Privacy Notice

This Privacy Notice (Notice) gives you further information about the way we collect and use personal data about you (which is known as “personal data” under data protection legislation).

You should read through this Privacy Notice to fully understand the basis upon which we collect your personal data, how we use it, where we store it and to whom it is disclosed.

Commitment to Privacy

We are committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation in place from time to time.

Who we are

Exemplas Trade Services Limited (Registration Number: Z3423079) is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you on the information contained in this privacy notice. We may update this notice at any time.

Our data protection policy

We understand the importance of protecting personal data and is committed to complying with the General Data Protection Regulation 2016/679 (GDPR). We are committed to fostering a culture of transparency and accountability by demonstrating compliance with the principles set out in the Regulation – as laid out in our data protection policy (available to you when you request this by email from our Data Protection Officer). This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.

When we ask you for personal data, we will:

  • tell you why we need it
  • only ask for relevant information
  • look after it and make sure it is only accessible to those within the company who need to see it
  • only keep it for as long there is a business, statutory or legal obligation (according to our retention policy)
  • not make your personal data available to third parties without your permission.

In return, we ask you to:

  • give us accurate information, and
  • tell us as soon as possible if there are any changes.

1. What kinds of personal data do we collect about you?

We may collect the following types of personal data about you:

  • Personal contact details, such as title, full name, contact details;
  • Date of birth
  • Your nationality, if needed for the provision of service or for grant eligibility
  • Bank account information, if needed for the payment of grants
  • Equality, Diversity & Inclusion information
  • Information about your career / workplace / employer / research / innovation
  • Services, you currently hold with us, included funded services
  • Marketing to you, including history of those communications, and information about funded services or related business support services we think you may be interested in to improve your business, and analysing data to help target offers to you that we think are of interest or relevance to you;
  • Information about your use of funded services or services held with our Delivery Partners
  • Information about your employment status, if relevant
  • Information we buy from accredited third parties, marketing lists, publicly available information, and information to help improve the relevance of our services
  • Insights about you and our customers gained from analysis or profiling of customers
  • Dietary and / or accessibility needs.

2. What is the source of your personal data we collect about you?

We collect personal data from the following general sources:

  • From you directly
    • information that you provide by filling in forms or surveys
    • information in correspondence that you send us
    • details of your visits to our website including, but not limited to, traffic data, location data, blogs and other communication data, and the resources that you access
  • Information generated about you when you use our services
  • Information from Delivery partners
  • Information from Public authorities
  • Information from publicly available directories and information (e.g. social media, internet, Companies House, HMRC), and other organisations that operate to assist in offering individuals business support
  • We buy information about you from accredited third parties, including marketing lists, publicly available information or information to improve our service delivery
  • We receive information about you from government departments or third parties to offer you funded business support services.

3. How do we use your personal data?

We may use personal data we collect:

  • To ensure that content from our website is presented in the most effective way for you
  • To provide you with information or services that you request from us or which we feel may interest you
  • To notify you about changes to our website or services
  • For Communications and public engagement activities: surveys, events, newsletters, communications, websites and social media
  • To manage funding applications and awards
  • To alert you to funding opportunities
  • To undertake funded business support monitoring and evaluation
  • To support participation in events and workshops; this may include surveys and collecting information on dietary or accessibility requirements
  • To ensure our terms and conditions of funding are met, for example audits
  • To operate our complaints policy
  • To facilitate commercialisation and our legitimate business interest
  • For evaluation and recording
  • For current or past employees, interns or associates for:
    • Recruitment
    • Equality and diversity
    • Personnel files
    • Rewards and Benefits
    • Training and development
    • Management Information
    • Pension Scheme Administration
    • Accidents, incidents and general health and safety at work
    • Audit
    • Occupational Health
    • Payroll
    • Non-pay staff benefits
    • Information Systems Management & Delivery
    • Legal casework – grievances, disciplinary, and dismissal

4. When do we share your personal data?

We may share your personal data for the above purposes with:

  • Governmental departments and regulatory bodies as a statutory requirement, such as:
    • Information Commissioner’s Office
    • HMRC
    • Department for International Trade
    • Department for Business, Energy and Industrial Strategy
    • UK Research and Innovation
    • Ministry of Housing, Communities & Local Government
    • Hertfordshire County Council
    • Innovate UK
    • Hertfordshire Local Enterprise Partnership (LEP)
  • Business partners, such as:
    • Pensions
    • Insurers
    • Financial services
    • Medical
    • Security checks
    • Recruitment agencies
    • Administration of non-pay staff benefits by the provider
  • For a supplier, we may share your personal data for the following purposes:
    • To send you information about our work
    • To manage your attendance at meetings outside of our own sites
    • Site management (building access, car parking)
    • Health and Safety
    • Dietary and accessibility requirements
    • Equality reporting
    • Service provision and management

5. What are the legal grounds for our processing of your personal data?

  • Where it is necessary to provide you with our services, such as:
    • a response to a direct enquiry
    • Managing services we deliver to you
    • Sharing your information with our delivery partners and various funders
    • All stages and activities relevant to managing the service including enquiry, application, administration, and management of grant funding applications and payments
  • Where it is necessary for us to process your email address for performance of the contract between us.
  • In most cases, where it is in our legitimate interests to collect and use the personal data referred to above (see What kinds of personal data do we collect about you?) so that we can:
    • provide you with a service that is as useful and beneficial to you as possible, including ensuring that you receive the right type of business support which may entail referring you to other related business support services, and help to improve our services and marketing activities (which could also benefit you),
    • When we rely on our legitimate interests in order to collect and use your personal data, we must consider whether those legitimate interests are overridden by your interests or your fundamental rights and freedoms. We may continue only if we decide that your interests, rights and freedoms do not override our legitimate interests. We have considered these matters, and where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not use your personal data unless there is another legal basis for us to do so (either that it is necessary for us to perform our contract with you, or on the basis of your consent).
  • For public task, when we are engaged as the government’s delivery partner when we carry out tasks in the public interest.
  • In certain rare circumstances, we may process your personal data after obtaining your consent to do so for the purposes of:
    • sending you marketing communications;
    • advertising on social media platforms;
    • for some of our processing of the special categories of personal data, such as about your health.
    • using your location to deliver specific messaging and content to you; and
    • using your location to monitor the effectiveness of our messaging.

Your rights

By law, you have a number of rights when it comes to your personal data.

Rights What does this mean?
1.  The right to be informed 


You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Notice.
2.  The right of access You have the right to obtain access to your personal data (if we are processing it), and certain other information (similar to that provided in this Privacy Notice).

This is so you are aware and can check that we’re using your personal data in accordance with data protection law.

3.  The right to rectification You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
4.  The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5.  The right to restrict processing You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
*6. The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7.  The right to object to    processing You have the right to object to processing for direct marketing and also to processing which is carried out for the purposes of our legitimate interests.
8.  The right to complain You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. 
9. The right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

How long do we keep your personal data?

We may retain your personal information based upon business requirements, legal obligation, statutory or regulatory obligations and transactional purposes. If you want to know how long we keep your information, please write to our Data Protection Officer.

Transfer of personal data outside the European Economic Area (EEA)

We do not transfer your personal information to any country located outside the EEA.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contacting us

Please contact our Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send an email to, or write to Marcia Kilmurry, Titan Court, 3 Bishops Square, Hatfield, Hertfordshire, AL10 9NE, UK.

Please contact us if you have any questions about this Privacy Notice or the personal information we hold about you or to exercise all relevant rights, queries or complaints.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113 or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Changes to this privacy notice

This privacy notice was published on 25 May 2018.
We may change this privacy notice from time to time.