We are Heart of the City London Limited (“Heart of the City”), with a registered office at 21 Holborn Viaduct, London, EC1A 2DY and charity number 1117212. This privacy policy sets out how the Heart of the City, as a controller, uses and protects personal information. Personal information is information from which you can be directly or indirectly identified.
The Heart of the City is committed to ensuring that your privacy is protected and your personal information processed in accordance with applicable data protection laws, including the UK General Data Protection Regulation.
This policy is effective from 28 November 2023.
Who does this privacy policy apply to?
This privacy policy applies to the following categories of individuals:
- SME members or individuals associated with our SME members (both current and past).
- Funders and sponsors.
- Individuals associated with our partner organisations.
- Website users, newsletter subscribers, individuals who attend our events, and any other individuals who we may have contact with in the course of running our business.
How do we collect your personal information
Most of the time you provide us with your personal information, but sometimes personal information about you is collected automatically (for example, when using our website), sometimes it is generated by us, and sometimes we collect it from third parties (for example, we may purchase marketing lists from third parties). How we collect your personal information will usually depend upon our relationship with you.
What personal information we collect
We may collect the following personal information:
- Identity Data: name, gender, date of birth.
- Contact Data: address; email address; telephone number.
- Business Data: details of the business you are connected with or your employer; job title; work address.
- Membership Data: personal information relevant to your membership and/or one of our programmes, such as your business’ revenue data, number of employees, industry sector, social media accounts, and other information we may collect regarding your business, interests and expertise.
- Special Category Personal Data: personal information related to ethnicity, race, health, sexual orientation, or disabilities.
What we do with the personal information we gather and why are we allowed to do this
Data protection law requires that we only use your personal information for purposes that we tell you about and where we have a lawful basis to do so. Our purpose for using your personal information and the lawful basis we rely on is set out in the table below:
| Personal information | Purposes | Lawful basis for processing |
| Identity Data; Contact Data; Business Data; Membership Data | To provide our products and services, including our programmes, and to support your SME membership
To keep you informed of our events and activities for the purposes of ongoing community engagement and/or obtaining further sponsorship or funding To assess eligibility for and deliver the Minority Business Matter project (see further www.minoritybusinessmatters.com/) |
Legitimate interests – our legitimate interests to provide our services and to support our members, and grow our charity |
| Identity Data; Contact Data; Business Data; Membership Data | For our internal record keeping and invoicing purposes | Legitimate interests – our legitimate interests for record keeping purposes |
| Identity Data; Membership Data | To improve our products and services | Legitimate interests – our legitimate interests to improve our products and services |
| Identity Data; Contact Data; Business Data | To send marketing emails, which may include our newsletter or any other information that we think you may be interested in receiving | Legitimate interests – to send you information about that we think you may be interested in and to promote other third parties
Consent – where required by law, we will only send marketing emails or share your data for marketing where you have specifically opted-in for us to do so. |
| Special Category Personal Data | To provide our products and services, including our programmes, and to support your SME membership
To assess eligibility for and deliver the Minority Business Matter project (see further www.minoritybusinessmatters.com/) |
Legitimate interests – our legitimate interests to deliver the Minority Business Matter project
Substantial public interest – for the equality of opportunity or treatment |
Who do we share your personal information with
Sometimes it is necessary for us to share your personal information with third parties, such as:
- Partners: we may share your personal information with organisations that we have partnered with in order to provide our services and programmes. For example, if you are taking part in, or are in any way involved with, the Minority Business Matters project we may share your personal information with Minority Supplier Development UK for the purposes set out above (whose privacy policy can be found here: https://www.msduk.org.uk/privacy-policy).
- Greater London Authority: as part of the funding granted to us under the UK Shared Prosperity Fund by the Greater London Authority for the Minority Business Matters project, we must provide the Greater London Authority with certain data about each business supported by this project, including personal information of its owner. While we seek to anonymise data and do not include the names of any individuals, we do provide the Greater London Authority with company names and demographic data, including Special Category Personal Data, about the owner of the business.
- Our service providers: we may share your personal information with various third-parties that we rely upon to perform a variety of services to support the Heart of the City,such as accountants, auditors, IT service providers and operations service providers.
- Regulators or other authorities: we will share your personal information where we are legally required to do so or where we think this is required and we are permitted to do so.
- Other third parties to protect us: we may share your personal information with third parties such as lawyers or other professional advisors as required in order to help prevent fraud or to protect or enforce our rights.
Your personal information is shared only when we consider it to be necessary and according to the safeguards. We will not otherwise sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We do not transfer your personal information outside the UK or EEA as a matter of business, but from time to time our IT and operations service providers may be located outside the UK or EEA. When this is the case personal information is transferred pursuant to either standard contractual clauses approved by the European Commission or the ICO’s International Data Transfer Agreement.
Security
We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. However, please remember that you provide personal information at your own risk – unfortunately, no data transmission over the internet is guaranteed to be 100% secure.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any personal information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.
Cookies
Cookies are used on the website. We explain our use of cookies further in our Cookie Policy.
How long do we keep your personal information
We will retain your personal information for so long as we process it for the purposes it was collected, and sometimes for longer where required to comply with applicable law, establish legal defences and resolve disputes. When determining this retention period we take into account any record retention requirements under law and any limitation periods relevant to legal action.
Direct marketing
We may use your personal information to send you promotional information about us which we think you may find interesting.
Under UK data protection legislation, sometimes we need your opt-in consent to send you any direct marketing messages (for example, if we are sending to a personal email address or where you are a sole trader). Other times we do not need your consent (for example, where we are sending marketing materials to a corporate email address). You may opt-out of receiving any marketing messages, or withdraw your consent, at any time by clicking unsubscribe in the footer of the email marketing message sent by us or by emailing us at info@theheartofthecity.com.
Your rights personal information
You have various rights in relation to the personal information which we hold about you, such as:
- You have the right to access personal information we hold about you.
- You have the right to make us correct any incomplete or inaccurate personal information we hold about you.
- You have the right to port your personal information to another service.
- You have the right to ask us to erase any personal data we hold about you in certain circumstances.
- You can object to us using your personal information if we are using it for the purpose of our legitimate interests.
- You have the right to restrict our processing of your personal information in certain circumstances.
- Where we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.
Some of these rights may not always apply, as there are sometimes requirements and exemptions which may mean we need to keep processing the personal information or not disclose it, or other times when the rights may not apply at all. We will always tell you if we think we do not have to comply.
You can exercise your rights by contacting us on the details set out below in the ‘Contact us’ section.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office, the UK data protection regulator, as directed on their website at www.ico.org.uk. Please think about telling us first though, so we have a chance to address your concerns. Our Complaints Policy (found here: https://theheartofthecity.com/wp-content/uploads/2020/07/Complaints-policy.pdf) sets out our policy in handling your complaints.
Contact us
If you have any questions, concerns or complaints about this privacy policy, or how we handle your personal information, please write to the Heart of the City, Innovation and Growth, City of London, PO Box 270, Guildhall, London EC2P 2EJ or email us at info@theheartofthecity.com.
Changes
We reserve the right to change this privacy policy from time to time. We encourage you to check the website periodically to make sure you are aware of our current privacy policy. The last update to this document was on the date stated above.
