The Bath & North East Somerset Business Support Service Data Privacy Policy

1.      Introduction

The Bath & North East Somerset Business Support Service is run by Cool Ventures Ltd on behalf of Bath & North East Somerset Council. Bath & North East Somerset Council and Cool Ventures are ‘joint controllers’ for the Business Support Services and we both have responsibility for keeping your personal data safe, for using it lawfully and for ensuring your privacy rights are respected.

This Privacy notice describes why and how we collect and use your personal data and provides information about your rights.

2.      What Personal Data we collect?

Personal data is any information that identifies and relates to a living person – including information that when put together with other information, can then identify a person.

In the course of you registering for and accessing our services, we collect and process personal data about you. The type of information will vary depending on what business support we are providing you and your business with. The personal data we collect may include:

  • Name
  • Email address
  • Address
  • Telephone number
  • Financial Data
  • Employment Status
  • Gender
  • Ethnicity Data
  • Disability Data
  • Age
  • Images (photos or videos)
  • Feedback you provide regarding the services received.
  • Any other information that you choose to share during the course of communicating with us or accessing the business support services.

Some of the data we process is categorised as Special Category Data, which means that under data protection legislation it is afforded more protection due to its sensitivity. This includes information relating to your ethnicity and health, such as disability data.

We also collect information about your business or your potential new business, such as information about the services, sector, turnover, number of employees, legal status etc. Any commercially sensitive business data you provide during the course of applying for, or accessing, business support is treated as confidential.

3.      How do we collect your data?

The personal data that we process is collected:

  • directly from you, such as during the registration process, when you complete questionnaires or when you contact us via email, telephone, social media or our website.
  • during your use of the services, such as when you sign up to events, attend mentoring meetings or our communication with you
  • from publicly available information, such as from Companies House.

4.      Why do we process your personal data?

We use your personal data for administration, delivery, reporting, marketing and research purposes. This includes to:

  • Assess your eligibility and suitability for the programme
  • Understand the challenges that your business is facing and what you would like to achieve so that we can design bespoke packages of support
  • Deliver the business support
  • Match you with a suitable mentor
  • Send you reminders about upcoming sessions that you have booked
  • Keep records of support services you have accessed, and the support provided to you
  • Refer you to follow up and complementary support services, where you have given us your consent
  • Evaluate the uptake and impact of the service
  • Respond to enquiries or complaints
  • Deliver staff training
  • Improve our services
  • Generate anonymised evaluation data describing the uptake and impact of the programme
  • Provide you with information on products, services and news that we feel may be of interest to you, where you have given us your consent
  • Promote the services, including case studies and news items, where you have given us consent
  • Meet the requirements of our funders

If you do not provide the information required for us to be able to assess your eligibility for the Business Support Service or deliver the service to you, we will not be able to provide you with access to the Business Support Service.

5.      Do we share your personal data?

The Bath & North East Somerset Business Support Service is a West of England Combined Authority initiative, delivered in partnership with Bath & North East Somerset Council to support businesses across the region. The Bath & North East Somerset Business Support Service is provided by Cool Ventures on behalf of B&NES Council. The information you provide on the Registration Form and information about your engagement with the Bath & North East Somerset Business Support Service will be shared with B&NES Council and also with the West of England Combined Authority (WECA) via their Business Support Customer Relationship Management system. B&NES Council and WECA will use this information for reporting/auditing purposes. §

WECA’s privacy policy is available at

Bath & North East Somerset Council’s Privacy Notice is available at

If another organisation is offering support that we believe may be beneficial for you, we will discuss it with you and will only provide your details if you consent to the sharing of your information.

