Privacy Policy

South Durham Enterprise Agency recognises that it has a responsibility to handle the information that it is privy to with due care and regard for its confidential nature and a duty to ensure that any such information that is gathered, held and used it treated with due care and not used for any purpose beyond its intended use.

SDEA provides a range of business, community and start up support services via our team of trained advisors, website and other digital content. This policy sets out our approach with respect to information that is collected from users of our service. Under applicable law, South Durham Enterprise Agency Ltd is the “data controller” of personal data collected through the use of our service.

Information we collect

When you interact with us through our service, we may collect information from you, as further described below:

The information you provide – we collect information from you when you voluntarily provide such information, such as when you complete our marketing form or when you register to access one of our Services. Information we collect may include, but not be limited to Name, Date of Birth, Contact Details including electronic means of contact.

Marketing of SDEA services, products and other information services and the legitimate business interests for processing your data

We do not collect any data automatically via our website or other digital services.

We will only market to you if have given us express permission to do so, you can revoke this permission at any time and inform us that you do not wish to appear on the database any more.

Marketing communications will primarily take the form of social media posts, email messages, telephone calls, text messages and postal communications. Instructions relating to how you can stop receiving messages will be included within each communication you receive. You may remove your data from this marketing database at any time.

We will use the information to contact you in the future about services or contracts we believe will be of interest to you. If we do so, each marketing communication we send you will contain instructions permitting you to ‘opt-out’ of receiving future marketing communications. In addition, if any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists can do so at any time.

Providing SDEA with information for legitimate business interests and the access to Services

We will gather data relating to the contractual and lawful services we deliver. This could include personal data. This data is gathered in accordance with the applicable law and a necessary part of the contract. A specific privacy statement will accompany any data gathered for contractual purposes. You have a right to refuse to provide these details, although this will limit services available to you, contractual data will not be used for marketing purposes and will only be used for the purposes of the associated contract. You have a right to know what data is held but due to a range of contractual and lawful reasons, this data must be kept for defined periods of time, therefore the right to have this data removed is not applicable in some cases. Specifics will be included in each contract’s privacy statement, or at the point the data is gathered. These policies will be made clear to you at the point the Service or Contract is presented to you. Appendix 1 covers a specific privacy policy in relation to Service and Contract Delivery.

How we use data

We use the information you provide in a manner that is consistent with this privacy policy. If you provide information for a certain reason, we may use the information in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the information you provide to answer your question or resolve your problem. Also, if you provide information in order to obtain access to our services or contracts, we will use your information to provide you with access to such services.

Our legal basis for handling of your personal data

To honour our contractual commitments to you - Much of our processing personal data is to meet our contractual obligations to our users, or to take steps at users’ request.

Legitimate interests - In many cases we handle personal data on the grounds that it furthers our legitimate interests. These includes:

  • Customer service
  • Marketing
  • Improving and analysing our business
  • Managing legal issues
  • Processing job applications

Our disclosure of your information

We will not sell your information nor disclose it for other purposes. We may transfer your information with your express consent. We do pass data on in the form of certified destruction and our to facilitate our IT services. The providers of these services comply with, and have an understanding of this policy and their requirements under applicable law.

Where information is gathered in accordance with a contractual Service, the contract’s privacy policy will be made clear at the point at which the data is gathered. This data will be passed to the relevant party, again made clear at the point of collection.

SDEA are satisfied that that the policies and procedures of the contractual parties are sufficient and robust in accordance with the applicable law.

General Points on How SDEA manage Data 

  1. Documents and information will not be held or processed by South Durham Enterprise Agency beyond the point they are reasonably required unless the information and documentation is required for the purposes of contractual fulfilment and/or legal obligation.

  2. All documentation that contains personally identifiable and/or commercially sensitive when it reaches the end of its life will be disposed of in a secure manner through a certificated and insured secure document disposal service.

  3. All information that is gathered will be stored in a secure manner, maintained either in a manual filing system within our offices or a secure electronic media which can be either “in house” or on a password protected “cloud” based system and are only accessible to suitably authorised personnel.

  4. Information will not be shared with any other organisation beyond that required to fulfil the service and meet contractual obligation, unless express permission has been obtained from the client or body concerned, or disclosure is required in compliance with the law.

  5. Forms used to gather client information require a client signature and contain a declaration outlining how the information will be used and stating that all information is stored and handled in compliance with the General Data Protection Regulation

  6. All staff in the employ of South Durham Enterprise Agency are governed by a confidentiality clause within their terms and conditions of employment, this is for the protection of both the organisation and the client.

