Our Privacy Policy

Privacy Policy

As you access this Site, BIRMINGHAM ENTERPRISE COMMUNITY CIC  (“we”, “us” or “BIRMINGHAM ENTERPRISE COMMUNITY”) recognises your desire to safeguard your personal information and we are committed to protecting your personal information that you share with us

This statement sets forth our privacy policy (“Privacy Policy”) which administrates the way in which we collect, use, maintain and disclose information collected from you as you use the  website (“Site”). This Privacy Policy applies to the Site only and all products and services offered by BIRMINGHAM ENTERPRISE COMMUNITY.

Please note that this Privacy Policy applies to our Site only. Our Site uses Facebook plug ins, Google’s reCAPTCHA and Google Analytics which collect personal and non-personal information. These programs are subject to their own privacy policies which we encourage you to review before using our Site. Please see below for more information.

Unless and until the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) is no longer directly applicable in the UK, this privacy policy seeks to abide by the GDPR. For the purposes of the GDPR, BIRMINGHAM ENTERPRISE COMMUNITY is the controller and responsible for your personal data.

The Privacy Policy sets out:

  1. What information we gather
  2. How we collect your information
  3. How we protect your information
  4. How we will use the information collected
  5. When we might share your information
  6. Storage of your information
  7. Your rights in relation to your information
  8. Third party websites
  9. Opting “In” or “Out
  10. What information do we gather?

We collect two types of information at various points in your user or customer journey:

1.1 “personally identifiable information” or “personal information”, meaning it can be used to specifically identify you; and

1.2 “non-personally identifiable information” or “non-personal information”, meaning it relates to you but can’t be used to specifically identify you: information about the device you may be using or what kind of browser you are using.

  1. How we collect your information

2.1 Personal information

We may collect personal identification information from you in a variety of ways, including, but not limited to when you register on the site, subscribe to the newsletter, and in connection with other activities, services, features or resources we make available on or through our site. Users may be asked for a number of contact details, including but not limited to and as appropriate: name, address and email address. We may collect this information and store this for future use using “cookies” (see our Cookies Policy). Through participation in any of Birmingham Enterprise Community programmes, we may also capture and analyse data in respect of your journey with us. Users may be asked for details including but not limited to and as appropriate: business stage, capital raised, key performance indicators. We may collect this information and store this for future use using “cookies” (see our Cookies Policy) and share with select third party partners. Users may however visit this website anonymously. We will collect personal identification information from users only if they voluntarily submit such information to us. Users can always refuse to provide personal identification information but this may mean that they are prevented from participating in Site and event related activities.

2.2 Non-personal identification information

We may collect non-personal identification information about users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about users means of connection to our Site, such as the operating system and the internet service providers utilised and other similar information.

2.3 Cookies on our web browsers

Our Site may use “cookies” to enhance user experience. Web browsers place cookies on the users’ hard drive for record-keeping purposes and sometimes to track information about them. Users may choose to set their browsers to refuse cookies, or to make the user aware of when cookies are being sent. But, the users will have to note that some parts of the Site may not work or function properly in these circumstances. [Please note, Google Analytics, Google’s reCAPTCHA and Facebook Pixels are also used on our Site which have their own terms in relation to its cookies. Please see below for further information].

  1. How we protect your information

3.1 Security for all personal information is extremely important to us.  To prevent unauthorised access, maintain data accuracy and ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure the information we collect online.

3.2 Unfortunately, we cannot guarantee that data transmitted over the Internet will always be secure.  As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us through our Site and you do so at your own risk.

3.3 We encourage you to review the privacy statements of other websites you choose to link to from our Site so that you understand how those sites collect, use and share your information.  Heineken is not responsible for the privacy statements or other content of websites you may link to from this Site.

  1. How we may use information collected

BIRMINGHAM ENTERPRISE COMMUNITY may collect and use users’ personal information for the following purposes:

4.1 To support functionality of the website

The information you provide us will allow us to register your account and maintain any preferences you have with us, as well as let you see any individual orders for our products or services that you have taken out.

4.2 To improve and personalise user experience

The information provided allows us to understand customer needs more efficiently and support improvement of BIRMINGHAM ENTERPRISE COMMUNITY. Information may also be used to understand how users use the services and resources provided on our sit and will be used to improve our products and services.

4.3 To process payments and for other service providers

Information provided in the process of placing an order will be used to aid the service for that order. Information is not shared to outside parties except to the extent in which the service needs to be provided.

