This notice explains what personal information we, Business Gateway Fife, collect, when we collect it and how we use it. We collect and use personal data in line with the guidelines published in the UK General Data Protection Regulation and the Data Protection Act, 2018. We have separate Privacy Notices for our Employees and Members of our Board.
We are registered as a Data Controller with the Office of the Information Commissioner under registration number Z574892X, and we are the data controller of any personal data that is provided to us.
Who we are:
Business Gateway Fife is a publicly funded service contributing to the economic well-being of Fife by providing access to free business advice & support services.
The service is delivered by Local Government in Scotland, which includes:
- Convention of Scottish Local Authorities (COSLA), Verity House, 19 Haymarket Yards, Edinburgh EH12 5BH
- Fife Council
- Contractors who deliver services or process data on behalf of Local Government in Scotland
- This notice explains how COSLA, Scottish Local Authorities, and contractors who deliver services on our behalf use your personal information in relation to Business Gateway services.
We also work closely with partner organisations who deliver business support and economic development activities in Scotland, which includes:
- Fife Council Economic Development
- Scottish Enterprise
- Highlands and Islands Enterprise
- Skills Development Scotland
- Partner organisations provide their own privacy notices which explain how they use your personal information.
How we use your information
We use your personal information to allow us to provide business advice & support services to you.
We will use the information you supply to us to:
- Verify your identity where required
- Reply to your enquiry by post, email, or telephone;
- Maintain our records;
- Provide services to you;
- Send you information on our other services;
- Look at the services you and other clients use; and
- Report on the number of clients using our services.
What is our purpose & legal basis for processing your information?
We provide business advice and support services to you as part of our duties as local government in Scotland. Where you have requested a service, we use your personal information to provide you with that service. This is necessary for us to deliver services to you as part of our performance of a task in the public interest.
Where we are not performing our task in the public interest, we may also rely on our legitimate interests to process your information, for example in relation to the use of CCTV within our premises for the security of our staff, visitors and premises.
We may need to process your personal information to comply with our legal obligations such as a Court Order.
Where we process your personal information for marketing purposes, we do so with your Consent.
We also process some sensitive information (known as ‘special category data’) about you, such as details about your health or disability or your ethnicity. We will only process this information with your explicit consent.
What happens if you do not wish to provide your personal information?
We process your personal information to provide business advice and support services to you.
If you do not wish to provide us with your personal information, this may limit our ability to provide these services to you.
Categories of personal data processed
- email address
- phone number
- post code
- date of birth
- employment status
Special Category personal data processed:
- ethnic group
- disability status
Where we may collect personal data from
Directly from you
- From third party databases that we have licensed (For example, business information databases such as FAME and Mint UK)
- From the Records Management System (CRM) Partners (see below)
Where we have your consent to do so, we will send you information and updates about Business Gateway services. These updates may include information on events that we are holding and information about the business support and advice services that are available to you from the partners.
If you decide that you no longer wish to receive these messages then you can withdraw your consent and opt out of future communications. We will still communicate with you for other purposes in the ordinary course of any other relationship we have with you.
Who do we share your information with?
We will generally comply with requests for specific information from regulatory and law enforcement bodies where this is necessary and appropriate.
When we use a third-party (a data processor) to process personal data, we enter into a written data sharing agreement with the processor to ensure that they fulfil the obligations of the data protection law.
We also share your personal information with our service delivery partners to enable them to assist in the delivery of business advice & support services. These partners include:
- Local Government (COSLA and Scotland’s 32 Local Authorities)
- Scottish Enterprise
- Highlands & Islands Enterprise
- Skills Development Scotland
- Contractors who deliver services on our behalf
Your data will be held in a Customer Relationship Management (CRM) Database operated by Scottish Enterprise. The data will also be used to help develop policy and interventions that support our work in providing business advice and support. This is covered by our participation in the Records Management System (CRM) Partnership.
Who is the Records Management System (CRM) Partnership?
The Records Management System (CRM) Partnership comprises: -
- Scottish Enterprise
- Scottish Development International (a joint venture among Scottish Enterprise, Highlands and Islands Enterprise and Scottish Government)
- Business Gateway (represented by COSLA)
- Skills Development Scotland
The purpose of the Records Management System (CRM) Partnership
The Records Management System (CRM) Partnership will use personal data, together with other non-personal (business) data for the purposes of:
- consistent, clear and co-ordinated engagement with our customers on products, services and support that they are interested in
- better design of business support services across the wider public-sector landscape
- opportunities to refer across and between Partners, develop shared understanding and to monitor the effectiveness and responsiveness of the Partners’ individual service offerings
- collaborate on the design of future services and interventions as a result of insights gained from a shared system, aggregated data and better understanding of what support Customers are seeking and receiving in real time.
How long do we keep your information for?
We only keep your personal information for the minimum period amount of time necessary. Sometimes this time period is set out in the law, but in most cases it is based on the business need.
We are currently reviewing our data retention policies. If you wish to know how long your personal data is being kept, please contact at email@example.com
Where your information may be held internationally
In some situations, the personal information that we collect from you may be transferred to, and processed, at a destination outside the European Economic Area.
Where this is the case, we ensure that the organisation processing the data provides an adequate level of protection for your rights, and complies with the conditions of data protection law set out in the UK General Data Protection Regulation.
Using the Business Gateway Fife website
Visiting our premises
When you visit one of our premises, we may record your name in our signing-in register. Your image may be captured by our CCTV cameras. Notices are available where the cameras are in operation.
If you are a business contact
We may collect your business contact details such as your name, business address and business e-mail and your company’s bank account details. If you are a sole trader this may be your personal details which will be treated in accordance with this notice.
If you apply for a job with us
We will ask for your contact details, previous employment history and qualifications.
We may collect details of ethnicity and disability – for equalities monitoring and so that we can make any appropriate adjustments to accommodate you through the recruitment process.
Your rights under data protection law
Under UK data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of your rights:
Access to your information – you have the right to request a copy of the personal information that we hold about you.
- Correction of your information – we want to make sure that your personal information is accurate, complete and up to date. You may ask us to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information – you have the right to ask us to delete personal information about you where:
- you think that we no longer need to hold the information for the purposes for which it was originally obtained
- we are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
- you have a genuine objection to our use of your personal information – see Objecting to how we may use your information below
- our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – you have the right at any time to tell us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or pursuant to the legitimate interests of us or a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. This right might also apply if we no longer have a basis for using your personal information, but you don't want us to delete the data. Where this right is realistically applied will mean that we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent to use your information – where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us as at firstname.lastname@example.org
if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on our website.
This privacy notice is version: 2
This privacy notice was last updated on: 27 April 2021.
Contact information and further advice
Please contact us as a email@example.com
if you would like further information or advice about this privacy notice and how we handle your personal information.
Our Data Protection Officer is provided by RGDP LLP and can be contacted either via 0131 222 3239 or firstname.lastname@example.org
We aim to directly resolve all complaints about how we handle personal information. However, you also have the right to lodge a complaint with the Information Commissioner's Office, who can be contacted by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. By phone on 0303 123 1113 (local rate) or 01625 545 745. Visit their website for more information at- ico.org.uk/make-a-complaint .