Privacy Policy

We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and the data protection regulator in the event you have a complaint.

The Policy applies to you if you visit our website (www.ingenuity-lab.com) It also applies to you if you are a contact at one of our clients or prospective clients. It does not apply to the processing of any information we collect if you interact with any of our brand ambassadors or brand representatives, we engage on behalf of our clients. Nor does it apply to any online activity we carry out on behalf of our clients. In the language of data protection laws, we act as ‘data processor’ for our client who is the ‘data controller’. This is because they control the purposes and means for processing the data. If you have any questions about our clients’ use of your data, you should contact the client direct. We know that you care about how your information is used and shared and we appreciate your trust in us to do that carefully and sensibly.  


Who we are

We collect, use and are responsible for certain personal information about you for the purposes of running our business. When we do so we are regulated under the General Data ProtectionRegulation which applies across the European Union and the United Kingdom, and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Throughout our websites we link to websites. These websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to other websites, please consult their privacy policies as appropriate.



Collection and personal information use

We collect personal information about you when you access our website, register with us, contact us, ask us for information, send us feedback, post reviews and other material to our website and participate in research surveys we conduct. We collect this personal information from you either directly, such as when you register with us, contact us, complete questionnaires, or indirectly, such as your browsing activity while on our website. Our websites are aimed at businesses and exclusive members within the University of Nottinghams Ingenuity Lab Programme.  Our websites are not intended for use by children under the age of 14. If someone we know is under 14 years of age provides us with any information about them, we will either request the consent of their parent or guardian or delete the information as soon as reasonably possible. We will retain your information only for as long as is necessary for the purposes set out in this policy. If you have an account on our website and no longer want us to use your information to provide our website services and email information to you, you may close your account by contacting us. If you work for a prospective client and we have your contact details for marketing purposes, we will retain your contact details for no more than 2 years, unless your business becomes a registered partner. If you are a user or contact working for one of our clients, we will retain information we process about you as long as is required in order to provide you with our services, or contact you about our services.Additionally, we will retain and use your information to the extent we need to, to comply with our legal obligations, resolve disputes, administer and enforce our client agreements, and as otherwise described in this privacy policy.   


Legal basis for processing personal information

When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why. The legal bases we may rely on include:


Consent: 
where you have given us clear consent for us to process your personal information for a specific purpose. We use this basis to email you about updates to services and products.


Contract: 

where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. We use this basis to create and manage your account with us, provide you with the features and functions we have agreed to provide to you subject to our terms of use.


Legal obligation: 

where our use of your personal information is necessary for us to comply with the law. We use this basis to notify you of any changes to our websites, this policy or to our services that may affect you.


Public task: 

where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.


Legitimate interests: 

Where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests). We use this basis to customise our websites and their content to your particular preferences, improve our websites and the services we provide to our brand partners, help us decide which job alerts, competitions and other opportunities to tell you about by email (if you have requested that we do so) and create aggregated, anonymised data as referred to above. We also base the following on our legitimate interests: our use of data to investigate and act against fraudulent or unlawful activity, administer and protect our business, to resolve disputes or troubleshoot problems, and provide research services for our  clients. 

Whom personal information is shared to:
We routinely share your data with some service providers we use to power our websites, email and marketing activities.We use a hosting partner to help us store your information.We will share personal information with law enforcement or other authorities if required by applicable law.If we sell our business or any part of it, or if we merge with another business, we will share your personal data with the new owner of the business or our merger partner.  


Transfer of your information out of the UK and EEA:

Some of the processing of your information by our service providers referred to above happens in countries outside theEuropean Economic Area (EEA) and the UK.Such countries do not have the same data protection laws as the United Kingdom and EEA. But we require each of our providers to ensure that they apply ‘appropriate safeguards’ endorsed under theGeneral Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain more information on the different safeguards, you can visit this European Union website–https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.If you would like further information about the appropriate safeguards employed in processing your information outside the UK an EEA, please contact us. 



Your rights

Under the General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to: access to your personal information and to certain other supplementary information that this privacy policy is already designed to address require us to correct any mistakes in your information which we hold require the erasure of personal information concerning you in certain situations receive the personal information  concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations object at any time to processing of personal information concerning you for direct marketing object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you object  in certain other situations to our continued processing of your personal information otherwise restrict our processing of your personal information in certain circumstancesFor further information on each of those rights, including the circumstances in which they apply, seethe Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please: contact us let us have enough information to identify you let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.    



Personal information security

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 


Changes to this privacy policy

This website privacy policy was last updated on 21/03/2024.

We may change this website privacy policy from time to time; when we do, we will inform you via Profile area on the website or via email.