4.4 To send newsletters, SMS and email communication

If a user agrees to receive communication and emails through our newsletters and mailing lists emails will include updates on company and partner news, updates, related product or service information, etc. If a user has provided consent to us to share their details with our sponsors and third party organisers, we may do so to fulfil their wishes. In each case, the user is able to unsubscribe from the mailing list by following the steps set out below.

4.5 Other Marketing Activities

We may use your details to retarget you on other sites via Google or Facebook Ads. This will be done in accordance to the respective platforms privacy policy and your privacy settings on your Facebook and Google accounts.

  1. When we might share your information

While we will never sell your personal information to any other third party without your explicit consent, we do sometimes need to work with a number of third parties to create the best, seamless and most dynamic service we can. We are very careful about who we share your information with, but we would like to give you more detail about the limited circumstances where we may share your personal information with external parties and why.

5.1 Sharing information with our Service Providers

We may use third party service providers to help us enhance our marketing abilities and operate our business and to fulfil our legal obligations to you. Sharing information with these parties may include combining personal and non-personal information as set forth in this Privacy Policy. These service providers administer activities on our behalf, such as sending emails, transaction fulfilment and promotions administration.  For instance, if you participate in a promotion, game or other programme resulting in a prize or award, we will share personal information about you with our centralised data collection agency.  If you enter into a transaction on our Site, we may share your information with transaction providers to fulfil your requests.

5.2 Sharing your information with our social media partners and third-party marketing partners

We may provide aggregated non-personally identifiable information, usually obtained through cookies, to third parties (such as marketers, ad server companies and advertisers) that make use of general customer data.

5.3 Sharing information with other third parties

We may provide information to others (such as governmental or law enforcement agencies) in the good faith belief that such action is necessary to: (ii) comply with any legal claims raised against us; (iii) protect the rights, property or safety of BIRMINGHAM ENTERPRISE COMMUNITY; or (iv) protect the rights, property or safety of the public.

We may also provide your information to third parties such as our sponsors or other event organisers where users have expressly consented to this. Please note, we will not share your information with third parties under this paragraph where you have not given us your consent. If you have given us your consent and would like to withdraw this consent, please contact us on our details below. You may also use the unsubscribe button contained in our emails.

  1. Storage of your information

6.1 We will usually store the information we collect from you within the European Economic Area (“EEA”).  We will only store personal information we collect from you outside of the EEA if we have first obtained your consent.

6.2 We will retain your information for the shortest time possible, taking into account our purposes for collecting it, as well as any legal obligations to keep the data for a fixed period of time. Your information will be deleted after five years.

By way of an exception, your personal data may be kept for a longer period for archiving purposes in the public interest or for reasons of scientific or historical research, provided that appropriate technical and organisational measures are put in place (anonymisation, encryption, etc.).

6.3 We will not retain your personal data for any longer than reasonably necessary.  What this means is that if you only provide your personal data to us in connection with a promotion or competition that you have entered through our Site, we will securely delete your personal data once such a promotion or competition has come to an end.  If you provide us with your email address so that you can receive our newsletters, we will continue to store your email address until you notify us that you no longer wish to receive our newsletters.  Notwithstanding the foregoing, you have the right at any time to notify us that you want the personal data we hold on you to be deleted.

  1. Your rights in relation to your information

You have the following rights in relation to your personal information:

7.1  you have the right to request us to divulge what personal information concerning you we hold, and how we are using it (Subject Access Request);

7.2 you have the right to object to us processing your personal information if there are sufficient grounds relating to your particular situation (Right to Restrict/Object to Processing);

7.3 you have the right to require us to correct any errors in your personal information held or processed by us or on our behalf (Right of Rectification);

7.4 you have the right to ask us to delete your personal information where that information is no longer needed for the original purpose for which it was obtained/given. you also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with the GDPR. Note that we may demonstrate compelling legitimate grounds to process your information which override your right to erasure (Right to be Forgotten);

7.5 where we are processing your personal information only by way of your consent (for example, if you have provided explicit consent to have your personal information shared with a social media network), you have the right to withdraw this consent at any time;

7.6 where we are unable to delete the information, either because a legitimate legal basis remains or because you want us to keep some or all of your personal information for whatever reason, you have the right to have the purpose for which that information is held or processed restricted;

7.7 you have the right to make a data portability request, allowing you to obtain and reuse your personal data for your own purposes across different services;

7.8 you have the right, subject to narrow exceptions, to not be subject to automated decision making.

