Access the NI Enterprise Barometer 2024 Findings

Privacy Policy

Privacy Policy (Including Cookie Statement)

Enterprise Northern Ireland Ltd respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use one of our software applications (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy policy is made up of the following sections:

  1. Who we are and our approach to personal data
  2. The personal data we collect about you
  3. How your personal data is collected
  4. How we use your personal data
  5. Disclosures of your data
  6. International Transfers
  7. Data Security
  8. Data Retention
  9. Third-party sites
  10. Your right
  11. Cookie statement
  12. Changes to this Privacy Policy

Who we are and our approach to personal data

Enterprise Northern Ireland Ltd is registered in Northern Ireland with company number NI038769 and our registered office is Aghanloo Industrial Estate, Aghanloo Road, Limavady, BT49 0HE.

 

We trade under the brand names ‘Enterprise Northern Ireland,’ ‘Enterprise NI,’ ‘ENI,’ and ‘e-Conex.’ Throughout this policy, but at all times are making representations and commitments as the legal entity Enterprise Northern Ireland Ltd (in full compliance with the Companies (Trading Disclosure) Regulations 2008).

 

All references to ‘our,’ ‘us’ or ‘we’ within this policy are deemed to refer to Enterprise Northern Ireland, our subsidiaries, or affiliates. Enterprise Northern Ireland is the data controller for this website and has responsibility for the proper functioning of our suite of software products. If you are a user of one of our software products, you are only able to be a user because we have been asked by your organisation (Local Enterprise Agencies or other organisations from the enterprise and entrepreneurship support ecosystem), also known as our ‘Platform Partner,’ to grant you access. Therefore, we function as the data controller for any personal data about you provided by you or your organisation (our ‘Platform Partner’).

 

In cases where users sign up directly through Enterprise Northern Ireland Ltd on the e-ConX website, we will allocate the client to the most appropriate Platform Partner based on their geographic location

Our primary Platform Partners are our member Local Enterprise Agencies (LEAs), and a full list of our member LEAs is available on our website (www.enterpriseni.com). Other Platform Partners are primarily organisations from the enterprise and entrepreneurship support ecosystem across the UK and Northern Ireland.

 

Our website provider, Varsity Ventures Ltd trading as Startium, also has access to the data for processing purposes only and is obligated to safeguard it under contractual obligations.

 

We have appointed Stephen Edwards as our Data Protection Officer for the company. He is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy,

including any requests to exercise your legal rights as explained below, please contact us at this email address: privacy@enterpriseni.com.

 

Enterprise Northern Ireland is subject to the Information Commissioner’s Office and is registered and has paid the requisite fee (Registration Number Z9477435).

 

This Privacy Policy governs the processing of personal data which is collected by Enterprise Northern Ireland during its operations. It aims to give you information on how we collect and process your personal data through your use of our software products, use of this website, and use of any platform or tools we provide for your use. It includes any data you may provide when you register with us, take a username, and operate an account with us.

 

It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. Enterprise Northern Ireland operates in accordance with the latest data protection principles enshrined in Article 5 of the General Data Protection Regulation (EU) 2016/679 as these are applied in the UK [1] – including the principles of purpose-limitation, storage-limitation, data accuracy, data security and integrity, and data minimisation.

 

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

The personal data we collect about you

We collect personal and non-personal data from you when you use our Services. Personal Data is data that includes a personal identifier like your name, email or address, phone number, IP address or device identifier, or is data that could reasonably be linked back to you. It also may include demographic information, geolocation information, educational information, or commercial information as described below.

