Privacy Notice

This privacy notice explains how the University of Brighton collects, uses and stores your personal information specifically with regard to externally funded business engagement support that is being provided to beneficiaries, through a number of projects, on behalf of the European Structural and Investment Fund (ESIF) and in particular the European Regional Development Fund (ERDF).

Your data privacy

For the RISE project under the terms of the Funding Agreement with ERDF (with the Managing Authority being the Department for Levelling Up, Housing and Communities) it is agreed that both the Secretary of State and the University of Brighton are Data Controllers with independently determined purposes and means of processing Personal Data.

By participating in the RISE programme your data may be collected and used for the following independent purposes:

(a)The Secretary of State shall use the Personal Data for the purpose of assessing the Grant Recipient’s compliance with its obligations under the Funding Agreement. For further information about how ERDF may process your data, the ERDF Privacy Notice can be found here;

and

(b)The University of Brighton shall use the Personal Data for purpose of complying with its obligations under this Funding Agreement.

(c) In addition, as part of part of our business and engagement activity and public affairs function the University of Brighton collects and processes personal data relating to:

collaborative research and enterprise activity
the recruitment of our students and graduates
hiring university conference spaces and accommodation
news and events
community and public engagement
supporting or studying with us
Higher Education policy

The university is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Information we collect

The university collects and processes a range of information about you. It is likely that you will give us information when you make an enquiry to the university, share a business card or if you book to attend an event or use one of our services such as the RISE portal. In some cases this information will be in the public domain – for example company, organisation or public office websites/directories.

This includes:

your name, email address, a contact telephone number.
your business details, including company address, company telephone/mobile number, business registration number, number of employees, financial turnover during the past financial reporting period, amount of state aid that you have benefited from in the past 3 years and your company email address.
details of your engagement or nature with the University, and details of other organisations that you may have represented while engaging with the university.
Details about your business in relation to the information you submit through our RISE portal.
Special Categories of personal data such as information about your gender and ethnic identity will only be processed where you have provided it yourself (with your consent), and they form part of the contractual agreement with European Regional Development Funded (ERDF) projects and form part of their required monitoring datasets.
we may also share selected and strictly necessary data with any sub-contracted parties if it is required for them to provide services on behalf of the RISE project. Any third-parties are bound by contractual obligations which define their responsibilities as data processors.

We obtain personal information about you from the following sources:

You provided your personal information through our website, i.e. when enquiring/expressing an interest in receiving support from our team as part of an ERDF funded project via the dedicated project website or webpages, or through the University of Brighton website.
Personal and/or business information provided to us via project application forms and additional project forms which are required in order to provide the support as requested and agreed.
Completed and/or returned surveys or response/feedback forms including by mail and via electronic means;
Information provided to us when you have registered to attend an event;
You provided personal information as part of discussions with any of our team or project/university representatives whether in person, via email, telephone or other online communications.

Cookies

The University of Brighton uses cookies to improve the content and experience of its website users, but these do not allow for us to identify you personally. More information on how to manage cookies can be found here.

How your data is held

Your personal data is held within our RISE content management system, our CRM system (including ThankQ database) and our email system. It is accessed by staff within the University who manage areas your details are attached to.

Certain data will be sent to the Department for Levelling Up, Housing and Communities (DLUHC) to meet the monitoring requirements of the project.

How we process and use your data

We collect limited and specified personal information to enable us to deliver business support services, to comply with our legal obligations from external funding bodies (ERDF/DLUHC) and to better understand our community so that we can better meet your needs and improve our services.

We may process your personal information for the following purposes:

Administrative and monitoring purposes

To verify your identity and establish eligibility to be able to provide you with an agreed business support service or allow your business to engage with one of our ERDF or other funded projects.
To keep a record of key communications between you, the business you represent and our project representatives to comply with our contractual obligations.
To process your registration to the RISE portal.
To adhere to our contractual obligations with ERDF.

