Tees Valley Business Compass Terms, Conditions and Inclusive Policies
Terms & Conditions
Tees Valley Business Compass (‘us’ or ‘we’) offers a business support ‘Service’, with those services being provided through the means of the Tees Valley Business Compass website, the Business Support Helpline and through direct advocacy with one of our business support advisors. If you (the ‘Service User’, whether acting as an individual or as a representative of a business) decide to use our Service you are agreeing to comply with and be bound by the following terms and conditions of use, inclusive of all other policies outlined in this document. This document also governs Tees Valley Business Compass’ relationship with you as the Service User in relation to our Service. If you disagree with any part of these terms, conditions and included policies please do not use our Service.
The administrator of the Service is Tees Valley Unlimited, whose office is registered at Tees Valley Unlimited, Cavendish House, Teesdale Business Park, Stockton on Tees, TS17 6QY.
We reserve the right to change or alter this policy without notice. This policy is effective from 1st May 2014.
For the avoidance of doubt, where the Service User wishes to engage one of our Service Delivery Partners for the delivery of specific services, the provision of such service shall be governed by terms and conditions negotiated separately between the Service User and the Service Delivery Partner.
The information provided by our Service is subject to possible change and so must be deemed for your general information and use only.
Neither we nor any of our Service Delivery Partners (SDP’s) provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered through our Service for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
Your use of any information or materials provided through our Service is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through our Service meet your specific requirements.
Our service may contain and provide information or material which is owned by or licensed to us, for which reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
Our Service may also signpost you to external sources of information (such as external organisations and the services that they provide, through to external links out from our website). This signposting is to provide further support and information that may be of use to you and your business. It does not specifically signify that we endorse these external sources and have no responsibility for the content or quality of Service provided by them.
Your use of our Service, and any dispute arising out of such use of the Service, is subject to the respective laws of England.
We have taken all reasonable steps to ensure that the Service provided by us is accurate and correct at the time of contact. However, we do not accept any liability for any loss or damage caused by reliance on our Service. Neither do we accept any responsibility for Services provided by other organisations following external signposting.
We strongly advise you to check any information given before acting or relying on it.
Tees Valley Business Compass is made up of a collective of Service Delivery Partners (or SDP’s, who are listed in full on our website), inclusive of the Tees Valley Business Compass administrators.
Tees Valley Business Compass is administered by Tees Valley Unlimited, and we are committed to ensuring that your privacy is protected and we fully intend to comply with our statutory duty under the Data Protection Act 1998 (DPA).
The only time information (as defined by the Data Protection Act 1998, herein ‘DPA’) will be collected is when you use our Service or choose to register your details with our website. The information we collect and how we process it is detailed further in this policy.
When you submit data to us we will only hold any information you provide to us for as long as necessary and this information will only be processed fairly and lawfully in line with the DPA. All employees who have access to your personal data, and are authorised with the handling of that data, are obliged to respect your rights as set out in the DPA principles.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, disclosure or loss, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect through our Service.
You may ask for a copy of any information that we may hold about you; for further information please see our Data Subject Access Request Policy below.
What Information We Collect:
• Company / Organisation Name
• Company Position
• Demographic Information
• Email Address
• Telephone Number(s)
• Trading Status / Business Ownership
• Business Size Information
• Business Sector
• Business Activity
• Business Registration
• Your interaction with the service i.e. your query, conversation and any outcome
How We Use Your Information:
We will not sell, lease or disclose your information to ‘third parties’ (defined as entities outside of the auspices of the Tees Valley Business Compass Service) unless we are required by law to do so. We may share your information with our immediate SDP’s, and may further use your data to send you information about third parties, additional services or consultancy which we think you may find useful to you and your business but only where you consent to your information being used for this purpose. You will always be able to opt-out of receiving marketing messages by contacting the Service and requesting that such marketing ceases.
We may use the information we collect about you in the following ways:
• facilitate the delivery and management of business support services to small to medium-sized enterprises (SME) in the Tees Valley area provided by the parties under the auspices of the Tees Valley Business Compass;
• provide evidence of contractual performance to the funding bodies of the Tees Valley Business Compass Service provision
• allow SME’s that have used the services to be contacted about their satisfaction with the services provided to them;
• allow SME’s that have opted to receive it when using our Service to be contacted by the SPD’s of the Tees Valley Business Compass about the services provided by the Tees Valley Business Compass (including relevant events and forms of support).
