Notice

CyberASAP alumni on difficulties for foreign nationals setting up a business in the UK survey: privacy notice

Published 14 April 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/cyberasap-alumni-on-difficulties-for-foreign-nationals-setting-up-a-business-in-the-uk-survey-privacy-notice/cyberasap-alumni-on-difficulties-for-foreign-nationals-setting-up-a-business-in-the-uk-survey-privacy-notice

This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

DSIT is conducting a survey of CyberASAP programme alumni to evaluate whether they have experienced difficulties establishing a spin-out company after completing the CyberASAP programme, with particular attention to any issues related to their UK VISA status. The information gathered will be used to inform the future design of the CyberASAP programme and related government initiatives.

The Department for Science, Innovation and Technology is the Data Controller for the use of personal data covered by this privacy notice.

1. Your data

We will process the following personal data:

  • Whether you require a visa to remain and/or work in the UK.
  • Information you choose to provide about challenges experienced related to visa requirements, business setup, commercialisation activities or participation in CyberASAP.
  • Your responses to questions relating to business setup plans, commercialisation preferences and perceptions of the UK business environment.

We do not ask for your name, nationality, email address, or any direct identifiers.

All free text responses will be reviewed and anonymised to remove any personal or identifying information before analysis.

We are not intentionally collecting any special category data.

2. Purpose

The purpose(s) for which we are processing your personal data are to:

  • Understand whether visa requirements create barriers for CyberASAP alumni when attempting to set up a business in the UK, particularly for those who require a visa to remain or work in the UK.
  • Identify the types of challenges alumni face during commercialisation, including business registration, access to funding, collaboration, and participation in programme activities.
  • Assess whether visa‑related obstacles impact long‑term commercial ambitions within the UK innovation ecosystem.
  • Inform DSIT and Innovate UK’s future programme design, support mechanisms and policy development relating to early‑stage commercialisation, international founders and VISA‑linked barriers.
  • Monitor how effectively the CyberASAP programme supports alumni, including understanding any systemic barriers that may limit programme impact.
  • Generate anonymised, aggregated insights that can be used to improve future delivery of CyberASAP and related government initiatives.

The legal basis for processing your personal data under Article 6 of the UK GDPR is:

1(e)Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

This task is the evaluation of the CyberASAP programme, including understanding visa related challenges faced by alumni when setting up businesses in the UK, identifying barriers to commercialisation, and generating evidence to inform future government policy and programme design.

4. Recipients

Your personal data will be shared with the following recipients:

SmartSurvey, the external platform used to host the survey, processes your responses on behalf of DSIT under DSIT’s instructions and in accordance with its data‑processing and security obligations.

Integrated Corporate Services (ICS) Digital, who provide DSIT’s internal IT infrastructure and support services. This includes the secure cloud‑based Microsoft 365 environment (e.g. OneDrive/SharePoint) where survey data and analysis spreadsheets will be stored. ICS acts as a data processor when providing technical support and maintaining these systems.

Innovate UK (IUK) and Innovate UK Business Connect (IUKBC) will receive only anonymised and aggregated findings, such as statistical summaries and percentages (e.g. “10% of respondents who required a visa reported X”).

They will not receive any raw data, free‑text responses, or information that could identify an individual.

All raw survey data will remain stored solely within DSIT’s secure systems in password‑protected files. Only anonymised, aggregated outputs will be shared externally.

5. Retention

We will retain your personal data for 6 months from the date you submit your survey response. After this period, your personal data will be securely deleted. Only aggregated, non‑identifiable data will be retained after this point for reporting and statistical purposes.

6. Automated decision making

Your personal data will not be subject to any automated decision making.

7. International transfers

Your personal data will only be processed in the UK.

8. Your rights

You have the right to:

  • request information about how your personal data are processed, and to request a copy of that personal data.
  • request that any inaccuracies in your personal data are rectified without delay.
  • request that any incomplete personal data are completed, including by means of a supplementary statement.
  • the right to request that your personal data are erased if there is no longer a justification for them to be processed.
  • the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
  • the right to object to the processing of your personal data

To exercise your rights please contact the Data Protection Officer using the contact details below.

9. Contact details

The data controller for your personal data is the Department for Science. Innovation and Technology (DSIT). You can contact the DSIT Data Protection Officer at:

DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG

Email: dataprotection@dsit.gov.uk

If you are unhappy with the way we have handled your personal data, please write to the department’s Data Protection Officer in the first instance using the contact details above.

10. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

https://ico.org.uk/make-a-complaint/

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

11. Updates to this notice

If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Last updated: 17 March 2026

Back to top