Introduction

Business Launchpad (“we”) promises to respect any data you share with us, or that we collect from other organisations. We promise to keep your information safe by constantly monitoring how we collect, store and transfer your data. We aim to always protect your personal data.

Developing a better understanding of our clients through their personal data allows us make better decisions, fundraise more efficiently and, ultimately, helps us to reach our four goals:

1. Developing young people as entrepreneurs – maximising economic impact
2. Developing young people as leaders
3. Developing understanding of Trident Business Centre as a community asset
4. Becoming a thought leader: entrepreneurship and leadership

As of May 2018, in line with the GDPR, we moved to an ‘opt-in only’ communication policy. This means that we will only send marketing communications to those that have explicitly stated that they are happy for us to do so via their preferred channel(s) (email, SMS, phone or post).

If you would like to ‘opt-in’ to receive further marketing communications from us and information on upcoming events / workshops, please email us data@businesslaunchpad.org.uk 

Identity and contact details of the controller and where applicable, the controller’s representative) and the data protection officer

Controller – Business Launchpad

Business Launchpad 

Click here to email Controller.

Data Protection Officer:

Robert Fricker – Finance Manager

Click here to email Robert.

Purpose of the processing and legal basis for the processing

We will use the personal data collected from you for the following purposes:

• Marketing
• promoting the services we offer
• case studies or
• statistical purposes and to inform our supporters and young people of the support that we provide

We will seek to obtain consent from everyone whose data we collect. This serves as our legal basis for processing.

By ‘opting in’ you confirm that you are consenting to Business Launchpad’s use of your personal data for the aforementioned purposes(s) and are granting Business Launchpad permission to carry out those actions and/activities.

The legitimate interests of the controller, or third party, where applicable

Some examples of Business Launchpad’s legitimate interests include:

• Fundraising purposes – identities will remain anonymous
• Contractual reporting requirements
• Assessing eligibility

Categories of personal data

The EU’s General Data Protection Regulation (“GDPR”) defines “personal data” as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

The GDPR classifies certain data as belonging to “special categories”, as follows:

• Racial origin
• Ethnic origin
• Political opinions
• Religious beliefs
• Membership to a trade-union
• Genetic data
• Biometric data
• Health data
• Data concerning a natural person’s sex life
• Sexual orientation; and
• Other

Some examples of data we collect at Business Launchpad include:

• Personal data
• Criminal record information
• Benefits
• Disability
• Education
• Racial and Ethnic Origin
• Turnover

Any recipient or categories of recipients of the personal data

Business Launchpad is responsible for ensuring the security of its data processing facilities and other information assets in relation to third parties. This procedure applies to all situations where third parties require access to any of Business Launchpad’s data, including all of the following categories of external parties with whom Business Launchpad may have agreements in place:

• Service providers, including managed security service providers
• Clients and customers
• Outsourcing suppliers including: facilities, operations, IT systems, data collection and call centers
• Consultants
• Auditors
• Providers of IT systems and services
• Providers of cleaning, catering and other outsourced support services; and
• Temporary staff, including placement and other short-term appointments.

Business Launchpad is responsible for assessing associated third-party risks according to the category and level of risk involved.

Details of transfers to third country and safeguards 

Business Launchpad is committed to ensuring that all personal information collected and processed is appropriate for the stated purpose(s) and shall not constitute an invasion of your privacy. We may share your personal data with third party service providers who are contracted by us and we shall ensure that they will hold your personal data securely and shall use it only in order to fulfil the service for which they are contracted. When there is no longer a service need, or the contract comes to an end, the third party will dispose of all personal data according to our procedures. We will never share your personal data with third parties until we have received your consent, unless we are required do so by law.

Retention period or criteria to determine the retention period

As data subjects you have:

• The right to access personal information
• The right to withdraw consent
• The right to amend personal data
• The right to request that personal data be permanently deleted
• The right to strict processing; and
• The right to raise an official complaint with the relevant authority

The existence of each data subject’s rights

As data subjects you have:

• The right to access personal information
• The right to withdraw consent
• The right to amend personal data
• The right to request that personal data be permanently deleted
• The right to strict processing; and
• The right to raise an official complaint with the relevant authority

The right to withdraw consent at any time, where relevant

You may withdraw your consent at any time by reading our Right to Withdraw Consent Procedure 92017-I and completing the Data Subject Withdrawal of Consent Form 92017-J. Please email us if you wish to be sent a copy of this form.

The right to lodge a complaint with a supervisory authority

As data subjects you have:

The right to access personal information
The right to withdraw consent
The right to amend personal data
The right to request that personal data be permanently deleted
The right to strict processing; and
The right to raise an official complaint with the relevant authority

The source the personal data originates from and whether it came from publicly accessible stories.

You may withdraw your consent at any time by reading our Right to Withdraw Consent Procedure 92017-I and completing the Data Subject Withdrawal of Consent Form 92017-J. Please click here to download these documents. 

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

You may withdraw your consent at any time by reading our Right to Withdraw Consent Procedure 92017-I and completing the Data Subject Withdrawal of Consent Form 92017-J. Please click here to download these documents.