Who we are
Invest ESSEX is operated by the Let’s Do Business (South East) Group Limited a company limited by guarantee, registered in England & Wales, no. 07422542. Vat No. 114 497433. Registered Office: 7-9 Wellington Square, Hastings, East Sussex, TN34 1PD.
Our contact details are:
8 Kingsdale Business Centre
Essex CM1 1PE
What information we collect and how
The information we collect via the website may include:
- Any personal details you knowingly provide us with through forms and our email, such as name, company name, address, telephone number, and email address.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
- Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This is statistical data about our users browsing actions and patterns and does not identify any individual.
What we do with your information
Invest ESSEX is committed to respecting your privacy and the privacy of every visitor who visits our website or contacts us via email or the contact us page. The information that we collect about you will be used to fulfil the required services and enable us to improve how we will deal with your requirements.
The information that we collect will only be used lawfully in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018. All data is retained within the United Kingdom.
Invest ESSEX takes precautions, including administrative, technical, and physical measures, to safeguard your data against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction. We use industry-standard efforts to safeguard the confidentiality of data, including encryption, firewalls and SSL (Secure Sockets Layer). We have implemented reasonable administrative, technical, and physical security controls to protect against the loss, misuse, or alteration of your data.
We will only disclose your information to third parties when:
- We are required to do so by our funders or in relation to the contracts we manage
- If there is a business/operational need to do so we will inform you and seek your consent as we may use third parties to process data on our behalf of run projects in conjunction with other organisations. Should we anticipate such activity we will inform you at the point we collect information
- We are under a duty to do so in order to comply with a legal obligation or to protect the rights, property or safety of others; this includes, but is not limited to exchanging information with other organisations for the purposes of fraud protection and crime prevention
- We will retain your information in line with the period outlined at the time the data is collected and only for as long as it is necessary to do so
If you have not actively provided your consent we may process your personal information for our legitimate business interests. To contact you in this way, we will have conducted a Legitimate Interest assessment
- Identify a legitimate interest;
- Show that the processing is necessary to achieve it; and
- Balance it against the individual’s interests, rights and freedoms
We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the website and issuing our e-mails for us. Third parties are expressly forbidden from using your personal information for their own purposes.
Personal information is processed for the following specified purposes:
- Processing your requests and delivering services you request from us
- Sending you information you have requested
- Auditing the usage of our Website
- Monitoring the usage of our Website to enable us to update and tailor our Website to meet the need of users
- Sending marketing information only where a person has specifically consented to this
- To comply with our legal obligations including fraud protection and crime prevention
If the business has any questions in relation to how the information the business provides, and in particular personal data, will be processed and disclosed please contact our data manager on email@example.com
Invest ESSEX will only send you a marketing email if you have given your consent to sign up to a mailing list, distribution or newsletter. Consent will always be our main priority. We ensure that we have a system in accordance with data protection principles whereby consent is freely given and that you are able to give a positive opt-in. This would always be your choice.
Each and every marketing message we send you will include an appropriate and easy way for you to opt out of receiving further communications by email from us, usually in the form of an ‘unsubscribe’ link. Alternatively, you can contact us at firstname.lastname@example.org with details of the email address you would like to remove.
You have the right to remove your consent at any time by contacting us and requesting that processing of your details be restricted or deleted. To have your information removed, rectified or verified, please contact email@example.com or unsubscribe.
You have the right to request the information we hold about you. This is known as a Subject Access Request (SAR). Before we agree to this, you must provide us with sufficient evidence of your identity and sufficient details of the information you with to see to enable us to locate it.
You have the right to correct any errors in information we hold about you and to change or correct any details you have already given us. Please inform us about changes to your details so that we can keep our records accurate and up to date.
The Right to Lodge a Complaint
If you receive a response from us about your personal data that you’re unhappy with, or if you need any advice you should contact the Information Commissioner’s Office (ICO).
0303 123 1113
You can also chat online with an advisor.