You also have the right to prohibit us from using your personal information for direct marketing purposes and we will only send you marketing information where you have expressly consented thereto. You will always have the option of removing your information from our e-mail mailing list(s) so that you will not receive further e-mail promotional communications from us.

In order to ensure immediate removal from any list, it is best to follow the specific instructions outlined within the communications you receive from us (for example, an unsubscribe button) since we operate numerous sites and e-mail lists. If you are unable to complete the process indicated in such communications, please send us an email at: hello@Birmingham Enterprise Communitylauncher.com.

  1. Third Party Sites

8.1 Users may find external content on our site that link to the websites of our partners, subscribers, sponsors, licensors and other third parties.  We do not take control for the content or links that are found on these websites and are therefore not responsible for any practices employed by these websites linked to or from the our Site.  These websites or services may include content or links that continually change and may have their own privacy policies and customer service policies.  The browsing on and the use of any other website, including websites which may have a link to our site is subject to that website’s own terms and policies. This Privacy Policy applies to the use of our Site only.

8.2 Sites linked to our Site are checked at the time of linking for possible legal violations.  A permanent control of the linked pages is unreasonable without concrete evidence of a violation. Upon notification of violations, links will be removed immediately.

Privacy Statement for the use of Facebook plugins (like button)

8.3 Our website contains plugins designed by the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA).  You can easily identify the Facebook plugins thanks to the Facebook logo or the “Like Button” (“Like”) on our website.  You can read more about Facebook plugins here: 

8.4 When you visit our pages, a direct connection is established between your browser and the Facebook server.  In the process, Facebook receives the information that you have visited our website with your IP address.  When you click on the Facebook “Like Button” while you are still logged in you Facebook account, you can link the contents of our pages to your Facebook profile.  This makes it possible for Facebook to allocate our pages to your user account.  We would like to emphasise that, as the provider of the web pages, we have no knowledge of the data and how they are used by Facebook.  For more information, please see the data privacy statement at 

8.5 If you do not wish that Facebook can assign to visit our pages to your Facebook user account, please log out of your Facebook user account.

Privacy Statement for the Use of Google Analytics

8.6 This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”).  Google Analytics uses.  “Cookies”, text files that are stored on your computer and enable analysis of your use of the website. The information generated by the cookie about your use of this website are usually transferred to a Google server in the USA and stored there.  If the IP anonymisation option is activated on this website, your IP address is abbreviated by Google within Member States of the European Union or in other countries which are contracting parties to the Agreement of the European Economic Area (EEA).

8.7 Only in exceptional cases will the full IP address to a server transmitted by Google in the USA and shortened there.  On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compiling reports on website activity and providing others with website and internet related services to the website operator. It is undertaken as part of Google Analytics that your IP address will not be merged with other data held by Google.

8.8 You may refuse the use of cookies by adjusting your browser software; however, you will then not be able to use all the functions of this website to the full extent.  You can also prevent the data generated by the cookie about your use of the website (incl. Your IP address) to Google and the processing of these data by Google, by downloading available at the following link browser plugin and install: http://tools.google.com/dlpage/gaoptout?hl=de.

Privacy Statement for the Use of Twitter

8.9 Functions of the Twitter service are integrated on our sites. These functions are offered by Twitter (Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA).  Through the use of Twitter and the “Re-Tweet” the web pages you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter.

8.10 We point out that, as providers of the sites, we have no knowledge of the content of the transmitted data and use them through Twitter.

8.11 For more information, please see the privacy statement of Twitter at http://twitter.com/privacy.

8.12 You can modify your data protection settings on Twitter in the account settings at http://twitter.com/account/settings. [DN for WC: is this still used?]

8.13 By using this Site, you signify your acceptance of this policy.  If you do not agree to this policy, please do not use our Site. Continued use of the Site following any changes made to the policy is deemed to represent acceptance of these changes.

Privacy Statement for the use of Google’s reCAPTCHA

8.14 We have implemented reCAPTCHA v3 on our site and that the use of reCAPTCHA v3 is subject to the Google Privacy Policy and Terms of Use. reCAPTCHA is entirely used for the purpose of fighting spam and attacks on our website.

  1. Opting “In” and “Out”

9.1  You can ask us or third parties to stop sending you marketing messages at any time.

9.2 Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us in order to receive service from us.

