Privacy Policy | Highlands and Islands Enterprise

Highlands and Islands Enterprise - Privacy Statement

Who are we?

Highlands and Islands Enterprise (HIE) is one of Scotland's economic development agencies and a non-departmental public body of the Scottish Government, having its registered office at An Lòchran, 10 Inverness Campus, Inverness, IV2 5NA, Scotland.

HIE is registered as a data controller with the Information Commissioner (Registration number: Z6346473).

How we use your information

This privacy statement explains how HIE collects and uses personal information about you in order to provide its public services to individuals and businesses. In general terms, HIE collects and uses personal information about you to:

Verify your identity where this is required
Contact you by post, email or telephone
Understand your needs and how they may be met
Deliver its services and meet its legal responsibilities
Provide joined up services to you
Process financial and non-financial transactions
Maintain our records
Carry out and provide research
Prevent and detect crime, fraud or corruption

HIE may also share your personal information with its service delivery partners to enable them to do any of these things for HIE and also with other public-sector organisations such as the Scottish Government, Business Gateway, Scottish Enterprise and Skills Development Scotland to pursue their objectives.

HIE will publish a list of account managed organisations and approvals list on their website on a quarterly basis. This approvals list provides details on financial assistance awarded to businesses, community groups, public sector partners and other organisations to deliver specific projects.

COVID-19 Funds

HIE is receiving information from Scottish Enterprise in relation to the Creative, Tourism and Hospitality Hardship Fund and the Pivotal Enterprise Resilience Fund for the purposes of reviewing and appraising applications. The lawful basis for processing any personal information is that this process is a task in the public interest. A limited amount of information from applications will be shared with other public authorities offering Covid 19 grant funding schemes to verify eligibility. Once a decision has been reached, the outcome will be passed back to Scottish Enterprise to conclude the process.

Withdrawing Consent

For withdrawing your consent, please refer to the relevant section below.

Further details can be found in the specific sections which follow and can be accessed through these links:

Account managed clients
Businesses, Social and Community Organisations (non-account managed)
Individuals (including job applicants) using HIE’s website
Suppliers and bidders
Wave Energy Scotland
Cairngorm Mountain Scotland Ltd
Cookies
Changes to our privacy statement
Code of Data Matching Practice
Your rights
Complaints

Account Managed Clients

HIE works with many organisations to provide support in the form of advice, financial support, property and infrastructure to promote the economic, community and social development of the Highlands and Islands. When an organisation enters into account management they will receive a notification and confirmation of account management, referring them to HIE’s privacy statement.

Categories of information processed by HIE

Information about your identity including first name, last name, title, date of birth and gender.
Contact information including billing address, delivery address, email address and telephone numbers.
Financial information including bank account details, payment card details and financial statements.
Transaction information includes details about payments to and from you and other details of services you have received from us.
Technical information including internet protocol (IP) address, your login data, passwords, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile information includes your username and password for HIE accounts, your interests, preferences, feedback and survey responses.
Usage information includes information about how you use our website and services.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Personal information including information about attending events and meetings including information about dietary or access requirements.

Source(s) of personal information, including whether it comes from publicly available resources.

You give us information about your identity, contact details and financial information when you contact us or make an enquiry, when you browse our website, when you attend a seminar, webinar or event and when you become an account managed client and through the continued use of our services. This can also include information about your workforce and employees.

We may also collect information:

From publicly accessible sources, for example, Companies House and the Electoral Roll;
From other public sector organisations;
Directly from third parties who deliver services on our behalf;
Credit reference agencies;
From third parties with your consent;
Your bank or building society, another financial institution or adviser;
Consultants and other professionals we may engage in relation to your matter;
Your employer and/or trade union, professional body or pension administrators;
Your doctors, medical and occupational health professionals;
Via our website - we use cookies on our website – see the cookie section of this statement for more information;
Via our information technology (IT) and other systems;
Case management, document management, data rooms and time recording systems;
Door entry systems and reception logs; AND
Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

The purposes of the processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we are carrying out our statutory functions and other functions of a public nature;
Where we need to perform the contract we are about to enter into or have entered into with you, for example providing you with funding or information, research and analysis;
Where we need to comply with a legal or regulatory obligation;
For our legitimate interests or those of a third party;
Where you have given us consent; and
For operational reasons, such as ensuring safe working practices, improving efficiency, training, staff assessments and quality control.

