Alert close - icon Fill 1 Copy 10 Untitled-1 tt copy 3 Untitled-1 Untitled-1 tt copy 3 Fill 1 Copy 10 menu Group 3 Group 3 Copy 3 Group 3 Copy Page 1 Group 2 Group 2
Search toggle
Menu
     
close menu
Home Your council UK General Data Protection Regulation (GDPR) Privacy notices Place Derbyshire Business Start-Up Support Scheme privacy notice

Derbyshire Business Start-Up Support Scheme privacy notice

We are committed to protecting your personal data, and ensuring it is used fairly and lawfully. Information you provide to us will be used in accordance with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 legislation.

We are the data controller under the for the personal information we hold in connection with the services we provide.

The type of information we use

Personal data is information about living individuals, such as name, address or date of birth. It can also include more sensitive information (referred to as 'special category personal data') such as information about a person's health, ethnicity.

We currently collect and process the following information:

  • name
  • date of birth
  • postal address
  • employment status
  • contact telephone number
  • email address

We also process the following types of special category information:

  • personal data revealing racial or ethnic origin
  • data concerning health
  • data concerning gender

Why we collect and use this information

The information provided will only be used for the following purposes:

  • provide business support to individuals and businesses
  • use your personal data for contact purposes
  • to monitor performance against equality opportunities objectives

It will not be processed for any other purpose. The lawful basis for processing is Article 6(1)(e) Public Task.

The public task is the local authority's function in driving economic generation.

If we process special category data such as data relating to your health or ethnicity, it will be because there is a substantial public interest in processing this data to ensure equality of opportunity or treatment under A9(2)(g) and the Condition for Processing under Part 2 of Schedule 1 of the Data Protection Act 2018.

If we use an alternative legal basis to process your personal data for any reason you will be made aware.

Collecting your data

We collect information, if appropriate and relevant, from a range of individuals and organisations. These will include yourself and Derbyshire County Council Business Advisers.

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • check eligibility for support
  • register your business
  • provide business start-up support
  • for monitoring purposes

If you do not provide the information that we require it may affect our ability to deliver the services.

Keeping your information safe

In order to meet our commitment to protecting your personal data we have data protection policies and procedures in place to ensure that it is safeguarded.

We carry out checks on all third parties we use, and also have contracts in place with them which detail data protection obligations they have to follow.

Your information will only be held by us for the set amount of time stated in our records retention schedule and will be permanently deleted or securely destroyed at the end of the period stated unless we have a lawful reason to retain it.

Sharing your data

We will only share your personal data with the organisation that helps us to provide this service. When sharing information, we do so in line with data protection legislation and agreed information sharing protocols with our partners.

The partners we share your data with are borough and district councils in Derbyshire including Derby City Council, East Midlands Combined County Authority, Erewash Partnership and Clown Enterprise.

We use a client relationship management (CRM) for recording information we receive. The provider is called Alcium Software Ltd.

In order to process your personal data, we may use other third-party software providers such as Microsoft. We carry out checks on all data processors we use, and also have contracts in place with them which detail data protection obligations they have to follow.

We may also lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds.

We do not sell your personal information to third parties.

The Accounts and Audit Regulations 2015 requires us to have an internal audit service to evaluate the effectiveness of its risk management, control and governance processes. To enable this, our internal audit team require access to documents, records and personal data belonging to the council, its contractors, or suppliers to do their work. Further details on the role of our internal audit team can be found within the audit services charter.

Requesting access to your personal data

You have the following rights, subject to lawful exemptions, to:

  • access copies of any records we hold about you
  • have any information we hold about you corrected
  • object to information about your you being held
  • challenge decisions relating to you made using automated decision making and profiling

You can find more information on your rights, and how to make requests under those rights.

You can find detailed advice on your rights from the Information Commissioner's Office.

If you have any concerns

If you have any concerns or are unhappy with our use of your personal data, please let us know by contacting:

If you are dissatisfied with our response you can contact the Information Commissioners Office:

  • Write to:
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Fax: 01625 524 510.