  1. General

Privacy Policy Updates

10.1 By using our Site, you signify your acceptance of this Privacy Policy.  We reserve the right to modify, alter or otherwise update this policy at any time. Visitors are encouraged to review this Privacy Policy from time to time to stay abreast of any changes.  Your continued use of our Site following the posting of any changes to this Privacy Policy means you accept those changes, however, changes in its terms will not apply retrospectively to actions already taken.

Contacting Us

10.2 If users have any questions about this privacy policy, the practices of this site, or dealings with the site please contact us at:



This document was last updated on 25 September 2019.

Data Breach Policy

  1. Introduction

1.1 BIRMINGHAM ENTERPRISE COMMUNITY holds Personal Data about our users, volunteers, clients, suppliers and other individuals for a variety of business purposes. We understand that this data is a valuable asset that requires protection, and we are fully committed to providing that protection from both accidental and deliberate data protection breaches.

1.2 The compromise of this data may result in harm to individuals, reputational damage, detrimental effect on service provision, legislative non-compliance, and/or financial costs.

  1. Purpose of Policy

2.1 Following the coming into force of the General Data Protection Regulation (GDPR) on 18.05.2018, we are required to have in place a framework designed to ensure the security of all personal data during its lifecycle, including clear lines of responsibility. This includes notification to the Information Commissioner’s Office (ICO) and sometimes to affected data subjects.

2.2 The purpose of this policy is to outline BIRMINGHAM ENTERPRISE COMMUNITY’s internal breach reporting procedure and our internal and external response plan. It should be read in conjunction with our data protection policy.

2.3 This policy must be read and understood by all staff.

  1. Definitions

3.1 For the purpose of this policy, data security breaches include both confirmed and suspected incidents.

3.2 A data breach is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately, and cause damage to BIRMINGHAM ENTERPRISE COMMUNITY’s information assets and/or reputation.

3.2.1 This includes accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3.3 Data breaches may be caused by human error:

3.3.1 Loss of computing devices (portable or otherwise), data storage devices (e.g. USB sticks), or paper records containing personal data;

3.3.2 Disclosing data to a wrong recipient;

3.3.3 Handling data in an unauthorised way (e.g. downloading a local copy of personal data);

3.3.4 Unauthorised access or disclosure of personal data by volunteers (e.g. sharing an email login);

3.3.5 Improper disposal of personal data (e.g. hard disk, storage media, or paper documents containing personal data sold or discarded before data is properly deleted).

3.4 Data breaches may be caused by malicious third parties:

3.4.1 Hacking incidents through which access is gained to BIRMINGHAM ENTERPRISE COMMUNITY databases containing personal data;

3.4.2 Theft of computing devices (portable or otherwise), data storage devices, or paper records containing personal data;

3.4.3 Blagging scams that deceive BIRMINGHAM ENTERPRISE COMMUNITY volunteers into releasing personal data of individuals;

3.4.4 Website defacement.

3.5 Data breaches may be caused by computer system errors:

3.5.1 Errors or bugs in BIRMINGHAM ENTERPRISE COMMUNITY’s website or email;

3.5.2 Failure of cloud services, cloud computing, or cloud storage (e.g. Google Drive/Dropbox), or security/authentication systems

3.6 Data breaches may be caused by unforeseeable events outside of BIRMINGHAM ENTERPRISE COMMUNITY’s control:

3.6.1 Natural disasters such as floods, earthquakes, fires;

3.6.2 War or other armed conflict.

  1. Breach Register

4.1 BIRMINGHAM ENTERPRISE COMMUNITY will maintain a register of all suspected or confirmed breaches, regardless of whether they are reported to the ICO.

4.2 The register will contain the following information:

4.2.1. The facts relating to the breach, including the cause of the breach, what happened and what personal data were affected;

4.2.2 The effects of the breach;

4.2.3 The response taken by BIRMINGHAM ENTERPRISE COMMUNITY.

  1. Reporting a Breach

5.1 All volunteers must report actual or potential data protection compliance failures to their team leader, the CEO (Alex Balderstone),  and the data breach manager (DBM) (Rajiv Shah).