 

  • Identity Data includes first name, last name, username or similar identifier and title.
  • Contact Data includes address, delivery address if different, email address, social media handles, and telephone numbers.
  • Commercial Data includes business name, business address, business email address, business status, business type, investment and revenue data, employment data, business plans, website URL, social media handles, and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes log-on credentials, password, your interests, preferences, support needs, feedback, and survey responses (to the extent we use these from time to time).
  • Usage Data includes information about how you use our website and the tools within our suite of software products.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

 

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific tool or feature on one or more of our software products. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

 

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How your personal data is collected

We use different methods to collect data from and about you. We collect data as follows:

 

  • During account creation: We receive personal data about you when you create a user account, update your profile, respond to questions, or complete forms on our website or using our software products. We also receive personal data about you from our customers who include Local Enterprise Agencies and other organisations from the enterprise and entrepreneurship support ecosystem.
  • From you, your account, and your profile:You can choose to share additional information with us, such as a personal and business email address, phone number, business details, commercial information, and support needs. You can also share information with us by answering questions about your interests and business plans that will be covered by this Privacy Policy and our Terms of Service. You can also share this information by updating your profile, uploading documents that include personal information, or answering questions or surveys delivered to you via email or presented to you on our software products. We will not use your phone number to send any commercial or marketing messages to you.
  • From Platform Partners:Our Platform Partners (Local Enterprise Agencies and other organisations from the enterprise and entrepreneurship support ecosystem) share information about members of their entrepreneurial ecosystem (business owners, entrepreneurs, programme participants, businesses, business advisors, contacts, and mentors) with us so we can provide them with services that they use to manage their programmes and entrepreneurship services. Each Platform Partner chooses what it shares, which may include your name, mailing and email address, business details, and support needs. The Platform Partner that you are associated with in order to create a profile on any of our software products is the Data Controller for this data and it is only processed by Enterprise Northern Ireland at the Partner’s direction.
  • From automated technologies or interactions:As you interact with our website or any of our software products, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie statement included in this privacy policy below for further details.
  • From our websites:If you use and interact with our websites, we automatically collect some Personal Data about your device and your usage of our websites through cookies, web beacons, or similar technologies. Such Personal Data may be less obvious Personal Data such as your Internet Protocol (IP) addresses or username.
  • From Zoom and video conference recordings:Sometimes personal data is taken from video calls. Recordings will then be stored securely and after two weeks of inactivity (views) the default position is that they are then permanently deleted. Unless consent has been collected to retain recordings for a longer period of time or indefinitely.
  • From surveys and testimonials:We may in the future use surveys. The aim is to only receive and process the Personal Data about you that you choose to provide in any kind of survey or that you kindly provide as publishable feedback through a testimonial or commendation placed on our website. We only use this information to make our company more effective.

How we use your personal data

We will only use your personal data when the law allows us to. We have set out in the table below all the ways we are allowed to process your personal data under the GDPR, followed by a summary of the key “lawful bases” which apply most to Enterprise Northern Ireland.

 

Processing Personal Data under Data Protection Law: The 6 Lawful Bases

 

  • Consent
  • Contractual Necessity
  • Legal Obligations
  • Vital Interest
  • Public Interest
  • Legitimate Interests

 

We use, process, and store your Personal Data to provide the services outlined in our Terms of Use and to connect you with support, events, and opportunities relevant to you, your business, and your support needs. Our lawful bases for processing your data and the purpose for processing it is as follows:

 

  • To fulfil our contract with you: By creating an account on one of our software products, we will be required to collect, store, use, and otherwise process information about you for any purposes deemed necessary for your use of our software products and for the performance of your agreement with Enterprise Northern Ireland including:

    • Providing services such as allowing you to make appointments with business support professionals, to provide you with suggested events and opportunities that are relevant to you and your business, engage with platform partner resources, and so on.
    • Delivering notifications about events, opportunities, and important communications from platform partners by email in accordance with your account settings and communication preferences.
  • With your Consent: For some uses, we will obtain consent from you to provide additional services. Such uses include:

    • Allowing you to choose to share your profile publicly, with other users, and to be introduced using the profile information you have set as public information.
    • Contacting you about additional features or Platform Partner services you might be interested in.
    • Personalising tools that make up our software products. For example, we may suggest opportunities or events to you based on the business, education, or demographic information you provide.
  • For our legitimate interests: Processing of your personal data may also be necessary for the pursuit of our legitimate interests – but only where the processing is warranted and will not cause a prejudicial effect on your rights and freedoms, or legitimate interests. Examples are:

    • Processing your data along with other users’ data to provide activity and engagement reports to Platform Partners.
    • Researching new ways to improve our software products.

