Privacy Policy

Who we are

The Business Resilience service is delivered and run by East Midlands Business Limited (EMB) on behalf of Lincolnshire County Council. EMB is the joint data controller, along with Lincolnshire County Council and the Department for Business, Energy and Industrial Strategy (BEIS). More information about EMB can be found at:

EMB is committed to being transparent about how it collects and uses personal data and to meeting its data protection obligations

Purpose of the processing and the legal basis for the processing

Processing of your data is necessary for compliance with a legal obligation to which EMB is subject, which requires EMB and Lincolnshire County Council to collect and process a range of details about the service’s beneficiaries.

A copy of EMB’s Data Protection and Privacy Policy can be found online at:

What personal data we collect and why we collect it

The information we are required to collect and process includes: name, job title, address and contact details, including email address and telephone number.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

EMB’s normal retention period for personal data is seven years from the end of service provision.

Data held by EMB is securely destroyed at the end of the retention period.

What rights you have over your data

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • request the organisation to delete or stop processing your data, when the data is no longer necessary for the purposes of processing.

If you would like to exercise any of these rights, please contact EMB’s Data Protection Officer by e-mail at:

If you believe that EMB has not complied with your data protection rights, you can complain to the Information Commissioner’s Office:

Who we share your data with

Your information may be shared internally, including with project staff and managers and IT staff if access to the data is necessary for performance of their roles.

EMB shares your data with third parties. Your data will be shared with Lincolnshire County Council and BEIS, which are joint data controllers.

EMB also shares your data with third parties that process data on its behalf and which provide services to EMB and beneficiaries as part of the Business Resilience Programme. EMB does not permit third parties to use the data for any other purpose.

Your contact information

EMB’s Data Protection Officer can be contacted at:

Additional information

How we protect your data

EMB takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where EMB engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

What data breach procedures we have in place

EMB has a Data Breach Process in place, which ensures that any data breach is investigated, the cause identified and the risk to data subjects assessed. Where we conclude that the breach creates a risk to data subjects, we will notify the ICO within 72 hours.

What automated decision making and/or profiling we do with user data

EMB does not use automated decision-making in the Business Resilience Programme.