The Enterprise Europe Network (EEN) for England, Northern Ireland and Wales is delivered by a consortium of 21 partners with a focus on supporting the growth of small and medium-sized enterprises. The consortium works together in the spirit of partnership, cooperation and trust towards the common aim of delivering an effective network in support of business. The consortium brings together a range of organisations with different skills and expertise and only by drawing on the strengths of all the partners will the network be able to truly deliver its full potential.
This Privacy Notice provides a simple framework to explain EEN’s specific arrangements for collecting, storing, using and sharing your information, which may contain personal data or confidential or commercially sensitive information across all areas of the organisation. It provides details on how we utilise the information we obtain to enhance our ability to support and connect innovative businesses to accelerate sustainable economic growth for the UK.
Any information we obtain from you, whether it is through our online platforms, through events or elsewhere, will be managed pursuant to this privacy notice. As a public funded body where we collect information that is personal data, we are subject to the Data Protection Legislation and we will explain how we will comply with this as part of this policy.
This policy will:
- identify the information we may collect from you;
- explain where we store your information, for how long and how we keep it safe;
- explain the rules for our use of your information;
- explain how we will use the different types of information we collect from you and why we are allowed to use it;
- explain how we may share your information; and
- explain your rights in relation to your personal information including how you can request a copy of your information.
Information we may collect from you
Storage and security of your information and personal data
All information including personal data and any applications uploaded to us will be held and stored on secure servers which are operated in accordance with the UK Information Commissioner's guidelines on the storage of personal data from the point of collection to the point of destruction. We use strict procedures and security features to try and prevent unauthorised access to your information.
We will maintain the security of your information by protecting the confidentiality, accuracy and availability of your information.
We will ensure confidentiality so that only people who are authorised to use your information can access it. We will ensure that any of your personal data we hold is accurate and kept up to date. We will check the accuracy of your personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
Our security procedures include:
- Methods of disposal. Paper documents that require destruction are shredded. Digital storage devices are physically destroyed when they are no longer required.
- Equipment. Our employees ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
We will not keep your personal data any longer than is required for the purpose or purposes for which your personal data was collected. We will take all reasonable steps to destroy, or erase from our systems, all personal data which is no longer required.
Transfer of information outside of the EEA
We will comply with all specific requirements under the GDPR and the Data Protection Act for the transfer of any of your personal data outside of the EEA including ensuring that appropriate safeguards are in place. We may also transfer your personal data with your consent or if the transfer is necessary for a contract or for public interest reasons or in relation to legal claims.
Rules that apply for your information and personal data
We will hold all information and personal data received from you in compliance with the Data Protection Act 1998, the GDPR and the Data Protection Bill. This means that when we use or process your information that contains personal data we must comply with the eight enforceable principles of good practice. These provide that personal data must be:
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose.
- Processed in line with data subjects' rights.
- Not transferred to people or organisations situated in countries without adequate protection.
We are a public funded body as defined in the Data Protection Act and the Data Protection Bill and this gives us certain rights to use your information and process your data because it is necessary for the performance of a task carried out in the public interest or in relation to our official tasks set out in law such as providing EEN services, internationalisation, and promote innovation and improve the quality of life in the UK.
If we are not processing your data for an official public task or function we may still be able to process your data because it is necessary for a contract with you or it is necessary for our legitimate interests. If we cannot process your data for another reason and consent is required, we will obtain your consent to use the information that you provide to us including where we request to share your information.
We will ask for your consent specifically and separately from any other terms and conditions and we will not use or share your information without your consent if your consent is required.
In some circumstances we may collect and hold your data as manual records which are not a part of a filing system that is readily accessible. This may include personal data in emails, videos, pictures, or social media posts. In this case some of the rules for the protection of your personal information will not apply and your rights to receive this information may be limited.
How we will use your information and why we can use it
We will use your information, including personal data, for the purpose that it was collected. In most cases we are allowed to this information as it is necessary to undertake our official and contractual tasks and perform our public function and tasks. If we need your consent, to use your information, we will ask for it at the time the information is collected.
We are allowed by law to use your information to undertake our official tasks and perform our public functions and tasks in the following categories for:
- contract support, administration, evaluation and reporting;
- research into the impact and effectiveness of contracts and its administration;
- our internal administration, reporting and compliance, including for external audit purposes; and
- contacting you with information about other support available or provision of assistance to you from us.
We can use your information for compliance with our legal obligations for:
- detection of fraud; and
- Anti-money laundering requirements.
We can use your information if it is necessary for a contract we have entered into for:
- your attendance at an event
- the provision of innovation and internationalisation services
We can use your information after obtaining your consent for the purposes of:
- contacting you with promotional or informative material; or
- providing you with information relating to any of our services or events.
Where we propose using your data for any purpose other than those contained within this policy, we will ensure that we notify you in advance and inform you of why we can use it and obtain your consent, if required.
If you sign up to receive newsletter or updates we will use the information you give us to provide the service(s) you have requested. We may occasionally contact subscribers to help us evaluate and improve the service that we offer
We may use your information to send promotional and marketing communications by various communication channels. In all cases, these types of communications will only be sent to an individual if you have consented to our use of your personal data for such purposes.
