Copyright 2018 BGA | Designed by Favoured
For StudentS & Graduates
For Business SchoolS
For Sponsors
About Us
The Association of MBAs and Business Graduates Association (AMBA & BGA) is the impartial authority on postgraduate management education and is committed to raising its profile and quality standards internationally for the benefit of business schools, students and alumni and employers. AMBA established that vision in 1967 and it’s as relevant today as it was almost 50 years ago.
The Business Graduates Association is an international membership and quality assurance body of world-leading and high-potential Business Schools who share a commitment for responsible management practices and lifelong learning, and are looking to provide positive impact on their students, communities, and the economy as a whole.
Students and graduates of BGA member, validated and accredited Schools may join BGA as individual members.
We also provide guidance and advice to students and graduates, and connect employers and suppliers of services to the Higher Education industry with our member schools and individuals.
Our GDPR Owner and data protection representatives can be contacted directly here:
Updates to this privacy statement
Personal data
Under the GDPR personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
How and why does AMBA & BGA need to collect and store personal data?
This privacy statement tells you how we, AMBA & BGA, will collect and use your personal data. In order for us to provide you with the relevant service(s) we need to collect personal data for correspondence purposes and/or detailed service provision. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Will AMBA & BGA share my personal data with anyone else?
We may pass your personal data on to third-party service providers contracted to AMBA & BGA in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf or directly to us. When they no longer need your data to fulfil this service, they will dispose of the details in line with AMBA & BGA’s procedures. If we wish to pass any sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
We use Dotmailer, a UK-hosted third party provider operated by Dotdigital to send and manage our email communications which is certified as adhering to the EU-US Privacy Shield. Please note that Dotdigital is a third-party service that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA & BGA will use your information. You should refer to Dotdigital’s privacy policy we do not accept any responsibility or liability for their policies. We are reviewing our email service provider arrangements.
When we send you email communications, we monitor whether you have opened the communication and clicked on any included links, using industry standard technology. This will enable us to track and analyse your level of engagement/interest in the communication we are sending you and will provide us with further insight on what type of communications are most of interest to you.
How will AMBA & BGA use the personal data it collects about me?
AMBA & BGA will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
We do not carry out automated decision making or profiling.
How long will AMBA & BGA hold the information for?
AMBA & BGA is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. AMBA & BGA will process and store personal data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you.
Under what circumstances will AMBA & BGA contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. We endeavour to contact you only with information relevant to you.
Can I find out the personal data that the organisation holds about me?
AMBA & BGA at your request, can confirm what information we hold about you and how it is processed. If AMBA & BGA does hold personal data about you, you can request the following information:
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
What forms of ID will I need to provide in order to access this?
AMBA & BGA accepts the following documentation as proof of ID when information on your personal data is requested:
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Complaints
In the event that you wish to make a complaint about how your personal data is being processed by AMBA & BGA (or third parties as described in above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and AMBA & BGA’s data protection representatives.
The details for each of these contacts are:
| Supervisory authority contact details | AMBA Data Protection Owner contact details | |
| Contact Name: | Information Commissioner’s Office | Catherine Walker |
| Address line 1: | Wycliffe House | Association of MBAs & Business Graduates Association |
| Address line 2: | Water Lane | 25 Hosier Lane |
| Address line 3: | Wilmslow | London |
| Address line 4: | Cheshire | EC1A 9LQ |
| Address line 5: | SK9 5AF | |
| Email: | casework@ico.org.uk | c.walker@associationofmbas.com |
| Telephone: | 01625 545 745 | 02072462686 |
Read more about how and why we use your data by expanding the section(s) relevant to you below:
We use Google’s suite (analytics (GA), search console, tags and ads) to track site user interaction and to provide a better experience for our website users. We have Google codes installed on our site which creates one or more text files on your computer (called a “cookie”). The cookies contain an ID number which is used to uniquely identify your browser and track each element of our website you visit that has a google code enabled.