Communications

We may, from time to time, contact you by email, post or telephone to pursue the purposes mentioned above and in particular for the following reasons:

To identify and advise you of other relevant business opportunities where there is mutual benefit to both parties – i.e. opportunities for collaboration;
To keep you up to date with relevant events and activities at the University of Brighton;
To share relevant news and achievements of the University and its staff/student body, including research and services;
Invite you to business events, which may be of interest to you;
To keep you up to date with other relevant information, which we think may be of interest to you
You can unsubscribe from these communications at any time.

Who your information may be shared with

Your personal information is held within secure project records electronically.

We may disclose your personal data to other departments within the University of Brighton, third parties working in partnership with or on behalf of the University (for example, as part of a funded project or for evaluation purposes), and/or Government Agencies (DLUHC) and the European Commission (EC) or where required to do so by law in order to comply with our contractual obligations.

We do not transfer your personal information to third parties outside the EEA or to territories without adequate levels of protection. Where personal data is processed by a third party, we take reasonable steps to ensure that the data is processed strictly according to the instructions of the University, for the relevant purposes only, in accordance with our contractual retention obligations and is securely destroyed or returned upon completion/termination.

We ensure that third party processors are subject to legal obligations in respect of data protection and the duty of confidentiality.

We do not sell or rent any personal information or data supplied by you. We may compile aggregate statistics and provide them to third parties, but we do not include personal information that identifies individual users.

How long we retain your data

We will retain your data for two years from the last point of activity with us, after which point it will be deleted.

Data which is required to be submitted to DLUHC for monitoring purposes will be kept in accordance with the ERDF Privacy Notice requirements.

We will only retain your personal information in line with our contractual obligations. We are contractually obliged to maintain your personal information in our databases but you do have the right to request that any of your records are removed. As this would effectively remove your business, along with the attendant outputs, from any project you may be involved in, you will then become ineligible for support. Accordingly, you will become responsible for reimbursing the funded project with the full cost of the support you had received.

What rights you have over your data

Data subjects have a number of rights – including the right to access and rectification. You can:

access and obtain a copy of your data via a subject access request
require the university to change incorrect or incomplete data
require the university to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
object to the processing of your data, in certain circumstances, for example, where the university is relying on its legitimate interests as the legal ground for processing; or for direct marketing purposes
ask the university to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the university’s legitimate grounds for processing data
withdraw your consent at any time, where we have requested and obtained your consent
where our lawful basis is consent or performance of a contract we will allow portability of your data.

More information can be found at https://www.brighton.ac.uk/about-us/statistics-and-legal/requesting-information/index.aspx. If you would like to exercise any of these rights, please contact:

Rachel Page, Head of Data Compliance and Records Management

email: dataprotection@brighton.ac.uk

Telephone: 01273 642010

Lawful basis for processing

The University of Brighton may rely on one or multiple grounds for processing your personal data including:

You have provided consent for the processing;
There is a contractual commitment to provide the services and, therefore, processing is necessary to meet those contractual obligations;
The information is available to the public at large
Public interest
The processing is necessary for the purposes of legitimate interests of the University or other third parties and does not affect the fundamental rights and freedoms of the individuals concerned.

How to contact us

You can contact the RISE project team by emailing us at RISE@brighton.ac.uk

If you have any concerns regarding the way in which the university is processing your personal data, please contact the data protection team at dataprotection@brighton.ac.uk or 01273 642010. Additional Privacy information can be found at Privacy notices and Record of Processing Activities (brighton.ac.uk)

Revisions to the Privacy Policy

We may revise this privacy policy at any time in response to changes in the law or other factors. We encourage you to periodically visit this page to review the most current policy, or obtain a copy by contacting us directly.

Changes to this notice – we keep our privacy notices under regular review. This privacy notice was last updated in December 2022.

Other privacy notices

We do our utmost to protect your privacy. Please be aware that other privacy notices exist within the university in respect of data held, including but not limited, to activities in relation to your enquiries, application, current students, alumni and use of our website.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.