1. About this privacy code
This privacy code provides an overview of how we comply with data protection legislation to protect the rights of the individuals we deal with. It sets out:
- Who we are and what we do
- How we collect personal information
- What personal information we collect, and why
- How we safeguard personal information
- With whom we share personal information, and why
- How we handle transfers of personal information to countries outside Europe
- Your rights under data protection legislation
- How to make a complaint
- How to find out more
2. Who we are and what we do
The Northern Automotive Alliance is an industry-led cluster organisation providing a focal point for the region’s automotive sector.
Our contact details are set out on our “Contact Us” page.
3. How we collect personal information
3.1. By the use of “cookies” on our website
Cookies are small text files or variables which enable a website to “remember” who you are. Most browsers are automatically set to accept cookies but if you are using Microsoft’s Internet Explorer, Firefox or Netscape Navigator, you should be able to configure your browser to restrict cookies or block all cookies if you wish. This will however, affect your ability to log into and use the knowledge-exchange areas, e-tendering opportunities area, the media centre, and any other restricted areas of our website.
We use session cookies (which are temporary cookies) to maintain your session with the server in the areas of our site that are available to registered users. Our session cookies store a unique identifier to allow the server to distinguish between individual users’ sessions. Session cookies are deleted when you close your browser.
We sometimes use persistent cookies to enable pop-up advertisements and to prevent the server from displaying the pop-up advertisement more than once. Persistent cookies remain on your hard disk until you delete them.
We may also use true first party persistent cookies to provide us with visitor information for the purpose of analysing visitor behaviour. We are currently trialling a system by Google.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
No other cookies on our site are served or used by third parties.
3.2. Through completion of online forms on our website
We collect information about you when you register to use the knowledge-exchange areas, e-tendering opportunities area, the media centre, and any other restricted areas of our website.
We collect information about you if you complete any of the various forms on our site to contact us, make enquiries, apply to us, respond to surveys or give us feedback.
We need you to give us certain information, which will be indicated on the form. It would help us if you give us any other information we ask for that you think might be relevant but you are under no obligation to do so.
3.3. Through web site statistics
We do keep a record of traffic data which is logged automatically by our server, such as your IP address, the URL you visited before ours, the URL you visit after leaving our site and which pages you visit. We also collect some site statistics such as page hits and page views. We are not readily able to identify any individual from traffic data or site statistics.
3.4. By you contacting us by other methods other than the website
The website provides a contact form for you to contact us. We will collect information from you through this method.
We may also collect other information you supply to us after your initial contact with us.
4. What personal information we collect, and why
The information we collect about you will depend on the nature of your business with us but will be used for one or more of our purposes. Here is a brief description of the information we collect and how we use it.
4.1. Information you give us on your own initiative
We will use the details you give us to provide information you ask for or to put you in contact with other organisations that may be able to help, process any application you make and review and improve our services.
4.2. Business information that we set out to collect
We actively seek information from businesses from both inside and outside the region (including those outside of the UK) so that we can build up profiles of businesses and build relationships between them. We obtain this information both directly from businesses, through face-to-face meetings, telephone calls, or through our website, and indirectly from suppliers of business information. Most of this information will relate to the business itself and will not be “personal”. However insofar as this information contains contact details from which individuals may be identified, or relates to sole traders or partnerships, it will usually consist of personal information that is protected by data protection legislation. The personal information we hold is very valuable, as it enables us to make personal introductions between businesses and also provides a central point of contact for us.
4.3. Information required for funding applications
We also collect information from a business when it applies to us for funding. Details are given to businesses before they apply to us, and on the actual application forms. We need this information so that we can appraise projects and decide whether or not to fund them.
If a business receives funding, we will collect further information so we can monitor how the funding is spent, and therefore show we are delivering the outputs the funders require us to.
The type of information we collect, and with whom we share information we collect depends on the funding package.
4.4. Direct marketing preferences
When you give us your contact details, we may ask you whether or not you would like to receive further information from us about inward investment opportunities, business development and funding opportunities. This may be our own information or that produced by our subsidiaries or by other organisations. We may send this information to you by a variety of means, including email and post. If you do agree, you can change your mind at any time and ask us not to send you further information (see your rights under data protection legislation below).
We may also ask you if you would like us to pass on your details to other organisations in the local business network including the business links, enterprise agencies, Chamber of Commerce, Learning Skills Council and other similar organisations so they can inform you of business events and opportunities and offer you opportunities to develop and advance your business. If you agree but then change your mind, you will need to contact these organisations direct to ask to be removed from their lists.
4.5. Research statistics
We anonymise the information we collect and then use it to produce and publish regional statistics. We will always ensure the statutory safeguards for statistical research are in place. So we will never use personal information in the course of this research to support measures or decisions with respect to particular individuals or in such a way that is likely to cause substantial damage or substantial distress to any individual. Any resulting research statistics will not be made available in a form which identifies individuals, unless those individuals have agreed to be identified.
