jump to content

ASTUTE 2020 Update September 2020

Here at ASTUTE 2020, we can support your business throughout this period of uncertainty. Our world-class academics and technical experts from across our strong Welsh Universities partnership are available to support you through research and innovation activities. If you wish to discuss opportunities for working with us e.g. to modify your production to develop solutions to support the fight against COVID-19, you can contact us via email.


ASTUTE 2020: Using Your Personal Information

Personal information which you supply to us will be held by the ASTUTE 2020 partnership. ASTUTE 2020 and ASTUTE EAST are operations part-funded by the European Regional Development Fund through the Welsh Government and the participating Higher Education Institutions. ASTUTE 2020 is led by Swansea University in partnership with Cardiff University, Aberystwyth University and the University of Wales Trinity Saint David and operates in West Wales and the Valleys. ASTUTE EAST is led by Swansea University in partnership with Cardiff University, and the University of South Wales and operates in East Wales.

Reference to “ASTUTE 2020” or “the partnership” in the remainder of this document includes both the ASTUTE 2020 and ASTUTE EAST operations,

The ASTUTE 2020 partnership is committed to protecting the rights of registered users in line with Data Protection legislation. For data the Welsh Government or the Welsh European Funding Office (WEFO) requires ASTUTE 2020 to collect (Section A below), the Welsh Government is the data controller and the ASTUTE 2020 partners are data processors. The Data Protection Officer for the Welsh Government can be contacted at Data.ProtectionOfficer@gov.wales.

For other personal data collected by the ASTUTE 2020 partnership (Section B below), partner institutions are joint data controllers and have dedicated Data Protection Officers with the following contact details:

Aberystwyth University: infocompliance@aber.ac.uk

Cardiff University: inforequest@cardiff.ac.uk

Swansea University: dataprotection@swansea.ac.uk

University of South Wales: dataprotection@southwales.ac.uk  

University of Wales Trinity Saint David: foi@uwtsd.ac.uk

This document provides an explanation of why we collect personal data as part of ASTUTE 2020, how we process it and the steps we take to ensure data security at all stages. All data collected through the operation is processed and stored in accordance with Data Protection legislation.

What personal information do we collect?

A. Data which we are required to collect on behalf of the Welsh Government and WEFO

Data covers the European Structural Funds 2014-2020 in respect of a) the monitoring data laid out in the Structural Funds definitions and b) information requirements under the Eligibility rules and conditions for EU funds support.

Monitoring Data

This includes Enterprise level data which contains contact details for a named individual in the enterprise. For further information, see https://gov.wales/funding/eu-funds/2014-2020/wefo-guidance/monitoring/?lang=en

Eligibility Information

For information on the required data collected under the Eligibly rules and conditions, see https://gov.wales/funding/eu-funds/2014-2020/wefo-guidance/eligibility/?lang=en

For ASTUTE 2020 to satisfy the above requirements and process your data on behalf of WEFO,  we collect the following personal information from enterprises who wish to receive support or are supported by the ASTUTE 2020 partnership:

  • Name of enterprise lead contact/ technical officers/ employees involved in the project;
  • Work contact details of personnel involved in the project;
  • Job role/title of personnel involved in the project;
  • Total monthly employment costs attributed to the project of associated personnel, including payslips where provided for the ASTUTE EAST operation to be used as evidence of match funding;
  • Preferred language of communication of enterprise lead contact; and
  • Collective anonymous equal opportunities data relating to enterprise owners/directors/senior managers including gender, ethnic origin, age group, number who consider themselves disabled and competency levels of the Welsh language.

In the event of employment creation as a direct result of the support provided to your enterprise by ASTUTE 2020, the following additional personal information is requested:

  • Job role/title of those employed by the enterprise as a direct result of the support received;
  • Gender of first post holder for those employed by the enterprise as a direct result of the support received; and
  • Salary scales of the first post holder for those employed by the enterprise as a direct result of the support received.

B. Data which is collected and processes by ASTUTE 2020

Micro Company Data

In certain circumstances during the project approval process i.e. if the enterprise seeking support is a micro company, the following information will also be collected about the Managing Director (MD) of the micro company or the person who will become the MD once a company is formed:

  • Qualifications/ technical background;
  • Referees;
  • Details of any criminal convictions;
  • Details of any directorships that have been annulled; and
  • Confirmation of any declarations of bankruptcy or companies declared insolvent whilst under your directorship.

Direct Marketing

In the interests of providing enterprises across Wales with an opportunity to benefit from the operation’s services, by hearing about the research activities we can offer and our events, to learn from other business engagement activities across the Universities such as funding training programmes or graduate placements or to keep in touch with those enterprises with whom we have collaborated, the following information is collected, stored and used or otherwise processed by the partnership:

  • Name and contact details of individuals who make enquiries to ASTUTE 2020 via telephone, email or the website “Contact Us” page and/ or who self-register for events and/or newsletters; and
  • Name and contact details of named individuals within organisations with whom we make contact by telephone, email or post where appropriate.

Why do we collect personal information and how do we use it?

