• 0300 333 6536


This privacy policy sets out how New Anglia Growth Hub uses and protects any information that you provide when you use the New Anglia Growth Hub Service.
New Anglia Growth Hub is made up of a collective of Service Delivery Partners (or SDP’s, who are listed in full on our website), inclusive of the New Anglia Growth Hub administrators.
New Anglia Growth Hub is administered by New Anglia LEP, and we are committed to ensuring that your privacy is protected and we fully intend to comply with our statutory duty under the Data Protection Act 1998 (DPA).

The only time information (as defined by the Data Protection Act 1998, herein ‘DPA’) will be collected is when you use our Service or choose to register your details with our website. The information we collect and how we process it is detailed further in this policy.

When you submit data to us we will only hold any information you provide to us for as long as necessary and this information will only be processed fairly and lawfully in line with the DPA. All employees who have access to your personal data, and are authorised with the handling of that data, are obliged to respect your rights as set out in the DPA principles.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access, disclosure or loss, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect through our Service.
You may ask for a copy of any information that we may hold about you; for further information please see our Data Subject Access Request Policy.

What Information We Collect:

  • Name
    Company / Organisation Name
    Company Position
    Demographic Information
    Email Address
    Telephone Number(s)
    Trading Status / Business Ownership
    Business Size Information
    Business Sector
    Business Activity
    Business Registration
    Your interaction with the service i.e. your query, conversation and any outcome

How We Use Your Information:
We will not sell, lease or disclose your information to ‘third parties’ (defined as entities outside of the auspices of the New Anglia Growth Hub Service) unless we are required by law to do so. We may share your information with our immediate SDP’s, and may further use your data to send you information about third parties, additional services or consultancy which we think you may find useful to you and your business but only where you consent to your information being used for this purpose. You will always be able to opt-out of receiving marketing messages by contacting the Service and requesting that such marketing ceases.

We may use the information we collect about you in the following ways:

  • facilitate the delivery and management of business support services to small to medium-sized enterprises (SME) in the Norfolk and Suffolk areas provided by the parties under the auspices of the New Anglia Growth Hub;
    provide evidence of contractual performance to the funding bodies of the New Anglia Growth Hub Service provision
    allow SME’s that have used the services to be contacted about their satisfaction with the services provided to them;
    allow SME’s that have opted to receive it when using our Service to be contacted by the SPD’s of the New Anglia Growth Hub about the services provided by the New Anglia Growth Hub (including relevant events and forms of support).

Links to other websites
Our Service may provide links to other websites of interest. However you should note that we do not have any control over these other external websites. Therefore, we cannot be responsible for the protection and privacy of any information which you may provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Permission Statement
Whenever information is to be collected by the New Anglia Growth Hub Services, or shared between its Service Delivery Partners and funding bodies, the following permission statements will be used appropriately:
By using the New Anglia Growth Hub Service you agree to our terms and conditions, privacy policy and all related policies, in regards to New Anglia Growth Hub recording and processing your information for service improvement, monitoring & evaluation, reporting and service advocacy purposes.
We may wish to contact you in the future (by post, phone or email) to help us evaluate our Service, or to provide you with additional information about the Services you can access through New Anglia Growth Hub. We would like your consent to share your information with the New Anglia Growth Hub immediate Service Delivery Partners to enable us and them to offer you additional local business support (such as relevant events and new support programmes).
If you agree we may also allow other organisations offering useful business services (including financial services, property, legal and IT support) to contact you.
*Please note that all website forms, registration pages and emails will outline this permission statement and seek opt-in procedures where applicable. Similar messages will be relayed verbally when you use the Business Support Helpline.

Information Handling Policy
New Anglia Growth Hub may need to pass on data shared by the Business Support Helpline with its SDPs in order to effectively deliver its Services. If consent for this transfer has not been obtained by the Business Support Helpline (only due to the Service User not using the Helpline as a point of entry to the Service), New Anglia Growth Hub must seek this opt-in consent from the Service User before any transfer of information takes place.
Information collected from Service Users will be captured in several ways:

  • Inbound calls to the Business Support Helpline
  • Registration and Form-Filling of the Service User on the New Anglia Growth Hub website
  • Signed enrolment of Services and related application forms
  • Inbound & Outbound calls made to and from New Anglia Growth Hub authorised employees

SDPs must also ensure that any information they may collect themselves from Service Users, when supporting Service delivery of the New Anglia Growth Hub, must receive opt-in consent from the Service User before it can be shared with any other SDP if such opt-in consent to share has not already been granted by the Service User.

