IIB may hold data relating to you from a number of sources. The majority of the data we hold on individuals and organisations is provided by them in order to engage with us.

This may include:

• Contact details – for example your name, job role, company name, address, email address and telephone number
• Engagement details – for example the type of engagement you have had with us, your attendance at University events, previous projects that you have undertaken with us, and your relationships with other University of Exeter colleagues, directorates, alumni or supporters
• Personal details – for example disability and dietary preferences for event management purposes
• Your preferences and expertise – to help us engage you in the ways most relevant to you. We may augment data you provide with data which is publicly available.

We are required to ensure that data we hold about you is as accurate as possible, therefore we may update your details based on reliable publicly available sources. For example we may update your address, telephone number or business details. We will also update your details whenever you tell us they have changed.

We use a wide variety of sources either directly or via internet search engines, some on a subscription basis, to augment, update and validate the data we hold about you. These include:

• LinkedIn
• Twitter
• Orbis
• Nexis
• Reliable news and press reports
• Companies House and other business-related resources including company websites

We will retain your data for the duration of your relationship with the University, unless it needs to be kept for a longer period for another legitimate purpose or until you ask us to do otherwise and we have no other valid legal reason to retain it.

IIB uses your data to manage projects you or your organisation have with us and to communicate relevant opportunities, products and services available through IIB.

These may include:

• Making you aware of the products and services available
• Opportunities for collaboration
• Sending you e-newsletters
• Inviting you to events
• Asking you to support the University by giving your time and experience

These activities may include an element of direct marketing. Where relevant, the data may also be made available to other departments across the University. Where applicable, data held for research purposes may be shared with other Universities and further information is detailed in the Research Privacy Notice.

We may analyse the date we hold on you to help us identify your relevance to other projects or opportunities.

All of these activities are undertaken to ensure that we are working in a collaborative manner and to allow us to ensure partnership working in support of the University’s aims and objectives.

We may conduct due diligence checks on individuals and organisations prior to formally engaging them in a project, including reviewing publicly available data about an individual’s personal conduct.

Communications may be sent to you by post, telephone, email, text or other electronic means (for example through social media) depending on the communication preferences you have shared with us.

Your data may be shared with other Directorates and Colleges at the University of Exeter in order for you to benefit from wider opportunities and services.

Data may also be disclosed to partner organisations such as our university networks GW4 or SETsquared to enable you to take advantage of invitation-only opportunities, events or activities available across the wider region. The University ensures that appropriate data sharing agreements are in place prior to sharing your personal data with any partners.

The University does NOT sell data to third parties or allow third parties to sell on data where data is shared with them.

Your data is held securely on secured network drives and the University’s internal Customer Relationship Management (CRM) databases. The secured network drives and databases are accessible to a limited number of University staff. All staff who access the secured network drives and databases have completed the University’s data protection training. The University ensures that appropriate data sharing agreements are in place prior to sharing your personal data with any partners.

The University may contact you by post unless you request otherwise, and by telephone, text, email or other electronic means as you have previously consented. If you no longer want to receive communications by post, telephone, text, email or other electronic means, please contact the Innovation, Impact and Business Team at 01392 723456 or business@exeter.ac.uk

When contacting us please provide your name, organisation name, address, email address and telephone number. Please also specify if you wish to unsubscribe from all communications or from specific communication types or channels. If you ask us to delete your data, we will remove your data from the appropriate Customer Relationship Management database.

You have the right to:

• Request to see, correct or delete the data we hold about you
• Object to specific data uses, as described above
• Object to receiving communications and direct marketing
• Ask for the transfer of your data electronically to a third party

The University’s Data Protection Officer (DPO) is responsible for monitoring compliance with relevant legislation in relation to personal data and can be contacted at dataprotection@exeter.ac.uk, you can also contact the DPO if you have any queries or concerns about the University’s processing of your personal data. You have the right to lodge a complaint with the Information Commissioner’s Office.

The legal basis for processing your personal data for the purposes as described above is that it is either:

• a necessary function of our public nature
• in compliance with a legal obligation
• a contractual necessity
• we have a legitimate interest in processing the data
• or you have consented