 

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your data

With respect to personal data, we will only share your personal data with third parties under the following circumstances:

 

  • With your consent: For example, you may choose to make your profile public so that your associated Platform Partner (Local Enterprise Agencies or other organisations from the enterprise and entrepreneurship support ecosystem) can introduce you to contacts and mentors or so you can appear in a directory of users from multiple Platform Partners visible to all public users and Platform Partners.
  • With your associated Platform Partner: To have an account on any of our software products, you need to be associated with one of our Platform Partners. We share all information with your associated Platform Partner so that they and we together can provide services to you. Your associated Platform Partner is also a Controller of the Data collected through our software products.
  • With vendors that are contractually engaged to provide us with services:such as cloud service providers and other services for maintaining our systems, email management, and analytics. Also, software developers, IT support service providers, business advisors, legal specialists, and third-party tools which track user behaviour across our suite of software products. These companies are obligated by contract to safeguard any personal data they receive from us. See below the third-party vendors used by Enterprise Northern Ireland:

    • Analytics and data services: Google Analytics – Platform Partners and Users – United States. We use Google Analytics to understand user behaviour in aggregate to inform our platform engineering and product work.
    • Email Servers: Google Workspace – Platform Partners and Users – United States. We use Google Workspace to manage our email communications and for secure storage. Google Workspace holds contact names and email addresses but are not managed or controlled by Enterprise Northern Ireland.
    • Infrastructure Providers:AWS Hosting – Platform Partners and Users – United Kingdom. We use the Amazon Web Services platform to power our products. Note that all data transferred to Amazon Web Services is encrypted at rest and in transmission and no data is shared directly with Amazon Web Services.
    • Saas: SendGrid mail – Users – United States. We use SendGrid to send personalized emails to users of the platform in accordance with their preferences. Examples include sending personalized digests of their user dashboard.
    • Analytics and data services: Google Analytics – Platform Partners and Users – United States. We use Google Analytics to understand user behaviour in aggregate to inform our platform engineering and product work.
    • Website Provider: Varsity Ventures Ltd trading as Startium – Platform Partners and Users – United Kingdom. Our website provider has access to the data and is obligated to safeguard it under contractual obligations.

 

With respect to non-personal data, which is data that itself cannot reasonably be linked back to you or data that is combined with other data in a way that cannot reasonably be linked back to you. We use and share your non-personal, de-identified, or aggregated data in a variety of ways to help our Platform Partners and the public understand trends in entrepreneurship and new venture creation through analytics reports, statistics, and other metrics and guides. For example, to understand:

 

  • What percentage of new ventures from certain regions are started by individuals in different sectors.
  • Whether a certain programme is producing more sustainable businesses than others.
  • How popular certain events and opportunities are at various stages of the business start-up journey.
  • How many introductions have been made over a selected period of time to different support organisations within a specific partner’s ecosystem.

 

If we are involved in a merger, reorganization, dissolution, or other fundamental corporate change, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

Additionally, Enterprise Northern Ireland may share such anonymous usage data on an aggregate basis in the normal course of operating our business. For example, we may share information publicly to show trends about the general state of the entrepreneurship sector or the uptake in our products and tools over a sustained period of time.

International Transfers

Enterprise Northern Ireland stores the personal data described in this Privacy Policy inside the UK and in the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, GDPR, and UK GDPR at all times.

 

Our software products use a range of established international service providers to operate our services, some of whom may conduct processing outside of the EEA. We ensure through our supplier contracts that if data is exported then it is protected to the standards required by UK legislation. If you would like more details on this, please contact our appointed Data Protection Officer at privacy@enterpriseni.com .

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Enterprise Northern Ireland follows industry-leading security procedures that meet the ten steps to cyber security outlined by the UK government. All data processed by Enterprise Northern Ireland is encrypted at rest and in transmission. Enterprise Northern Ireland uses TLS 1.2 or above for data in transmission and AES 128 or higher for data at rest.