We use this data to determine the number of people using our site and to better understand how they find and use our web pages. With this information we can continually improve the information that we provide on our site and the processes for actions such as event and member registration. We can also use it to increase the number of new people finding our site, and help those who have already visited our site, find interesting material easily on the internet
Google Analytics, Search Console, Tags and Ads stores the following data:
Google also collects information about you from its Doubleclick tracking and profiling service, from ad-supported apps on your Android or iOS device, from your YouTube and Gmail activity and from your Google account. This data is put together and used to make inferences about your age, gender, interests, hobbies, shopping habits and living circumstances.
Your rights
If you already have Google cookies, they will be updated with the latest information about your visit to the site.
As we cannot access any personal data about you ourselves, we are not the Data Controller for your Google’s suiteor Doubleclick profile data. You would need to contact Google directly for this information.
You have the right to object to this tracking and to stop it happening.
How do I prevent being tracked by Google Analytics, and other google tools?
If you are uncomfortable with this tracking, you can take the following actions:
We use LinkedIn tracking to track site user interaction and provide relevant material to users who have already visited our website. We have a LinkedIn code installed on our site which creates one or more text files on your computer (called a “cookie”).
The cookies contain an ID number which is used to uniquely identify your browser and track each element of our website you visit that has a LinkedIn code enabled. We use this data to retarget previous site users with material that is relevant to them, given the webpages that they’ve visited that contain a LinkedIn code.
LinkedIn codes on our site store the following data:
As we cannot access any personal data about you ourselves, we are not the Data Controller for your LinkedIn profile data. You would need to contact LinkedIn directly for this information.
You have the right to object to this tracking and to stop it happening.
How do I prevent being tracked by LinkedIn?
If you are uncomfortable with this tracking, you can take the following actions:
• Use a tracking-blocker, such as Privacy Badger
• Clear cookies after every browsing session
• Opt-out
The personal data we may process on you is:
| Personal data type: | Source |
| Network location and IP address | Google and LinkedIn as outlined above |
| Inferred age range and gender | Google and LinkedIn as outlined above |
The personal data we collect will be used for the following purposes:
Our legal basis for processing the personal data:
For further information, see our Cookie Policy and Website Terms of Use.
Depending on the type of event, we either use our own website (www.businessgraduatesassociation.com), a third party platform called ‘EventsForce’, or a third party platform called ‘GoToWebinar’ to process event bookings.
In all cases we use a third party email platform called ‘Dotmailer’ to communicate with our event registrants, and we may also communicate with Webinar registrants via the GoToWebinar platform.
If you are a speaker at an AMBA & BGA event, we will publicly promote your involvement via Twitter, LinkedIn, Facebook and Instagram and emails to our members and contacts. This data may continue to be processed by those platform providers after the event has ended.
Bookings on www.businessgraduatesassociation.com:
The personal data we may process on you is:
Business contact details eg email address/phone number/postal address
| Personal data type: | Source |
| Name | Event registration form on www.businessgraduatesassociation.com |
| Job Title & Company or Business School name | Event registration form on www.businessgraduatesassociation.com |
| Business contact details eg email address/phone number/postal address | Event registration form on www.businessgraduatesassociation.com |
| Dietary and/or special assistance requirements where applicable | Event registration form on www.businessgraduatesassociation.com |
The personal data we collect will be used for the following purposes:
Our legal basis for processing for the personal data:
The special categories of personal data concerned are:
Disclosure
AMBA & BGA will pass on your personal data to further third parties as necessary to administer your event attendance, such as caterers or event hosts if you have particular dietary requirements, printers of event materials such as delegate lists and badges (where applicable), and fellow event attendees (in the form of the delegate list).
AMBA & BGA will also pass on your personal data to trusted Partners and Sponsors of the respective events in the form of a delegate list. Attendees have the option to opt in to their inclusion of the delegate list during the booking process.
Bookings via Eventsforce:
Please note that Eventsforce is a third-party service that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You should refer to Eventsforce’s privacy policy as we do not accept any responsibility or liability for their policies.