Generally, the information we collect is only used for any purpose for which you submitted it to us, for any purpose made clear to you at the point it was collected or here in this Privacy Policy. These purposes may include:

When we assess your application for and provide grants and funding, the personal data you give us is used to process your application and to assess eligibility for grants and funding. This information may be shared with third parties such as the Big Lottery Fund;
When we or third parties host events we will use your personal data to provide you with details, tickets and entry information and to provide the organisers with information to verify your attendance;
When providing you with reports and research information we use your contact details;
When we prepare research and statistical information about the economic, community and social wellbeing of the Highlands and Islands;
When you subscribe to receive communications and other updates from us we use your personal data to provide communications and information about topics that you have expressed an interest in;
When you contact us through our website or contact your account manager/adviser, your information is used in order to respond to your enquiry;
If you have a complaint we use your personal information as part of dealing with that complaint; and
When marketing our own services to you.

Where you submit personal data to HIE, you may also be given the option (through a tick box or otherwise) to have information used for an activity or service different from the ones that you received from us. If you choose to have your information used for another activity or service in this way, we will use your information to provide the service or carry out the activity.

We may also use your email address to send you communications such as confirmation emails when you sign up for or unsubscribe from a specific registration or activity. We may also use it to update you about changes to this privacy statement.

We may also use your personal data for segmentation, analysis and demographic studies. This helps us to constantly improve, personalise, and customise the service we provide.

When you attend events, we may also collect information about you. We use this information for monitoring the equality and diversity of those attendees.

The legal basis for processing

There are a number of lawful reasons for us to process your personal data. These include:

Where we require to process personal data in to perform a contract with you, such as providing services and funding.
In the performance of tasks carried out in the public interest or in the exercise of HIE’s official authority including under the Enterprise and New Towns (Scotland) Act 1990 for the purpose of preparing, concerting, promoting, assisting and undertaking measures for the economic and social development of the Highlands and Islands.
Where we are required to comply with a legal or regulatory obligation such as reporting on European funding.
Where we are processing data for a legitimate reason other than performing our tasks as a public authority.

Legitimate Interests: In relation to a number of uses of Personal Data we refer to above we are doing this on the basis that it is in our legitimate interests – or those of a third party – for us to do so. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. These interests cover a number of aspects of our business operations, namely:

Information, system, network and cyber security purposes, including the monitoring and protection of our IT systems;
System development and enhancement;
Website analytics to determine web traffic and patterns of navigation;
Internal analysis of clients for the purpose of planning strategy and growth;
Defending legal claims;
Anti-fraud purposes;
“Know Your Customer” checks;
Postal marketing;
Analysing your personal data for the purpose of profiling or direct marketing;
Ensuring that we are as efficient as we can be so we can deliver the best service for you at the best price;
To allow us to provide bespoke services where requested by you;
Protecting our commercially valuable information and also our intellectual property;
Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
For credit control purposes and to make sure our clients can pay for the services we provide;
To maintain our accreditation's so we can demonstrate we operate to the highest standards; and
Ensuring we are able to keep up to date with our clients and contacts and developments in their organisations.

Consequences of not providing information where the information is required by statute, contractual requirement or to perform public tasks

Where we need to collect personal data by law, or under the terms of a contract we have with you or to provide funding or to perform our public tasks, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or support) or we may be unable to provide funding to perform our public task. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

The recipients of data/data sharing with named third parties, including named service delivery partners

We may have to share your personal data with the categories set out below for the purposes set out in this notice:

External third parties including the Scottish Government, Scottish Funding Council, Scottish Enterprise, Skills Development Scotland, Business Gateway and other Government Agencies;
Third party product and service providers;
Financial and non financial intermediaries;
Third sector support agencies;
Educational institutes;
Research organisations; and
Funding bodies, for example, the Big Lottery Fund.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Is your personal data sent to recipients in other countries and why?

HIE works with international partners and your personal data may be transferred across international borders. It may be transferred to countries that have different data protection laws from the country from where you submitted your personal data.

We will, however, ensure the transfer complies with data protection law both during transit and at the storage location and all personal data will be secure.