Links to other websites
Whenever information is to be collected by the Tees Valley Business Compass Services, or shared between its Service Delivery Partners and funding bodies, the following permission statements will be used appropriately:
We may wish to contact you in the future (by post, phone or email) to help us evaluate our Service, or to provide you with additional information about the Services you can access through Tees Valley Business Compass. We would like your consent to share your information with the Tees Valley Business Compass immediate Service Delivery Partners to enable us and them to offer you additional local business support (such as relevant events and new support programmes).
If you agree we may also allow other organisations offering useful business services (including financial services, property, legal and IT support) to contact you.
*Please note that all website forms, registration pages and emails will outline this permission statement in brief and seek opt-in / opt-out procedures where applicable. Similar messages will be relayed verbally when you use the Business Support Helpline.
Information Handling Policy
Tees Valley Business Compass may need to pass on data shared by the Business Support Helpline with its SDPs in order to effectively deliver its Services. If consent for this transfer has not been obtained by the Business Support Helpline (only due to the Service User not using the Helpline as a point of entry to the Service), Tees Valley Business Compass must seek this opt-in consent from the Service User before any transfer of information takes place.
Information collected from Service Users will be captured in several ways:
• Inbound calls to the Business Support Helpline
• Registration and Form-Filling of the Service User on the Tees Valley Business Compass website
• Signed enrolment of Services and related application forms
• Inbound & Outbound calls made to and from Tees Valley Business Compass authorised employees
SDPs must also ensure that any information they may collect themselves from Service Users, when supporting Service delivery of the Tees Valley Business Compass, must receive opt-in consent from the Service User before it can be shared with any other SDP if such opt-in consent to share has not already been granted by the Service User.
Where Tees Valley Business Compass does share information with opt-in consent it will ensure that appropriate provisions are in place with the SDPs to govern that sharing of data, which will be set out by formal Information Sharing Agreement and this document.
When in receipt of information supplied by the Business Support Helpline, and using that information to exercise its provision as a support Service to local businesses, the Tees Valley Business Compass will be acting as the Data Processor, and only when sharing information with its SDPs will the Tees Valley Business Compass take on the role of Data Controller.
When acting as the Data Controller, Tees Valley Business Compass will ensure that SDPs comply with data protection requirements.
If SDPs wish to share information with an entity outside the auspices of the Tees Valley Business Compass Service, or use the information for purposes outside the remit of the Tees Valley Business Compass Service they will be deemed as the Data Controller and must comply with data protection requirements laid down by the Data Protection Act 1998, including the requirements to obtain suitable consent from the Service Users.
Data Storage & Transfer
Information should be stored throughout its existence in an environment suited to its format and security classification, to ensure its preservation from physical harm or degradation and its security from loss or unauthorised access.
Information must only be transferred to persons who are authorised to have access to it, and there must be adequate security measures in place at the virtual and physical destination to safeguard it.
Information collected by the Business Support Helpline will be stored on its own, separate, systems for which Tees Valley Business Compass accepts no liability for information handling integrity.
Information collected directly by Tees Valley Business Compass will be stored on its designated and dedicated CRM system. Information collected by the Business Support Helpline and stored on its own systems will be shared with the Tees Valley Business Compass via:
• Transfer of data files submitted to an 256-bit encrypted SSL secured storage server which sits behind corporate-grade network security systems, accessible to authorised Tees Valley Business Compass employees only who will have been provided with individual logins and appropriate permission levels. This shared information will be accurately transcribed to the Tees Valley Business Compass CRM system by authorised personnel.
Where Tees Valley Business Compass shares information with its SDPs it will be transferred by the same method as outlined above; with access granted only to approved recipients, where those recipients are authorised representatives of SDPs and named in the SDPs’ signed acceptance of the respective Information Sharing Agreement (or their self-designated immediate delegates upon request from that said representative). These named personnel have entered into an agreement to safeguard this information to the standards set out in the Data Protection Act 1998 principles and other Information Handling related legislation and regulations.
Systems used for the electronic storing, transfer and processing of information encompasses servers, terminal desktops and networks, which must have procedures and contingencies for the safeguarding, backup and recovery of information and hardware infrastructure management in place when handling this information. Security management and enforcement should conform to at least the ISO 27000 standard, and the information sharing infrastructure used by the Tees Valley Business Compass administrators can confirm to do so.
It is not permitted, at any time, to share or transfer information electronically via mobile storage methods. This means that the use of portable hard-drives, USB storage devices, Compact Discs, laptops, mobile phones et al are not permitted for use when transferring information collected for the purposes of delivery of the Tees Valley Business Compass Service by any party involved, inclusive of SDPs. Local hard-drive storage on desktop computers should also be avoided, only storing information on secure network servers as designated appropriate.
