Protecting your privacy
We talk in detail about the data we hold, what we do with this data, when we share it outside of ONE (and with whom) and how we protect your privacy. You can read more about your rights around data and contact us as well.
It is important that you read this Policy together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
ONE is the controller and responsible for your personal data. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact ONE using the details set out below.
Full name of legal entity: Opportunity North East Ltd
Email address: firstname.lastname@example.org
Postal address: Opportunity North East Ltd, 11 Queens Gardens, Aberdeen, AB15 4YD
Telephone number: +44 (0) 1224 061100
Though a legal entity in its own right, ONE D&E is a subsidiary of ONE. Therefore, all ONE D&E enquiries should be made through the above contact details. ONE D&E will only use and share your information with ONE where it is necessary for us to lawfully carry out our business activities.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The information we collect
What information do we collect and what do we use it for?
Personal data is information that relates to an identified or identifiable individual. For example, it can include information such as your name, date of birth, email address, postal address, telephone number and payment details.
We may collect, use, store and share different kinds of personal data about you which we have grouped together as follows:
Most commonly, we will use your personal data in the following circumstances:
How we obtain your data
We may obtain your personal information through a number of different sources:
Core Services – growth programmes, cohorts, projects etc.
To achieve its strategic objectives, ONE will manage and deliver projects which engage with companies and individuals throughout the region and beyond. This may include, but will not be limited to, the delivery of business support and business support programmes, masterclasses, mentoring, network events. The legal basis for collecting this data is contractual where we enter in a contract with you or legitimate interest in all other cases. If you cease to work with us, we will hold the data for five years afterwards. We currently hold this data in a Business CRM system.
Sharing with third parties
ONE and ONE D&E work with third party partners, including but not limited to Scottish Enterprise, Aberdeen City and Aberdeenshire Councils, VisitAberdeenshire and Codebase Ltd, to run events, programmes, and initiatives.
In some cases, we provide information to these third parties as part of the business activity with individual businesses, so we consider this stakeholder data. The legal basis for collecting and sharing this data is legitimate interest. We retain for five years after a business has ceased to work with us and for a further five years in anonymised form as part of statistics or other aggregated data.
We will not share your information with anyone outside ONE except:
Our authorised data processors are subject to comprehensive due diligence in-line with current data protection legislation. When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
ONE will not share your information with third parties for their own marketing purposes.
We collect information from you when you connect with us, by completing the ‘Sign up to hear about Opportunity North East's latest sector events and regional news' and the 'General Enquiries' form on our website(s).
We will treat all the information you provide to us as personal data. The personal data we will collect from you will be first name, surname, email address, company name and sector preferences.
If you are a business customer or stakeholder, we generally do not rely on consent as a legal basis for processing your personal data. The legal basis for collecting data is Legitimate Interest. We will retain this data for five years from the last known activity.
You can ask us to stop sending you notifications at any time by following the opt-out links on any email sent to you OR by contacting us at any time.
Where you opt out of receiving these notifications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
We currently hold this data in a Business CRM system.
We do not collect or store your personal information (e.g. your name or address) in our website analytics. To evaluate how our website can be improved, we store information about what pages you visit, how long you are on the site, how you got here and what you clicked on.
ONE D&E provides an online booking system to allow ONE Tech Hub Hot Desk Users, Internal & Co-Working Partners and Tenants to book desks, meeting rooms and events. To do so, persons are required to complete an ‘Enquiry Form ‘on either the ONE website or directly into the online booking system. You may be asked to submit your first name, surname, email address and telephone number.
On receiving the request, we will create a tentative account using the data provided and invite you by email to confirm your account. On confirmation, further information may be required to process payments (please refer to payments section).
Persons will be able to login using their social profiles such as FaceBook, Google, Microsoft and Twitter. To find out more information about the use of social profiles, please visit and read the individual platforms’ Privacy Notices.
The legal basis for collecting this data is Contractual. We will retain this data for five years upon which it is securely destroyed.
Where you are required to pay for a service, payment may be collected by credit card through Eventbrite, Stripe or another online payment platform who all, by law, adhere to the Payment Card Industry Data Security Standard (PCI-DSS). ONE and ONE D&E have no access to any credit card data input to these systems. Please refer to the terms and conditions and privacy policies on the online payment platform to understand how they will handle your data and ensure your privacy.
We may collect your business identity data and contact data at events arranged by us, our Partners or other Stakeholders. These events can include workshops, industry talks & meet-ups, training events, seminars, conferences, and awards.
As this information is provided as part of a business activity, we consider this stakeholder data. The legal basis for collecting this data is legitimate interest. We retain for five years after a business has ceased to work with us.
When you use a social media platform and interact with ONE, ONE D&E, you do so by consenting to the terms & conditions of such platforms. This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest, and YouTube. For more information, please see their individual Terms & Conditions and privacy policies.
We will send you marketing emails and newsletters to keep you updated on our products and services. You can at any time opt out of receiving these emails.
One Enterprise Fund
ONE employs third party suppliers to provide services including utilising the services of a credit reference agency (https://www.callcredit.co.uk/l...).
We ensure that there are appropriate technical controls and security measures in place designed to protect and prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the;
Individuals can find out if we hold any personal information by making a ‘right of access’ request. More information can be found at https://ico.org.uk.
If we do hold information about you, we will:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our website uses three cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree.
These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
The cookies we use are ‘analytical’ cookies and help us to understand how visitors interact with our website by collecting and reporting information anonymously. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it.
This helps us to improve the way our website works, for example by making sure users are finding what they need easily. Read more about the individual analytical cookies we use and how to recognise them here.
Links to third party websites
This website may contain links to carefully selected third party websites. These links are provided solely for your information and convenience. When you use these links, you will leave this website and enter a site which ONE has no control over.
ONE will at all times respect your privacy and confidentiality and keep your personal details secure from unauthorised access, use or disclosure. ONE will not sell, rent, trade, or otherwise knowingly share or provide your personal information to any third party unless we have your permission or are required by law or where we have entered into an agreement for a third party to undertake some of the information processing services detailed below on our behalf. However in certain circumstances, detailed above in relation to use of C.V’s, we may be required to share certain information with relevant trusted third parties.
Where permission has been granted, ONE may use your personal details for marketing purposes.
You have the right to see personal data (as defined under the United Kingdom Data Protection Act) that we keep about you upon receipt of a written request. Any request should be sent to the Data Protection Officer at our head office address above. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your privacy matters to us so if you want to find out more on how we keep your data safe, view our Privacy Notice or talk to ONE direct.