1. ABOUT THIS NOTICE
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The University of Warwick Science Park (“UWSP”) is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how UWSP collects and uses personal data during and after your working or visiting relationship with us, in accordance with the General Data Protection Regulation 2016 (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
Minerva Business Angels is a brand name used by UWSP and as such are interchangeable when referenced in this document and which relates to Minerva Business Angels.
The UWSP collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the GDPR and DPA 2018 which applies across the European Union and we are responsible as a ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how UWSP will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
UWSP is the data controller under the GDPR and DPA 2018 and we will process your personal data in accordance with the GDPR and DPA 2018 at all times. You, as a ‘data subject’, therefore have specific rights to the data that we hold, collect and process.
UWSP is a wholly owned subsidiary of the University of Warwick and complies with the Data Protection policies of the parent.
Throughout this notice, “UWSP”, “we”, “our”, and “us” refer to the University of Warwick Science Park and Minerva Business Angels; “you” and “your” refer to investors (current and prospective), companies, consultancy clients, contractors, consultants and visitors.
If you would like this notice in another format (for example: audio, large print, braille), please contact us (see ‘How to contact us’ above).
2. THE PERSONAL DATA WE COLLECT AND USE
The following are examples of personal data which may be collected, stored and used:
- Personal contact details such as name, date of birth title, addresses, telephone numbers, personal email addresses and work email addresses
- Company name, company registration number and registered address
- Information about your investment activity and areas of interest.
3. HOW THE UWSP OBTAINS YOUR PERSONAL DATA
Personal data of third party visitors, clients, investors, companies, events, invites to invents, web site submissions, subscription services, platform registration and licensees is typically collected from the individual themselves or through a generic company enquiry, directly from the data subjects or sometimes from their on-site employer or UWSP/Minerva Business Angels contact. UWSP will also collect additional personal data throughout the period of you being on site at the UWSP.
4. PURPOSE AND ASSOCIATED LAWFUL BASIS
|Providing services and pre contractual steps in accordance with the contractual agreement entered into with you relating to Minerva Business Angels||Performance of a contract|
|Registering you as a Minerva Business Angels investor, accommodating an expression of interest in finding out more about angel investing or an entrepreneur which may include without limitation any administrative process||Performance of a contract and/or consent and/or legitimate interest|
|Administering and facilitating your attendance at a Minerva Business Angels event||Performance of a contract and/or consent|
|Processing payment in relation to your registration and membership with Minerva; to attend Minerva Business Angels events or other events organised on your behalf.||Performance of a contract and/or legitimate interest|
|Ensuring the safety and security of UWSP, its tenants, visitors, people and facilities.||Compliance with a legal obligation and vital interest|
|Registering you as a visitor to the UWSP site or to events held by our partner organisations.||Compliance with a legal obligation|
|Providing visitor parking permits.||Performance of a contract|
|Business management and planning, including accounting and auditing.||Compliance with a legal obligation and/or legitimate interest of sound management of the business of UWSP|
|To prevent fraud.||Compliance with a legal obligation|
We may contact you in relation to activities undertaken by Minerva or its partner organisations and other matters deemed of interest. You may withdraw your consent anytime by contacting firstname.lastname@example.org
5. LAWFUL BASES FOR PROCESSING YOUR PERSONAL DATA UNDER THE GDPR AND DPA 2018
Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:
- Performance of a contract
- Where you have given us your consent
- Where UWSP needs to comply with a legal obligation (for example, the detection or prevention of crime and financial regulations)
- Where it is necessary for UWSP’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency)
- In order to perform a task carried out in the public interest
SPECIAL CATEGORY DATA
We may only process special category personal data in the following circumstances where, in addition to a lawful basis for processing, there exists one of the following grounds:
- Explicit consent – where you have given us explicit consent.
- Legal obligation related to employment – The processing is necessary for a legal obligation in the field of employment and social security law or for a collective agreement. Vital interests – The processing is necessary in order to protect the vital interests of the individual or of another natural person where the data subject is physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
- Not for profit bodies – The processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
- Public information – The processing relates to personal data which is manifestly made public by the data subject.
