The Exemplas Privacy Notice (Notice) below gives you further information about the way Exemplas collects and uses personal information about you (which is known as “personal data” under data protection legislation).
The Exemplas Group of Companies means Exemplas Holdings Limited; Exemplas Limited; Exemplas Trade Services Limited; and Enterprise Growth Solutions Limited (“Exemplas Group”). References in this Notice to “we” or “us” are to the entities listed.
Commitment to privacy
We are committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation in place from time to time.
Our data protection policy
The Exemplas Group understands the importance of protecting personal data and is committed to complying with the General Data Protection Regulation 2016/679 (GDPR). We are committed to fostering a culture of transparency and accountability by demonstrating compliance with the principles set out in the Regulation – as laid out in our data protection policy (available to you when you request this by email from our Data Protection Officer). This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
When we ask you for personal data, we will:
• tell you why we need it
• only ask for relevant information
• look after it and make sure it is only accessible to those within the Exemplas Group and its partners who need to see it
• only keep it for as long there is a business, statutory or legal obligation (according to our retention policy)
• not make your personal data available to third parties without your permission.
In return, we ask you to:
• give us accurate information, and
• tell us as soon as possible if there are any changes.
This Privacy Notice applies in the following circumstances:
From you directly:
- information that you provide by filling in forms or surveys;
- information in correspondence that you send us;
- details of your visits to our website including, but not limited to, traffic data, location data, blogs and other communication data, and the resources that you access;
- Personal contact details, such as title, full name, contact details, date of birth, address;
- Your nationality, if needed for the provision of service or for grant eligibility;
- Information about your employment status, if relevant;
- Bank account information, if needed for the payment of grants;
- Equality, Diversity & Inclusion information;
- Information about your career, workplace, employer, research / innovation;
- Services, you currently hold with us, included funded services;
- Marketing to you, including history of those communications, and information about funded services or related business support services we think you may be interested in to improve your business, and analysing data to help target offers to you that we think are of interest or relevance to you;
- Dietary and / or accessibility needs;
- Information about your use of funded services or services held with our Delivery Partners;
From the following general sources:
- Information generated about you when you use our services
- Information from delivery partners
- Information from public authorities
- Information from publicly available directories and information (e.g. social media, internet, Companies House, HMRC), and other organisations that operate to assist in offering individuals business support
- We buy information about you from accredited third parties, including marketing lists, publicly available information or information to improve our service delivery Information
- Insights about you and our customers gained from analysis or profiling of customers
- We receive information about you from government departments or third parties to offer you funded business support services.
When you use our online services, we may collect the following:
- information you provide by completing subscription, registration and application forms (including when you submit material or request further services);
- information you provide to us if you contact us, for example to speak with an adviser, or to report a problem with our online services; and
- details of visits made to our online services such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.
We may use your personal data if:
We may use your information to:
We may not be able to do these things without your personal information.
We may share your information with third parties including:
We will only retain your personal information for as long as is reasonably necessary in the circumstances. Personal data provided in connection with the provision of our services will be retained in accordance with Exemplas’ retention policies unless we agree otherwise with you, in writing. If you wish to know more about our retention policies, please contact: firstname.lastname@example.org.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (for example, when providing our services); or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms; or under public task when we are engaged as the government’s delivery partner when we carry out tasks in the public interest; or where consent is required, for example, direct marketing.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including any legitimate interests relied upon), please send an email to email@example.com
We may share your information across the Exemplas Group including our delivery partners.
Where we transfer your information internationally we will take reasonable steps to ensure that your information is treated securely and the means of transfer provides adequate safeguards.
We take reasonable steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by security standards, processes and procedures and we store information in access controlled premises or in electronic databases requiring logins and passwords. We require our third party data storage providers to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk.
Our Websites contain links to other sites which are controlled by third parties.
Visitors should consult these other sites' privacy policies and please be aware that we do not accept responsibility for their use of information about you.
You have rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
You may exercise any of your rights at any time using the contact details set out in Section 15. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. It may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
Information we hold about you should be up-to-date and accurate. Please advise us in writing of any changes to your information using the contact details set out in Section 15 below.
If you receive marketing materials relating to our services by email or post, you may withdraw your consent for us to send these to you at any time, by using the “unsubscribe” option included in the email or other material. Alternatively, you can let us know your preferences by sending an email to firstname.lastname@example.org
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact us if you have any questions about this Privacy Notice or the personal information we hold about you or to exercise all relevant rights, queries or complaints.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Last updated: 19/12/2019