Welcome to Business West’s Privacy Notice.
We take your data very seriously and are committed to the privacy and security of it. This policy tells you how we will collect and use your personal data and what you should expect in relation to the personal information we collect about you.
We know there is a lot of information in here so we have structured it in a format that enables you to click through to specific areas.
It is important that you read this privacy notice, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and is not intended to take the place of them.
It’s likely that we’ll need to update this privacy notice from time to time. Please keep an eye on our website for changes.
Who We Are
We are GWE Business West Limited (Registered Company No: 06399340) trading as Business West. Our Registered Office is Leigh Court Business Centre, Pill Road, Abbots Leigh, Bristol, BS8 3RA.
We are a not-for-distribution company, whose purpose is to remove barriers to business growth to ensure long-term sustainable wealth creation in our region – making it the best place to live, learn, work and prosper. We achieve this by helping businesses of all shapes and sizes to start, grow, innovate and export, as well as lobbying government and campaigning on their behalf to tackle key business challenges. Any surpluses are reinvested back into the business in order to help achieve our purpose.
Business West is our corporate brand but we also have other brands within the group. Our portfolio includes:
- Chambers of Commerce
- Nuclear South West
- Leigh Court
- Acorn International Trade Services
- Export for Growth
- Great British Food Programme
- Workspace offices to rent: Leigh Court - Bristol; Park House - Swindon; Paulton House - Midsomer Norton
If you have any questions in relation to this privacy notice, including any requests to exercise your legal rights please contact our Data Privacy Manager via email email@example.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues – www.ico.org.uk. We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance.
We are the data controller of the personal data that we keep and use, and we are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws in respect of that personal data.
We will act in respect of personal data to comply with the six principles of the General Data Protection Regulation (GDPR) which are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
There are some specific services where we are the data processor – see section 7
We will only use your personal data when the law allows. The law on data protection sets out a number of different reasons (lawful bases) why a company may collect and process personal data. Most commonly, we will use your personal data in the following circumstances.
- In performance of a contract with you. For example, if you take a service from us, we’ll collect your contact details in order to deliver the service to you. Where that service is funded by a third party we’ll collect information to confirm your eligibility.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we’ll use your contact details to send you direct marketing information telling you about business services that we think might interest you.
- Where we have your consent to do so. For example, when it may be relevant to connect you to other organisations.
- Where there is a legal requirement. For example, to pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
- Where it is needed in the public interest or for official purposes. For example, in order for our International Trade Documentation department to process and authorise Certificates of Origin.
- Where we need to protect your interests (or someone else’s interests). For example, in our recruitment activities.
We collect and process personal data to:
- Provide business services; representation and lobbying work; virtual and serviced offices and Leigh Court venue hire services.
- Market services which may be of interest to you.
- Deal with enquiries about our job opportunities.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity and Contact Data: contact names, emails, telephone numbers, addresses, marital status, gender, business information – job title, company name, address, telephone number. For recruitment purposes only we will also collect education and employment history, identity and other background checks (which may include appropriate criminal and financial checks and confirmation of the right to work in the UK), age and recruitment information (including references).
- Financial Data: bank account and payment card details (business and personal).
- Transaction Data: details about payments to and from you and other details of services you have taken from us.
- Technical Data: internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
- Profile Data: username and password.
- Usage Data: information about how you use our websites.
- Interest data: what business information you are interested in.
Special Categories of Data
We may collect and use special categories of personal data:
- When you book onto an event - this information may include details of access or dietary requirements you may have, which may reveal information about health or religious beliefs.
- As part of any recruitment activities - we may collect and use special categories of personal data as required in carrying out our obligations and exercising specific rights of yourself or us. This may include information such as health, racial origin, religious belief and offences or alleged offences.
Section 6 details the types of personal data we collect when you are engaging with different areas of our business.
Through our websites we also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we can combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy notice.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with business services). In this case, we may have to cancel a service you have with us but we will notify you at the time.
We may collect personal data from and about you through:
Direct interactions, when you:
- Enquire, apply for or receive any of our services
- Attend our events
- Register or use our websites
- Provide us with feedback
- Contact us by any means with queries or complaints
- Request an application form for one of our vacancies
- Apply for a role within Business West
- Visit any of our premises (where your image could also be collected on CCTV)
- Request marketing information to be sent to you
- Enter a prize draw or competition
- Complete a survey
Automated technologies or interactions
- We may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
Third parties or publicly available sources
We may receive personal data about you from various third parties:
- Technical Data from the following parties:
- Analytics providers
- Advertising networks
- Search information providers
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services
- Identity and Contact Data from data brokers or aggregators
- Identity and Contact Data from publicly available sources such as Companies House
We collect personal data from you in order to:
- Send you relevant information on key business issues
- Administer an event booking
- Respond to enquiries
- Process applications to receive business support services
- Enable you to access and use our members’ area on the website
- Send you surveys and to seek your feedback on business issues - -
- Enable you to access a range of benefits provided by 3rd party organisations
- Process Export documentation and provide training
- Allow you to register on the our websites and manage your account
- Use data analytics to improve our website, services, marketing, customer relationships and experiences
If you do not wish for your data to be used for any of these purposes, please let us know by emailing firstname.lastname@example.org.
Business West operates the following websites:
The websites are not intended for children and we do not knowingly collect data relating to children.
We will collect personal data from you in order to give you the best possible experience whilst using the site.
- Our websites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We will collect the following personal data: Names, addresses, contact details, education and employment history, identity and other background checks (which may include appropriate criminal and financial checks and confirmation of the right to work in the UK), marital status, age, gender and recruitment information (including references).
We may collect and use special categories of personal data as required in carrying out our obligations and exercising specific rights of yourself or us in the field of employment. This may include information such as health, racial origin, religious belief and offences or alleged offences.