5.2 Volunteers ought to retain any evidence in relation to the breach and provide an Incident Report Form setting out any relevant information relating to the actual or suspected personal data breach, including:

5.2.1 Name, team and contact details;

5.2.2 Date of the confirmed or suspected breach;

5.2.3 Date of discovery of the confirmed or suspected breach;

5.2.4 Date of Incident Report Form;

5.2.5 Factual summary relating to the confirmed or suspected breach, including the types and amount of personal data involved;

5.2.6 Any information or evidence as to the cause of the confirmed or suspected breach;

5.2.7 Any steps taken to remedy the breach, and whether or not the breach is resolved or ongoing;

5.2.8 Any information or evidence as to who was affected by the breach.

5.3 All volunteers reporting data breaches should keep the incident internal. BIRMINGHAM ENTERPRISE COMMUNITY will investigate and assess the confirmed or suspected personal data breach in accordance with the response plan set out below and determine who should be notified and how.

  1. Response Plan

6.1 The CEO and DBM will assemble a team to investigate, manage and respond to the personal data breach. The response team will:

6.1.1 Make an urgent preliminary assessment of the breach – is the breach resolved or ongoing; what data has been lost and how;

6.1.2 Take immediate steps to contain the breach and recover any lost data: Shut down the compromised system that led to the data breach; Take steps to recover lost data and limit any damage caused (e.g. remotely formatting a lost phone); Prevent further unauthorised access to the system; Reset passwords if accounts and/or passwords have been compromised; Isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.

6.1.3 Undertake a full and detailed assessment of the breach; How many people were affected? Whose personal data had been breached? What types of personal data were involved? What are the consequences of the breach for the data subjects? Are any additional measures in place or required to minimise the impact of a data breach (e.g. data encryption)?

6.1.4 Record the breach in BIRMINGHAM ENTERPRISE COMMUNITY’s data breach register;

6.1.5 Put in place any further measures to address it and mitigate its possible adverse effects, and to prevent future breaches.

  1. Notification to the ICO

7.1 Article 33(1) GDPR requires notification of the breach to the ICO within 72 hours of having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

7.2 BIRMINGHAM ENTERPRISE COMMUNITY fully endeavours to meet the 72-hour deadline, and where impossible, will provide adequate reasons for delay.

7.3 A decision to report will be made on a case-by-case basis, involving the following non-exhaustive list of considerations:

7.3.1 Whether the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms under Article 33 GDPR, such as: Loss of control over their data; Limitation of their rights; Discrimination; Identity theft; Fraud; Reputational damage; Financial loss; Loss of confidentiality; Any other significant economic or social disadvantage.

7.3.2 Whether notification would assist the data subjects affected (e.g. could they act on the information to mitigate risks?);

7.3.3 Whether notification would help prevent the unauthorised or unlawful use of personal data;

7.3.4 Whether there are any legal/contractual notification requirements.

7.4 Where a breach is reportable, BIRMINGHAM ENTERPRISE COMMUNITY’s report will include:

7.4.1. The nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

7.4.2 The name and contact details of BIRMINGHAM ENTERPRISE COMMUNITY’s DBM and CEO in case more information needs to be obtained;

7.4.3 The likely consequences of the personal data breach;

7.4.4 The measures taken or proposed to be taken by BIRMINGHAM ENTERPRISE COMMUNITY to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

  1. Notification to Affected Data Subjects

8.1 When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, BIRMINGHAM ENTERPRISE COMMUNITY shall communicate the personal data breach to the data subject(s) without undue delay in clear and plain language.

8.2 The communication will include:

8.2.1 A description of the nature of the breach;

8.2.2 The name and contact details of BIRMINGHAM ENTERPRISE COMMUNITY’s DBM and CEO;

8.2.3 A description of the likely consequences of the breach;

8.2.4 A description of the measures taken, or to be taken, by BIRMINGHAM ENTERPRISE COMMUNITY to address the breach and mitigate its possible adverse effects.

8.3 BIRMINGHAM ENTERPRISE COMMUNITY will also provide practical advice on damage control e.g. cancelling credit cards or resetting passwords.

8.4 Communication will be made by email, except where this is unknown or would involve disproportionate effort on BIRMINGHAM ENTERPRISE COMMUNITY’s part, in which case a visible notice will be put up on BIRMINGHAM ENTERPRISE COMMUNITY’s website (www.BirminghamEnterpriseCommunity.co.uk).

8.5 BIRMINGHAM ENTERPRISE COMMUNITY is not required to notify affected data subjects where:

8.5.1 BIRMINGHAM ENTERPRISE COMMUNITY has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;

8.5.2 BIRMINGHAM ENTERPRISE COMMUNITY has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise.

  1. Policy Review and Evaluation

9.1 This policy will be updated as necessary to reflect best practice and to ensure compliance with any changes or amendments to relevant legislation.

9.2 This policy was last reviewed on 11.01.2022.