Privacy Policy

Last updated: 06/07/2026

1. Who we are

The BID is managed by Groundwork Cheshire, Lancashire and Merseyside (“Groundwork CLM”, “we”, “us” or “our”).

This Privacy Notice explains how we collect, use, store and share personal information in connection with the management and delivery of BID activities, our website, communications, events, consultations, business engagement and related services.

For the purposes of applicable UK data protection law, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and other applicable data protection legislation, the data controller is:

Groundwork Cheshire, Lancashire & Merseyside
74–80 Hallgate
Wigan
WN1 1HP

Email: [email protected]
Telephone: 01942 821 444
ICO registration number: Z324664X

Where another organisation determines jointly with us how and why personal information is used, that organisation may also be a controller or joint controller. Where relevant, we will provide further information about the respective responsibilities of the organisations involved.

2. What personal information we collect

The personal information we collect depends on how you interact with us. It may include:

  • your name and title;
  • your job title or role;
  • the name of the business, organisation or other body you represent;
  • your business or work address;
  • your email address;
  • your telephone or mobile number;
  • your communication preferences;
  • records of correspondence and communications with us;
  • records of meetings, visits, consultations and engagement activity;
  • information you provide through surveys, forms, consultations or feedback;
  • event registration and attendance information;
  • information about your interests in BID services, projects, training, events or initiatives;
  • photographs or video footage where appropriate and lawful;
  • website usage and technical information, such as IP address, browser type, device information and cookie data, where collected;
  • information necessary to manage suppliers, partners, contractors and other professional relationships; and
  • any other personal information you choose to provide to us.

We aim to collect only the personal information that is reasonably necessary for the relevant purpose.

We do not routinely seek to collect special category personal data, such as information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or information about sex life or sexual orientation. If we need to process such information, we will only do so where we have both a lawful basis and an additional condition permitted by law.

3. How we collect personal information

We may collect personal information directly from you when you:

  • contact us by email, telephone, post or through our website;
  • meet with a member of the BID or Groundwork CLM team;
  • take part in a business visit, consultation, survey or engagement exercise;
  • subscribe to a newsletter or e-bulletin;
  • register for or attend an event, meeting, webinar or training session;
  • complete an online or paper form;
  • provide feedback or make an enquiry or complaint;
  • enter into a supplier, contractor, partnership or other working relationship with us; or
  • otherwise communicate or engage with us.

We may also receive personal information from other sources where lawful and appropriate, including:

  • BID stakeholders and delivery partners;
  • local authorities and other public bodies;
  • partner organisations;
  • publicly available sources, including business websites and professional directories;
  • event, survey and communications platforms;
  • businesses and organisations that provide or update contact details; and
  • other third parties where there is a lawful basis for the disclosure.

Where we obtain personal information from another source, we will provide privacy information where required by law.

4. Why we use personal information and our lawful bases

We only use personal information where we have a lawful basis for doing so. The lawful basis depends on the purpose for which the information is used.

BID management and business engagement

We may use personal information to:

  • manage and deliver BID activities and services;
  • communicate with businesses and stakeholders within or connected to the BID area;
  • conduct business visits and maintain stakeholder relationships;
  • gather feedback and understand business needs;
  • provide information about BID projects, services and initiatives;
  • maintain accurate business contact and CRM records; and
  • support the effective management, monitoring and evaluation of BID activity.

Lawful basis: our legitimate interests in managing and delivering BID activities, maintaining effective relationships with businesses and stakeholders, improving services and supporting the objectives of the BID.

Where we rely on legitimate interests, we consider the necessity of the processing and balance our interests against the rights and interests of the individuals concerned.

Newsletters, e-bulletins and other communications

We may use personal information to send:

  • BID news and updates;
  • information about local business issues and opportunities;
  • crime prevention and safety information;
  • training and event information;
  • information about funding and support opportunities;
  • consultation information;
  • place-related and BID-related updates; and
  • other relevant communications.

Lawful basis: depending on the circumstances, consent or our legitimate interests.

Where electronic direct marketing rules apply, we will also comply with the Privacy and Electronic Communications Regulations 2003 (“PECR”) and any other applicable legislation.

