Privacy Policy

Business Durham Team Privacy Notice

This privacy notice explains how we use and share information. We will review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law.   

 

1. Who we are and what we do

Business Durham works closely with the business community across County Durham. This includes responding to enquiries for business support and proactively engaging with businesses through a range of organised events.

We use personal information to respond effectively to support requests and to monitor attendance at our events.

In addition, Business Durham organises and delivers a wide variety of business-focused events, including enterprise awareness sessions for school groups, postgraduates, and pre-start organisations.

For more information about our services, please visit www.businessdurham.co.uk. 

For the purposes of Data Protection, Durham County Council is the Data Controller.   

 

2. The types of personal information we collect and how we collect it

We may collect the following personal information about you:

• Full name

• Contact details related to your company or organisation, including email address and telephone number

• Job title

• Organisation name and address

 

We collect this information in the following ways:

• Online enquiry forms

• Online application forms

• Telephone enquiries

• Email correspondence

• Face-to-face meetings

• Business cards

• Online and in-person event registrations

 

3. How we use your personal information

 

We collect and process your personal information for the following purposes:

• To respond to your enquiries

• To assess and process grant applications

• To maintain ongoing engagement with you and your organisation in support of your business

• To monitor and report on Business Durham’s performance through statistical analysis

• To manage and coordinate events

Some of our services use Artificial Intelligence (AI) tools to support us in our service delivery.   

 

4. What our lawful basis is to obtain and use your personal information

The following are the lawful basis Article 6 of the UK General Data Protection Regulation (UK GDPR) for processing your personal information:

• 6 (e) ​Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

• 6 (f) ​Processing is necessary for the purposes of the legitimate interests pursues by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

 

 

5. Reasons we may share your personal information

We may legally be required to disclose your details if required to by the police or for 

regulatory reasons.

 

Microsoft Office 365 is the platform used for many of the council's desktop and collaboration services. This cloud-based suite updates our previous versions of Microsoft Office and introduces new tools for a more collaborative working environment. View Microsoft's privacy information.    

 

6. Processing personal information outside of the UK/EU

Your personal data is stored on our IT infrastructure and shared with our data processors, Microsoft and Amazon Web Services. It may be transferred and stored securely in the UK and European Economic Area (EEA). If your data is stored outside the UK and EEA, it will have equivalent legal protection through Model Contract Clauses.  

We can share information outside of this area when there is an adequacy determination in place. The EU uses the term 'adequacy' to describe other countries, territories, sectors or international organisations that it deems to provide an 'essentially equivalent' level of data protection for people's rights and freedoms. 

Event registrations are processed using Wix, Sign In App and Eventbrite and mailshots are processed by Wixemails, all comply with and meet GDPR requirements.

 

 

7. How your information is kept secure

The security of your personal information is important to us. This is why we follow a range of security policies and procedures to control and safeguard access to and use of your personal information.  

We have multiple policies in place that define our commitments and responsibilities to your privacy and cover a range of information and technology security areas.  

We also provide training to staff who handle personal information and we may treat it as a disciplinary matter if they misuse or do not look after your personal information properly.  

Records management  

We will not keep your information longer than it is needed or the law says we can. We will dispose of paper records or delete any electronic personal information in a secure way.   

Our Records management page provides more details of records management and information within the council.   

The retention period for this service is 3 years after the last known interaction with you and 7 years for any financially related documentation such as grant applications, claims and payments.

 

8. Marketing

At no time will your information be used or passed to others for marketing or sales purposes, or for any commercial use without your express consent.

 

9. Your Information Rights

Your Information Rights are set out in the law. Subject to some legal exceptions, you have the right:

• Your right of access - you have the right to ask us for copies of your personal information. This is also known as a Subject Access Request (SAR). You can make a SAR by completing the online form on our Find out what information we hold about you page.

• Your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

• Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.

• Your right to restrict processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances.

• Your right to object to processing - you have the right to object to the processing of your personal information in certain circumstances.

 

How your rights work depends on the legal basis for collecting and using your personal information. The following rights are modified depending on the legal basis:

​