may share personal data with:

  • Our staff and contractors
  • Service providers acting as data processors (e.g. CRM systems, email marketing platforms, event platforms, payment providers)
  • Professional advisers (legal, accounting, audit)
  • Regulators or authorities where required by law

We do not sell personal data.

7. International data transfers

We operate in the United Kingdom and the United States. Personal data may be transferred outside the UK or European Economic Area.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Adequacy regulations (including, where applicable, the UK–US Data Bridge), or
  • Standard Contractual Clauses together with the UK International Data Transfer Agreement or Addendum

8. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, and reporting requirements.

Typical retention periods include:

  • Membership records: duration of membership plus up to 6 years
  • Event records (non-members): up to 5 years
  • Marketing records: until you unsubscribe or object
  • Financial records: as required by law
  • Images and recordings: for as long as they remain relevant for promotional or archival purposes, unless you object

9. Your rights

Under data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Withdraw consent (where applicable)
  • Request data portability
  • Lodge a complaint with the Information Commissioner’s Office or your local supervisory authority

To exercise your rights, please contact us.

10. Automated decision-making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and the “Last updated” date will be revised accordingly.