WCC SMEG Data Privacy Policy v1

SME Growth Project : Data Privacy Policy


1. Introduction

This paper describes how data collected from clients of the SME Growth project will be gathered and used. Data confidentiality is discussed with the client at an early stage, before submission of an application to the programme. This describes what information (a) we must collect and disclose to fulfil the requirements of the funding bodies, (b) we need to deliver the right support and (c) ask to share with stakeholders. The aim is for the client to have confidence that the information provided is stored securely and will only be used for purposes that the client is aware of and has agreed to.
As part of the acceptance process onto the programme, the client is asked to confirm in writing that he/she has read this data privacy policy and agrees to how data could be used. 

2. Why is company data collected?

We use information provided for administration, delivery, reporting, marketing and research purposes. We use it for

1. Mandatory purposes

  • Assessment of eligibility and suitability of the client for the programme
  • Evaluation of the client’s ability to harness innovation capability to deliver growth plans
  • Design of bespoke packages of support
  • Generation of anonymised evaluation data describing the uptake and impact of the programme
  • Evaluation, compliance and publicity by funding organisations

2. Optional purposes

  • Analysis, follow-up and publicity by key stakeholders
  • Referrals to complementary support services
  • To provide information on products or services that a client requests from us or which we feel may be of interest, where the client has consented to be contacted for such purposes.
  • SME Growth team training

The client has the right to deny permission for us to use data for anything other than the mandatory purposes.

3. What client data is collected?

  • Most of the client data is collected by the application form. This includes:
  • General company information
  • Services and sectorsEligibility– turnover, employee numbers, ownership, etc
  • Details of previous State Aid received
  • Diversity and equality profile

OIS may also collect information that is publicly available, such as from Companies House. Client information may also be captured in other client documents including questionnaires, client case file, action plan, meeting records and reports produced by the Business Support Advisor. Business Support Providers may record any other information a client chooses to share, either electronically, verbally, in written form or face to face.

4. How is data stored?

We treat information security very seriously. We will take all reasonable technical and operational precautions to prevent the loss, misuse or alteration of client information. Any data provided by you is:

  • Held on our secure, internal servers, and managed by a datacentre supplier who is certified to meet the requirements of ISO 27001 Information Security Management.
  • Not transferred outside of the European Economic Area.
  • Held in accordance with our Information Security policies.

No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data.

5. How could data be disclosed?

Below is a table showing how data may be disclosed. Clients will be notified of any changes or additional requests from other stakeholders. If the request is not for a mandatory purpose, clients can instruct their Business Support Provider not to share their data.

We may also disclose your personal information to third parties:

    • If a Business Support Provider is acquired by a third party, in which case personal data held by us about you will be one of the transferred assets
    • To the extent that we are required to do so by law
    • In connection with any ongoing or prospective legal proceedings
    • To establish, exercise or defend our legal rights.

    We will not disclose personal information to other third parties without a client’s consent.

    6. Client rights

    6.1 Accessing your data

    The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. We will require proof of identity with any request made.

    You may instruct us at any time not to use your personal information for marketing purposes. In practice, you would typically agree or disagree to this in advance when submitting or updating your personal information, though opportunities to opt out are written into our processes.

    6.2 Updating your data

    We seek to verify and confirm the accuracy of the information that we hold about you every time we interact with you. Please let us know at any time if the information we hold about you needs updating or correcting.

    7. Roles and responsibilities

    The SMEG Team Leader is the nominated Data Controller for the SME Growth project. The Data Controller maintains and updates this Data Privacy Policy and checks compliance by SMEG team members. The Data Controller is the first point of contact for any queries or complaints from clients regarding the use of their data and he/she will take appropriate action to try to resolve them.

    Angela Hays

    Innovation Advisor and Team Leader, SME Growth Project
    E: Angela.Hays@wiltshire.gov.uk
    M: 07880 705974
    T: 01225 718484

    1-This group comprises Wilts & Swindon employees involved in or supporting delivery of SMEG
    2-Innovate UK, Department for Communities and Local Government, European Commission
    3-Business Support Providers including Inspire, Business West, Cool Ventures & Oxford Innovation