We use a number of service providers to process information on our behalf, in respect of the Business Support Service, including:

  • Our Mentors and Business Coaches – who are engaged by us to provide 121 sessions or workshops
  • Zoom – we use Zoom’s online conference platform to deliver remote workshops and sessions. You can read their Privacy Notice here:
  • Email Marketing Provider – when you consent to receiving e-newsletters we use Mailchimp to deliver the e-newsletter. You can read their Privacy Notice here:
  • Eventbrite – we use Eventbrite for the registration of some of our events. Where you sign up to a Cool Ventures event via Eventbrite, Eventbrite will also process your personal data. You can read their privacy policy here:
  • Microsoft – we use M365 Applications for storage and collection of data
  • Zoho – we use Zoho Applications for storage and collection of data
  • Gravity forms for initial data collection via our registration form.
  • Text Marketer to send reminders via text for events booked

We require our service providers to respect the security of your personal data and only permit them to process your personal data for specified purposes and in accordance with our instructions. Where a service provider processes data outside of the UK, we will ensure that your information is provided the same of level of protection by only using service providers located in countries/territories that are covered by UK adequacy regulations or where appropriate safeguards are in place, such as the IDTA.

We may also need to share your personal data with:

  • Our professional or legal advisors
  • Auditors
  • Regulators, authorities or to otherwise comply with the law
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

6.      What is our lawful basis for processing your personal data?

Under the UK General Data Protection Regulation (UK GDPR) the lawful bases we rely on for processing your personal data are:

  • For the performance of a contract
  • To comply with a legal obligation
  • With your consent. Where we are relying on your consent, you can withdraw your consent at any time by emailing
  • To pursue the Legitimate Interests of Cool Ventures or a third party. Where we are processing personal data based on our legitimate interests, or the legitimate interests of a third party, we will only do so where we believe that the legitimate interests are not overridden by your interests or your rights and freedoms. We consider it is within our legitimate interests to send reminders to clients about sessions that they have booked and to evaluate the impact of our services which enables us to identify opportunities to improve the services.

The conditions we rely upon for processing special category data are:

  • Substantial Public Interest – For example, Equality and Diversity Monitoring is carried out on behalf of Bath & North East Somerset Council for statutory and government purposes, to enable them to meet their Public Sector Equality Duty.
  • Explicit Consent – whilst we do not ask for further special category data during the course of providing Business Support, if you decide to provide this information we will process it on the basis of your ‘Explicit Consent’.

In rarer circumstances, we may use your personal information:

  • to protect your vital interests, or the vital interests of others – for example, in the event of an emergency
  • where it is necessary for the establishment, exercise or defence of a legal claim.

7.      How do we store your personal data?

We treat information security very seriously. We will take all reasonable technical and organisational measures to prevent the loss, misuse or alteration of your personal information. Personal data is held securely on our systems, and we limit access to your personal data to those who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or a breach where we are legally required to do so.

No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data.

Your data is only retained for as long as is necessary to fulfil the purposes we collected it for. Usually, your personal data is held for the duration of the project and then for a further 6 years, in accordance with Bath & North East Somerset Council’s Record Retention Schedules.

8. Your rights

Under the UK GDPR you have a number of rights in relation to your personal data:

  • The right of access – you can ask us for a copy of your personal data.
  • The right to rectification – you can ask us to rectify any information that you believe is incorrect, or complete information that you think is incomplete. We seek to verify and confirm the accuracy of the information that we hold about you whenever we interact with you.
  • The right to erasure – you can ask us to erasure your personal data in certain circumstances.
  • The right to restriction of processing – you can ask us to restrict the processing of your personal information in certain circumstances, for example where you believe that the information that we hold is inaccurate.
  • The right to object to processing – you can object to the processing of your personal information in certain circumstances. For example, you can object to direct marketing at any time.
  • The right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

To exercise any of these rights, you can contact us via email ( or telephone on 08000 418293 or write to us at Cool Ventures Ltd, 21 Horse Street, Chipping Sodbury Bristol BS37 6DA. We will need to ensure that we can verify your identity. You can exercise these rights free of charge and we usually have one calendar month to respond.

9. Questions or Concerns

If you have any questions or concerns about the use of your personal data, you can contact us at

You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your information. You can contact them via their website or call them on 0303 123 1113.

Cool Ventures

Sign Up For Webinar News

New webinars will be added soon. Sign up to our newsletter to be the first to hear about them.

You have Successfully Subscribed!