Eventsforce is based in the UK, which is recognized by a European Commission adequacy decision as providing an adequate level of data protection. For further details, please see the European Commission website
The personal data we may process on you is:
| Personal data type: | Source |
| Name | Eventsforce event registration form |
| Professional details and/or Business School name | Eventsforce event registration form |
| Business School programme details | Eventsforce event registration form |
Contact details eg email address/phone number/full or partial address | Eventsforce event registration form |
| Nationality and country of residence | Eventsforce event registration form |
| Date of Birth and gender | Eventsforce event registration form |
| Dietary and/or special assistance requirements where applicable | Eventsforce event registration form |
The personal data we may process on you is:he personal data we collect may be used for the following purposes:
Our legal basis for processing for the personal data:
The special categories of personal data concerned are:
Disclosure
AMBA will pass on your personal data to further third parties as necessary to administer your event attendance, such as caterers or event hosts if you have particular dietary requirements, printers of event materials such as delegate lists and badges (where applicable), and fellow event attendees (in the form of the delegate list).
Bookings via GoToWebinar:
Please note that GoToWebinar is a third-party service run by LogMeIn Inc. that is not owned or managed by AMBA. This privacy policy only refers to the way AMBA will use your information. You should refer to LogMeIn Inc.’s privacy policy as we do not accept any responsibility or liability for their policies.
LogMeIn Inc. operates in the USA and subscribes to the EU-US Privacy Shield, which commits subscribers to adhering to European standards of data protection. For further details, please see:
The personal data we may process on you is:
| Personal data type: | Source |
| Name | GoToWebinar event registration form |
| Email address | GoToWebinar event registration form |
The personal data we collect may be used for the following purposes:
Our legal basis for processing for the personal data:
Bookings via Zoom – webinars & events:
Please note that Zoom is a third-party service run that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You should refer to Zoom’s privacy policy nas we do not accept any responsibility or liability for their policies.
Zoom operates in the USA and has incorporated the European Commission’s Standard Contractual Clauses (or “SCCs”) as the basis of Zoom’s international data transfer policy For more information, please see:
Zoom and the European Union’s General Data Protection Regulation (GDPR)
To process your event registration, AMBA & BGA will collect registration information on the associationofmbas.com or businessgraduatesassociation.com website(s) and upload a first name, last name and email address to Zoom webinars. This will enable AMBA & BGA to enrol you onto the specified event(s).
| Personal data type: | Source |
| Name | AMBA and/or BGA website(s)/Zoom event registration form |
| Email address | AMBA and/or BGA website(s)/Zoom event registration form |
| Business School name | AMBA and/or BGA website(s)/Zoom event registration form |
| Job title/role | AMBA and/or BGA website(s)/Zoom event registration form |
| Country | AMBA and/or BGA website(s)/Zoom event registration form |
| Programme studied/studying | AMBA and/or BGA website(s)/Zoom event registration form |
| Graduation or expected graduation date | AMBA and/or BGA website(s)/Zoom event registration form |
The personal data we collect may be used for the following purposes:
| Personal data type: | Source |
| Name | AMBA and/or BGA website(s)/Zoom event registration form |
| Email address | AMBA and/or BGA website(s)/Zoom event registration form |
The personal data we collect may be used for the following purposes:
Our legal basis for processing for the personal data:
Event nominations and/or research via SurveyMonkey
Please note that SurveyMonkey is a third-party service run by Momentive Inc. that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You should refer to SurveyMonkey’s privacy policy as we do not accept any responsibility or liability for their policies.