Equally hard-copy information will never be taken or sent off-site from where the information is being stored and accessed, and will need to be transferred only by means of the approved electronic transfer system as set out in this document.
All buildings which will hold or process information collected for, and relating to, the Tees Valley Business Compass Service should be adequately secured against non-authorised persons gaining access to the information; this includes both inside and outside operational hours of the premises.
Best practice guidelines for additional measures of security would include (but are not exhaustive):
• Recording all visitors to buildings and, wherever feasible, ensure that they are accompanied whilst on the premises
• Implementing a clear desk/clear screen policy to reduce the risk of unauthorised access, loss of, and damage to information during and outside normal working hours or when areas are unattended
• Ensuring rigorous adherence to all security policies (e.g. access control, password use, homeworking, data sharing, equipment disposal)
• Ensuring where personal information is held on paper, it is locked away when not in use
• Ensuring the secure disposal of information, whether electronic or paper based.
The appointed Senior Information Risk Owner (SIRO) is John Leer, Senior Business Investment Manager, Tees Valley Unlimited.
Information Storage Lifespan
Tees Valley Unlimited (Tees Valley Business Compass Administrators) are required under its contract with Lancaster University (Funding Body) to keep all information relating to the Tees Valley Business Compass for a minimum of six years following the completion of the contract in June 2015. However, the terms and conditions of ERDF funding are likely to require that all information on the project is retained for the length of time required under the ERDF guidelines published by the Department for Communities and Local Government. This is currently until 2026 but may be subject to review.
Hard-copy and electronically-stored information will be destroyed, as and when appropriately required, using secure methods that comply with respective legislation & regulation that are in force at the time of its destruction.
Data Subject Access Request Policy
The Data Protection Act 1998 (DPA) gives individuals (“data subjects”) a number of rights including the right to access personal information that an organisation (in this instance the ‘Tees Valley Business Compass’) holds about them. This right of access extends to all information held on an individual and includes both digitally stored information as well as hard-copy. If an individual makes a request to view their information, it is known as a “Data Subject Access Request” or “SAR”. It is permissible by the DPA for a fee of up to £10 to be charged for responding to SARs due to the costs involved into responding to such requests. We will operate on the basis that a charge will be implemented for any SARs we receive unless exceptional circumstances are advised to us, at which point we will determine whether to waive the fee or not.
The DPA stipulates that the data subject must:
• make the request in writing (emails and faxes are permitted)
• supply information to prove who they are (to eliminate risk of unauthorised disclosure)
• supply clear and appropriate information to help the organisation to locate the information they require
Upon receipt of a request, the organisation must provide:
• a response outlining whether any personal data is being processed
• a description of the data, purposes and any recipients
• a copy of the data
• an explanation of any codes/jargon contained within the data
The organisation must respond to SARs within 40 calendar days, and due to the nature of such requests it could possibly take this long before you receive a response.
However, where possible, we will respond much sooner than this. The 40 day period will not start until payment of the £10 fee has been received and there is enough information to identify the information being requested.
How to Raise a Data Subject Access Request with Tees Valley Business Compass
Following the guidelines above please submit your SAR in writing to the following contact options:
• Email: email@example.com
• Write to: Business Compass, Tees Valley Unlimited, Cavendish House, Teesdale Business Park, Stockton-On-Tees, TS17 6QY
• Fax No: (01642) 632001
The DPA recognises that in some circumstances there may be a legitimate reason for an organisation to not comply with a SAR and so includes the provision for the organisation to refuse a SAR either partially or in full, depending on the circumstances. In a similar manner the DPA also places restrictions on certain information being released as part of a SAR disclosure, for example when disclosing information that could lead to another party’s information being released without authorisation. Wherever possible, if we refuse to disclose information you have requested we will aim to provide you with a reference to the DPA reasoning as to why we have refused.
Information Commissioners Office (“ICO”)
If you feel that your SAR has not been handled appropriately you do have the right to take this up with the ICO:
Information Commissioner’s Office,
0303 123 1113
Data Breach Policy
If, despite Tees Valley Business Compass putting in place appropriate security measures taken to protect personal information, a breach of security occurs, we will deal with the breach as soon as possible once we have become aware of it.
The breach may arise from information being accidentally or deliberately compromised, such as theft, a deliberate attack on our systems, the unauthorised use of data by a member of staff, accidental loss, or equipment failure et al. However the breach occurs, we will respond to and manage the incident appropriately.
