1. OUR COMMITMENT TO DATA PROTECTION
We are committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation in place from time to time.
Who we are
Enterprise Growth Solutions Limited (Registration Number: Z3424179) is a ‘data controller’ and part of the Exemplas Group of Companies. The Exemplas Group of Companies (the “company”, “we”, “us”, or “our”) takes its data protection and information security responsibilities very seriously. We will always keep your personal data safe and comply with applicable data protection legislation, rules and regulations relating to the processing of personal data, including the General Data Protection Regulation 2016/679 and any laws, rules and regulations implementing the foregoing (the “GDPR”).
The Exemplas Group of Companies means Exemplas Holdings Limited; Exemplas Limited; Exemplas Trade Services Limited; and Enterprise Growth Solutions Limited (the “Exemplas Group”). Data processing activities in the context of general business or government funded initiatives are generally controlled by Exemplas Holdings Limited or Exemplas Limited. Data processing activities in the context of specific initiatives concerning international trade are ordinarily controlled by Exemplas Trade Services Limited and Enterprise Growth Solutions Limited. If different Exemplas entities act as joint controllers, Exemplas Holdings Limited is designated as a single point of contact for data subjects under the GDPR.
We are committed to the effective management of all personal data, including personal data we receive from visitors to our website and any associated websites under our control (together our “Websites”). The security and confidentiality of personal data and fostering a culture of transparency and accountability is important to how we conduct our business.
This privacy notice (the “Notice”) explains how we may collect and use any personal data that we obtain about you and your rights in relation to that data. You should read through this Notice to fully understand how we may collect and use information that we obtain about you, and your rights in relation to that information. Your use of our online services or your provision of information to us constitutes your acknowledgment of the terms of this Notice. Please do not send us any of your information if you do not want it to be used in the ways described in this Notice.
When we ask you for personal data, we will:
- tell you why we need it
- only ask for relevant information
- look after it and make sure it is only accessible to those within the Exemplas Group and its partners who need to see it
- only keep it for as long there is a business, statutory or legal obligation (according to our retention policy)
- not make your personal data available to third parties without your permission.
In return, we ask you to:
- give us accurate information, and
- tell us as soon as possible if there are any changes.
2. SCOPE OF THE NOTICE
This Notice applies in the following circumstances:
- When you request information from us or provide information to us;
- When you or the organisation you work for engages our services, or applies to one of our programmes for government funding;
- As a result of your relationship with one or more of our clients or partners as part of a referral;
- When you apply for a role or work placement opportunity;
- When you complete forms on our Websites;
- When you attend our events;
- When we conduct open source searches on you in connection with our business development processes;
- When you visit our Websites and online services (including our Digital Platform); and
- When you are entered onto our mailing lists to receive publications and other marketing emails (please see section 13 for more information).
3. PERSONAL DATA WE COLLECT
Across our Group, we may collect personal data:
From you directly:
- Information that you provide by filling in forms or surveys;
- Information in correspondence that you send us;
- Details of your visits to our website including, but not limited to, traffic data, location data, blogs and other communication data, and the resources that you access;
- Personal contact details, such as title, full name, contact details, date of birth, address;
- Your nationality, if needed for the provision of service or for grant eligibility;
- Information about your employment status, if relevant;
- Bank account information, if needed for the payment of grants;
- Equality, Diversity & Inclusion information;
- Information about your career, workplace, employer, research / innovation;
- Services, you currently hold with us, included funded services;
- Marketing to you, including history of those communications, and information about funded services or related business support services we think you may be interested in to improve your business, and analysing data to help target offers to you that we think are of interest or relevance to you;
- Dietary and/or accessibility needs;
- Information about your use of funded services or services held with our Delivery Partners;
From the following general sources:
- Information generated about you when you use our services
- Information from delivery partners
- Information from public authorities
- Information from publicly available directories and information (e.g. social media, internet, Companies House, HMRC), and other organisations that operate to assist in offering individuals business support
- We buy information about you from accredited third parties, including marketing lists, publicly available information or information to improve our service delivery Information
- Insights about you and our customers gained from analysis or profiling of customers
- We receive information about you from government departments or third parties to offer you funded business support services.
When you use our online services, we may collect the following:
- Information you provide by completing subscription, registration and application forms (including when you submit material or request further services);
- Information you provide to us if you contact us, for example to speak with an adviser, or to report a problem with our online services; and
- Details of visits made to our online services such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.
4. USE OF YOUR PERSONAL DATA
We may use your personal data if:
- it is necessary for the performance of a contract with you or the organisation you work for; or
- necessary in connection with a legal or regulatory obligation; or
- for public task, when we are engaged as the government’s delivery partner when we carry out tasks in the public interest;
- you have provided your consent (where necessary) to such use or the organisation that you work for has obtained your consent (where necessary); or
- we (or a third-party) have a legitimate interest which is not overridden by your interests or your rights and freedoms; or
- we are otherwise required or authorised by law.