Privacy Notice for the Purpose of Data Collection for ERDF
The UK is updating its data protection legislation and it will come into force on 25 May 2018. The new laws aim to update current data protection legislation including the Data Protection Act 1998, increase the privacy protection of all UK and EU citizens and reduce the risk of data breaches. It will apply to all public and private organisations processing personal data.
The EU Common Provisions Regulations (CPR), and Article 6 of the European Regional Development Fund (ERDF) Regulation require the Ministry for Housing Communities and Local Government (MHCLG), as the managing authority for the programme, to monitor and evaluate ERDF-funded activities. In order to conduct monitoring and evaluation (including the summative assessment) and to ensure compliance, the collection of personal data is required.
Who is the data controller for ERDF personal data?
The MHCLG ERDF Managing Authority is the controller for all personal data required to help deliver the ERDF programme under the terms of its ERDF Funding Agreement. The MHCLG ERDF Managing Authority will be processing personal data in the ERDF programme according to the following lawful basis:
Article 6(1)(e) of the EU General Data Protection Regulation (GDPR)
‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
The lawful basis for controlling or processing `special category’ data under ERDF is:
Article 9(2)(g) GDPR
“processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;”
What personal data will be collected?
Depending on the nature of activities of the ERDF-funded project and the indicators listed under each activity, the following information for each direct or indirect beneficiary where these are individuals may be collected:
- Name of contact point within a business (in some cases property owner) engaged with or individual engaged with;
- Phone number
- Email address
- Labour market status prior to receiving support and 6 months after receiving support
- Duration of support
- Intensity of support
- Pay details
MHCLG may collect special category data on ethnicity and disability.
Who will my personal data be shared with and how will it be used?
Your details will be stored securely and retained in compliance with GDPR and the new Data Protection Act. This information will be used to evaluate this project and to report to the European Regional Development Fund for monitoring and evaluation purposes.
Your details will be used to support the ERDF programme research and evaluation activities. MHCLG will need to share all or some of your personal data with the national evaluator of the ERDF programme. In some cases, the national evaluator, i.e. independent external contractors commissioned by DCLG, may use the contact details to contact a sample of direct or indirect beneficiaries for the purpose of the National Evaluation of the programme. It is likely that the survey methodology will need to incorporate a variety of approaches in order to maximise the survey response rate (for example, telephone survey, written survey, and e-mail survey) – hence the need for a variety of contact details required for each participant. MHCLG may also need to share with other government departments and the European Commission where this is necessary to test the robustness of the data gathered or to inform the National Evaluation.
MHCLG will not give any personal data to any other organisation unless needed for the purpose of the evaluation and will instruct them not to use it to contact individuals for any reasons not connected with the purpose of the National valuation of the ERDF programme 2014-2020 or other matters directly relating to the evaluation. If MHCLG has to pass on the data, it will only provide what is needed, and if possible will remove the details that might identify individuals personally. MHCLG will not transfer personal data outside the European Union, to third countries or international organisations.
MHCLG will not keep your personal data for longer than it needs but as a minimum, will retain data for two years after the closure of the 2014-2020 ERDF programme in line with the European Regional Development Fund document retention guidance to ensure MHCLG meets reporting obligations and to demonstrate compliance with EU Requirements.
ERDF participants cannot claim the following rights in terms of ERDF personal data:
- right to erasure (“right to be forgotten”)
- right to portability of their data
- The data collected is your personal data, and you have the right, subject to lawful data requirements:
- to see what data we have about you;
- to ask us to stop using your data;
- to ask us to delete your data, or to correct your data if there is no longer a justification to process it;
- to lodge a complaint with the independent Information Commissioner (ICO) if you think we are not handling your data fairly or in accordance with the law.
Automated decision making
Your personal data will not be subjected to automated decision making
You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you would like further information about the programme and your personal information please contact the ERDF Programme at: firstname.lastname@example.org
Last updated: 12/12/2019
Last updated: 12/12/2019