Privacy Policy [Aberdeen]

This privacy policy was updated on 23rd August 2019

Protecting Your Privacy

This Privacy Policy aims to provide you with information about how we handle data at Opportunity North East Ltd (ONE) including our subsidiary, ONE Digital & Entrepreneurship Ltd (ONE D&E).

We talk in detail about the data we hold, what we do with this data, when we share it outside of ONE (and with whom) and how we protect your privacy. You can read more about your rights around data and contact us as well.

It is important that you read this Policy together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

We may update our Privacy Policy from time to time. When we do, we will communicate any changes to you and publish the updated Policy on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your data and your rights to control how we process it.

Controller

ONE is the controller and responsible for your personal data.  If you have any questions about this Policy, including any requests to exercise your legal rights, please contact ONE using the details set out below.

Contact Details

ONE

Full name of legal entity: Opportunity North East Ltd

Email address: dataprotection@opportunitynortheast.com

Postal address: Opportunity North East Ltd, 11 Queens Gardens, Aberdeen, AB15 4YD

Telephone number: +44 (0) 1224 061100

ONE D&E

Though a legal entity in its own right, ONE D&E is a subsidiary of ONE.  Therefore, all ONE D&E enquiries should be made through the above contact details. ONE D&E will only use and share your information with ONE where it is necessary for us to lawfully carry out our business activities.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What this Privacy Policy explains

The information we collect

  • How we will use it

  • Where we collect it from

  • How long we store it

  • Our legal basis for processing your personal data

  • Your rights and how you can see, update or delete your personal data

  • Disclosures of your Personal Data

  • Securing your data

Who we are

ONE was launched in December 2015, following extensive consultation with the region’s business community and discussion with the public sector. It is the private sector’s response to the economic challenges in the region.

Recognising these challenges and the opportunities ahead, the Regional Economic Strategy -published in December 2015 by Aberdeen City Council, Aberdeenshire Council and Opportunity North East, produced a vision and strategy for the future of the economy. This focuses on four key strands: investment in infrastructure; innovation; inclusive economic growth; and internationalisation.

With the private and public sectors working together, we can realise our shared vision of North East Scotland remaining a major economic driver for Scotland and the UK.

ONE is made up of an economic leadership board, four sector boards covering its priority industries, Food, Drink & Agriculture, Life Sciences, Oil, Gas & Energy and Digital & Entrepreneurship and its executive team.

What information do we collect and what do we use it for?

Personal data is information that relates to an identified or identifiable individual. For example, it can include information such as your name, date of birth, email address, postal address, telephone number and payment details.

We may collect, use, store and share different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender

  • Contact Data includes address, email address and telephone numbers

  • Stakeholder Data includes information provided as part of a business activity which can include one or many of the kinds of personal data listed

  • Financial Data includes bank account and payment card details

  • Transaction Data includes details about payments to and from you

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website

  • Usage Data includes information about how you use our website or booking system, as well as the frequency and pattern of your service use

  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences

Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

  • Where we need to perform the contract we are about to enter into or have entered into with you

  • Where we need to comply with a legal or regulatory obligation

  • Keep a record of your relationship with us

  • Ensure we know how you prefer to be contacted

  • When you create an account with us

  • Process payments for our products and services

  • Understand how we can improve our services and information

  • To keep you updated with news and forthcoming events

How we obtain your data

We may obtain your personal information through a number of different sources:

  • Direct interactions. Information you give to us when you contact us by any means with queries, referrals and requests

  • When you book any kind of appointment with us or book to attend an event, for example workshops, training events, seminars, conferences and awards

  • When you visit us at an event, such as a trade show or exhibition

  • Via our website when you sign up for a newsletter, fill out a feedback form or complete the ‘contact us’ form,

  • When you create an account on the ONE Tech Hub booking system

  • Referrals from Partner organisations

  • Information that we learn about you through our relationship with you

  • Information that we gather from publicly available sources, such as the press, company registers and online search engines. Information that you make public on social media e.g. Facebook, Twitter, LinkedIn.

Core Services – growth programmes, cohorts, projects etc…

To achieve its strategic objectives, ONE will manage and deliver projects which engage with companies and individuals throughout the region and beyond.  This may include, but will not be limited to, the delivery of business support and business support programmes, masterclasses, mentoring, network events.  The legal basis for collecting this data is contractual where we enter in a contract with you or legitimate interest in all other cases.  If you cease to work with us, we will hold the data for five years afterwards.  We currently hold this data in a Business CRM system

Sharing with third parties

ONE and ONE D&E work with third party partners, including but not limited to Scottish Enterprise, Aberdeen City and Aberdeenshire Councils and Codebase Ltd, to run events, programmes, and initiatives.