Where we rely on consent, you may withdraw your consent at any time. You can unsubscribe from marketing emails by using the unsubscribe link included in the communication or by contacting us.

Enquiries and requests

We may use personal information to respond to enquiries, requests for information and other communications.

Lawful basis: our legitimate interests in responding to enquiries and managing relationships, taking steps at your request before entering into a contract, performance of a contract, or compliance with a legal obligation, depending on the circumstances.

Events, meetings and training

We may use personal information to:

  • manage registrations;
  • communicate with attendees;
  • administer attendance;
  • deliver events, meetings, webinars or training;
  • gather feedback; and
  • manage follow-up communications.

Lawful basis: depending on the circumstances, performance of a contract, legitimate interests or consent.

Surveys and consultations

We may use personal information to conduct surveys, consultations and engagement exercises, analyse responses and improve BID activities and services.

Lawful basis: our legitimate interests in understanding stakeholder views, evaluating activities and improving services, or consent where appropriate.

Where possible, survey and consultation findings will be anonymised or aggregated before wider reporting.

Suppliers, contractors and partners

We may use personal information to:

  • manage contracts and working relationships;
  • process payments and invoices;
  • communicate about services and projects;
  • maintain appropriate business records; and
  • meet legal, financial and regulatory obligations.

Lawful basis: performance of a contract, taking steps before entering into a contract, compliance with legal obligations and/or our legitimate interests in managing our operations and professional relationships.

Legal, regulatory and governance purposes

We may use personal information where necessary to:

  • comply with legal and regulatory requirements;
  • maintain appropriate records;
  • establish, exercise or defend legal claims;
  • prevent or investigate misuse, fraud or other unlawful activity;
  • respond to lawful requests from regulators, courts or public authorities; and
  • protect our rights, property, systems and services.

Lawful basis: compliance with a legal obligation and/or our legitimate interests in protecting our organisation and managing legal and regulatory matters.

5. Our legitimate interests

Where we rely on legitimate interests, these may include:

  • effectively managing and delivering BID activities;
  • maintaining appropriate relationships with local businesses, stakeholders, partners and suppliers;
  • keeping relevant stakeholders informed about BID activity;
  • understanding business needs and improving services;
  • promoting relevant opportunities, initiatives and support;
  • maintaining accurate records;
  • protecting our systems, services and organisation;
  • preventing misuse and addressing security concerns; and
  • supporting the effective administration and development of the BID.

We will not rely on legitimate interests where our interests are overridden by your rights and interests.

6. Who we share personal information with

We do not sell personal information.

Where necessary and lawful, we may share personal information with:

  • Groundwork CLM staff and authorised personnel;
  • organisations involved in the management or delivery of BID activities;
  • IT, website, hosting and technical support providers;
  • email and communications service providers;
  • CRM providers;
  • survey and consultation platforms;
  • event registration and management providers;
  • professional advisers, including legal, financial, audit and insurance advisers;
  • contractors and service providers working on our behalf;
  • partner organisations where necessary for a specific project or service;
  • local authorities, police or other public bodies where there is a lawful basis to do so;
  • regulators, courts, law enforcement agencies or other authorities where required or permitted by law; and
  • other parties where you have asked us to share information or have provided valid consent.

Where a supplier processes personal information on our behalf, we require appropriate contractual and security arrangements in accordance with applicable data protection law.

Where information is shared with another independent controller, that organisation is responsible for its own use of the personal information and should provide appropriate privacy information.

7. Service providers and online platforms

We may use third-party platforms and service providers to support our activities, for example for:

  • email communications;
  • surveys and consultations;
  • event bookings;
  • website hosting;
  • customer relationship management;
  • document storage;
  • analytics; and
  • online meetings or training.

Core service providers are:

  • Campaign Monitor
  • Microsoft, inclusive of:
    • Microsoft Office Suite
    • Microsoft Power Platform
    • Microsoft Forms

These providers may process personal information on our behalf or, in some cases, as independent controllers. Their role depends on the service and contractual arrangements in place.

8. International transfers

Some of our service providers may process or store personal information outside the United Kingdom.

