The Marches LEP Data Policy
The Marches LEP collects, processes and holds your personal information in order to provide its services effectively. We recognise that your personal information is important, and we take our responsibilities for ensuring that we collect and manage it appropriately very seriously and in accordance with data protection legislation.
To process your personal information, we are registered as a ‘Data Controller’ under the Data Protection Act (DPA) 2018 (ZA144526).
This policy sets out how the Marches LEP handles data and how we comply with the requirements of the General Data Protection Regulation (GDPR), including:
- The types of data we collect;
- How we collect and store data;
- How we handle confidential and exempt information; and
- How we handle Freedom of Information requests.
- We recognise our responsibility to hold your personal information on your behalf.
- We only collect and hold personal information for specified purposes.
- We only retain your personal information for as long as we need to.
- We will be open and transparent with you from the point of collection about how we will use your personal data and who we will share it with.
- We are committed to ensuring that effective safeguards and systems are in place to keep your personal information safe and secure.
- We make it as easy as possible for you to access and correct your personal information.
- We ensure all employees handling your personal information have received appropriate training and guidance and have processes in place to monitor, identify and deal with misuse.
- We process all personal data in accordance with the principles of DPA and GDPR.
Collection of Information
We may collect personal information from you, in the following ways:
- Via paper, electronic or online forms;
- Via email, telephone or our website(s);
- Via social media or business surveys;
- Via job applications or calls for tenders;
- Face-to-face, with one of our employees, or one of our partners
If you email us we may store your emails on our computer systems or may store the details from them, however we do not routinely retain all emails. We do not record or monitor any telephone calls you make to us or receive from us.
Type of Information we collect
The type of information we collect to enable us to deliver our services may vary from time to time and will depend on the purpose the data is being collected for. You will be made aware about which information the Marches LEP is collecting at the time.
This may include:
- Your personal or business contact details (i.e. name, title, address, telephone number, social media account, etc.);
- Details of your business (i.e. nature of the business,company registration number, number of employees, etc.);
- Equal opportunities information;
- Demographic information such as postcode, preferences and interests;
- Declaration of interests;
- Project or finance information (including commercially sensitive information);
- Details of meetings, phone calls, emails, agendas, outcomes, actions, minutes and other documents; and
- Questions, comments, queries or feedback from engagement activities.
How we use your information
We will use your personal information for a limited number of purposes, and always in accordance with the principles set out in the DPA and GDPR, including:
- For the purpose you provided the information for or where you have consented to the processing of your information;
- To deliver the services you requested;
- To allow us to communicate effectively with you;
- To confirm your identity where needed to provide our services;
- To improve our understanding of your needs, to enable us to inform you of
and provide you with other relevant services and benefits;
- To monitor and improve our performance and delivery of services;
- To process financial transactions including grants, payments and benefits we administer, or where we are acting on behalf of others i.e. The Department for Work and Pensions;
- To ensure that we meet our legal obligations efficiently and effectively, including those relating to Equality and Diversity and Health and Safety;
- To carry out our law enforcement functions efficiently and effectively, including licensing, planning enforcement and Trading standards;
- To prevent and detect fraud and corruption in the use of public funds;
- Where necessary to protect individuals from the risk of harm or injury; and
- Where otherwise permitted under the Data Protection Act.
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information. Your personal data, after it has been anonymised, may be used to for statistical analysis to allow us to effectively target and plan the allocation of resources and provision of services.
Where we hold your data
We have a number of different ways that we hold data depending on the data collection method and the reason for data collection:
- A customer relationship management (CRM) platform for the management of engagement activities with businesses, local authorities, government organisations and private partners. This is GDPR compliant.
- MailChimp to send out newsletters to our subscribed stakeholder list. This is
- We and our Accountable Body, Shropshire Council, manage the financial
transaction information through an enterprise resource planning system.
- SharePoint and a private drive.
How we will use your data
We will use data collected for different outcomes:
- As an evidence base for strategy development;
- To inform our Board on the delivery of our funded programmes;
- For case studies.
As appropriate, additional permissions will be sought for publication of data and information. Where we have collated individual data this will be anonymised when presenting findings from a survey or similar. This ensures that personal data remains confidential.
Handling confidential and exempt information
We are committed to being open and transparent about the running of the Marches LEP, the decision making that takes place and the strategic direction of the organisation.
We are committed to publishing minutes and papers for full Board Meetings and we abide by the National LEP Assurance Framework in accordance with the Local Government Act 1972.
We abide by the information provided by a Government department on terms which forbid the disclosure of the information to the public, where disclosure to the public is prohibited by a court or where we hold “exempt information” under Schedule 12A of the Local Government Act 1972. This includes information relating to an individual, relating to the financial or business affairs of a particular person, negotiations, labour relations, legal professional privilege and in connection to the investigation or prosecution of a crime.
Freedom of information requests
As a company limited by guarantee, we are not formally subject to the Freedom of Information Act 2000. However, we recognise the importance of transparency and accountability and therefore we voluntarily adhere to this legislation and respond to Freedom of Information requests within the statutory deadlines.
We may disclose your information to others, but only if permitted by the Data Protection Act or if we are obliged to do so under any other legislation. This includes for the prevention and/or detection of crime, or where it is necessary to allow a third party working for or acting on behalf of the council, to provide a service. If we need to disclose your data to a third party to provide a service to you, we will always make this clear to you from the date of collection and ask for your consent.
We strive to ensure that the personal data in our care is protected and secure.
Where your information is disclosed to a third party, we will seek to ensure that they have enough systems and procedures in place to protect your personal data and that they will only use it for the specified purposes it was provided for.
Where we need to disclose your sensitive or confidential information to a third party, we will only do so once we have obtained your explicit consent unless we are legally required to do so, or where we have good reason to believe that failing to share the information would put you or someone else at risk of harm.
We will not pass your personal information to external organisations for marketing or sales purposes or for any commercial use without your prior express consent.
We will only transfer your personal information overseas, where we are obliged to do so by law or in individual cases where there is a specific requirement and then only with your consent.
We may share your personal or business information with Shropshire Council as our Accountable Body in order to enable the discharge of our responsibilities. A copy of Shropshire Council’s Data Protection is available on their website.
Personal and business details may be shared with Government departments when we are required to do so by government regulations.
Our employees will be given access to and process your personal information for the purposes of their official duties, but only the personal information needed for that specific purpose, for which they are authorised. They must not disclose your personal data to anyone else without your consent, unless they are legally obliged or empowered to do so.
You have the right to request that we stop processing your personal data in relation to any Marches LEP service. To do this you must write to us (details below) explaining what processing you want us to stop and why:
Data Protection Officer
Marches Local Enterprise Partnership
Knights Court, Archers Way
Battlefield Business Park
Please be aware, that this may cause delays or prevent us providing you with a service. Where possible we will seek to comply with your request, but this may not always be possible as we may be required to hold or process your information to comply with a legal requirement. We will reply to you within 21 days and let you
know what we have done about your request.
You are legally entitled to request access to any information we hold about you, this is called a Subject Access Request.
We aim to ensure that any information we hold about you is correct. If you believe that any information we hold about you is incorrect, you have the right to have this corrected.
We will not use your personal data for third party marketing without your express consent.
If you have any questions about how we use your personal details, please contact the Information Governance Team on 0345 678 9000 or via email at [email protected].
To lodge a complaint with the ICO in relation to how we handle your data, please contact the UK Information Commissioner’s Office (ICO), the UK independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate)