Innovate UK Business Growth Data Privacy Policy

1              Introduction

This paper describes how the data we collect from our clients will be gathered and used.

Data confidentiality is discussed with the client at an early stage, before submission of an application to the Innovate UK Business Growth. This policy describes what information (a) we must collect and disclose to fulfill the requirements of the funding bodies, (b) we need to deliver the right support and (c) ask to share with stakeholders. The aim is for the client to have confidence that the information provided to Oxford Innovation[1] is stored securely and will only be used for purposes that the client is aware of and has agreed to.

As part of the acceptance process onto the service, the client is asked to confirm in writing that he/she has read this data privacy policy and agrees to how data could be used.

2              Why is company data collected?

We use information provided for administration, delivery, reporting, marketing and research purposes. We use it for:

  1. Mandatory purposes
    • Assessment of eligibility and suitability of the Innovate UK Business Growth
    • Evaluation of the client’s ability to harness innovation capability to deliver growth plans
    • Design of bespoke packages of support
    • Generation of anonymised evaluation data describing the uptake and impact of the Innovate UK Business Growth
    • Evaluation, compliance and publicity by funding organisations
  2. Optional purposes
    • Generation of publicity, including case studies and news items
    • Analysis, follow-up and publicity by key stakeholders
    • Referrals to complementary support services
    • To provide information on products or services that a client requests from us or which we feel may be of interest, where the client has consented to be contacted for such purposes.
    • Business support team training

The client has the right to deny permission for us to use data for anything other than the mandatory purposes.

3              What client data is collected?

  • General company information
  • Services and sectors
  • Turnover, employee numbers, ownership, etc
  • Details of previous State Aid received
  • Diversity and equality information

OIS may also collect information that is publicly available, such as from Companies House.

Client information may also be captured in other client documents including GROWTHmapper™ questionnaires, client case file, action plan, meeting records and reports produced by the Innovation Adviser. OIS may record any other information a client chooses to share, either electronically, verbally, in written form or face to face.

4              How is data stored?

We treat information security very seriously. We will take all reasonable technical and operational precautions to prevent the loss, misuse or alteration of client information. Any data provided by you is:

  • Held on our secure, internal servers, and managed by a datacentre supplier who is certified to meet the requirements of ISO 27001 Information Security Management.
  • Not transferred outside of the European Economic Area.
  • Held in accordance with our Information Security policies.

Data is also stored on servers managed by Innovate UK.  For details of their Privacy Policy please see

5              How could data be disclosed?

The table below shows how data may be disclosed. Clients will be notified of any changes or additional requests from other stakeholders. If the request is not for a mandatory purpose, clients can instruct their Adviser not to share their data.

A = mandatory

B = optional

C = not shared

OIS Team Members[2] Funding organisation[3] Other business support partners[4] Other OIS partners[5] Oxford Innovation[6]
Application form data A A B B B
GROWTHmapper Adviser report A C C C C
GROWTHmapper Client report* A C B C C
Internal business support documents A C C C B
PR material B B B B B


* Data collected and reports generated as part of the GROWTHmapper exercise will not be shared by Oxford Innovation Services Ltd to any third parties. That does not prevent the client from sharing their GROWTHmapper report with others, such as external Advisers.

We may also disclose your personal information to third parties:

  • If Oxford Innovation Services is acquired by a third party, in which case personal data held by us about you will be one of the transferred assets
  • To the extent that we are required to do so by law
  • In connection with any ongoing or prospective legal proceedings
  • To establish, exercise or defend our legal rights.

We will not disclose personal information to other third parties without a client’s consent.

No data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of personal data. Data moved or shared outside the organisation will be protected and passwords sent separately.

6              Client rights

6.1          Accessing your data

The Data Protection Act 2018 and GDPR give you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. We will require proof of identity with any request made.

You may instruct us at any time not to use your personal information for marketing purposes. In practice, you would typically agree or disagree to this in advance when submitting or updating your personal information, though opportunities to opt out are written into our processes.

6.2          Updating your data

We seek to verify and confirm the accuracy of the information that we hold about you every time we interact with you. Please let us know at any time if the information we hold about you needs updating or correcting.

7              Roles and responsibilities

The Innovate UK Business Growth Delivery Manager is the nominated Data Controller. The Data Controller maintains and updates this Data Privacy Policy and checks compliance by team members. The Data Controller is the first point of contact for any queries or complaints from clients regarding the use of their data and he will take appropriate action to try to resolve them.

Paul Toben

Programme Delivery Manager

E: [email protected]

M: +44 (0) 7715 071610

Oxford Centre for Innovation, New Road, Oxford, OX1 1BY

8              Document history

Version Date Reason for release/version update Issued by
V1 23 June 2016 First issue Elaine Kearney
V2 27 July 2017 Annual review and updated requirements from Innovate UK or transferring data outside the organisation Elaine Kearney
V3 05 April 2019 Update to remove references to ERDF funding Elaine Kearney
V4 16 August 2019 Update to EEN and change of Data Controller Elaine Kearney
V5 17 October 2019 Update to EEN and change of Data Controller Paul Toben
V6 2 April 2020 Update to Covid-19 use Paul Toben
V7 21 August 2020 Update to DPA 2018 Paul Toben
V8 23 October 2020 IUK Service name update and reference to GDPR Paul Toben



[1] Throughout this document Oxford Innovation, OI, OIS and any other forms refer to Oxford Innovation Services Ltd. We are registered with the Information Commissioner’s Office as a data controller, as required by the Data Privacy Act of 2018. Registration number ZA019245.
[2] This group comprises OIS employees involved in or supporting delivery of the Innovate UK Business Growth
[3] Innovate UK and European Commission
[4] Organisations providing business support locally and nationally, including Growth Hubs, Chambers of Commerce
[5] Partner organisations delivering the Business Support Coaching Service in other parts of the UK
[6] Other parts of Oxford Innovation Services Ltd, Oxford Innovation Ltd and SQW Ltd.

Data Policy Feb 2021.