YTKO Group is committed to ensuring that your privacy is protected and our company is registered on the Data Protection Public Register of the Information Commissioner’s Office (ICO). Should we ask you to provide certain information by which you can be identified when using this website or via our support services contractual terms, then you can be assured that it will only be used in accordance with this privacy statement.
YTKO Group may change this policy from time to time by updating this page. This policy is effective from November 2020.
What We Collect
We may collect some or all of the following information, depending on which of our services you use:
- name, company name and job title
- contact information including email address and telephone number
- demographic information such as postcode, city and areas of interest
- personal information such as education, disability, ethnicity, skills, experience
- other information relevant to customer surveys and/or offers, or online application forms.
What We Do With The Information We Gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Business Support Project reporting and supply of selected data to our funding partners Bristol City Council, the West of England Combined Authority (WECA)
- If you have consented for us to do so, we may periodically send you an e-newsletter from the designated project/service or YTKO Group with new or complementary YTKO Group products, special offers or other information which we think you may find interesting using the email address which you have provided. We can remove this email address at any time on request.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- We use a number of carefully chosen companies who could also have a copy of some of your data:
- Backblaze (for backups)
- Basecamp (for project management)
- Daylite (for data hosting)
- DigitalOcean (for backups)
- Eventbrite (for event registration)
- Formsite (for online forms)
- Google (for email & documents)
- Instiller (for email newsletters)
- MailChimp (for email)
- Tractivity (for client recording)
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online or via our paper forms. We also regularly train and update our staff around the required provisions of GDPR regulation. The US companies we use are all covered by Privacy Shield.
We are obliged to retain your personal data for the duration of all of our funded business support service contracts and for longer for auditing and compliance purposes.
We treat information security very seriously. We will take all reasonable technical and operational precautions to prevent the loss, misuse or alteration of client information. Any data provided by you is:
- Held on our secure, internal servers, and managed by a datacentre supplier who is certified to meet the requirements of ISO 27001 Information Security Management.
- Not transferred outside of the European Economic Area.
- Held in accordance with our Information Security policies.
No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data.
Using Our Websites
Our websites collect the following (non-identifying) information (via Google Analytics):
- the internet domain and IP addresses from which you access the website
- the type of browser (for example Internet Explorer or Firefox)
- the operating system you use (for example, Windows, Macintosh)
- the date and time of your visit
- the pages you access
which will also set some cookies:
If there is a YouTube video embedded on any of the pages, that too will set cookies:
The Information Commissioner’s Office has information about disabling cookies and/or opting-out of Google Analytics.
Links to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Who is the Data Controller for North & East Bristol Business Support personal data?
Bristol City Council (BCC), the West of England Combined Authority (WECA) are the controllers for all personal data required to help deliver the North & East Bristol Business Support programme.
BCC & WECA will be processing personal data in the North & East Bristol Business Support programme, according to the following lawful basis:
Article 6(1)(e) of the EU General Data Protection Regulation (GDPR):
‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
The lawful basis for controlling or processing `special category’ data under the North & East Bristol Business Support programme is:
Article 9(2)(g) GDPR
“processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;”
What personal data will be collected?
Most of the client data is collected by the registration form. This includes:
- General company information
- Services and sectors
- Turnover & employee numbers, ownership, etc
- Diversity and equality profile
We may also collect information that is publicly available, such as from Companies House.
Client information may also be captured in other client documents including questionnaires, client case file, action plan, meeting records and reports. We may record any other information a client chooses to share, either electronically, verbally, in written form or face to face.
Who will my personal data be shared with and how will it be used?
Your details will be stored securely and retained in compliance with GDPR and the new Data Protection Act. This information will be used to evaluate this project and for monitoring and evaluation purposes.
Your details will be used to support the programme research and evaluation activities. It is likely that the evaluation methodology will need to incorporate a variety of approaches in order to maximise the response rate (for example, telephone survey, written survey, and e-mail survey) – hence the need for a variety of contact details required for each participant.
We will not keep your personal data for longer than needed but as a minimum, will retain data for two years after the closure of the programme.
Below is a table showing how data may be disclosed. Clients will be notified of any changes or additional requests from other stakeholders. If the request is not for a mandatory purpose, clients can instruct their Business Support Provider not to share their data.
|A = mandatory|
B = optional
|Application Form Data||A||A||A|
We may also disclose your personal information to third parties:
- If a Business Support Provider is acquired by a third party, in which case personal data held by us about you will be one of the transferred assets
- To the extent that we are required to do so by law
- In connection with any ongoing or prospective legal proceedings
- To establish, exercise or defend our legal rights.
We will not disclose personal information to other third parties without a client’s consent.
What are the individuals rights?
The General Data Protection Regulations (EU) 2016 (GDPR) and the Data Protection Act 2018 give you the right to access information held about you free of charge. Your right of access can be exercised in accordance with the Regulations. We will require proof of identity with any request made.
You may instruct us at any time not to use your personal information for marketing purposes. In practice, you would typically agree or disagree to this in advance when submitting or updating your personal information, though opportunities to opt out are written into our processes.
Updating your data
We seek to verify and confirm the accuracy of the information that we hold about you every time we interact with you. Please let us know at any time if the information we hold about you needs updating or correcting.
Automated decision making
Your personal data will not be subjected to automated decision making.
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
Telephone: 0303 123 1113
Controlling Your Personal Information
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a paper or electronic form, please check the provisions of the consent wording to ensure that you are happy with how your personal information will be used.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at firstname.lastname@example.org or directly to any of the designated project teams.
- Alternatively, please write to us at YTKO Ltd, 150 Minories, London, EC3N 1LS
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you give us consent that you are happy for this to happen.
You may request details of personal information which we hold about you (a GDPR “Subject Access Request”) or ask us to delete it (a GDPR “Request for erasure”). If either case, please contact one of the designated project teams or email email@example.com
If you believe that your information we are holding is incorrect or incomplete, let us know (a GDPR “Request for rectification”) at the above addresses or to any of the designated project teams. We will promptly correct any information found to be incorrect.