 

Enterprise Northern Ireland uses security certificates as far as possible for all development tasks, and any locally stored passwords used for user authentication follow OWASP guidelines. Every build of the platform is checked against the OWASP guidelines and a database of known/common web vulnerabilities.

Data Retention

We will retain User Provided data for as long as you use our software product and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate for the purpose of analytics and our legitimate business interests. If you would like us to delete User Provided Data that you have provided via one or more of our software products, please contact our Data Protection Officer at privacy@enterpriseni.com .

 

Please note that some or all of the User Provided Data may be required in order for our software products to function properly. As a corporately responsible business, mindful of the data protection principle of storage-limitation and data-minimisation, we perform a disposal and archiving exercise at least once per annum, at which all data sets will be reviewed and obsolete data will be deleted from our systems (including our backup facilities).

Third-party sites

Our websites contain links to other websites operated by third parties. Please note that this Privacy Policy applies only to the personal information that we collect through our sites or services, and we cannot be responsible for personal information that third parties may collect, store, and use through their website. Please check their individual policies before you submit any information to those websites.

Your rights

You have certain rights in respect of your personal information:

 

  • The right of access to your personal data.
  • The right to correct or rectify any inaccurate personal data.
  • The right to restrict or oppose the processing of personal data.
  • The right to erase your personal data; and
  • The right to personal data portability and
  • The right to lodge a complaint with the relevant Supervisory Authority.

 

When Enterprise Northern Ireland processes your data at the direction of your associated Platform Partner we function as their Processor and comply with requests they send us. You become a user of Enterprise Northern Ireland by agreeing to this Privacy Policy and our Terms of Use.

 

You may contact our Data Protection Officer with questions or requests regarding your personal information. Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.

Cookie Statement

Enterprise Northern Ireland uses (i) Strictly necessary (essential), (ii) Functional, and (iii) Analytical (measuring performance) types of cookies.

 

Cookies may be delivered by us directly to you (first-party cookies) or delivered by one of our partners. Cookies can be either session cookies or persistent cookies. Session cookies enable sites to recognize and link the actions of a user during a browsing session and expire at the end of each session. Persistent cookies help us recognize you and these are stored on your system or device until they expire, although you can delete them before the expiry date.

 

We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications.

Types of Cookies

  • Required cookies: Necessary for basic website functionality. Some examples include session cookies needed to transmit the website, authentication cookies, and security cookies. If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites. Because required cookies are essential to operate the websites, there is no option to opt out of these cookies.
  • Functional cookies: Enhance functions, performance, and services on the website. Some examples include cookies used to analyse site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual. Functional cookies may also be used to improve how our websites function. This helps us to provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.

    • We may use our own technology or third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements. For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to help us analyse how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. We use this information to improve our websites.
  • Targeting or Advertising cookies: Track activity across websites to understand a viewer’s interests and to direct specific marketing to them. Some examples include cookies used for remarketing or interest-based advertising.

    • To opt out of any advertising cookies, please visit the opt-out pages of the Network Advertising Initiative.

 

We use cookies for the following reasons:

For our products:

  • To help us improve End Users’ experience
  • To fulfil API calls and integration requests to connect to various accounts
  • To help with data protection and spot fraudulent activity

For our websites:

  • To remember preferences and settings
  • To identify errors on the site and assess performance
  • To help us understand traffic data relating to our site, e.g. time and date of visit

 

Opt-Out from the setting of cookies on your individual browser Where available, you may opt-out from the collection of non-essential device and usage data on your web browser by managing your cookies at the individual browser level.

 

While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies, or regulators.

 

In light of changes to cookies practices in 2021 (with respect to the disablement of third-party cookies on some browsers), we include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly:

 

Changes to this Privacy Policy

This Privacy Policy was last updated on 30th June 2023.

 

[1] As transposed by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 – otherwise known as UK GDPR.

Join today!

Providing micro & small business owners with the right support at the right time