SurveyMonkey operates in the USA and subscribes to the EU-US Privacy Shield, which commits subscribers to adhering to European standards of data protection.For further details, please see the European Commission website
For further details, please see:
The personal data we may process on you is:
| Personal data type: | Source | |
| Name | SurveyMonkey survey/event form | |
| Email address | SurveyMonkey survey/event form | |
| Business School or organisation | SurveyMonkey survey/event form | |
| Job title/role | SurveyMonkey survey/event form | |
| Postal address | SurveyMonkey survey/event form | |
| Contact telephone number | SurveyMonkey survey/event form | |
| Name of educational course attended/attending | SurveyMonkey survey/event form | |
| Course mode | SurveyMonkey survey/event form | |
| Graduation or expected graduation date | SurveyMonkey survey/event form | |
| Photograph | SurveyMonkey survey/event form | |
| Business trading dates | SurveyMonkey survey/event form | |
| PA name | SurveyMonkey survey/event form | |
| SurveyMonkey survey/event form | |
| Passport details | SurveyMonkey survey/event form | |
| Age/date of birth | SurveyMonkey survey/event form | |
| Work experience level | SurveyMonkey survey/event form | |
| Salary scales | SurveyMonkey survey/event form | |
| Email address | SurveyMonkey survey/event form |
The personal data we collect may be used for the following purposes:
Our legal basis for processing for the personal data:
The personal data we may process on you is:
| Personal data type: | Source |
| Name | Registration form or event registration |
| Email address | Registration form or event registration |
| Employment status/professional information | Registration form or event registration |
| Nationality | Registration form or event registration |
| Location | Registration form or event registration |
| Year of Birth | Registration form or event registration |
| Gender | Registration form or event registration |
| MBA programme preferences | Registration form or event registration |
The personal data we collect may be used for the following purposes:
Our legal basis for processing for the personal data:
By consenting to this privacy statement you are giving us permission to process your personal data specifically for the purposes identified.
Consent is required for AMBA & BGA to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
You may withdraw consent at any time by emailing membership@associationofmbas.com.
Where you have registered as an individual member of BGA, we will process your personal information as set out in this section.
The personal data we may process on you is:
| Personal data type: | Source |
| Name | Member registration form or event registration |
| Email address | Member registration form or event registration |
| Telephone Number(s) | Member registration form or event registration |
| Professional information | Member registration form or event registration |
| Nationality | Member registration form or event registration |
| Location/address | Member registration form or event registration |
| Year of Birth | Member registration form or event registration |
| Gender | Member registration form or event registration |
| Programme details ie programme studied and graduation date | Member registration form or event registration |
The personal data we collect will be used for the following purposes:
Our legal basis for processing for the personal data:
Disclosure
BGA will pass on your personal data to the below third parties as is necessary to service your membership. We do not share your personal information with third parties for commercial purposes.
Our online Career Development Centre is provided by the Abintegro platform, and limited information including your name, email address and BGA membership number is passed through to their systems when you access this resource. For further information, please see Abintegro’s privacy policy and terms of use.
Our Digital Credentials are provided by Accredible and limited information including your name and email address is passed to their systems if you purchase a digital credential. For further information, please see Accredible’s privacy policy. (Valid from 1 January 2021)
We may process personal information necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Where you are a member of staff or faculty at an affiliated member business school within the AMBA & BGA network (ie having accredited programmes or being a member of the AMBA Development Network), we may hold professional contact data about you.
Where you are a professionally relevant contact for our business school services, ie you are a member of staff or faculty at a prospective, or candidate member business school, we may hold professional contact data about you.
The personal data we may process on you is:
| Personal data type: | Source |
| Name | If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
| Job Title & Business School name | If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
Professional contact details eg business school email address/phone number/postal address | If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
Professional information including age, nationality, gender, highest academic qualification, years experience. | Documentation submitted by the business school in the course of the accreditation/reaccreditation process. |
The personal data we collect will be used for the following purposes:
Our legal basis for processing for the personal data:
We may process personal information necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
We may hold business contact data about you if you are a professionally relevant contact for our services, and you are employed in an organisation which is a separate legal entity, or if we have an existing or ongoing business relationship with you or your company.
The personal data we may process on you is:
| Personal data type: | Source |
| Name | If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
| Job Title & Company name | If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
Business contact details eg email address/phone number/postal address | If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf. |
The personal data we collect will be used for the following purposes:
Our legal basis for processing for the personal data:
If you apply to work at AMBA & BGA, we will only use the information you give us to process your application.
If you are unsuccessful in your job application, we will hold your personal information for 6 months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.
If you are successful, as your employer the Association of MBAs & Business Graduates Association needs to keep and process information about you for normal employment purposes. As part of our pre-employment checks we require references covering the previous five-year period, in addition to proof of qualifications and proof of eligibility to work in the UK.
The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with your employment contract, to comply with any legal requirements, pursue the legitimate interests of the Charity and protect our legal position in the event of legal proceedings.
For further information and the full Privacy Notice for Employees, please contact the Data Protection Owner or the HR representatives.
