This Privacy Notice (Notice) gives you further information about the way we collect and use personal data about you (which is known as “personal data” under data protection legislation).
Your use of this website is subject to our Terms & Conditions.
You should read through this Privacy Notice to fully understand the basis upon which we collect your personal data, how we use it, where we store it and to whom it is disclosed.
1. OUR COMMITMENT TO DATA PROTECTION
The Exemplas Group of Companies, (the “company”, “we”, “us”, or “our”) takes its data protection and information security responsibilities very seriously. We will always keep your personal data safe and comply with applicable data protection legislation, rules and regulations relating to the processing of personal data, including the General Data Protection Regulation 2016/679 and any laws, rules and regulations implementing the foregoing (the “GDPR”).
The Exemplas Group of Companies means Exemplas Holdings Limited; Exemplas Limited; Exemplas Trade Services Limited; and Enterprise Growth Solutions Limited (the “Exemplas Group”). Data processing activities in the context of general business or government funded initiatives are generally controlled by Exemplas Holdings Limited or Exemplas Limited. Data processing activities in the context of specific initiatives concerning international trade are ordinarily controlled by Exemplas Trade Services Limited and Enterprise Growth Solutions Limited. If different Exemplas entities act as joint controllers, Exemplas Holdings Limited is designated as a single point of contact for data subjects under the GDPR.
We are committed to the effective management of all personal data, including personal data we receive from visitors to our website and any associated websites under our control (together our “Websites”). The security and confidentiality of personal data and fostering a culture of transparency and accountability is important to how we conduct our business.
This privacy notice (the “Notice”) explains how we may collect and use any personal data that we obtain about you and your rights in relation to that data. You should read through this Notice to fully understand how we may collect and use information that we obtain about you, and your rights in relation to that information. Your use of our online services or your provision of information to us constitutes your acknowledgment of the terms of this Notice. Please do not send us any of your information if you do not want it to be used in the ways described in this Notice.
When we ask you for personal data, we will:
· only ask for relevant information
· look after it and make sure it is only accessible to those within the Exemplas Group and its partners who need to see it
· only keep it for as long there is a business, statutory or legal obligation (according to our retention policy)
In return, we ask you to:
2. SCOPE OF THE NOTICE
This Notice applies in the following circumstances:
3. PERSONAL DATA WE COLLECT
Across our Group, we may collect personal data:
From you directly:
- information that you provide by filling in forms or surveys;
- information in correspondence that you send us;
- details of your visits to our website including, but not limited to, traffic data, location data, blogs and other communication data, and the resources that you access;
- Personal contact details, such as title, full name, contact details, date of birth, address;
- Your nationality, if needed for the provision of service or for grant eligibility;
- Information about your employment status, if relevant;
- Bank account information, if needed for the payment of grants;
- Equality, Diversity & Inclusion information;
- Information about your career, workplace, employer, research / innovation;
- Services, you currently hold with us, included funded services;
- Marketing to you, including history of those communications, and information about funded services or related business support services we think you may be interested in to improve your business, and analysing data to help target offers to you that we think are of interest or relevance to you;
- Dietary and/or accessibility needs;
- Information about your use of funded services or services held with our Delivery Partners;
From the following general sources:
- Information generated about you when you use our services
- Information from delivery partners
- Information from public authorities
- Information from publicly available directories and information (e.g. social media, internet, Companies House, HMRC), and other organisations that operate to assist in offering individuals business support
- We buy information about you from accredited third parties, including marketing lists, publicly available information or information to improve our service delivery Information
- Insights about you and our customers gained from analysis or profiling of customers
- We receive information about you from government departments or third parties to offer you funded business support services.
When you use our online services, we may collect the following:
- information you provide by completing subscription, registration and application forms (including when you submit material or request further services);
- information you provide to us if you contact us, for example to speak with an adviser, or to report a problem with our online services; and
- details of visits made to our online services such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.
4. USE OF YOUR PERSONAL DATA
We may use your personal data if:
We may use your information to:
We may not be able to do these things without your personal information.
5. DISCLOSURE OF YOUR INFORMATION
We may share your information with third parties including:
We will only retain your personal information for as long as is reasonably necessary in the circumstances. Personal data provided in connection with the provision of our services will be retained in accordance with Exemplas’ retention policies unless we agree otherwise with you, in writing. If you wish to know more about our retention policies, please contact: firstname.lastname@example.org.
6. THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (for example, when providing our services); or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms; or under public task when we are engaged as the government’s delivery partner when we carry out tasks in the public interest; or where consent is required, for example, direct marketing.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including any legitimate interests relied upon), please send an email to email@example.com
7. SHARING INFORMATION ACROSS OUR NETWORK
We may share your information across the Exemplas Group including our delivery partners.
Where we transfer your information internationally we will take reasonable steps to ensure that your information is treated securely and the means of transfer provides adequate safeguards.
8. KEEPING YOUR PERSONAL DATA SECURE
We use up to date data storage and security to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by security standards, processes and procedures and we store information in access controlled premises or in electronic databases requiring logins and passwords. We require our third party data storage providers to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.
However, the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
10. THIRD PARTY SITES
Our Websites contain links to other sites which are controlled by third parties.
Visitors should consult these other sites' privacy policies and please be aware that we do not accept responsibility for their use of information about you.
12. YOUR RIGHTS
You have rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
You may exercise any of your rights at any time using the contact details set out in Section 15. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. It may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we receive notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Information we hold about you should be up-to-date and accurate. Please advise us in writing of any changes to your information using the contact details set out in Section 15 below.
13. IF YOU DO NOT WANT TO RECEIVE MARKETING INFORMATION FROM US
If you receive marketing materials relating to our services by email or post, you may withdraw your consent for us to send these to you at any time, by using the “unsubscribe” option included in the email or other material. Alternatively, you can let us know your preferences by sending an email to firstname.lastname@example.org.
14. STATUS OF THIS POLICY
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
15. CONTACTING US
You may contact us, if you have any complaints or questions about this privacy notice or the personal information we may hold about you or to exercise all relevant rights, by:
Email: email@example.com; or
By post: Head of Legal and Data Privacy (Group General Counsel), Marcia Kilmurry, 3rd Floor, Titan Court, 3 Bishops Square, Hatfield, Hertfordshire, AL10 9NE, UK.
If you feel we have not handled your query or concern to your satisfaction you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at ico.org.uk/concerns or telephone 0303 123 1113.
Last updated: 16/04/2019