Where New Anglia Growth Hub does share information with opt-in consent it will ensure that appropriate provisions are in place with the SDPs to govern that sharing of data, which will be set out by formal Information Sharing Agreement and this document.

When in receipt of information supplied by the Business Support Helpline, and using that information to exercise its provision as a support Service to local businesses, the New Anglia Growth Hub will be acting as the Data Processor, and only when sharing information with its SDPs will the New Anglia Growth Hub take on the role of Data Controller.

When acting as the Data Controller, New Anglia Growth Hub will ensure that SDPs comply with data protection requirements.

If SDPs wish to share information with an entity outside the auspices of the New Anglia Growth Hub Service, or use the information for purposes outside the remit of the New Anglia Growth Hub Service they will be deemed as the Data Controller and must comply with data protection requirements laid down by the Data Protection Act 1998, including the requirements to obtain suitable consent from the Service Users.

Data Storage & Transfer
Information should be stored throughout its existence in an environment suited to its format and security classification, to ensure its preservation from physical harm or degradation and its security from loss or unauthorised access.

  • Information must only be transferred to persons who are authorised to have access to it, and there must be adequate security measures in place at the virtual and physical destination to safeguard it.
    Information collected by the Business Support Helpline will be stored on its own, separate, systems for which New Anglia Growth Hub accepts no liability for information handling integrity.
    Information collected directly by New Anglia Growth Hub will be stored on its designated and dedicated CRM system. Information collected by the Business Support Helpline and stored on its own systems will be shared with the New Anglia Growth Hub via*:
    Transfer of encrypted data files sent to a secure email account dedicated solely to this task alone, and accessible to authorised New Anglia Growth Hub employees only. This shared information will be accurately transcribed to the New Anglia Growth Hub CRM system by authorised personnel.
    All encryption will conform to FIPS 197 / AES standards.
    Transfer of data files submitted to an SSL secured SharePoint server which sits behind corporate-grade network security systems, accessible to authorised New Anglia Growth Hub employees only who will have been provided with individual logins and appropriate permission levels. This shared information will be accurately transcribed to the New Anglia Growth Hub CRM system by authorised personnel
    Finalised sharing system & procedure still being investigated

Where New Anglia Growth Hub shares information with its SDPs it will be transferred by the same method as outlined above; with access granted only to approved recipients, where those recipients are authorised representatives of SDPs and named in the SDPs’ signed acceptance of the respective Information Sharing Agreement (or their self-designated immediate delegates upon request from that said representative). These named personnel have entered into an agreement to safeguard this information to the standards set out in the Data Protection Act 1998 principles and other Information Handling related legislation and regulations.

System Security
Systems used for the electronic storing, transfer and processing of information on New Anglia Growth Hubs servers, terminal desktops and networks, which must have procedures and contingencies for the safeguarding, backup and recovery of information and hardware infrastructure management in place when handling this information. Security management and enforcement should conform to at least the ISO 27000 standard, and the information sharing infrastructure used by the New Anglia Growth Hub administrators can confirm to do so.
It is not permitted, at any time, to share or transfer information electronically via mobile storage methods. This means that the use of portable hard-drives, USB storage devices, Compact Discs, laptops, mobile phones et al are not permitted for use when transferring information collected for the purposes of delivery of the New Anglia Growth Hub Service by any party involved, inclusive of SDPs. Local hard-drive storage on desktop computers should also be avoided, only storing information on secure network servers as designated appropriate.
Equally hard-copy information will never be taken or sent off-site from where the information is being stored and accessed, and will need to be transferred only by means of the approved electronic transfer system as set out in this document.

  • Physical Security
    All buildings which will hold or process information collected for, and relating to, the New Anglia Growth Hub Service should be adequately secured against non-authorised persons gaining access to the information; this includes both inside and outside operational hours of the premises.
    Best practice guidelines for additional measures of security would include (but are not exhaustive):
    Recording all visitors to buildings and, wherever feasible, ensure that they are accompanied whilst on the premises
    Implementing a clear desk/clear screen policy to reduce the risk of unauthorised access, loss of, and damage to information during and outside normal working hours or when areas are unattended
    Ensuring rigorous adherence to all security policies (e.g. access control, password use, homeworking, data sharing, equipment disposal)
    Ensuring where personal information is held on paper, it is locked away when not in use
    Ensuring the secure disposal of information, whether electronic or paper based.Information Handlers
    The appointed Senior Information Risk Owner (SIRO) is Jason Middleton, Business Growth Manager, New Anglia LEP.

