)
About this notice
This privacy notice applies to all persons who are tenants or users of the commercial spaces within The Enterprise Centre. This notice outlines what to expect when The Enterprise Centre (TEC) team collects and processes your personal information for its purposes. For other ways UEA processes personal data and your rights, see our other privacy notices published here.
The Enterprise Centre is part of the Research and Innovation Directorate which is part of UEA’s central professional support services. UEA is a registered data controller and will collect and process information in accordance with UK data protection legislation.
1. Our responsibilities
The Enterprise Centre at UEA is responsible for supporting and managing the administration of:
- Tenants or a user of the commercial facilities within The Enterprise Centre.
2. How we collect your information
Most of the information The Enterprise Centre uses is collected from you directly: either verbally, in writing or by filling in a form. We may also collect your information through automated data feeds from other UEA systems or approved third party systems, e.g. Clearooms.
3. The information we use and our reasons for using it
During your involvement with TEC the following personal information is collected, used, and stored securely by us: name, home address and/or address of company, contact details including telephone number and e-mail, car registration, bank details in relation to payments and direct debit arrangements, We will also collect relevant information in order to make reasonable adjustments, e.g. a PEEP. As part of the UEA campus, The Enterprise Centre and its surroundings are monitored by CCTV. See here for the UEA Surveillance Camera System Code of Practice.
Why we need to use your information
The Enterprise Centre processes your personal information for its or your legitimate interests as a provider of office space and meeting rooms and uses it to fulfil our duties as a Trust or Company Service Provider (TCSP) and as a provider of hireable space and for administration relating to the financial aspects or your relationship with UEA.
We will only use your personal data for the purposes for which we collected it, i.e. support and management of tenants and users of the TEC commercial facilities. If we need to use your data for an unrelated purpose, we will only do so where we have a lawful basis. Where required, we will advise you before using it for that new purpose.
TEC also collects personal information from you to comply with the law and uses it:
- To fulfil its legal duties under safeguarding and Prevent laws or where a potential public health risk is identified,
- To produce analysis, reports and statistics to help us understand our tenant population and client base to enable us to make reasonable adjustments , or when we record and report on incidents and accidents in compliance with health and safety laws. We also use this information to produce management information for purposes such as monitoring performance, meeting income targets, and reporting on key performance indicators (KPIs).
- To assist UK agencies with their duties such as the prevention and detection of crime, apprehension and prosecution of offenders, or the collection of a tax or other levy and to share confirmation of details with the local council to enable it to assess and collect Business Rates.
- To meet legal requirements for Customer Due Diligence (CDD) to prevent fraud and ensure compliance with Anti-Money Laundering (AML) regulations by verifying identities and checking against PEPs (Politically Exposed Persons) and sanctions lists.
4. Sensitive information
Access to and the sharing of this kind of ‘special category’ personal information has extra protection under the UK GDPR Part 9(2)(a). Where we do use your sensitive personal information, we will either have obtained your explicit consent or there will be a substantial legitimate interest reason with a basis in law.
5. Who we may share your information with
UEA may share your information with HMRC, and other public authorities where there is a legitimate or legal reason to do so or because you asked us to. In addition, UEA may share your information to third party providers where there is a legitimate or legal reason to do. Information will only be disclosed on a need-to-know basis to support the specific activity in which we are engaging with you. When we share your information with our collaborators or other third parties, this will be done so on a confidential and secure basis, using password protection or encryption where appropriate.
These other external organisations include: third party providers of good or services; software providers, insurers and auditors. See below for the list of data processors with written agreements in place with UEA who provide services used by TEC.
Where UEA shares your information with any organisation based outside the UK, appropriate safeguards will be in place to protect your personal information.
We may also anonymise your personal information to share reports for internal/external management information purposes.
6. Systems we may access, use and store some/all of your information:
- UEA’s finance system and any subsequent replacement systems part of Unit 4 Business World (UERP))
- UEA internal shared drive files, Sharepoint and Microsoft Office 365
- UEA hard copy filing systems/archives
- SPOT (identity management system)
- UEA debtors system (Tribal SITS:Vision, SAM)
- Booking Management System (Clearooms etc.)
- Car Park Management System (BLINK)
- Know Your Customer System (TrustID)
- Marketing, Automation and Email Platform (Mailchimp)
- TEC is part of UEA (the Data Controller). As such we may disclose your personal information to other staff at UEA whose roles require use of such data for any of the purposes listed above, but only to the extent that is necessary to comply with that purpose or with a legal obligation.
7. How long we retain your information
The Enterprise Centre team follows the University’s Record Retention Schedules in relation to the storage and archiving of all information. The trigger for a lease or agreement is upon expiry or termination with a retention period of 12 years. The trigger for room hire and hot desking is upon expiry or termination with a retention period of 6 years.
All paper and digital data will be securely destroyed when no longer required.
8. Your rights and further information
General information on your rights, and who to contact if you have any concerns about the handling of your personal data you can email dataprotection@UEA.ac.uk
9. Changes to this notice
We regularly review the TEC privacy notice. This privacy notice was last updated in March 2026.