Privacy Notice for the Centre for Entrepreneurship

This document outlines the types of personal information that the CfE is likely to collect, the ways in which we collect, and process personal information and your rights as a data subject as outlined by the UK General Data Protection Regulation. 

How we use your information

The CfE requires some of your personal data for the following:

• Administrative and management purposes;
• Marketing related services to you and to track the take up of such services; and/or
• Information that will also be available to staff of the CfE and/or academic staff at the University of Dundee for teaching and research purposes.

Personal data has/will be taken from:

• CfE event sign-ups (via Eventbrite);
• Application forms (Enterprise Challenge, Venture Competition, Visa applications and Business Advisory appointments);
• Information that is freely provided (via email); and/or
• A previous engagement with the CfE or the designinaction.com research project (which ended Dec 2016 with the learning  now being utilised by the CfE going forward).
• Publicly available sources:e.g., Companies House).

The CfE will keep personal details on record until we have dealt completely with your request, enquiry or contract and then for a reasonable period thereafter in accordance with UK data protection and other legislation.

Should the CfE decide that the retention of personal information is no longer necessary, all such information will be destroyed/deleted in a secure and confidential manner.

Any personal information provided to the CfE from students, graduates or staff in relation to any of the CfE's programmes or initiatives that the aforementioned have applied to, engaged with, partaken, however, be kept indefinitely for the purposes of maintaining a comprehensive archive of the CfE's activities.

We will respect your preferences concerning the ways in which we may contact you. If you wish to update these at any time, please contact us at the email address below, and you can unsubscribe from our email newsletter mailing list at any time.

Personal data

The CfE will process the following types of personal data:

• Basic information, such as your full name (including name prefix or title), the company you work for, your title or position;
• Contact information, such as your postal address, email addresses) and phone number(s);
• Matriculation number (Visas, Enterprise Challenge & Venture Competition applicants);
• Student information (course, School, year of study). whether you are student, staff, a recent graduate or alumni;
• Signature (for programme application forms, T&C's, Terms of Engagement and Non-Disclosure Agreements for speakers/judges) Nationality - for Visa applications/legal compliance only;
• Technical information, such as information from applications or in relation to materials and communications we send to you electronically.

Personal data may also be processed by CfE’s nominated agents such as software or service providers as outlined below:

• Campaign Monitor
• Eventbrite
• Gecko
• Microsoft Office 365
• Vertical Response
• Salesforce.

Where any providers are based outside of the UK, the University has the appropriate technical and contractual safeguards in place as required under the UK GDPR.

Sensitive (special categories) of personal data

We do not routinely hold special categories of personal data for the purposes described above. However, we may have such information if you provide it to us directly, for example when dealing with visa applications.

Data controller

The data controller for personal data used in this Directorate is normally the University of Dundee. Data will be processed using the University’s business systems. The University has contracts with providers for their cloud services to safeguard your data.

Data will also be stored in other key University systems such as the OneUniversity, the Finance system and the student records system (SITS). TechnologyOne are the provider of the OneUniversity and Finance systems, and data are stored on the Cloud.  Specialist systems used by this Directorate include Gecko which is used to collect personal data via its online forms.  The University has the necessary contractual controls in place with Gecko, SITS and TechnologyOne to safeguard data in these systems and to comply with the UK GDPR.

Lawful processing

The lawful grounds for processing personal data within CfE are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
• processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
• processing is necessary for compliance with a legal obligation to which the controller is subject;
• processing is necessary for the pursuit of our legitimate interests;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The lawful grounds for processing special categories of personal data within CfE are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email dataprotection@dundee.ac.uk. You may also wish to contact the Information Commissioner’s Office.