Information Storage Lifespan
New Anglia LEP (New Anglia Growth Hub Administrators) are required under its contract with Lancaster University (Funding Body) to keep all information relating to the New Anglia Growth Hub for a minimum of six years following the completion of the contract in June 2015. However, the terms and conditions of ERDF funding are likely to require that all information on the project is retained for the length of time required under the ERDF guidelines published by the Department for Communities and Local Government. This is currently until 2026 but may be subject to review.

Information Destruction
Hard-copy and electronically-stored information will be destroyed, as and when appropriately required, using secure methods that comply with respective legislation & regulation that are in force at the time of its destruction.

Data Subject Access Request Policy

Your Rights
The Data Protection Act 1998 (DPA) gives individuals (“data subjects”) a number of rights including the right to access personal information that an organisation (in this instance the ‘New Anglia Growth Hub’) holds about them. This right of access extends to all information held on an individual and includes both digitally stored information as well as hard-copy. If an individual makes a request to view their information, it is known as a “Data Subject Access Request” or “SAR”. It is permissible by the DPA for a fee of up to £10 to be charged for responding to SARs due to the costs involved into responding to such requests. We will operate on the basis that a charge will be implemented for any SARs we receive unless exceptional circumstances are advised to us, at which point we will determine whether to waive the fee or not.

  • The DPA stipulates that the data subject must:
    make the request in writing (emails and faxes are permitted)
    supply information to prove who they are (to eliminate risk of unauthorised disclosure)
    supply clear and appropriate information to help the organisation to locate the information they require
  • Upon receipt of a request, the organisation must provide:
    a response outlining whether any personal data is being processed
    a description of the data, purposes and any recipients
    a copy of the data
    an explanation of any codes/jargon contained within the data

The organisation must respond to SARs within 40 calendar days, and due to the nature of such requests it could possibly take this long before you receive a response. However, where possible, we will respond much sooner than this. The 40 day period will not start until payment of the £10 fee has been received and there is enough information to identify the information being requested.

How to Raise a Data Subject Access Request with New Anglia Growth Hub
Following the guidelines above please submit your SAR in writing to the following contact options:
Email: growthhub@newanglia.co.uk
Write to: New Anglia Growth Hub, New Anglia LEP, Centrum, Norwich Research Park, Colney Lane, Norwich, NR4 7UG

The DPA recognises that in some circumstances there may be a legitimate reason for an organisation to not comply with a SAR and so includes the provision for the organisation to refuse a SAR either partially or in full, depending on the circumstances. In a similar manner the DPA also places restrictions on certain information being released as part of a SAR disclosure, for example when disclosing information that could lead to another party’s information being released without authorisation. Wherever possible, if we refuse to disclose information you have requested we will aim to provide you with a reference to the DPA reasoning as to why we have refused.

Information Commissioners Office (“ICO”)
If you feel that your SAR has not been handled appropriately you do have the right to take this up with the ICO:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
0303 123 1113

Data Breach Policy
If, despite New Anglia Growth Hub putting in place appropriate security measures taken to protect personal information, a breach of security occurs, we will deal with the breach as soon as possible once we have become aware of it.
The breach may arise from information being accidentally or deliberately compromised, such as theft, a deliberate attack on our systems, the unauthorised use of data by a member of staff, accidental loss, or equipment failure et al. However the breach occurs, we will respond to and manage the incident appropriately.

Only authorised personnel of New Anglia Growth Hub are permitted to access, alter, disclose or destroy data we hold, and those individuals have received sufficient training and briefing to enable them to act within the scope of their designated authority. Any loss, unauthorised access to or processing of the information we hold by a member of staff will be dealt with through internal investigation and disciplinary procedures, with legal action being sought if deemed necessary.
In the event of information being compromised through means of theft (whether physical or digital) we will work directly with law enforcement agencies with the aim of reclaiming the data and bringing about legal action against those who compromised the information. If this theft is through digital means we will also instruct our information & communication technology service providers to conduct vigorous infrastructure vulnerability tests and investigations in order to close any such vulnerability.

System failures should be safeguarded by agreement of daily back-ups of our systems with our information & communication technology service providers, and in the event of data loss through system failure the data should be restorable through said backups without affecting any involved parties.