Personal data may be collected during the selection process (for example via your application form and CV) or from third parties, including referees, health service providers, background check providers.
As part of the HR administration and management function, we will collect the personal data of job applicants in order to select the appropriate candidate (including suitability, eligibility and/or fitness to work). This personal data will also be used for equal opportunities monitoring.
As a business support organisation with not-for-distribution roots, our motivation is our clients’ success as befits an organisation with not for distribution roots. Part of this is ensuring you are aware of the range of publicly funded and other business support services available to you, giving you the opportunity to benefit from those, which are relevant, and of interest.
To help us decide what we think will be of interest to you, we may use information about your business - such as its size, nature of business, geographical location, the services you have previously used and how you are engaging on our website. If you have requested information from us, made an enquiry, registered an interest in a service, requested a call-back, purchased a service, registered on our website, attended one of our events, engaged with one of our Funded Services, entered a competition- and in each case did not opt out of receiving that marketing - you may receive direct marketing (e.g. email, direct mail or telephone) communications from us which we feel will be of interest to your business.
At any stage you can ask us to stop sending you marketing communications or unsubscribe from a specific email by:
- Visiting our unsubscribe form to manage your subscriptions.
- Clicking the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails sent from that particular division of the business.
- Email: email@example.com
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Where you opt out of receiving these marketing messages, you will still receive operational emails from us, for instance if we need to advise you of our opening hours or request information needed for a service you are receiving.
Third party marketing
We take your data very seriously and will not share your personal data with any company outside of Business West for marketing purposes.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email firstname.lastname@example.org
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. When we may share personal data
Third party service providers
We rely on third-party service providers to perform a variety of business operations on our behalf. In so doing, we may need to share your personal information with them. We provide our service providers with only the personal information they need to perform the services we request and we require that they respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.
Business West delivers a number of services fully or part-funded by third parties, often public bodies, under contract. Where we deem that one of these services is the most appropriate solution for your enquiry, your data will be passed to the relevant funder. Please refer to the privacy notice of the relevant funder for details of how they process your personal data.
Data Controller (s)
Other situations where we may share your data
Where we are organising events with other organisations, we will notify you at the point that this data is collected.
Nuclear South West may share business names with the Industry Network Steering Group for the purposes of servicing and developing the membership offer.
In our Membership Services we provide a range of benefits, some of which are delivered by 3rd party organisations. We will pass on your details to enable to the 3rd party to provide those benefits to you. We encourage you to read their privacy notices.
In our Research and Policy work we work closely with local MPs and the local media who may be interested in contacting local businesses. We will only pass on your details with your consent.
In order to fulfil your international trade documentation requirements, your data will be shared with i2i Infinity Ltd which owns the e-z Cert site. We encourage you to read their privacy notice at e-zcert privacy. Where we are providing:
- Arab documentation, your personal data may be passed to either the Arab-British Chamber of Commerce or Arab Country Embassies
- A Letter of Credit Service, your personal data may be passed to Banks
- Documentation, your personal data may be passed to the British Chambers of Commerce for Audit purposes
- World documentation, your personal data may be passed to The Foreign & Commonwealth Office, or World Country Embassies
- Customs documentation services, your personal data may be passed to HMRC
- ATA Carnet documentation, your personal data may be passed to London Chamber of Commerce
- ATA Carnet guarantees or Marine insurance, your personal data may be passed to our insurers or insurance brokers
In order to enhance the benefits of ‘sellers’ listing on the Great British Food programme website we may share your contact details with the Department for International Trade (DIT) and business support organisations in your region that provide publicly funded international trade services in order to develop your business’ capability to trade internationally. Information will not be shared where you have opted-out.
In order to deliver services offered by the Cavendish Consortium, your data will be shared with Consortium Members (details are available on request), The Department for Business, Energy and Industrial Strategy (BEIS) and Innovate UK. We encourage you to read the following privacy notices:
When processing a tenancy application we will carry out the necessary checks with our anti money laundering and fraud prevention providers – CreditSafe and Northrow. For more information, please visit www.creditsafe.com and www.northrow.com.
We may disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as the USA.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.
For example, this might be required in order to fulfil an event booking, process your payment details or provide support services.
Countries outside the EEA may have data protection laws that do not always offer the same level of protection for personal data as countries within the EEA. If we do this, we will safeguard personal data as set out in this Privacy Notice.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow us to freely transfer Personal Data to such countries. If we transfer Personal Data to other countries outside the EEA, we will establish legal grounds justifying such transfer, such as Binding Corporate Rules model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements.
You can request additional information about the specific safeguards applied to the export of your Personal Data.
8. How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further consent from you.
9. How you can make changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can do this by:
- Updating your data held in your online account on www.businesswest.co.uk if you’re a chamber member or have registered on the site.
- Emailing: email@example.com
10. How we protect personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Your legal rights over your personal data
You have the right to:
- Request access to the personal data we hold about you, free of charge in most cases.
- Request correction of your personal data when incorrect, out of date or incomplete.
- Request restriction of processing of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data where we are relying on your legitimate interest and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Withdraw consent at any time where we are relying on consent to process your personal data.
You have the right to request a copy of any information about you that Business West holds at any time, and also to have that information corrected if it is inaccurate.
- No fee is usually required - You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- What we may need from you - We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
- Time limit to respond - We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- If we choose not to action your request we will explain to you the reasons for our refusal.
If you wish to exercise any of the rights set out above, please contact our Data Privacy Manager via email firstname.lastname@example.org
13. Any questions?
We hope this policy explains how we collect and use your personal data and your rights to control it.
If you have any questions or comments please do contact our Data Privacy Manager by:
Post: Business West, Park House, Church Place, Swindon, SN1 5ED
Last updated: 12th January 2021