Only authorised personnel of Tees Valley Business Compass are permitted to access, alter, disclose or destroy data we hold, and those individuals have received sufficient training and briefing to enable them to act within the scope of their designated authority. Any loss, unauthorised access to or processing of the information we hold by a member of staff will be dealt with through internal investigation and disciplinary procedures, with legal action being sought if deemed necessary.
In the event of information being compromised through means of theft (whether physical or digital) we will work directly with law enforcement agencies with the aim of reclaiming the data and bringing about legal action against those who compromised the information. If this theft is through digital means we will also instruct our information & communication technology service providers to conduct vigorous infrastructure vulnerability tests and investigations in order to close any such vulnerability.
System failures should be safeguarded by agreement of daily back-ups of our systems with our information & communication technology service providers, and in the event of data loss through system failure the data should be restorable through said backups without affecting any involved parties.
In any event of compromised information we will ensure that:
• we notify any affected parties of the compromise, inclusive of the Information Commissioners Office where applicable
• the risks associated with the breach are assessed
• we immediately seek to contain and/or correct the compromise, recover the data where possible, and limit any damage that may be caused as a result of the breach
• this policy is reviewed, and where feasibly possible make immediate improvement to data security following thorough investigations of the breach and evaluation of our organisational response to its occurrence
*Please note that if you are using a modern, up-to-date web browser you should see a prompt when you first enter the Tees Valley Business Compass website advising you of cookie use.
What is a cookie?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. It is entirely ‘passive’ and does not contain software programmes, a virus or spyware. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. A cookie typically contains the name of the website it belongs to and the lifespan of the cookie.
What cookies do we use?
Analytical Performance Cookies
Our website uses Google Analytics so that we can measure what pages on our website are being used and by how many people. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We never store any personal data such as your name or address so the information we collect can never be used to identify you. Google does not share your analytics information with anyone else.
The following cookies are set by Google Analytics:
|_utmc||At browser close|
Session cookies are used for remembering user selections during their visit to your site. A typical scenario may be to remember information entered in a form when navigating to different pages. This cookie expires when you close your browser.
|Phpsession||At browser close|
|frm_token||At browser close|
We use a number of suppliers who may also set cookies on their websites on it’s behalf. We do not control the dissemination of these cookies and you should check the third party website for more information.
| Twitter (original_referer, external_referer|
All recent versions of popular browsers give users some control over cookies. You can set your browser to accept all cookies, reject all cookies or accept/reject cookies for certain websites.
The website aboutcookies.org offers comprehensive information on how you can control cookies in all of the popular browsers http://www.aboutcookies.org/Default.aspx?page=2
Complaints Policy / Procedure
We aim to provide the best possible Service but sometimes things can go wrong. We take complaints very seriously so if any of our Service Users aren't happy we'll look into their complaint immediately and follow up with the appropriate course of action.
Definition of a Complaint :
A complaint is an expression of dissatisfaction, however made, about the standard of Service, action or lack of action by the Tees Valley Business Compass ‘Service’, its staff, or Service Delivery Partners (SDPs) or agents providing services on behalf of the Tees Valley Business Compass Service affecting an individual Service User or a group of Service Users.
How to Complain (Stage 1):
Firstly contact us using the below methods, providing as much detail as possible and including a postal address and alternative means of contacting you:
• Email: firstname.lastname@example.org
• Write to: Business Compass Complaints, Tees Valley Unlimited, Cavendish House, Teesdale Business Park, Stockton-On-Tees, TS17 6QY
• Fax No: (01642) 632001
Most complaints usually arise as a result of a misunderstanding and so can usually be resolved upon a first contact basis. We’ll aim to provide you a response to your complaint within 14 calendar days of you raising your expression of dissatisfaction. If a complaint is in regards to one of our SDPs we will confirm receipt of the complaint and forward it to the respective SDPs wherein we may notify all parties that the specific SDPs take over all responsibility of responding to the complainant, dependent upon the nature of the complaint.
If no further correspondence is received from the complainant within 7 calendar days of the response being issued, or if the complainant responds confirming acceptance of the initial outcome, the complaint will be closed as resolved.
If you are unhappy with the way your complaint was dealt with, or the outcome that was delivered, please let us know. We will then review your complaint and the initial action taken and advise you of the outcome in writing, within 30 calendar days. At this stage our response and outcome will be final.
Local Government Ombudsman (Stage3):
If you are still unhappy following our final response you can then put your complaint to the Local Government Ombudsman. You can contact them here:
Local Government Ombudsman
PO Box 4771
Tel: 0300 061 0614