- Legal claims – The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest – The processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law.
- Healthcare – The processing is necessary for healthcare purposes and is subject to suitable safeguards.
- Public health – The processing is necessary for public health purposes and is based on Union or Member State law.
- Archive – The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on Union or Member State law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
In limited circumstances we may contact you for your written consent to the processing of particularly sensitive data. In such circumstances we will provide you with full details of the information needed and the reason it is needed, so that you can consider whether you wish to give your consent.
Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Individuals need to write to email@example.com to withdraw their consent. Once we have been notified that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If the latter is the case, we will inform you of this legitimate basis.
We will only use personal data for the purposes for which it was collected unless it is considered reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If the University needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. We may process your personal data without your knowledge or consent, in compliance with this policy and procedure, where this is permitted by law.
6. DATA SHARING
We may share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where there is another legitimate interest in so doing including, but not limited to, for joint appointments with other external organisations or were collaborative arrangements exist with Minerva Business Angels. Third parties with whom we may share your data include:
|Third parties within the EEA||Lawful basis|
|The University of Warwick||Performance of a legal obligation or legitimate interest|
|Other Minerva partners with whom we hold events and deliver our services both through and together with and including for example for Health and Safety needs, security requirements, production of name badges||Performance of a contract, and legitimate interest|
|Companies providing Park security services or security services requiring disclosure to gain entry e.g. The Shard||Performance of a contract and service|
|Associated companies University of Warwick Science Park Business Innovation Centre Limited, University of Warwick Science Park Innovation Centre Limited, UWSP Concepts Limited||Performance of a contract and legal obligation|
|Companies you have expressed an interest in and other investors expressing the same||Performance of a contract and the service|
|Payment providers to enable us to process your payment||Performance of a contract and legitimate interest|
|Minerva Angel platform||Performance of a contract and legitimate interest|
Transfers of data outside of the EEA
We may transfer the personal data we collect about you to countries outside the EEA so long as there is a lawful basis for doing so or we have your consent. In certain circumstances we may seek your explicit consent to send your personal data outside of the EEA. When doing so we will inform you in clear terms of the data protection framework in place in the relevant countries in order to enable you to make an informed decision.
Before sending your personal data to countries outside of the EEA data we will ensure that adequate data protection provisions are in place, the processor has provided appropriate safeguards to ensure enforceable rights and legal remedies or other specified conditions are met under data protection law.
7. RETENTION OF YOUR PERSONAL DATA
The GDPR and DPA 2018 require that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University’s Record Retention Schedule (RRS) is a tool that enables the University and its subsidiaries (of which UWSP is) to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by UOW. The UWSP complies with the University Record Retention Schedule.
Full details of the retention periods of records can be found by viewing the records management page and selecting the University’s Record Retention Schedule (RRS), which is kept up to date separately.
8. DATA SUBJECT RIGHTS
Under the GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- Be informed of how we collect and use your personal data;
- Access your personal data;
- Require us to correct any mistakes in the data we hold on you;
- Require the erasure of personal data concerning you in certain situations;
- Restrict our processing of your personal data in certain circumstances;
- Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights please find out more here. If a subject access request is made and the request for access is clearly unfounded or excessive, the UWSP reserves the right to refuse to comply with the request in these circumstances.
9. KEEPING YOUR PERSONAL DATA SECURE
UWSP keeps your personal data secure at all times using both physical and technical measures.
Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where UWSP engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the GDPR and DPA 2018.
UWSP takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UWSP also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
10. HOW TO CONTACT US
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
Ms Anjeli Bajaj (DPO) can be contacted via e-mail at DPO@warwick.ac.uk
Or write to:
The Data Protection Officer
Information and Data Compliance Team
University of Warwick
Page 8 of 8
Kirby Corner Road
The GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
11. CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 17th December 2019. We may change this privacy notice from time to time, so please do refer back to this page frequently to ensure you are aware of any amendments.