Where personal information is transferred internationally, we will ensure that the transfer is lawful and that appropriate safeguards are used where required. Depending on the circumstances, these may include:

  • transfers to countries covered by UK adequacy regulations;
  • the UK International Data Transfer Agreement;
  • the UK Addendum to approved standard contractual clauses; or
  • another lawful transfer mechanism permitted under UK data protection law.

Where required, we will also consider the risks associated with the transfer and apply additional safeguards where appropriate.

You may contact us using the details in this notice if you would like further information about the safeguards relevant to a particular transfer.

9. How long we keep personal information

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, including to meet legal, regulatory, accounting, contractual and reporting requirements.

Our retention periods vary depending on the type of information and the reason for processing it. For example:

  • newsletter and marketing records: 3 years from project end
  • business engagement and CRM records: 5 years from project end
  • enquiry and correspondence records: 3 years from project end
  • event and training records: as required by each training body OR 3 years from project end
  • supplier and contract records: As required by contract OR 3 years from contract end
  • financial and accounting records: as required by law

When deciding how long to retain personal information, we consider:

  • the purpose for which it was collected;
  • the amount, nature and sensitivity of the information;
  • legal and regulatory requirements;
  • contractual requirements;
  • relevant limitation periods;
  • the risk of harm from unauthorised use or disclosure; and
  • whether the purpose can be achieved using anonymised information.

When personal information is no longer required, we will securely delete, destroy or anonymise it.

10. How we protect personal information

We take appropriate technical and organisational measures to protect personal information against:

  • unauthorised access;
  • accidental or unlawful loss;
  • misuse;
  • alteration;
  • disclosure; and

Measures may include access controls, password protection, secure systems, staff training, appropriate contractual arrangements, backups and other safeguards proportionate to the risks involved.

However, no method of transmitting or storing information is completely secure, and we cannot guarantee absolute security.

11. Your data protection rights

Depending on the circumstances and the lawful basis on which we rely, you may have the right to:

  • be informed about how your personal information is used;
  • request access to the personal information we hold about you;
  • request correction of inaccurate or incomplete personal information;
  • request deletion of your personal information in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing in certain circumstances, including certain processing based on legitimate interests;
  • object to direct marketing at any time;
  • request data portability in certain circumstances;
  • withdraw consent at any time where we rely on consent, without affecting the lawfulness of processing carried out before withdrawal; and
  • raise concerns or make a complaint about how we use your personal information.

These rights are not absolute and may be subject to legal conditions, limitations or exemptions.

We will not usually charge a fee for exercising your data protection rights. We may ask for information reasonably necessary to verify your identity before responding to a request.

To exercise your rights, contact us using the details in section 14.

12. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about individuals based solely on automated processing.

13. Cookies and website analytics

Our website may use cookies and similar technologies to:

  • enable essential website functions;
  • remember preferences;
  • understand how visitors use the website;
  • improve website performance; and
  • support other functions where permitted by law.

Where required, we will ask for consent before placing non-essential cookies on your device.

14. How to contact us

If you have questions about this Privacy Notice, wish to exercise your data protection rights, or wish to raise a concern or complaint about our use of your personal information, please contact:

Groundwork Cheshire, Lancashire & Merseyside
74–80 Hallgate
Wigan
WN1 1HP

Email: [email protected]
Telephone: 01942 821 444

We will handle data protection complaints in accordance with applicable legal requirements and our data protection complaints procedure.

15. How to complain to the Information Commissioner’s Office

If you are unhappy with how we have used your personal information, you may complain to the Information Commissioner’s Office (“ICO”), the UK’s independent data protection regulator.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

We would welcome the opportunity to address your concerns directly, so you may wish to contact us first. However, you have the right to raise a concern with the ICO.

16. Links to other websites

Our website may contain links to websites operated by third parties. We are not responsible for the privacy practices of those third-party websites.

We recommend that you read the privacy information provided by any third-party website or service before providing personal information.

17. Changes to this Privacy Notice

We keep this Privacy Notice under regular review to ensure that it remains accurate and reflects how we use personal information.

We may update this notice from time to time. Where changes are significant, we will take reasonable steps to bring them to the attention of affected individuals where appropriate.

The latest version will be published on our website and identified by the “Last updated” date at the top of this notice.