The Data Protection Act (1998) has been replaced by the General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018.
In the course of our business we collect and hold personal data. This privacy statement is for the Visit Lisburn Castlereagh website www.visitlisburncastlereagh.com
The GDPR requires that personal data is:
•Processed lawfully, fairly and in a transparent manner
•Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
•Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
•Accurate and, where necessary, kept up to date;
•Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
•Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
Information That We Collect:
We hold personal data in delivering our services.
Personal data that we collect and process about you may include:
Visit Lisburn Castlereagh processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
How we collect information:
•When you submit a complaint or query to us
•When you complete online forms
•When you register for events and event information
The personal data may be held in paper and electronic format, but will always be managed in a safe and secure manner.
Some areas of our website require you to actively submit personal data e.g. online services, email, online forms or online payments. You will be informed at each of these personal data collection points what data is required and what data is optional.
Personal data may be gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet.
We collect IP addresses for the purposes of system administration and to audit the use of our site. Each time you log onto our site and each time you request one of our pages, our server logs your IP address.
Although we log your session, it will not normally link your IP address to anything that can enable us to identify you. However, we can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our rules or terms of service or to protect our service, site, users or others.
Your rights as an individual
The GDPR provides rights for individuals:
1.Right to be informed – obligation to provide ‘fair processing information’ through privacy statements. There must be transparency at the point of collection on how the information will be used and there is an emphasis on providing you with a clear and concise notice.
2.Right of access – individuals must be able to access their data to ensure that it is being processed lawfully. This is commonly referred to as a subject access request. If you wish access to your personal data you must submit a request in writing and we will respond within one month. We may seek clarification as to your identity and there is no fee for this service.
3.Right to rectification which means that we will rectify inaccurate data concerning you without undue delay.
4.Right to be forgotten (is not absolute and only applies in certain circumstances) erasure or rectification of personal data – this right arises in the event of inaccurate or incomplete data and has been expanded to cover more circumstances than those set out in the Data Protection Act 1998.
5.Right to data portability – this is a new right enabling individuals to reuse and transfer their personal data (held in electronic form) for their personal use to another data controller without affecting its usability.
6.Right to restrict processing where the accuracy is contested (until it can be verified) or where you have objected to the processing (until a verification of the legitimate grounds on which it occurs has been made) or where processing is unlawful or when it is no longer necessary.
7.Right to object – where the processing of personal data is subject to consent, individuals can object to certain types of processing such as direct marketing or processing for research or statistical purposes.
8.Right not to be subject to a decision based solely on automated processing, including profiling that significantly affect the individual.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Visit Lisburn Castlereagh takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: pseudonymisation, restricted access, IT authentication, anti-virus/malware and firewalls.
Transfers Outside of the EU
Visit Lisburn Castlereagh use MailChimp as our marketing automation platform. MailChimp is an internationally based company and stores your data in the US. MailChimp is certified under the EU-US Privacy Shield framework.
If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Visit Lisburn Castlereagh. However, as this information is required for some of our service delivery or for legitimate interests, we may not be able to offer some/all our services without it.
How Long We Keep Your Data
Lisburn & Castlereagh City Council will only ever retain personal information for as long as it is necessary and we have strict review and retention policies in place to meet these obligations.
Where you have consented to us using your details for direct marketing consultation or communication purposes. You have the right to withdraw this consent at any time.
You can request that we delete/destroy data by writing to us for removal of data to our Data Protection Officer and this will be reviewed to ensure the correct procedures apply, including compliance with the law.
Notifications of changes
Any changes to this Privacy Statement will be posted on our website.
Subject Access Request
Should you wish to make a subject access request please complete the Council’s Subject Access Request form and contact:
Data Protection Officer
Lisburn & Castlereagh City Council
Lagan Valley Island
Lodging a Complaint
Visit Lisburn Castlereagh only processes your personal information in compliance with this Privacy statement and in accordance with GDPR. However if you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with our Data Protection Officer or the Information Commissioners Office:-
Data Protection Officer Information Commissioner
Lisburn & Castlereagh City Council Information Commissioners Office
Civic Headquarters 14 Cromac Place
Lagan Valley Island Belfast
BT274RL BT7 2JB
Email: firstname.lastname@example.org Email: email@example.com