Data retention information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Businesses, Social and Community Organisations (non-account managed)

HIE works with many individuals and organisations to provide support in the form of advice, financial support, property and infrastructure in order to promote the economic, community and social development of the Highlands and Islands.

Categories of information processed by HIE

Information about your identity including first name, last name, title, date of birth and gender.
Contact information including billing address, delivery address, email address and telephone numbers.
Financial information including bank account details, payment card details and financial statements.
Transaction information includes details about payments to and from you and other details of services you have received from us.
Technical information including internet protocol (IP) address, your login data, passwords, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile information includes your username and password for HIE accounts, your interests, preferences, feedback and survey responses.
Usage information includes information about how you use our website and services.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Personal information including information about attending events and meetings including information about dietary or access requirements.

Source(s) of personal information, including whether it comes from publicly available resources
You give us information about your identity, contact details and financial information when you contact us or make an enquiry, when you browse our website, when you attend a seminar, webinar or event and through the continued use of our service. This can also include information about your workforce and employees.

We may also collect information:

From publicly accessible sources, for example, Companies House and the Electoral Roll;
From other public sector organisations;
Directly from third parties who deliver services on our behalf;
Credit reference agencies;
From a third parties with your consent;
Your bank or building society, another financial institution or adviser;
Consultants and other professionals we may engage in relation to your matter;
Your employer and/or trade union, professional body or pension administrators;
Your doctors, medical and occupational health professionals;
Via our website - we use cookies on our website – see the cookie section of this statement;
Via our information technology (IT) and other systems;
Case management, document management, data rooms and time recording systems;
Door entry systems and reception logs; and
Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

The purposes of the processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we are carrying out our statutory functions and other functions of a public nature;
Where we need to perform the contract we are about to enter into or have entered into with you, for example providing you with funding or information, research and analysis;
Where we need to comply with a legal or regulatory obligation;
For our legitimate interest or those of a third party;
Where you have given us consent; AND
For operational reasons, such as ensuring safe working practices, improving efficiency, training, staff assessment and quality control.

When we assess your application for and provide grants and funding, the personal data you give us is used to process your application and to assess eligibility for grants. This information may be shared with third parties such as the Big Lottery Fund;
When we or third parties host events we will use your personal data to provide you with details, tickets and entry information and to provide the organisers with information to verify your attendance;
When providing you with reports and research information we use your contact details;
When we prepare research and statistical information about the economic, community and social wellbeing of the Highlands and Islands;
When you subscribe to receive communications and other updates from us we use your personal data to provide communications and information about topics that you have expresses an interest in;
When you contact us through our website or contact your account manager/adviser, your information is used in order to respond to your enquiry;
If you make a complaint we use your personal information as part of dealing with that complaint; and
When marketing our own services.

We may also use your personal data for segmentation, analysis and demographic studies. This helps us to constantly improve, personalise, and customise the service we provide.

When you attend events we may also collect information about you. We use this information for the purpose of monitoring the equality and diversity of those attendees.

The legal basis for processing

There are a number of lawful reasons for us to process your personal data. These include:

Where we require to process personal data in order to perform a contract with you, such as providing services and funding.
In the performance of tasks carried out in the public interest or in the exercise of HIE’s official authority including under the Enterprise and New Towns (Scotland) Act 1990 for the purpose of preparing, concerting, promoting, assisting and undertaking measures for the economic and social development of the Highlands and Islands.
Where we are required to comply with a legal or regulatory obligation such as reporting on European funding.
Where we are processing data for a legitimate reason other than performing our tasks as a public authority.

Information, system, network and cyber security purposes, including the monitoring and protection of our IT systems;
System development and enhancement;
Website analytics to determine web traffic and patterns of navigation;
Internal analysis of clients for the purpose of planning strategy and growth;
Defending legal claims;
Anti-fraud purposes;
“Know Your Customer” checks;
Postal marketing;
Analysing your personal data for the purpose of profiling or direct marketing;
Ensuring that we are as efficient as we can be so we can deliver the best service for you at the best price;
To allow us to provide bespoke services where requested by you;
Protecting our commercially valuable information and also our intellectual property;
Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
For credit control purposes and to make sure our clients can pay for the services we provide;
To maintain our accreditation's so we can demonstrate we operate to the highest standards; and
Ensuring we are able to keep up to date with our clients and contacts and developments in their organisations.

Consequences of not providing information where the information is required by statute, contractual requirement or to perform public tasks

Where we need to collect personal data by law, or under the terms of a contract we have with you or to perform our public tasks, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or support) or we may be unable to provide funding to perform our public task. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

The recipients of data/data sharing with named third parties, including named service delivery partners

We may have to share your personal data with the categories set out below for the purposes set out in this notice:

External third parties including the Scottish Government, Scottish Funding Council, Scottish Enterprise, Skills Development Scotland, Business Gateway and other Government Agencies;
Third party product and service providers;
Financial and non financial intermediaries;
Third sector support agencies;
Educational institutes;
Research organisations; and
Funding bodies, for example, the Big Lottery Fund.

Is your personal data sent to recipients in other countries and why?

We will, however, ensure the transfer complies with data protection law both during transit and at the storage location and all personal data will be secure.

Data retention information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Individuals (including job applicants) using HIE’s website

Categories of information processed by HIE

Information about your identity including first name, last name, title, date of birth and gender.
Contact information including billing address, delivery address, email address and telephone numbers.
Financial information including bank account details, payment card details and financial statements.
Transaction information includes details about payments to and from you and other details of services you have received from us.
Technical information including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile information includes your username and password for HIE accounts, your interests, preferences, feedback and survey responses.
Usage information includes information about how you use our website and services.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Personal information including information about attending events and meetings including information about dietary or access requirements.

We may also collect information:

From publicly accessible sources, for example, Companies House and the Electoral Roll
From other public sector organisations
Directly from third parties who deliver services on our behalf
Credit reference agencies
From a third parties with your consent
Your bank or building society, another financial institution or adviser
Consultants and other professionals we may engage in relation to your matter
Your employer and/or trade union, professional body or pension administrators
Your doctors, medical and occupational health professionals
Via our website - we use cookies on our website (for more information on cookies, please see our [insert link] cookies policy)
Via our information technology (IT) and other systems
Case management, document management, data rooms and time recording systems
Door entry systems and reception logs
Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

The purposes of the processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we are carrying out our statutory functions and other functions of a public nature;
Where we need to perform the contract we are about to enter into or have entered into with you, for example providing you with funding or information, research and analysis;
Where we need to comply with a legal or regulatory obligation;
For our legitimate interests or those of a third party;
Where you have given us consent; and
For operational reasons, such as ensuring safe working practices, improving efficiency, training, staff assessments and quality control.

When we assess your application for and provide grants and funding, the personal data you give us is used to process your application and to assess eligibility for grants. This information may be shared with third parties such as the Big Lottery Fund;
When we or third parties host events we will use your personal data to provide you with details, tickets and entry information and to provide the organisers with information to verify your attendance;
When providing you with reports and research information we use your contact details;
When we prepare research and statistical information about the economic, community and social wellbeing of the Highlands and Islands;
When you subscribe to receive communications and other updates from us we use your personal data to provide communications and information about topics that you have expresses an interest in;
When you contact us through our website your information is used in order to respond to your enquiry;
If you make a complaint we use your personal information as part of dealing with that complaint; and
When marketing our own services to you.

We may also use your personal data for segmentation, analysis and demographic studies. This helps us to constantly improve, personalise, and customise the service we provide.

When you attend events we may also collect information about you. We use this information for the purpose of monitoring the equality and diversity of those attendees.

The legal basis for processing

There are a number of lawful reasons for us to process your personal data. These include:

Where we require to process personal data in order to perform a contract with you, such as providing services.
In the performance of tasks carried out in the public interest or in the exercise of HIE’s official authority under the Enterprise and New Towns (Scotland) Act 1990 for the purpose of preparing, concerting, promoting, assisting and undertaking measures for the economic and social development of the Highlands and Islands.
Where we are required to comply with a legal or regulatory obligation.
Where we are processing data for a legitimate reason other than performing our tasks as a public authority.

Information, system, network and cyber security purposes, including the monitoring and protection of our IT systems;
System development and enhancement;
Website analytics to determine web traffic and patterns of navigation;
Defending legal claims;
Postal marketing;
Analysing your personal data for the purpose of profiling or direct marketing;
Ensuring that we are as efficient as we can be so we can deliver the best service for you at the best price;
To allow us to provide bespoke services where requested by you;
Protecting our commercially valuable information and also our intellectual property;
Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
For credit control purposes and to make sure our clients can pay for the services we provide;
To maintain our accreditation's so we can demonstrate we operate to the highest standards; and
Ensuring we are able to keep up to date with our clients and contacts and developments in their organisations.

Consequences of not providing information where the information is required by statute, contractual requirement or to perform public tasks

Where we need to collect personal data by law, or under the terms of a contract we have with you or to perform our public tasks, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or support) or we may be unable to perform our public task. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

The recipients of data/data sharing with named third parties, including named service delivery partners

We may have to share your personal data with the categories set out below for the purposes set out in this notice:

External third parties including the Scottish Government, Scottish Enterprise, Skills Development Scotland, Business Gateway and other Government Agencies;
Third party product and service providers;
Financial and non financial intermediaries;
Third sector support agencies;
Educational institutes;
Research organisations; and
Funding bodies, for example, the Big Lottery Fund.

Data retention information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Suppliers and Bidders

HIE works with many organisations that provide goods and services. As part of our procurement process we collect personal data about bidders and suppliers and their employees.

Categories of information processed by HIE

Information about your identity including first name, last name, title, date of birth and gender.
Contact information including billing address, delivery address, email address and telephone numbers.
Financial information including financial standing, bank account details and financial statements.
Transaction information includes details about payments to and from you and other details of goods and services you have provided to us.
Technical information including internet protocol (IP) address, your login data, passwords, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile information includes your username and password for HIE accounts.
Usage information includes information about how you use our website.
Personal information including information about attending events and meetings including information about dietary or access requirements.
Bid information including financial standing and information, professional/trade memberships and enrolments, CVs, educational and professional qualifications, work examples, quality assurance/compliance certificates, references, evaluation of bids and feedback following evaluation.
Supply information includes, reviews, reports, supply history.

Source(s) of personal information, including whether it comes from publicly available resources
You give us information about your identity, contact details and financial information when you contact us or provide a quote or a bid, when you browse our website, when you attend a seminar, webinar or event and when you become a supplier. This can also include information about your workforce and employees.

We may also collect information:

From publicly accessible sources, for example, Companies House and the Electoral Roll;
From other public sector organisations;
Directly from third parties who deliver services on our behalf;
Supplier due diligence providers;
Credit reference agencies;
From third parties (e.g. references);
Your bank or building society, another financial institution or adviser;
Your employer and/or trade union, professional body;
Via our website - we use cookies on our website (for more information on cookies, please see our [insert link] cookies policy);
Via our information technology (IT) and other systems;
Case management, document management, data rooms and time recording systems;
Door entry systems and reception logs; and
Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

The purposes of the processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we are carrying out our statutory functions and other functions of a public nature;
Where we need to perform the contract we are about to enter into or have entered into with you;
Where we need to comply with a legal or regulatory obligation;
For our legitimate interests or those of a third party;
Where you have given us consent; and
For operational reasons, such as ensuring safe working practices, improving efficiency, training, staff assessments, supplier management and quality control.

When we assess your quote or bid, the personal data you give us is used to process and evaluate your quote or bid. This information may be shared with third parties for evaluation purposes;
To manage and facilitate the provision of goods and/or services from you to us;
When we prepare research and statistical information about the economic, community and social wellbeing of the Highlands and Islands;
When you subscribe to receive communications and other updates from us we use your personal data to provide communications and information about topics that you have expresses an interest in;
When you contact us through our website or contact our personnel, your information is used in order to respond to your enquiry;
If you have a complaint or feedback we use your personal information as part of dealing with that feedback or complaint; and
When we contact you to place an order.

We may also use your personal data for analysis and demographic studies. This helps us to constantly improve our business.

When you attend events we may also collect information about you. We use this information for the purpose of monitoring the equality and diversity of those attendees.

The legal basis for processing

There are a number of lawful reasons for us to process your personal data. These include:

Where we require to process personal data in order to perform a contract with you.
In the performance of tasks carried out in the public interest or in the exercise of HIE’s official authority including under the Enterprise and New Towns (Scotland) Act 1990 for the purpose of preparing, concerting, promoting, assisting and undertaking measures for the economic and social development of the Highlands and Islands.
Where we are required to comply with a legal or regulatory obligation such as procurement rules.
Where we are processing data for a legitimate reason other than performing our tasks as a public authority.

Information, system, network and cyber security purposes, including the monitoring and protection of our IT systems;
System development and enhancement;
Website analytics to determine web traffic and patterns of navigation;
Internal analysis of suppliers for the purpose of planning strategy and growth;
Defending legal claims;
Anti-fraud purposes;
Due diligence checks;
Ensuring that we are as efficient as we can be;
Protecting our commercially valuable information and also our intellectual property;
Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
To maintain our accreditations so we can demonstrate we operate to the highest standards; and
Ensuring we are able to keep up to date with our suppliers and contacts and developments in their organisations.

Consequences of not providing information where the information is required by statute, contractual requirement or to perform public tasks

The recipients of data/data sharing with named third parties, including named service delivery partners

We may have to share your personal data with the categories set out below for the purposes set out in this notice:

External third parties including the Scottish Government, Scottish Funding Council, Scottish Enterprise, Skills Development Scotland, Business Gateway and other Government Agencies;
Third party product and service providers;
Financial and non financial intermediaries;
Third sector support agencies;
External evaluators of bids and quotes;
Educational institutes;
Research organisations; and
Funding bodies, for example, the Big Lottery Fund.

Is your personal data sent to recipients in other countries and why?

We will, however, ensure the transfer complies with data protection law both during transit and at the storage location and all personal data will be secure.

Data retention information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Wave Energy Scotland (WES)

WES is a subsidiary of HIE. Their privacy policy is available on the WES website.

Cairngorm Mountain Scotland Ltd (CMSL)

CMSL is a subsidiary of HIE. Their privacy policy is available on the CMSL website.

Data retention information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Cookies

A summary of why we use cookies

This site places small files, known as ‘cookies’, onto your computer to collect information about how you browse.

These cookies aren’t used to identify you personally.

You will normally see a message on the site before we store a cookie on your computer.

Find out more about cookies.

Measuring site usage

We use Google Analytics to collect information about how you use our site, www.hie.co.uk. We do this to help make sure the site is meeting your needs and to help us make improvements.

We store information about:

The pages you visit and how long you spend on each page
How you get to www.hie.co.uk
What you click on while you’re using www.hie.co.uk

Any information we get is received in a way that we can’t identify anyone by it. For example, we never receive your name or address.

We don't make any attempt to find out the identities of people visiting www.hie.co.uk through the use of cookies, and we don't allow Google to do this either.

All information we get through cookies and analytics is treated in confidence. We will never sell, trade or give your details to third parties, unless we're required to do so by law.

Find out more about security and privacy in Google Analytics.

Opt-out

You can opt out of Google Analytics cookies.

Visitors to our websites - website usage data

Our website keeps track of standard internet log information and details of visitor behaviour patterns to better understand website usage and to help us to improve our services for users. This information is collected by what are called cookies. The cookies used do not identify individual users and we do not make any attempt to find out identities of those using our websites.

What cookies do - in more detail

Most websites you visit will use cookies to help to improve your experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it won’t recognise you and it won’t be able to keep you logged in.

Cookies set by third party sites

Please note that during your visits to HIE websites you may notice some cookies that are not related to HIE or HIE's contractors. When you visit a page with content embedded from, for example, YouTube or Vimeo, you may be presented with cookies from these websites. HIE does not control the dissemination of these cookies. You should check the third party websites for more information about these.

Check your browser's 'Help' for details, or visit the About cookies website for more information. Most browsers will give you the option to accept cookies from websites while blocking those from third parties.

Below is a list of Cookies on HIE web pages:

Provider	Name	Purpose	More info
Google Analytics	_utma _utmb _utmc _utmz	These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.	Google Privacy Policy
Lockerz	_utma _utmb _utmc _utmz + some others	This is the service that operates the Add To Any social bookmarking and sharing buttons. Cookies will have the domain a2a.lockerz.com We use social buttons by Lockerz / Add To Any on some pages of the site to allow users to easily share content with your social networks such as Facebook or Twitter and to bookmark pages for future reference. These sites may set a cookie and your usage including the pages users visit. Users should check privacy or cookie policy for this service to find out more about these and how to opt-out or delete this information	http://www.addtoany.com/
Internal system	ASP.NET_SessionId	The web platform the website is built on uses technology provided by the ASP.NET Framework. This cookie is often used to store internal system information such as the last page visited and the status of any online forms. It's completely anonymous and expires once the user leaves the website. The website won't work properly without it.	Visit the Microsoft website

How to control and delete cookies

HIE will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by Highlands and Islands Enterprise’s website, or indeed any other website, you can do this through your browser settings. Please be aware that restricting cookies may impact on the functionality of the Highlands and Islands Enterprise website. The Help function within your browser should tell you how to restrict or block cookies.