5. How we safeguard personal information
We recognise that you retain rights in the personal information we hold about you. We will keep that information secure, and use it only for specific legitimate purposes.
5.1. We have obligations to keep personal information secure, which we take seriously
We will keep personal information secure by taking appropriate technical and staff measures against the unauthorised or unlawful processing of that information and against its accidental loss, destruction or damage.
We take steps to ensure the personal information we have is high quality. However we cannot do this without your help! So please ensure you give us accurate information, tell us as soon as possible of any changes, and tell us as soon as possible if you notice mistakes in the information we hold about you as this helps us to keep our information reliable and up-to-date. We will also contact you from time to time to check whether the information we have on you is still accurate and up to date. We will keep personal information until you inform us you no longer wish us to Information relating to funding is kept for as long as is required by the funders.
5.2. We keep confidential information confidential
Please note that under the Freedom of Information Act 2000, we are only permitted to protect information that is actually confidential in law and where if we were to disclose it, we could be sued for breach of confidence. Information you give us which you may consider to be confidential, or may mark as confidential, may in fact not be confidential in law. However in respect of any information we receive from you that is truly confidential, we will take steps to ensure it remains confidential. Unauthorised disclosure or misuse of personal information by staff will lead to disciplinary action.
5.3. We review our policies and audit our procedures regularly
We review this code and our other data protection policies regularly to make sure they are appropriate and up to date. We also carry out regular audits to monitor our security policies and procedures and revise them if necessary.
6. With whom we share personal information, and why
If you have applied to us for funding, then your information has to be shared with various government authorities and auditors for the purpose of avoiding any financial irregularity
If we hold your information for any other reason, then almost all our sharing of your information will be at your specific request. So most of the time, information is shared on a case-by-case basis.
If we do enter into any “block” sharing of your information with other organisations in the business support network, it will be strictly for the purposes specified above in who we are and what we do and done only with your consent, or as permitted by law.
Please note that we may be required to disclose information about your business in response to a request for information under the Freedom of Information Act 2000, unless an exemption applies.
7. How we handle transfers of personal information to countries outside Europe
7.1. Data protection laws globally
Although we have laws within Europe that protect personal information, most other countries outside Europe do not. By ‘Europe’ we mean the European Economic Area, which comprises the EU member states, Norway, Iceland and Liechtenstein.
European data protection legislation prohibits the transfer of personal information to any country outside Europe, unless that country provides adequate protection.
7.2. Why we need to transfer personal information
We need to transfer personal information for two main reasons.
First, because part of our work is to help inward investors find business partners within the Region, so we may need to give contact details of individuals in the UK to an overseas business. Second, because personal information is transferred to a marketing website which is accessible to parties from non data protected jurisdictions.
7.3. How we transfer personal information overseas
Data protection legislation allows us to transfer your personal information outside Europe if you give us your unambiguous consent. By ‘consent’ we mean a freely given, specific and informed indication of your wishes.
So we will ask you specifically whether you would like us to pass on your details to an inward investor, or to one of our overseas offices, when we collect your information, and before we hand over your details where reasonably practicable.
8. Your rights under data protection legislation
You have various rights. You are most likely to want to exercise the following
- Your right to see a copy of the information we hold about you, on payment of a statutory fee which is currently £10. Before we agree to this, you must provide with sufficient evidence of your identity and sufficient details of the information you wish to see to enable us to locate it.
- Your right to be removed from our mailing lists. Instructions on how to stop further mailings will usually be contained in any direct marketing material we send you. Otherwise please contact our Data Protection Officer.
- Your right to correct any errors in information we hold about you, and to change or correct any details you have already given us. Please inform us about changes to your details so that we can keep our records accurate and up to date.
More information about your rights under data protection legislation
9. How to make a complaint
Any complaints about our handling of personal information should be addressed to the Head of Legal Services at our address. If your complaint relates to the handling of your personal information by an organisation with which we share information, then please let us know that.
We aim to respond to your complaint within 21 days of receiving it.
You have a right of appeal in relation to any decision we make, which we will tell you about when we respond to your complaint.
We will always review our procedures and practices in line with any justified complaints.
10. How to find out more
10.1. Data Protection Officer
If you want to know more about what information we have about you, or the way we use your information, you can contact Zoe Desoer 07815 284 362. This page also gives more information about your rights under data protection legislation
10.2. Data Protection Register
When we ask you for information, we will comply with the law, including the Data Protection Act 2018. We are a data controller for the purposes of that Act. Our entry in the register of data controllers is Z7829957. In brief, our register entry describes:
- the personal information processed by us or on our behalf and the category or categories of individuals to which they relate
- the purpose or purposes for which personal information is processed
- the recipients to whom we intend to disclose personal information
- any countries or territories outside the European Economic Area to which we transfer personal information.
10.3. Information Commissioner
For independent advice about freedom of information, data protection, privacy and data-sharing issues, you can contact the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, tel: 01625 545745 fax: 01625 524510 e-mail: firstname.lastname@example.org website: http://www.informationcommissioner.gov.uk.