South Durham Enterprise Agency recognises that it has a responsibility to handle the information that it is privy to with due care and regard for its confidential nature and a duty to ensure that any such information that is gathered, held and used it treated with due care and not used for any purpose beyond its intended use.
SDEA provides a range of business, community and start up support services via our team of trained advisors, website and other digital content. This policy sets out our approach with respect to information that is collected from users of our service. Under applicable law, South Durham Enterprise Agency Ltd is the “data controller” of personal data collected through the use of our service.
Information we collect
When you interact with us through our service, we may collect information from you, as further described below:
The information you provide – we collect information from you when you voluntarily provide such information, such as when you complete our marketing form or when you register to access one of our Services. Information we collect may include, but not be limited to Name, Date of Birth, Contact Details including electronic means of contact.
Marketing of SDEA services, products and other information services and the legitimate business interests for processing your data
We do not collect any data automatically via our website or other digital services.
We will only market to you if have given us express permission to do so, you can revoke this permission at any time and inform us that you do not wish to appear on the database any more.
Marketing communications will primarily take the form of social media posts, email messages, telephone calls, text messages and postal communications. Instructions relating to how you can stop receiving messages will be included within each communication you receive. You may remove your data from this marketing database at any time.
We will use the information to contact you in the future about services or contracts we believe will be of interest to you. If we do so, each marketing communication we send you will contain instructions permitting you to ‘opt-out’ of receiving future marketing communications. In addition, if any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists can do so at any time.
Providing SDEA with information for legitimate business interests and the access to Services
How we use data
Our legal basis for handling of your personal data
To honour our contractual commitments to you - Much of our processing personal data is to meet our contractual obligations to our users, or to take steps at users’ request.
Legitimate interests - In many cases we handle personal data on the grounds that it furthers our legitimate interests. These includes:
Our disclosure of your information
We will not sell your information nor disclose it for other purposes. We may transfer your information with your express consent. We do pass data on in the form of certified destruction and our to facilitate our IT services. The providers of these services comply with, and have an understanding of this policy and their requirements under applicable law.
SDEA are satisfied that that the policies and procedures of the contractual parties are sufficient and robust in accordance with the applicable law.
General Points on How SDEA manage Data
Who we are
South Durham Enterprise Agency and then “(insert Agency details) is also a member of North East Enterprise Agency Ltd., who provide a contract management function for (insert Agency name) and with whom we share data in order to fulfil our contractual requirements. “
Scope of this Policy
This policy deals specifically with the support you have asked us to give you under the (insert programme) which we provide under a contract between (insert Agency Name/NEEAL as appropriate) and (insert).
During the time that we support you, we may also wish to collect your personal data for other purposes. For example, you may choose to take advantage of other forms of support we make available. We will only do so if we have informed you in writing of what those purposes are and how that data will be processed. You will be given a specific Privacy Statement which sets out those purposes and how that processing will take place. If that should involve marketing purposes, we will only do so with your active consent and will give you ways to manage and review your marketing choices at any time.
How We Use Your Personal Information
(Insert Agency Name) is committed to safeguarding the privacy of our customers and clients; this policy sets out how we treat the personal information you give us in specific circumstances.
(Insert Agency Name) has agreed to support you in setting up and developing your business. One of the ways in which we do this is through the (insert programme name) programme. We do this under contract to (insert). Under the terms of that contract, we are required to obtain personal information from you and to share it with (insert). (if appropriate, insert - As well as that, we are obliged to share your personal information with North East Enterprise Agency Ltd., of which we are a member). We therefore process this data in accordance with our legitimate business interests.
Our Privacy Promise
If You Do Not Choose to Give Personal Information
We need to collect personal information under the terms of a contract we have with our funders (insert). This contract provides us with the funding we need to support you, and is thus our legitimate business interest. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services we would otherwise offer to you.
We may disclose information about you to any of our employees, officers, agents, subcontractors or partners, insofar as reasonably necessary for the purposes as set out in this Privacy Notice. In addition, we may disclose your personal information:
How to Get a Copy of Your Personal Information
You can access your personal information we hold by writing to us at (insert Agency address). We may refuse a subject access request or raise a fee for processing the request if the request is manifestly unfounded or excessive. Should a subject access request be refused by us, you will be given a reason for the refusal and information on your right to complain to the Information Commissioner’s Office. We may withhold such personal information to the extent permitted by law.
Letting Us Know If Your Personal Information is Incorrect
You have a right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.
Rights to Object and to Erasure
Individuals have a right to have personal data erased and to prevent processing in specific circumstances. There are also specific circumstances where we may refuse to erase personal data.
Individuals have the right to object to processing of their personal data. Objections to processing must be made in writing to (insert Agency name) and must outline the grounds for objection.
Generally, (Insert Agency Name) will not process a request to erase information where there is an ongoing legal obligation or legitimate business interest on (insert Agency name) to retain the information. With regard to the specific support you have asked us to provide under the (insert programme), we are required to collect and process your personal data under our contract with (insert) and doing so is therefore our legitimate business interest.
Right to Make a Complaint to the Information Commissioner
You have a right to raise a complaint about any aspect of the way (insert Agency name) collects, processes, stores or deals with personal data, including complaints.
Contact the Information Commissioner (ICO) for further information on how to make a complaint.
Their contact details are - https://ico.org.uk/make-a-complaint/