How we will share your information
We will not share your information without obtaining your consent unless one of the reasons below applies. This will mean that we can share your information without your consent:
- if we are allowed by law to share it to carry out a task in the public interest or to undertake our official tasks; or
- if we have to disclose or share it in order to comply with our legal obligations; or
- if we need to share it for a legal contract with you; or
- to protect our rights, property, or safety of our employees, or others.
If you provide false or inaccurate information and fraud is identified, your details will be passed to Innovate UK UKRI, the Coordinator of this project who will transmit to fraud prevention agencies. This can be done without the need for your consent. Law enforcement agencies may also access and use this information. Innovate UK may also access and use this information to prevent fraud and money laundering, for example, when checking details on applications for credit and credit related or other facilities, managing credit and credit related accounts or facilities, recovering debt, checking details on proposals and claims for all types of insurance, checking details of job applicants and employees.
Consultant/Sub-Contractor for internal activity
We may need to disclose your information to a consultant/sub-contractor in order to undertake an internal activity, for example to an IT consultant working on upgrading our IT system. Where this is the case, we will only disclose the information reasonably necessary for the purpose, and will ensure that appropriate provisions are put in place to secure your information.
EEN are Affinity partners with Innovate UK in order to meet national economic objectives to stimulate and support UK innovation. All Partners in the EEN Consortia are identified in the list at the end of this policy.
However, if the sharing of your information is not necessary as part of our public tasks, we will obtain your consent to share your information.
If that is not possible, and we have collected your information through for example an event, we will contact you specifically to obtain your consent before sharing your information.
In some circumstances we will ask that some of the information we collect is shared with other organisations that are not Affinity Partners. Where this is not part of our Public Task, we will obtain your consent to sharing your information either when you initially provide the information or, if that is not possible, after we have received your information. We will obtain your consent before we share your information if it is not necessary for us to share your information to undertake our public functions. If your consent is required, you are free to refuse your consent.
Audit by third parties
We may be audited by Innovate UK or an independent third party to ensure that we are conducting our activities efficiently. In this case we may share your information with the auditors as this is required for our public tasks and functions. If we consider that consent is required, we will ask for consent in advance of the sharing of personal information.
We will ensure that any external auditors or assessors hold your information and personal data both confidentially and securely.
Your rights in relation to your personal information
You have rights in relation to the personal data you give us, or which we collect about you. Please see a list of your rights below.
- You have a right to ask us to send the information we have about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information. This is called a data subject access request. However, if we hold manual records that are not within a filing system and it will cost us more than a prescribed amount to provide you with those manual records (at the moment this is between £450-£600), we will not have to provide all of this information to you as part of our response to your data subject access request.
- You have the right to ask us to correct any mistakes in any information we hold about you.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right does not apply in all circumstances but, if you ask us to erase your information and we cannot erase it, we will explain why not.
- You have the right to ask us to stop using your information where the information we hold about you is not correct, we are not allowed to use your information, or we no longer need to use your information. However, there are a few reasons why we may be allowed to continue to store your information because of our public functions or tasks. If we can do this, we will explain why we can still use your information.
- You have the right to ask us to send the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. We will only be able to do this in certain limited circumstances and, if you ask us to send your information and we cannot do it, we will explain why not.
- If we are allowed to use or store your information you can object to this and we will stop using or storing your information unless we can explain why we believe that we can still use or store it.
- Where we use/store your data because you have agreed to it though giving your consent, such as ticking a box to receive a newsletter, you have the right to withdraw your consent at any time and we will stop using or storing your information for that purpose.
- You have the right to object to us using/storing your information for marketing purposes.
If you wish to exercise any of your legal rights, please contact our data protection officer by email or in writing to the address at the end of this policy, or via our contact form on our website.
We do not use automated decision-making processes in relation to your personal information.
Changes to this policy
Any changes we make to our information management policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our information management policy.
Contact Information and Complaints
For any communication in relation to your rights under this policy or a general enquiry seeking clarification, please send an email or telephone our Data Protection Officer (DPO) at the National Enquiry Gateway details of which are given below.
Your right to complain
If for any reason you believe that you have not experienced the usual high level of professional service from EEN, then you are invited to make a complaint by first contacting the EEN National Enquiry Gateway via the following channels:
- Telephone: on 0300 123 3144
- Email: firstname.lastname@example.org
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use or storage of the information you give us, or that we collect about you. If you would like further information on your right to complain please see the Information Commissioner’s website at https://ico.org.uk/.
EEN Consortia List
- RTC North Ltd
- Oxford Innovation Services Ltd
- Newable Ltd.
- EXEMPLAS Holdings Ltd.
- GWE Business West Ltd
- St John’s Innovation Centre Ltd.
- BIC Innovations Ltd.
- Chamberlink Ltd.
- Inventya Ltd.
- Invest in Norther Ireland
- City of Bradford Metropolitan District Council
- Coventry University Enterprises Ltd.
- Swansea University
- University College London
- University of Greenwich
- Teesside University
- London Chamber of Commerce and Industry Ltd
- Birmingham Chamber of Commerce and Industry Ltd
- West and North Yorkshire Chamber of Commerce and Industry Ltd
- East Midlands Chamber (Derbyshire, Nottinghamshire, Leicestershire)