In some cases, we provide information to these third parties as part of the business activity with individual businesses, so we consider this stakeholder data. The legal basis for collecting and sharing this data is legitimate interest. We retain for five years after a business has ceased to work with us and for a further five years in anonymised form as part of statistics or other aggregated data.

We will not share your information with anyone outside ONE except:

  • where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies

  • in anonymised form as part of statistics or other aggregated data shared with third parties; or

  • where permitted by law, it is necessary for our legitimate interests or those of a third party and it is not inconsistent with the purposes listed above.

Data Processors

Our authorised data processors are subject to comprehensive due diligence in-line with current data protection legislation.  When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services.

  • They may only use your data for the exact purposes we specify in our contract with them.

  • We work closely with them to ensure that your privacy is respected and protected at all times

  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

ONE will not share your information with third parties for their own marketing purposes

 Digital Services

Website

We collect information from you when you connect with us, by completing the ‘Subscribe for News, Updates and Events’ form on our website(s).

We will treat all the information you provide to us as personal data. The personal data we will collect from you will be first name, surname, email address, company name and sector preferences.

If you are a business customer or stakeholder, we generally do not rely on consent as a legal basis for processing your personal data. The legal basis for collecting data is Legitimate Interest. We will retain this data for five years from the last known activity.

You can ask us to stop sending you notifications at any time by following the opt-out links on any email sent to you OR by contacting us at any time.

Where you opt out of receiving these notifications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

We currently hold this data in a Business CRM system.

We do not collect or store your personal information (e.g. your name or address) in our website analytics. To evaluate how our website can be improved, we store information about what pages you visit, how long you are on the site, how you got here and what you clicked on.

Booking System

ONE D&E provides an online booking system to allow ONE Tech Hub Hot Desk Users, Internal & Co-Working Partners and Tenants to book desks, meeting rooms and events.  To do so, persons are required to complete an ‘Enquiry Form ‘on either the ONE website or ONE Codebase page hosted on the Codebase Ltd website or directly into the online booking system . You may be asked to submit your first name, surname, email address and telephone number.

On receiving the request, we will create a tentative account using the data provided and invite you by email to confirm your account.  On confirmation, further information may be  required to process payments (please refer to payments section).

Persons will be able to login using their social profiles such as FaceBook, Google, Microsoft and Twitter.  To find out more information about the use of social profiles, please visit and read the individual platforms Privacy Notices.

The legal basis for collecting this data is Contractual. We will retain this data for five years upon which it is securely destroyed.

Payments

Where you are required to pay for a service, payment may be collected by credit card through EventBrite, Stipe or another online payment platform who all, by law, adhere to the Payment Card Industry Data Security Standard (PCI-DSS).  ONE and ONE D&E have no access to any credit card data input to these systems.  Please refer to the terms and conditions and privacy policies on the online payment platform to understand how they will handle your data and ensure your privacy.

Events

We may collect your business identity data and contact data at events arranged by us, our Partners or other Stakeholders. These events can include workshops, industry talks & Meet-ups, training events, seminars, conferences, and awards.

As this information is provided as part of a business activity, we consider this stakeholder data. The legal basis for collecting this data is legitimate interest. We retain for five years after a business has ceased to work with us.

Social Media

When you use a social media platform and interact with ONE, ONE D&E, you do so by consenting to the terms & conditions of such platforms.  This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest, YouTube and Google+.  For more information, please see their individual Terms & Conditions and privacy policies.

Direct Marketing

We will send you marketing emails and newsletters to keep you updated on our products and services.  You can at any time opt out of receiving these emails.

  1. For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours. Your information will be securely destroyed five years after your last interaction with ONE, ONE D&E

  2. For consumers, our lawful basis is consent and will be securely destroyed 2 months after consent is withdrawn.

One Enterprise Fund

ONE employs third party suppliers to provide services including utilising the services of a credit reference agency (https://www.callcredit.co.uk/legal-information/bureau-privacy-notice).

 Security

We ensure that there are appropriate technical controls and security measures in place designed to protect and prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed  We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the;

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.

  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.

  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.

  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

  • Right to portability. You may transfer the data that we hold on you for your own purposes.

  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Individuals can find out if we hold any personal information by making a ‘right of access’ request.  More information can be found at https://ico.org.uk.

If we do hold information about you, we will:

  • Give you a description of it;

  • Tell you why we are holding it;

  • Tell how long we keep in for and the lawful basis for doing so;

  • Tell you who it could be disclosed to; and

  • Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: info@onecodebase.co.uk