  • In any event of compromised information we will ensure that:
    we notify any affected parties of the compromise, inclusive of the Information Commissioners Office where applicable
    the risks associated with the breach are assessed
    we immediately seek to contain and/or correct the compromise, recover the data where possible, and limit any damage that may be caused as a result of the breach
    this policy is reviewed, and where feasibly possible make immediate improvement to data security following thorough investigations of the breach and evaluation of our organisational response to its occurrence

Cookie Policy
We use cookies (little bits of information stored on your computer) on the New Anglia Growth Hub website to help improve our service and give a better experience to the Service User. By using this site you are allowing us to store these cookies, and below you can find out how and why we use then as well as information on how you can disable them.
*Please note that if you are using a modern, up-to-date web browser you should see a prompt when you first enter the New Anglia Growth Hub website advising you of cookie use.

What is a cookie?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. It is entirely ‘passive’ and does not contain software programmes, a virus or spyware. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. A cookie typically contains the name of the website it belongs to and the lifespan of the cookie.

What cookies do we use?
New Anglia Growth Hub uses cookies in several places. We’ve listed them below with details of why we use them and how long they will last.

Analytical Performance Cookies
Our website uses Google Analytics so that we can measure what pages on our website are being used and by how many people. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We never store any personal data such as your name or address so the information we collect can never be used to identify you. Google does not share your analytics information with anyone else.
The following cookies are set by Google Analytics:
Name Expires
_utma 2 years
eu_opt_in 5 years
_utmb 30 minutes
_utmc When you close your browser
_utmz 6 months

Session Cookies
Session cookies are used for remembering user selections during their visit to your site. A typical scenario may be to remember information entered in a form when navigating to different pages. This cookie expires when you close your browser.
Name Expires
Phpsession When you close your browser

We use cookies to process forms on the site.
Name Expires
frm_token When you close your browser

Social Media
We use a number of suppliers who may also set cookies on their websites on its behalf. We do not control the dissemination of these cookies and you should check the third party website for more information.
Provider More info
Twitter (original_referer, external_referer
guest_id, _twitter_sess) Twitter Privacy Policy

Removing cookies
All recent versions of popular browsers give users some control over cookies. You can set your browser to accept all cookies, reject all cookies or accept/reject cookies for certain websites.
The website aboutcookies.org offers comprehensive information on how you can control cookies in all of the popular browsers

Complaints Policy / Procedure
We aim to provide the best possible Service but sometimes things can go wrong. We take complaints very seriously so if any of our Service Users aren’t happy we’ll look into their complaint immediately and follow up with the appropriate course of action.

Definition of a Complaint –
A complaint is an expression of dissatisfaction, however made, about the standard of Service, action or lack of action by the New Anglia Growth Hub ‘Service’, its staff, or Service Delivery Partners (SDPs) or agents providing services on behalf of the New Anglia Growth Hub Service affecting an individual Service User or a group of Service Users.

How to Complain (Stage 1):
Firstly contact us using the below methods, providing as much detail as possible and including a postal address and alternative means of contacting you:
Email: growthhub@newanglia.co.uk
Write to: New Anglia Growth Hub, New Anglia LEP, Centrum, Norwich Research Park, Colney Lane, Norwich, NR4 7UG

Most complaints usually arise as a result of a misunderstanding and so can usually be resolved upon a first contact basis. We’ll aim to provide you a response to your complaint within 14 calendar days of you raising your expression of dissatisfaction. If a complaint is in regards to one of our SDPs we will confirm receipt of the complaint and forward it to the respective SDPs wherein we may notify all parties that the specific SDPs take over all responsibility of responding to the complainant, dependent upon the nature of the complaint.

If no further correspondence is received from the complainant within 7 calendar days of the response being issued, or if the complainant responds confirming acceptance of the initial outcome, the complaint will be closed as resolved.

Appeal (Stage2):
If you are unhappy with the way your complaint was dealt with, or the outcome that was delivered, please contact:
Jason Middleton, Business Growth Manager
New Anglia Local Enterprise Partnership,
Norwich Research Park
Colney Lane
Tel: 01603 510078

He will review your complaint and the initial action taken and advise you of the outcome in writing, within 30 calendar days.

New Anglia LEP Board (Stage3):
If you are still unhappy following our final response you can then put your complaint to the Local Enterprise Partnership Board. At this stage our response and outcome will be final.
New Anglia Local Enterprise Partnership,
Norwich Research Park
Colney Lane