Data Privacy Policy

1.      Introduction

This Business Support Service is run by Cool Ventures Ltd in conjunction with a network of other local support providers on behalf of B&NES Council. This document outlines what information (a) Cool Ventures must collect and disclose to fulfil the contractual requirements of the funding bodies, (b) we need to deliver the right support to you and (c) ask to share with stakeholders. The aim is for the client to have confidence that the information provided is stored securely and will only be used for purposes that the client is aware of and has agreed to.

As part of the acceptance process onto the programme, the client is asked to confirm that he/she has read this data privacy policy and agrees to how data could be used.

2.      What client data are collected?

The following information is collected by the program registration form or Eventbrite bookings.

• General personal & contact information (including your name, email address and telephone number)
• Demographic information such as address, postcode, and city
• Company information including ownership, turnover & employee numbers
• Personal information including ethnicity, gender, disability, and age

We may also collect information that is publicly available, such as from Companies House.

Client information may also be captured in other client documents including but not limited to questionnaires, client case file, action plans, meeting records and reports produced by the Business Support Advisor and who may record any other information a client chooses to share, either electronically, verbally, in written form or face to face.

3.      Why are company and personal data collected?

We require this information to understand your needs and provide you with a better service, and for the following reasons:

We use it for:

a) Mandatory purposes:

• Assessment of eligibility and suitability of the client for the programme
• Business Support Project monitoring, research, evaluation, and reporting. We supply selected data to our funding partners -B&NES Council and the West of England Combined Authority (WECA)
• Design of bespoke packages of support
• Generation of anonymised evaluation data describing the uptake and impact of the programme

b) Optional purposes:

• Optional purposes
• Generation of publicity for programme, including marketing, case studies and news items
• Referrals to follow up and complementary support services
• If you have consented for us to do so, we may periodically send you a newsletter from the designated project/service.
• From time to time, we may also use your information to contact you for evaluation or market research purposes. We may contact you by survey, email, phone, or mail. We may use the information to improve and develop the service we provide.
• Team training

You have the right to deny permission for us to use data for anything other than the mandatory purposes. We will not give your information to a third party or feature your business in any PR without consent.

4.      How are data stored?

We treat information security very seriously. We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online or via our paper forms. We also regularly train and update our staff around the required provisions of GDPR regulation.

We will take all reasonable technical and operational precautions to prevent the loss, misuse, or alteration of client information. Any data provided by you are:

• Held on secure servers and managed by datacentre suppliers that are certified to meet the requirements of ISO 27001 Information Security Management.
• Not transferred outside of the European Economic Area where possible. Where data transfer outside of the EU is required, we ensure that the Company has certified its compliance to both the EU-U.S. Privacy Shield Framework and contractually commits to transfer and process all its users’ UK data in compliance with the Standard Contractual Clauses, which remain a valid data export mechanism and which automatically apply in accordance with the Company’s Data Processing Addendum.
• Held in accordance with our Information Security policies.

We use several carefully selected companies to collect and store data:

• Client records are stored on Zoho CRM. Zoho – Privacy Policy
• bookings are managed through Eventbrite. Eventbrite Privacy Policy
• The Cool Ventures email newsletter is delivered through Mailchimp. Mailchimp’s Privacy Policy
• Microsoft Privacy Statement – Microsoft privacy
• Zoom Privacy Notice

No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data.

We hold project data for the duration of the project and for as long as our funders require afterwards.

5.      How could data be disclosed?

Below is a table showing how your data may be disclosed. Clients will be notified of any changes or additional requests from other stakeholders. If the request is not for a mandatory purpose, clients can instruct us not to share their data.

A = mandatory B = optional	Project Team Members (1)	West of England Combined Authority (2)	BEIS (3)  (Department for Business, Energy, and Industrial Strategy)	Business Support Provider (4)
Registration form data	A	A	A	A
PR material	B	B	B	B

1. This group comprises B&NES council employees supporting the program delivery
2. West of England Combined Authority
3. Department for Business, Energy, and Industrial Strategy (BEIS) – Data will be shared for research and evaluation purposes only. The use of the Businesses information may include matching to other data sources to understand more about organisations like yours and general patterns and trends, although the business’s data will not be published or referred to in a way which identifies any individual or business.
4. Business Support Provider – Cool Ventures and delivery team. The delivery team are local specialist providers who help to deliver the B&NES Business Support Service. Depending on what support we arrange for you, your contact details and/or application form data may be shared with the relevant third-party specialist to enable the support to take place. Any associates on our program are required to adhere to this data policy.

We also hold data:

• To the extent that we are required to do so by law. This includes us carrying out our agreements with you, fulfilling legal obligations, or because it is necessary for us in an emergency to protect an interest which is essential for your life or that of another person; because it is in the interests of the public or where you agree to it.
• In connection with any ongoing or prospective legal proceedings
• To establish, exercise or defend our legal rights.

Please note that if a Business Support Provider such as us is acquired by a third party, personal data held by us about you will be one of the transferred assets.

6.      Client rights

6.1          Accessing your data

The General Data Protection Regulations (EU) 2016 (GDPR) and the Data Protection Act 2018 give you the right to access information held about you free of charge. Your right of access can be exercised in accordance with the Regulations. We will require proof of identity with any request made.

You may instruct us at any time not to use your personal information for marketing purposes. In practice, you would typically agree or disagree to this in advance when submitting or updating your personal information, though opportunities to opt out are written into our processes.

6.2          Updating your data

We seek to verify and confirm the accuracy of the information that we hold about you every time we interact with you. Please let us know at any time if the information we hold about you needs updating or correcting.

7.      Roles and responsibilities

The Project Team Leader is the nominated Data Controller for the project. The Data Controller maintains and updates this Data Privacy Policy and checks compliance by project team members. The Data Controller is the first point of contact for any queries or complaints from clients regarding the use of their data and he/she will take appropriate action to try to resolve them. Emails will be responded to within 72 working hours.

Email: info@westofengland-ca.gov.uk

8.      Further advice

For independent advice about data protection, privacy, and data sharing issues, you can contact the Information Commissioner’s Office (ICO) via their contact page or call them on 0303 123 1113.