  7. South Durham Enterprise Agency recognises the environmental impact caused by excessive documentation.  Therefore, every effort is made to ensure that the documentation burden is reduced and that replication of information is eliminated where possible.


  1. Where projects dictate that documents are retained for predetermined and contracted periods of time, South Durham Enterprise Agency will adhere to these contractual obligations. Where these obligations relate to Structural or EU funding, including LEADER, documents will be retained for the specified time period after the contract end date. the following guidance will be followed in relation to document retention, with regard to the role of South Durham Enterprise Agency within the specific contract be that subcontractor, partner, grant recipient or otherwise.


Appendix 1

PRIVACY POLICY – Relating specifically to data gathered as part of contractual service delivery.

Who we are

South Durham Enterprise Agency and then “(insert Agency details) is also a member of North East Enterprise Agency Ltd., who provide a contract management function for (insert Agency name) and with whom we share data in order to fulfil our contractual requirements. “

Scope of this Policy

This policy deals specifically with the support you have asked us to give you under the (insert programme) which we provide under a contract between (insert Agency Name/NEEAL as appropriate) and (insert).  

During the time that we support you, we may also wish to collect your personal data for other purposes.  For example, you may choose to take advantage of other forms of support we make available. We will only do so if we have informed you in writing of what those purposes are and how that data will be processed.   You will be given a specific Privacy Statement which sets out those purposes and how that processing will take place. If that should involve marketing purposes, we will only do so with your active consent and will give you ways to manage and review your marketing choices at any time.

How We Use Your Personal Information

(Insert Agency Name) is committed to safeguarding the privacy of our customers and clients; this policy sets out how we treat the personal information you give us in specific circumstances.

(Insert Agency Name) has agreed to support you in setting up and developing your business.  One of the ways in which we do this is through the (insert programme name) programme. We do this under contract to (insert).  Under the terms of that contract, we are required to obtain personal information from you and to share it with (insert). (if appropriate, insert - As well as that, we are obliged to share your personal information with North East Enterprise Agency Ltd., of which we are a member).  We therefore process this data in accordance with our legitimate business interests.

Our Privacy Promise

We promise:

  1. To keep your data safe and private
  2. Not to sell your data
  3. Not to use the data you give us as part of the (insert) programme for marketing purposes.

If You Do Not Choose to Give Personal Information

We need to collect personal information under the terms of a contract we have with our funders (insert).  This contract provides us with the funding we need to support you, and is thus our legitimate business interest.  If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services we would otherwise offer to you.

Information Disclosure

We may disclose information about you to any of our employees, officers, agents, subcontractors or partners, insofar as reasonably necessary for the purposes as set out in this Privacy Notice.  In addition, we may disclose your personal information:

  1. To the extent we are required to do so by law
  2. In connection with any legal proceedings or prospective legal proceedings
  3. In order to establish, exercise, or defend our legal rights
  4. To any person we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information    

How to Get a Copy of Your Personal Information

You can access your personal information we hold by writing to us at (insert Agency address).  We may refuse a subject access request or raise a fee for processing the request if the request is manifestly unfounded or excessive.  Should a subject access request be refused by us, you will be given a reason for the refusal and information on your right to complain to the Information Commissioner’s Office.  We may withhold such personal information to the extent permitted by law.

Letting Us Know If Your Personal Information is Incorrect

You have a right to question any information we have about you that you think is wrong or incomplete.  Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.  

Rights to Object and to Erasure

Individuals have a right to have personal data erased and to prevent processing in specific circumstances.  There are also specific circumstances where we may refuse to erase personal data.

Individuals have the right to object to processing of their personal data.  Objections to processing must be made in writing to (insert Agency name) and must outline the grounds for objection.

Generally, (Insert Agency Name) will not process a request to erase information where there is an ongoing legal obligation or legitimate business interest on (insert Agency name) to retain the information.  With regard to the specific support you have asked us to provide under the (insert programme), we are required to collect and process your personal data under our contract with (insert) and doing so is therefore our legitimate business interest.  

Right to Make a Complaint to the Information Commissioner

You have a right to raise a complaint about any aspect of the way (insert Agency name) collects, processes, stores or deals with personal data, including complaints.

Contact the Information Commissioner (ICO) for further information on how to make a complaint.

Their contact details are -