We collect your personal information for the following reasons:

  1. To evaluate eligibility for ASTUTE 2020 support according to funding compliance requirements and the operation’s project approval process, thus ensuring effective value for money and selection of those enterprises with potential to achieve maximum impact upon the Welsh economy;
  2. To monitor and evaluate projects at operation management and governance boards and as part of the operation’s external evaluation so as to assess the effectiveness of working practices, delivery of projects and project outputs and impacts in line with funding requirements;
  3. To report to the Welsh Government and the European Commission for regulatory operation monitoring, claim and audit purposes. The Welsh Government uses this data to monitor and evaluate EU funds in Wales as laid out in its Monitoring and Evaluation Strategy. It uses eligibility information to verify eligibility of enterprises, activity and expenditure;
  4. To keep in touch and provide you with optimal support, informing you of ASTUTE 2020 news, events and highlights that could benefit your enterprise; and
  5. To statistically analyse the commercial relationships existing across Swansea University on a periodical basis.

What is our legal basis for processing?

Data which we are required to collect on behalf of WEFO (Section A above)

The relevant section of the GDPR for collecting personal data in relation to the Structural Funds is Article 6(1)(e) where:

“processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller”

The European Regulations governing Structural Funds give the Welsh Government official authority to process the personal data referred to above. Article 54(2) of Regulation (EU) No 1303/2013 common provisions on the European Structural and Investment Funds (CPR Regulation) states that “Member States shall provide the resources necessary for carrying out evaluations, and shall ensure that procedures are in place to produce and collect the data necessary for evaluations, including data related to common and where appropriate programme-specific indicators.”

Data which is collected and processed by ASTUTE 2020 (Section B above)

Data collected from micro companies, details of which is described above, will only be processed with your consent. You will be asked to provide this consent on the operation’s Micro Company Form at the point of data collection. This data is used during the approval process to evaluate eligibility for support.

There is a legitimate interest for us to process your data to provide you with direct marketing including information relating to opportunities for support, up-to-date news and up and coming events of interest (Article 6(1)(f) of the GDPR). A legitimate interests’ assessment has been carried out to ensure your personal data is used appropriately and in ways you would reasonably expect with minimal privacy impact. You have the right to object to processing for the purposes of direct marketing if you wish and will always be given the opportunity to unsubscribe to future communications.

Who receives your personal information?

Information is made available to personnel requiring access in limited circumstances for the reasons outlined above. These include:

  • ASTUTE 2020 technical and administrative staff;
  • ASTUTE 2020 governance and management boards;
  • External advisors and consultants directly engaged with the partnership;
  • The Welsh European Funding Office and the European Commission including their independent auditors and commissioned research organisations.

ASTUTE 2020 will use third party processors such as Eventbrite and Mail Chimp for event organisation and material distribution, which may involve international data transfer. Both Eventbrite and Mail Chimp participate in and comply with the EU-US. Privacy Shield Framework and are thus GDPR compliant. See https://www.eventbrite.co.uk/security/ and  https://www.surveymonkey.com/mp/policy/privacy-policy/.

How your personal information is stored?

Data Protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access.

The data will be held for the duration of the ASTUTE 2020 operation and for a reasonable period of time upon its conclusion to comply with regulatory audit and document retention requirements.

What are your rights?

You have a right to access your personal information, to object to the processing of your personal information (objections are not always absolute and would be considered on their merits and in accordance with ICO guidance), to rectify, to erase and to restrict your personal information. Where you provide consent for processing, you will also have the right to portability. (Please note however that exercising these rights may compromise the ASTUTE 2020 partnership’s ability to provide support to your enterprise due to the operation’s contractual funding constraints). If you provide consent to ASTUTE 2020 to process any of your data, then you also have a right to withdraw that consent and in the case of direct marketing, you have an absolute right to object to processing for this purpose. Please visit the Data Protection webpages for the ASTUTE 2020 partner institution leading your project for further information in relation to your rights.

Any requests or objections should be made in writing to the Data Protection Officer at the University leading your project: -

Swansea University

University Compliance Officer (FOI/DP), Vice-Chancellor’s Office, Swansea University, Singleton Park, Swansea, SA2 8PP

Cardiff University

Assurance Service - Data and Information, Cardiff University, Friary House, Greyfriars Road, Cardiff, CF10 3AE

Aberystwyth University

Data Protection Manager, Aberystwyth University, Hugh Owen Library, Penglais Campus, Aberystwyth, Ceredigion SY23 3DZ

University of South Wales

Information Compliance, University of South Wales, Pontypridd, CF37 1DL

UWTSD Swansea

The Data Protection Officer, UWTSD Swansea, Records and Archives Office, Mount Pleasant Campus, Mount Pleasant, Swansea, SA1 6ED

If you are unhappy with the way in which your personal information has been processed, you may in the first instance contact the University Data Protection Officer using the contact details above. If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: - Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk  

Your responsibilities

Please advise of any changes to your name, address, contact details as soon as practically possible so that we can amend our records accordingly.

Swansea University, Cardiff University, Aberystwyth University, the University of South Wales, and the University of Wales Trinity Saint David are all  designated as public authorities for the purposes of the Freedom of Information Act 2000 and Environmental Information Regulations 2004 and are therefore subject to receiving requests for recorded information.  Freedom of Information or Environmental Information requests will be responded to in line with the provisions of the relevant legislation.