Your use of this website is subject to our Terms & Conditions.
This Privacy Notice (Notice) gives you further information about the way we collect and use personal data about you (which is known as “personal data” under data protection legislation).
You should read through this Privacy Notice to fully understand the basis upon which we collect your personal data, how we use it, where we store it and to whom it is disclosed.
We are committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation in place from time to time.
The Exemplas Group of Companies means Exemplas Holdings Limited; Exemplas Limited; Exemplas Trade Services Limited; and Enterprise Growth Solutions Limited (“Exemplas Group”). References in this Notice to “we” or “us” are to the entities listed.
Each of the listed entities are committed to protecting your privacy and are joint data controllers within the meaning of data protection laws applicable in the European Union (EU) and European Economic Area (EEA).
As joint data controllers, we have arrangements between us to ensure that we handle your personal data correctly and in accordance with data protection law. This arrangement reflects our respective roles and responsibilities in relation to you and considers which entity is in the best position to fulfil each obligation to you. This arrangement between us does not affect your rights under data protection law. For more information on these arrangements, feel free to contact us as set out under “Contacting us” below.
The Exemplas Group understands the importance of protecting personal data and is committed to complying with the General Data Protection Regulation 2016/679 (GDPR). We are committed to fostering a culture of transparency and accountability by demonstrating compliance with the principles set out in the Regulation – as laid out in our data protection policy (available to you when you request this by email from our Data Protection Officer). This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
When we ask you for personal data, we will:
In return, we ask you to:
Across our Group, we may collect the following types of personal data about you:
We collect personal data from the following general sources:
o information that you provide by filling in forms or surveys
o information in correspondence that you send us
o details of your visits to our website including, but not limited to, traffic data, location data, blogs and other communication data, and the resources that you access
Information generated about you when you use our services
Information from Delivery partners
Information from Public authorities
Information from publicly available directories and information (e.g. social media, internet, Companies House, HMRC), and other organisations that operate to assist in offering individuals business support
We buy information about you from accredited third parties, including marketing lists, publicly available information or information to improve our service delivery
We receive information about you from government departments or third parties to offer you funded business support services.
We may use personal data we collect:
o Equality and diversity
o Personnel files
o Rewards and Benefits
o Training and development
o Management Information
o Pension Scheme Administration
o Accidents, incidents and general health and safety at work
o Occupational Health
o Non-pay staff benefits
o Information Systems Management & Delivery
o Legal casework – grievances, disciplinary, and dismissal
We may share your personal data for the above purposes with:
Governmental departments and regulatory bodies as a statutory requirement, such as:
Information Commissioner’s Office
Department for International Trade
Department for Business, Energy and Industrial Strategy
UK Research and Innovation
Ministry of Housing, Communities & Local Government (see their privacy notice)
Hertfordshire County Council
Hertfordshire Local Enterprise Partnership (LEP)
Business partners, such as:
Administration of non-pay staff benefits by the provider
o To send you information about our work
o To manage your attendance at meetings outside of our own sites
o Site management (building access, car parking)
o Health and Safety
o Dietary and accessibility requirements
o Equality reporting
o Service provision and management
o a response to a direct enquiry
o Managing services we deliver to you
o Sharing your information with our delivery partners and various funders
o All stages and activities relevant to managing the service including enquiry, application, administration, and management of grant funding applications and payments
When we rely on our legitimate interests in order to collect and use your personal data, we must consider whether those legitimate interests are overridden by your interests or your fundamental rights and freedoms. We may continue only if we decide that your interests, rights and freedoms do not override our legitimate interests. We have considered these matters, and where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not use your personal data unless there is another legal basis for us to do so (either that it is necessary for us to perform our contract with you, or on the basis of your consent).
By law, you have a number of rights when it comes to your personal data.
What does this mean?
1. The right to be informed
|You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Notice.|
|2. The right of access||
You have the right to obtain access to your personal data (if we are processing it), and certain other information (similar to that provided in this Privacy Notice).
This is so you are aware and can check that we’re using your personal data in accordance with data protection law.
|3. The right to rectification||
You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
|4. The right to erasure||
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.|
|*6. The right to data portability||
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
|7. The right to object to processing||
You have the right to object to processing for direct marketing and also to processing which is carried out for the purposes of our legitimate interests.
|8. The right to complain||
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
|9.The right to withdraw consent||If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.|
We may retain your personal information based upon business requirements, legal obligation, statutory or regulatory obligations and transactional purposes. If you want to know how long we keep your information, please write to our Data Protection Officer.
We do not transfer your personal information to any country located outside the EEA.
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact our Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send an email to firstname.lastname@example.org, or write to Marcia Kilmurry, Titan Court, 3 Bishops Square, Hatfield, Hertfordshire, AL10 9NE, UK.
Please contact us if you have any questions about this Privacy Notice or the personal information we hold about you or to exercise all relevant rights, queries or complaints.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
This privacy notice was published on 25 May 2018.
We may change this privacy notice from time to time.