Coventry and Warwickshire Reinvestment Trust

Privacy, Data Protection and Data Retention Statement

1.      Introduction

This statement defines CWRTs approach to, and arrangements for, acquiring, recording, holding, and using the private information of both clients and employees.

2.      Data Protection

All CWRTs activities in this area will be in accordance with Data Protection legislation as amended and updated from time to time. The Data Controller is Coventry and Warwickshire Reinvestment Trust Ltd (CWRT). CWRT is registered by the Information Commissioner’s Office and the company’s data protection registration number is Z9306273. The Data Protection Officer is the chief operating officer.

3.      Information Sought and Held

Only information necessary for the ongoing smooth running and/or future development of the business will be acquired and held.

This includes information sought from clients and prospective clients to be used in connection with loans and business support services offered by CWRT. Information may be acquired and held as a consequence of contractual requirements specified by funding partners.

It also includes that personal information required of employees and directors in order that CWRT can discharge its employment and FCA registration obligations.

4.      Security

CWRT will take appropriate technical and organisational measures to guard against theft and unauthorised processing of personal data, and against accidental loss, damage or destruction.

5.      How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

 

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to client needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

6.      Link to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

7.      Consent to Hold and Use Information

Officers will always ensure that CWRT has notified individuals providing personal information of the reasons why the information is being sought and they will seek consent in writing, or by an appropriate annotation of an on-line form, (or by verbal consent if the information is basic contact data needed to respond to an enquiry), before recording and using the information. This applies to information acquired in person, by phone, email, letter, or through a web portal.

The nature of the consent/agreement to hold and use information will be in accordance with legislation.

8.      Use of Information

Depending on the nature of the consent/agreement to hold information, CWRT will use it for one or more of the following purposes

·         Payroll and tax

·         Employee performance, disputes, and complaints

·         Registrations and accreditations (including FCA)

·         Data verification

·         Credit referencing

·         Assessing possible money laundering and terrorist funding

·         Legal and policing reasons including intellectual property requirements

·         Accounting purposes

·         Providing data to funders as specified in contracts

·         Sharing with partners and suppliers

·         Assessing suitability to join initiatives

9.      Retention and Discarding Information

CWRT will make every effort to discard information no longer needed whether it be held in hard copy or digital format. In pursuit of this aim the organisation will define the retention period for each type of record and ensure that this timing is notified to information providers.

10.  Right to Erasure

Individuals have the right to have their data ‘erased’ in certain circumstances. CWRT will without undue delay, erase any data if one of the following applies:

a.      When the original purpose for the personal data is no longer necessary or the data itself is no longer necessary for the purpose.

b.      When the individual no longer consents.

c.       The individual uses their right to object to data processing (Article 21)

d.      There is a legal obligation for the data to be erased.

11.  Access to Information Held

CWRT undertakes to provide details of information held about an individual on request and in a timely manner. All requests to access personal data held by CWRT should be referred to the Data Protection Officer.  Once a requester is identified, CWRT aims to locate and provide the information requested within 30 calendar days. It will provide an explanation if it is unable to provide the information.

12.  Information Security

All staff and directors are responsible for ensuring that:

·         Any personal data, which they process, is kept securely in accordance with this statement and the Financial Information Security policy.

·         Personal data is not disclosed accidentally or otherwise to any unauthorised third party.

In addition, staff will ensure that adequate security measures are taken. For example:

·         Adherence to CWRT’s clear desk policy

·         Passwords will only be disclosed to relevant staff members when required.

·         Computer screens will be locked when stepping away from desks.

·         Personnel cabinets will always be locked when not in use and when in use will not be left unattended.

·         Emails will be used with care ensuring that data is sent only to the intended recipients.

·         Data will not be saved to staff members personal computers or mobile devices.

·         Breaches in security will be reported to the Data Protection Officer within 48hours.

13.  Staff Training

Appropriate training will be provided for every staff member and director to ensure that the responsibilities covered by this statement are discharged fairly and competently. Guidance will be provided to assist staff.

 

14.  Storage

Archived documents are kept at an offsite location, currently Squab Hall Farm, Harbury Lane, Bishops Tachbrook, Leamington Spa, Warwickshire, CV33 9QB. 

15.  Audit and Oversight

CWRT’s Finance Risk and Strategy Committee (FRS) has authority for overseeing this statement. The findings of an annual audit of the statement undertaken by staff will be reviewed by the FRS and appropriate updates, amendments and corrective actions will be noted and/or authorised.

16.  Our complaints procedure:

CWRT’s customers are at the heart of its business and all staff are committed to providing the highest quality service. So, if you’re not happy with our service, please let us know so we can put things right.

The Data Protection Officer will deal with any written complaint about a subject request and about what information has been disclosed. The Data Protection Officer can be contacted at:

Coventry & Warwickshire Reinvestment Trust

Enterprise Centre

Coventry University Technology Park

Puma Way

Coventry

CV1 2TX

Email: complaints@cwrt.uk.com

If you remain, dissatisfied you have the right to refer the matter to the Information Commissioner’s Office (ICO):

By Post ICO Helpline Email
Information
Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113 enquiries@ico.gsi.gov.uk