How we define our legitimate interest
Professionally relevant individuals.
We may rely on legitimate interest as the legal basis for processing where this is not overridden by your interests and rights or freedoms.
We have therefore conducted a Legitimate Interest Test which includes the following considerations:
The Purpose Test
We consider that we have a legitimate interest in carrying out a business in favour of the well-being of all our employees and shareholders. This is enshrined in the EU Charter of Human Rights – Article 16 – Freedom to conduct a business. For customers and prospective customers, identified as working for legal entities and whom we consider are professionally relevant post holders; we consider we have a legitimate interest to process your data for the purposes of marketing of products and services. This purpose is supported by Recital 47 of the GDPR which states that:
“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”
We believe that professionals rely on being kept up to date about products or services to help them achieve their business objectives. Direct marketing is generally seen as an important tool to facilitate this. However, we will always respect your wishes, if you’re the recipient of our marketing.
The Balancing Test
A balancing test has been undertaken to compare our legitimates interests and the interests or fundamental rights and freedoms of prospective customers who require protection of their personal data,
We will only process personal data if we have determined that our services are ‘professionally relevant’ to you and your organisation. Material that we send to you may be relevant based on your profile, because of the type, size or location of the organisation that you work in, or because you are the right post-holder for a certain set of decisions based on factors like your role, seniority, and responsibilities.
We believe that the recipients of our marketing have a reasonable expectation that we as a Controller will process their Personal Data. The data we may hold on recipients originates from primary research by our research team, publicly available material held on websites, events we have jointly attended, personal data we have captured via business cards or similar interaction, referrals from other organisations, or from your colleagues.
The personal data we hold is limited and in addition is never sensitive data, and in most cases exists in the public domain.
Our assessment has taken into consideration the security measures that AMBA & BGA has in place based on the ISO27001 framework combined with the safeguards we have put in place through the implementation of the British Standard BS10012:2017 – Personal Information Management Framework delivering readiness to GDPR. Outputs of this framework include, but are not limited to:
Our conclusion is that the likelihood of impact and the severity of negative impact or distress of the data processing we undertake is negligible.
However, we want to respect your wishes about how and if you are contacted. On occasion we will contact you to verify your position, check how you would prefer to receive direct marketing, whether by post, by phone or by email and to remind you of your rights via our latest privacy statement. You may of course tell us you do not wish to be contacted at all, and we will respect your wishes, add you to a suppression list, and not contact you again. If you feel we are not being fair with you, please tell us. We would like to correct this. You may also complain to the UK regulator, Information Commissioners Office (www.ico.org.uk).
Private Individuals
We may rely on legitimate interest as the legal basis for processing where this is not overridden by your interests and rights or freedoms.
We have therefore conducted a Legitimate Interest Test which includes the following considerations:
The Purpose Test
We consider that we have a legitimate interest in carrying out a business in favour of the well-being of all our employees and shareholders. This is enshrined in the EU Charter of Human Rights – Article 16 – Freedom to conduct a business.
Moreover, as a membership body, we consider that we have a legitimate interest in holding the personal information of individuals who have signed up to BGA membership, and that this is essential for the provision of membership services.
The Balancing Test
A balancing test has been undertaken to compare our legitimates interests and the interests or fundamental rights and freedoms of individuals who require protection of their personal data,
We believe that BGA members, prospective students registered with BGA, and event registrants have a reasonable expectation that we as a Controller will process their Personal Data. The data we may hold on these individuals originates from registration forms filled out by the individual him or herself or from online analytics such as Google Analytics.
The personal data we hold is limited and is not sensitive data.
Our assessment has taken into consideration the security measures that BGA has in place based on the ISO27001 framework combined with the safeguards we have put in place through the implementation of the British Standard BS10012:2017 – Personal Information Management Framework delivering readiness to GDPR. Outputs of this framework include, but are not limited to:
Our conclusion is that the likelihood of impact and the severity of negative impact or distress of the data processing we undertake is negligible.
However, we want to respect your wishes. If you feel we are not being fair with you, please tell us. We would like to correct this. You may also complain to the UK regulator, Information Commissioners Office (www.ico.org.uk).