Data Privacy Policy

1. Introduction

The Business Support Service is run by Cool Ventures Ltd in conjunction with a network of other local support providers on behalf of South Gloucestershire Council. This document outlines what information (a) Cool Ventures must collect and disclose to fulfill the requirements of the funding bodies, (b) we need to deliver the right support and (c) ask to share with stakeholders. The aim is for the client to have confidence that the information provided is stored securely and will only be used for purposes that the client is aware of and has agreed to.
As part of the acceptance process onto the programme, the client is asked to confirm in writing that he/she has read this data privacy policy and agrees to how data could be used.

2. Why are company and personal data collected?

We (Cool Ventures Ltd) use information provided for administration, delivery, reporting, marketing and research purposes. We use it for:

a) Mandatory purposes
– Assessment of eligibility and suitability of the client for the programme
– Design of bespoke packages of support
– Generation of anonymised evaluation data describing the uptake and impact of the
programme
– Evaluation, compliance and publicity by funding organisations

b) Optional purposes
– Generation of publicity for programme, including case studies and news items
– Referrals to follow up and complementary support services
– Email address will be added to newsletters such as the Cool Ventures, SGC and WECA
newsletter mailing lists
– To provide information on products or services that a client requests from us or which we
feel may be of interest.
– Team training

We have made sure we will use your information according to the UK Data Protection laws by establishing the conditions explicit consent, GDPR Article 6 (1) (a) and Article 9 (2) (a) – Explicit consent for any sensitive data collected.
You have the right to deny permission for us to use data for anything other than the mandatory purposes. We will not give your information to a third party or feature your business in any PR without consent.

3. What client data are collected?

Most of the client data are collected by the program registration form or Eventbrite bookings. This includes:
– General personal & company information
– Services and sectors
– Turnover & employee numbers, ownership, etc
– Diversity and equality profile
We may also collect information that is publicly available, such as from Companies House.
Client information may also be captured in other client documents including but not limited to questionnaires, client case file, action plan, meeting records and reports produced by the Business Support Advisor. Business Support Providers may record any other information a client chooses to share, either electronically, verbally, in written form or face to face.

4. How are data stored?

We treat information security very seriously. We will take all reasonable technical and operational
precautions to prevent the loss, misuse or alteration of client information. Any data provided by you are:
– Held on our secure, internal servers, and managed by a datacentre supplier that is certified
to meet the requirements of ISO 27001 Information Security Management.
– Not transferred outside of the European Economic Area. If in future we need to do this we
will revert to you and ask for consent.
– Held in accordance with our Information Security policies.
– Our event bookings are done through Eventbrite. You can read Eventbrite’s privacy policy
here: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbriteprivacy-policy?lg=en_GB
– The Cool Ventures email newsletter is delivered through Mailchimp. You can read
Mailchimp’s privacy policy here:
Mailchimp’s Privacy Policy
– We run occasional optional surveys via Survey Monkey. You can read Survey Monkey’s
privacy policy here:
Privacy Policy | SurveyMonkey Apply
No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data.

We hold project data for the duration of the project and for as long as our funders require afterwards.

5. How could data be disclosed?

Below is a table showing how data may be disclosed. Clients will be notified of any changes or additional requests from other stakeholders. If the request is not for a mandatory purpose, clients can instruct their Business Support Provider not to share their data.

(1) This group comprises SGS council employees supporting the program delivery
(2) West of England Combined Authority
(3) Business Support Provider – Cool Ventures and delivery team. The delivery team is
a consortium of local specialist providers who deliver the South Gloucestershire Business Support Service. Depending on what support we arrange for you, your contact details and/or application form data may be given to a relevant third party specialist to enable the support to take place. Any associates on our program are required to adhere to this data policy.

We also hold data:
– To the extent that we are required to do so by law. This includes us carrying out our
agreements with you, fulfilling legal obligations , or because it is necessary for us in an
emergency situation to protect an interest which is essential for your life or that of another
person; because it is in the interests of the public or where you agree to it.
– In connection with any ongoing or prospective legal proceedings
– To establish, exercise or defend our legal rights.
Please note that if a Business Support Provider such as ourselves is acquired by a third party, personal data held by us about you will be one of the transferred assets.

6. Client rights

6.1 Accessing your data

The General Data Protection Regulations (EU) 2016 (GDPR) and the Data Protection Act 2018 give you the right to access information held about you free of charge. Your right of access can be exercised in accordance with the Regulations. We will require proof of identity with any request made.
You may instruct us at any time not to use your personal information for marketing purposes. In practice, you would typically agree or disagree to this in advance when submitting or updating your personal information, though opportunities to opt out are written into our processes.

6.2 Updating your data

We seek to verify and confirm the accuracy of the information that we hold about you every time we interact with you. Please let us know at any time if the information we hold about you needs updating or correcting.

7. Roles and responsibilities

The Project Team Leader is the nominated Data Controller for the project. The Data Controller maintains and updates this Data Privacy Policy and checks compliance by project team members. The Data Controller is the first point of contact for any queries or complaints from clients regarding the use of their data and he/she will take appropriate action to try to resolve them.
Email: info@westofengland-ca.gov.uk

8. Further advice

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) via their contact page or call them on 0303 123 1113.