Privacy
This website is the property of the British Association of Black Surgeons. We take the privacy of all visitors to this Website very seriously and therefore set out in this privacy policy our position regarding certain privacy matters concerning this Website. This policy covers all data that is shared by a visitor with us whether directly via babs-uk.org or via email. This policy is occasionally updated so we suggest you re-review from time to time.
Website Owner Details:
British Association of Black Surgeons (BABS)
The Royal College of Surgeons of Edinburgh
85–89 Colmore Row
Birmingham B3 2BB
Email: info@babs-uk.org
Policy updated: 27th Febuary, 2026
1. Who We Are
The British Association of Black Surgeons (“BABS”, “we”, “us”, “our”) is the Data Controller for personal data collected through this website. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this Privacy Policy or how we handle your data, please contact us at info@babs-uk.org.
2. The Personal Data We Collect
We may collect and process the following categories of personal data:
a) Information you provide directly
- Name
- Email address
- Contact details
- Information submitted via website forms or correspondence
b) Automatically collected data
- IP address
- Browser type and version
- Device information
- Pages visited and time spent on the site
- Referral source
c) Cookies and tracking technologies
See Section 7 below for details.
We do not intentionally collect special category data via this website.
3. How We Use Your Personal Data
We process personal data to operate, maintain and secure our website, to respond to enquiries and communications, and to monitor and improve the performance and functionality of the site. We may also process personal data where necessary to comply with legal and regulatory obligations or to protect our rights and legitimate interests.
We do not sell personal data.
4. Lawful Bases for Processing (Article 6 UK GDPR)
Under UK GDPR, we rely on one or more lawful bases to process personal data. These include consent, for example where you have given clear consent for non-essential cookies or marketing communications; legitimate interests, such as for website administration, security, and analytics, provided your rights are not overridden; legal obligations, where processing is necessary to comply with the law; and contract, where processing is necessary to perform a contract or take steps before entering into one.
Where processing is based on consent, you may withdraw it at any time.
5. Sharing Your Personal Data
We use third-party service providers to host and support our website and related systems. Personal data submitted through the website may be stored on servers managed by these providers.
We may also share personal data with professional advisers or regulatory authorities where required by law.
All third-party providers act as Data Processors and process personal data only on our documented instructions and under written agreements in accordance with Article 28 UK GDPR.
6. International Transfers
Some third-party providers (such as analytics providers) may process data outside the UK.
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with Chapter V UK GDPR, including:
- UK International Data Transfer Agreement (IDTA), or
- UK Addendum to EU Standard Contractual Clauses
7. Cookies and Analytics
We use cookies and similar technologies to ensure the website functions correctly, to store user preferences, and to analyse website traffic.
We may use third-party services, including Google Analytics, Google Tag Manager, Google Fonts, Font Awesome, and Segment (Twilio), to support these functions. These providers process data in accordance with their own privacy policies.
Where required by law, we obtain your consent before placing non-essential cookies. You can manage or disable cookies through your browser settings at any time.
8. Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including responding to enquiries, maintaining appropriate security records, and complying with legal and regulatory obligations.
When personal data is no longer required for these purposes, it is securely deleted or anonymised in accordance with our data retention practices.
9. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the right to request access to the personal data we hold about you, to request correction of inaccurate or incomplete data, and, in certain circumstances, to request erasure or restriction of processing. You may also object to processing carried out on the basis of legitimate interests, withdraw consent where processing is based on consent, and request the transfer of your data to another organisation where applicable.
If you are unhappy with how we process your personal data, we encourage you to contact us first at info@babs-uk.org so we can try to resolve your concerns. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We will respond to all valid requests within one month in accordance with UK data protection law.
10. Data Security
We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, alteration, disclosure, or destruction.
11. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on this page.