Kent County Council’s Trade Development Services Privacy Notice
Last Updated: 17 May 2018
Who are we?
Kent County Council collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Kent County Council (KCC) has a Data Protection Officer – Benjamin Watts.
The Trade Development Team within Kent County Council’s Economic Development Division provides a range of information and services which aim to help Kent businesses to access opportunities in overseas markets. We work closely with external partner organisations locally, nationally and internationally to implement these activities. In order to carry out this work, we need to communication with Kent businesses about the projects, programmes, events and activities that we and our partners deliver which help companies to export.
For information, in addition to ‘personal data’ covered by the General Data Protection Regulation and explained below, we may also collect commercial information about the businesses participating in our projects such as the annual turnover, number of employees, company description etc. to help with the implementation of our projects including capturing results and impacts.
The personal information we collect and use
Information collected by us
In the course of our activities designed to help Kent businesses with international trade KCC’s Economic Development team collects the following personal information when you provide it to us:
- Names, job roles, contact details (email, phone and postal address) of representatives of Kent businesses
- Within our statutory obligation to ensure that our services are delivered in line with equalities and diversity legislation, you may also choose to provide information about the nine protected characteristics (Age,Disability, Gender reassignment, Marriage and Civil Partnerships, Pregnancy and Maternity, Race, Religion and Belief, Sex, Sexual Orientation) but any such information is immediately anonymised and is not attributable to any individual
- In addition to the above, if you attend an overseas business event with us, we would also request the following which we would store for use during future overseas events unless you ask us to delete it on completion of the trip:
- Emergency contact details, a mobile phone number
- ‘Advance Passenger Information’ (API) required for travelling abroad such as passport numbers and expiry date, nationality, car registration numbers and date of birth where applicable
We may also need to request special category sensitive information as follows to ensure your wellbeing during the trip:
- Special dietary requirements
- Details of any health issues that could affect you during a visit
We also obtain personal information from other sources as follows:
- Kent company websites and social media networks (Linked In, Twitter etc.) where we believe we may have a programme that is of specific interest to the business
How we use your personal information
We use your personal information to:
- Contact you about events and business support activities which may be of interest
- Enable you to benefit from business support programmes and project activities (such as trade show visits, networking events or workshops)
- Keep records about companies which have participated in business support programmes to satisfy the requirements of external funding bodies
Any special category sensitive information that we collect about your is used:
To ensure your wellbeing during overseas and UK events. We may need to share this information electronically with selected partner organisations or external suppliers (such as caterers or airlines) within the European Union to make sure that any special requirements you have are taken into account.
How long your personal data will be kept
We will hold your personal information:
- Until the end of December 2026 for activities funded by our European projects (ISE and Boost4Health) as this is the required retention period for documentation evidencing the implementation of these business support projects as set out in the Grant Offer Letters in place between the Managing Authority of these programmes and Kent County Council.
- Until you or your company notifies us that you wish us to delete your personal data.
Reasons we can collect and use your personal information
We rely on you providing consent as the lawful basis on which we collect and use your personal data. You may withdraw your consent at any time. If you do withdraw your consent no further personal information will be collected and the existing personal information shall only be retained in accordance with KCC’s data protection policy. If you do withdraw your consent you will no longer be able to be kept informed about business support programmes and activities which may benefit your company.
We rely on you providing explicit consent as the lawful basis on which we collect and use your special category personal data. You may from time to time provide us with information about your physical health, for example you may wish us to know about a health issue or disability you may have for the purpose of allowing us, our managers or our partner organisations to make adjustments to ensure your wellbeing during an overseas trip or UK event. If you provide us with this information we will only process it (including sharing the information with our partners) to the extent that it is necessary for that purpose.
Who we share your personal information with
We may share your data with other business support providers involved in a particular business support programme, activity or event in which you participate with your consent. This would include the following types of data:
- Name, contact details and role within your company
We will share information regarding your health or special dietary requirements, to the extent it is necessary, with KCC officers or partner organisations who are responsible for the overseas trips/ events in which you participate.
For details of our business support partners please contact email@example.com. This data sharing enables us to identify overseas contacts for your business through our networks and partnerships.
We will share personal information with law enforcement or other authorities if required by applicable law.
Under the GDPR you have specific rights which you can exercise free of charge that allow you to:
- Where we have relied upon consent, have the right to withdraw your consent at any time
- Know what we are doing with your information and why we are doing it
- Ask to see what information we hold about you
- Ask us to correct any mistakes in the information we hold about you
- Object to direct marketing
- Make a complaint to the Information Commissioners Office
Depending on our reason for using your information you may also be entitled to:
- Ask us to delete information we hold about you
- Have your information transferred electronically to yourself or to another organisation
- Object to decisions being made that significantly affect you
- Object to how we are using your information
- Stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us contacting you about events and business support activities.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at firstname.lastname@example.org
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who to Contact
Please contact the Information Resilience and Transparency Team at email@example.com to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at firstname.lastname@example.org or write to the Data Protection Officer, Sessions House, Maidstone, Kent ME14 1XQ.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.
For further information visit https://www.kent.gov.uk/about-the-council/about-the-website/privacy-statement