We may use your information:
- to provide you with information or services that you request from us or which we feel may interest you
- to notify you about changes to our website or services
- for communications and public engagement activities: surveys, events, newsletters, communications, websites and social media
- to manage funding applications and awards
- to alert you to funding opportunities
- to undertake funded business support monitoring and evaluation
- to support participation in events and workshops; this may include surveys and collecting information on dietary or accessibility requirements
- to ensure our terms and conditions of funding are met, for example audits
- to operate our complaints policy
- to facilitate commercialisation and our legitimate business interest
- for evaluation and recording
- for current or past employees, interns or associates for:
- recruitment including recording equality and diversity, personnel files, rewards and benefits, training and development, management information, pension scheme administration, accidents, incidents and general health and safety at work, legal casework – grievances, disciplinary, and dismissal.
- provide and improve our services and products to you or the organisation you work for (including auditing and monitoring use of those services and products);
- to maintain and develop our relationship with you and your organisation;
- to monitor and analyse our business;
- to facilitate our internal business operations;
- to fulfil our legal, regulatory (including state aid requirements), accounting, reporting, risk management or professional obligations;
- to send you legal updates, publications, marketing and details of events (please see Section 13 for more information);
- to process and respond to requests, enquiries or complaints received from you.
We may not be able to do these things without your personal information.
5. DISCLOSURE OF YOUR INFORMATION
We may share your information with third parties including:
- Our partners, our business advisers and your employers or place of business;
- Third parties involved in the provisions of services to clients including professional advisers;
- Our professional advisers, auditors and insurers;
- third party service providers to whom we outsource services, for example archival, auditing, reference checking, professional advisory (including legal, accounting, financial and business consulting), IT support, mailing house, delivery, technology, website, social media, research, banking, payment, client contact, data processing, insurance, marketing and security services;
- Third parties with whom we have co-promotional arrangements (such as jointly sponsored events);
- Third parties who carry out research and analyses of our services and products on our behalf; or
- Public authorities that fund our services.
We will only retain your personal information for as long as is reasonably necessary in the circumstances. Personal data provided in connection with the provision of our services will be retained in accordance with Exemplas’ retention policies unless we agree otherwise with you, in writing. If you wish to know more about our retention policies, please contact: firstname.lastname@example.org.
6. THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (for example, when providing our services); or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms; or under public task when we are engaged as the government’s delivery partner when we carry out tasks in the public interest; or where consent is required, for example, direct marketing.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including any legitimate interests relied upon), please send an email to email@example.com
7. SHARING INFORMATION ACROSS OUR NETWORK
We may share your information across the Exemplas Group including our delivery partners.
Where we transfer your information internationally we will take reasonable steps to ensure that your information is treated securely and the means of transfer provides adequate safeguards.
8. KEEPING YOUR PERSONAL DATA SECURE
We use up to date data storage and security to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by security standards, processes and procedures and we store information in access controlled premises or in electronic databases requiring logins and passwords. We require our third party data storage providers to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.
However, the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
10. THIRD PARTY SITES
Our Websites contain links to other sites which are controlled by third parties.
Visitors should consult these other sites’ privacy policies and please be aware that we do not accept responsibility for their use of information about you.
11. YOUR RIGHTS
You have rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
- Right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- Right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- Right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
- Right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
- Right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- Right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- Right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of your rights at any time using the contact details set out in Section 15. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. It may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we receive notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Information we hold about you should be up-to-date and accurate. Please advise us in writing of any changes to your information using the contact details set out in Section 15 below.
12. IF YOU DO NOT WANT TO RECEIVE MARKETING INFORMATION FROM US
If you receive marketing materials relating to our services by email or post, you may withdraw your consent for us to send these to you at any time, by using the “unsubscribe” option included in the email or other material. Alternatively, you can let us know your preferences by sending an email to firstname.lastname@example.org.
13. STATUS OF THIS POLICY
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
14. CONTACTING US
You may contact us, if you have any complaints or questions about this privacy notice or the personal information we may hold about you or to exercise all relevant rights, by:
Email: email@example.com; or
By post: Head of Legal and Data Privacy (Group General Counsel), Marcia Kilmurry, 3rd Floor, Titan Court, 3 Bishops Square, Hatfield, Hertfordshire, AL10 9NE, UK.
If you feel we have not handled your query or concern to your satisfaction you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at ico.org.uk concerns or telephone 0303 123 1113.
Last updated: 16/04/2019