Privacy Policy

We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you. This notice contains some important information so please read it carefully.

Key Information for you

What categories of personal information do we hold?

We may obtain the following categories of personal data about individuals through direct interactions with us, or from information provided through contract engagements, from applicants, our suppliers as well as through other situations such as CCTV.

Personal data. Here is a list of personal data we commonly collect to conduct our business activities.

Sensitive personal data. We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include:

CCTV

Data from CCTV. We operate CCTV across our business in order to facilitate the safety and security of visitors, employees, contractors and tenants as well as to protect and secure our buildings. CCTV is in operation within our sites and car parks. Images are routinely retained for a maximum of 60 days. Access to our CCTV data is controlled with only authorised staff granted access.

Our lawful basis for processing your personal information

Whenever we process your personal information we ensure that the lawful basis for having your information is clear and recorded. The General Data Protection Regulations set out six lawful bases in order to process personal data as follows:
– Performance of a contract: We must process your personal information to meet the terms of your contract with us;
– Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
– Consent: You have agreed to us processing your personal information for a specific purpose;
– Public task: Where we are required to process your data in order to protect us and our customers from fraud or money laundering:

Vital interests: The processing of your personal information is necessary to protect you or someone else’s life; and
Legal obligation: We are required to process your personal information by law.

How do we use your information?

There are a number of ways in which we use your personal information, depending on why you are interacting with us.

If Your Are One of Our Tenants

As part of our service

When you apply to join us as a tenant in one of our properties, the Property Team we will collect certain information about you including your name, phone numbers, email address, bank details and business address. We will also ask you for answers to questions relevant to the service you have applied for. The relevant teams will have access to all of this information. Some of this information will also be made available to other departments as needed, for example the Finance Team to process your rent collection.

The data subjects vary based on the type of business joining us and could include directors, officers, sole traders, partners and other employees. We process this data to ensure we comply with the contractual obligations we have with you. We will only collect information that is needed to support your application for a unit or registered address.
We will also share your information with our internal Marketing team to market our services by phone, mail and email and this processing is conducted on the basis of our legitimate interests in providing you with support. You can change your preferences on this activity by contacting us.

Prospective tenants

With your explicit consent we will retain your information to advise you of future tenancy availability for a period not exceeding one year. Again, the information we will keep will only be the minimum needed to support your request for a property unit. You can change your preferences on this activity by contacting us. All of this is explained when you first contact us about unit availability.

If you are one of our customers on the contracts that we deliver

As part of delivering services on behalf of our client contractors.

We deliver loan, business start–up services and business support services under a variety of contracts we hold. These include contracts with UK and Welsh governments and public sector organisations such as Business Wales, Start-up Loan Company and Big Ideas Wales. In these circumstances Business in Focus Limited is the data processor with the contracting body holding data controller responsibility.

Links to these relevant data controller privacy notices can be found here.
• Business Wales
• Big Ideas Wales

We operate GDPR principles and ensure your personal data is kept secure, up to date and only for as long as necessary. We are bound by instructions issued to us by each contracting body. We will process this data only to satisfy our contractual obligation to our contractor and it is not used for any other purpose by us without your express consent.

If you are a job applicant

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. Personal data is kept in secure offices in personnel files in hard copy or on our secure HR and IT systems.

We will not share any of the information you provide with third parties without your express permission or knowledge. We will use your contact details to update you on the progress of your application. We will use other information you provide to us during the recruitment process to assess your suitability for the role for which you have applied.

Occasionally we will seek your consent to hold your personal details on file for future job opportunities. In these circumstances, providing your consent has been given, your personal data is held for no longer than 12 months.
Our full recruitment privacy notice is available on our Join our team web page.

If you are a prospective or current client

When you engage with us to provide support services, we will collect certain information from you including your name, phone numbers, email addresses and business address to manage our contractual obligations and billing arrangements. This information will be shared with colleagues within the Business in Focus Limited team that are involved in our processing including finance team members, contract managers and service users.

We will also share your information with our internal Marketing team to market our services by phone, mail and email and this processing is conducted on the basis of our legitimate interests in providing you with support. You can change your preferences on this activity by contacting us.

Full details are provided in our terms of engagement. If you would like to receive an advance copy, this can obtained upon request (link).

If you are a prospective or current supplier

In order to work with our other customers and suppliers, we will collect information such as the names, contact numbers and email addresses of relevant employees, as well as your organisation’s bank details, to manage our contractual obligations and billing arrangements. This information may be shared with colleagues within the Business in Focus Limited team that are involved in our processing including Finance Team members, contract managers and service users.

To keep you safe at events

We use your information to advise our event venue partners of the delegates expected so that they can ensure all health and safety provisions are in place including adhering to any dietary or access requests made. We process this data on the basis of the contractual obligations we have with you.

If we have a legal obligation to do so

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

How will we obtain your consent when required?

We will only process your personal information without your knowledge or consent where this is required or permitted by law.

As outlined above, there may be instances where our basis for processing your personal data is that you have provided your consent. In these circumstances, we will explain to you in writing what personal data we need and why; whether we need to disclose your personal data to any third party, who and why; how long we will store the personal data; your rights of access to the personal; your options for consenting or refusing to consent or withdrawing consent; and the implications of consenting or refusing to consent or withdrawing consent.

Please note that it is not a condition of engagement with us that you have to agree to any request for consent from us.

Recipients we share your data with:

We may share your personal information with the following recipients:
• Provider partners and service delivery companies that support us in the provision of goods and services to you under membership of the Group
• Government bodies and agencies (eg HMRC for tax purposes)
• Regulators (eg Payment Systems Regulator, Information Commissioner’s Office, Financial Conduct Authority)
• Agents and sub-contractors who help us provide services (we employ other companies and individuals to perform functions on our behalf. Examples include IT support service and performing legal and other professional services. Those companies and individuals have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes)
• Third party service providers (eg when we outsource some of the operations of our business to third party service providers. We restrict how such service providers may access, use and disclose your data)
• Credit reference agencies
• Legal and professional advisors, including auditors
• Courts, to comply with legal requirements, and for the administration of justice
• In an emergency to protect your vital interests
• To protect security or integrity of our business operations
• When we restructure our business or have a merger or re-organisation
• Anyone else where we have your consent or as required by law

Transfer of personal data outside the European Union (EU)

We are committed to implementing technical and organisational measures that, by default meet the requirements of the data protection legislation and the appropriate level of security. We will not share your personal data with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without your consent. We will not transfer your personal data to organisations outside the European Union (EU) unless that country or territory can ensure an adequate level of protection in relation to the processing of your personal data.
Automated decision making including profiling.

Your personal data is not subject to automated decision-making, including profiling.

How long do we keep your data?

We retain your data primarily to meet statutory and regulatory obligations; secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you; in such circumstances we may use such information without further notice to you.

Your rights

You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.

Requests, complaints or queries

We try to meet the highest standards when processing personal information. For this reason, we take any requests, complaints or queries we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
This privacy notice does not provide exhaustive detail of all aspects of our processing of personal information. However, we are happy to provide any additional information or explanation needed. Please contact Nicola Partridge on 01656 868545 or email NicolaP@businessinfocus.co.uk for further information.

If you want to make a query, request, or a complaint about the way we have processed your personal information you can contact us directly:
By writing to us at our registered address Business in Focus Limited, Tondu Enterprise Centre, Bryn Road, Tondu, Bridgend, CF32 9BS
By emailing us at hello@businessinfocus.co.uk.
By telephoning us on 01656 868545.

Alternatively, you have the right to lodge a complaint with the regulator overseeing data protection law:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Tel: 0303 123 1113


Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated in March 2023.