Alternatively, you may wish to visit the About cookies website, which contains information on how to do this for a variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to its manual.

Using the website

HIE operate 6 websites and support two subsidiary websites. They are:

By accessing any of the above listed sites (the “websites”) or otherwise providing information to us, you agree to our privacy practices as set out in this Privacy Notice.

Code of Data Matching Practice

HIE is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency that requires further investigation.

No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Audit Scotland currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Scotland for matching for each exercise, and these are set out in the Audit Scotland's instructions, which can be found at www.audit-scotland.gov.uk/our-work/national-fraud-initiative.

The use of data by the Audit Scotland in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the General Data Protection Regulation of the Data Protection Act.

Data matching by the Audit Scotland is subject to a Code of Practice. This may be found at: www.audit-scotland.gov.uk/our-work/national-fraud-initiative.

For further information on the Audit Scotland’s legal powers and the reasons why it matches particular information, see www.audit-scotland.gov.uk/our-work/national-fraud-initiative
For further information on data matching at this authority email customer.service@hient.co.uk

Your rights

Access to your information – you have the right to request a copy of the personal information about you that HIE holds.

Correcting your information – HIE wants to make sure that your personal information is accurate, complete and up to date and you may ask HIE to correct any personal information about you that you believe does not meet these standards.

Deletion of your information – you have the right to ask HIE to delete personal information about you where:

you consider that HIE no longer requires the information for the purposes for which it was obtained
HIE is using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
you have validly objected to HIE 's use of your personal information – see Objecting to how we may use your information below
HIE's use of your personal information is contrary to law or HIE's other legal obligations.

Objecting to how we may use your information

You have the right at any time to require HIE to stop using your personal information for direct marketing purposes. In addition, where HIE uses your personal information to perform tasks carried out in the public interest or in exercising official authority vested in it then, if you ask it to, HIE will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information

In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to HIE's use of your information. The right might also apply where HIE no longer has a basis for using your personal information but you don't want HIE to delete the data. Where this right to validly exercised, HIE may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Automated processing

If HIE uses your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual within HIE to whom you may make representations and contest the decision. This right only applies where HIE uses your information with your consent or as part of a contractual relationship with you.

Withdrawing consent using your information

Where HIE uses your personal information with your consent you may withdraw that consent at any time and HIE will stop using your personal information for the purpose(s) for which consent was given.

Organisations in account management will have received a notification of engagement. You do not need to respond to accept terms of engagement, terms are accepted by default when a notification is issued by HIE.

If an organisation is in account management and you withdraw your consent, we reserve the right to withdraw your organisation from account management (exceptions may apply and this should be discussed with your account manager).

Please contact HIE in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights or discuss in further detail.

Changes to our privacy statement

HIE keeps this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact details below. This privacy statement was last updated in May 2020.

Contact information and further advice

If you have any questions, complaints or comments about this Privacy statement, or how we collect and manage your personal data, please contact us in the first instance by post, email or telephone at Data Protection Officer, An Lòchran, 10 Inverness Campus, Inverness, IV2 5NA, Scotland or sending an email to dataprotectionofficer@hient.co.uk or phoning 01463 245245.

Complaints

HIE seeks to resolve directly all complaints about how it handles personal information.
You can complain in person at any of HIE’s offices, by phone, in writing, or by email. Our contact details are:

Business Improvement
Highlands and Islands Enterprise
An Lòchran
10 Inverness Campus
Inverness
IV2 5NA

e-mail: customer.service@hient.co.uk
Tel: +44 (0)1463 383 073

If you are not satisfied with the resolution proposed, you also have the right to lodge a complaint with HIE’s initial response to your concerns through the Information Commissioner's Office whose contact details are as follows:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745
Website: https://ico.org.uk/concerns