East Border Region Ltd

East Border Region Ltd is committed to protecting your personal information and to being transparent about what we use it for. This Privacy Notice tells you what to expect when East Border Region Ltd collects your personal information. It has been written in accordance with the EU General Data Protection Regulation (GDPR) which came into effect on 25th  May 2018, and explains the following:-

1. Who we are

  1. What is Personal Data /information
  2. Why we collect your personalinformation
  3. Where we get your personal informationfrom
  4. What categories of Personal Data wecollect
  5. How we keep your information safe and where it isstored
  6. How long we hold your personalinformation
  7. Who we share your personal informationwith
  8. Your personal information rights as the ‘DataSubject’
  9. Your responsibilities as the ‘DataSubject’
  10. Contact details for our Data ProtectionOfficer
  11. How to make a Data ProtectionComplaint
  12. Role of the Information Commissioner’s Office UK and the Data Protection Commission in Ireland
  13. Updates to this PrivacyNotice
  14. Links to otherwebsites
  1. Who we are

East Border Region Ltd is the Data Controller in relation to the processing activities described in sections 3, 4 and 5. This means that East Border Region Ltd decides why and how your personal information is processed. Where this Privacy Notice refers to ‘we’, ‘our’ or ‘us’, unless it mentions otherwise, it is referring to East Border Region Ltd.

East Border Region Ltd is a Local Authority led cross border network. The East Border Region comprises six Local Authorities namely; Newry, Mourne & Down District Council, Armagh, Banbridge & Craigavon Borough Council, and Ards and North Down Borough Council in Northern Ireland and Louth, Monaghan and Meath County Councils in the Republic Of Ireland and has a total population of 826,000.

East Border Region was established in 1976 to promote innovative, cross border economic development in the areas of agriculture, Industry, Commerce and Tourism and to improve the living conditions and employment prospects of those living in the region. East Border Region has been involved in the delivery of INTERREG Programmes for many years. EBR was an Implementing Agent in the INTERREG IIIA Programme administering €25 million and a Lead Partner of 13 projects in the INTERREG IVA Programme totalling €16 million. In the current INTERREG VA Programme EBR is a project partner in 6 projects totaling €74 million and performs financial and non-financial verification on 2 further projects totaling €17 million

In addition, a number of transnational projects are being developed with colleagues across Europe. East Border Region is a truly democratic, representative, transparent, multi skilled cross border organisation.

  1. What is Personal Data

Personal data is data that relates to an identifiable living person i.e. the ‘Data Subject’. For example, this could include your:-

  •     Name
  •     Address
  •     Phone number
  •     Date of Birth
  •     Bank Details
  •     Email Address

Special Categories of Personal Data: GDPR refers to sensitive personal data as ‘Special Categories of Personal Data’. This relates to an identifiable living person but reveals any of the following:-

  •          Race or ethnicity
  •          Political opinions
  •          Religious or similar beliefs or other beliefs
  •          Physical or mental health
  •          Genetic data
  •          Sexual orientation
  •          Trade union membership
  •          Biometrics (where used for ID purposes)
  1. Why we collect your personal information

We collect and process a range of personal data in order to deliver our services to our Local Authority members, our INTERREG VA project partners and our employees

To collect and use your personal information lawfully, we rely on one or more of the following legal basis:-

  • Your consent
  • Performance of a contract
  • Compliance with a legal obligation

If you choose to withhold requested information, we may not be able to provide you with certain services.

  1. Where we get your personal information from?

The majority of personal information we hold, and process has been sourced directly from the data subject and on occasion indirectly from third parties. For example,

  • When you provide it directly to us through membership of East Border Region Ltd e.g. Company Directors/Board Members, Members Forum reps, Audit & Governance Committee members, staff of member Local Authorities
  • When it is provided to us through our financial and non-financial verification role within the INTERREG Programme
  • When you apply for a job with us and thereafter during the course of your employment.
  1. What categories of Personal Data we collect?

East Border Region Ltd collects and processes personal data for a number of purposes. We only collect, hold and process certain categories of personal information where it is necessary and proportionate to do so in order to deliver our services or meet a legal or regulatory requirement.

If we do not need certain categories of your personal information we will not ask for it. If we already hold categories of your personal information and do not consider it likely that we will continue to require all of it for the same purpose for which it was originally collected, we will destroy it in accordance with our Retention and Disposal Schedule.

The following personal data is collected/processed by East Border Region Ltd:

Directors of East Border Region Ltd:

  • Full Name
  • Postal Address
  • Contact Telephone Numbers
  • Email Address
  • Date of Birth
  • Passport Details
  • Register of Interests
  • Security clearance information (eye colour, mothers maiden name etc)

Local Authority CEO’s/Advisors and Members of East Border Region Ltd Audit & Governance Committee and Members of East Border Region Ltd Members Forum:

  • Full Name
  • Postal Address
  • Email Address
  • Contact Telephone Numbers

INTERREG VA Projects:

  • Full Name
  • Postal Address
  • Email Address
  • Contact Telephone Numbers
  • Project relevant bank statements
  • Project relevant employee payslips
  • Project relevant credit card statements
  • Project relevant minutes/reports/attendance sheets/timesheets/claim forms

INTERREG IVA Projects:

  • Claim Information (including copies of all relevant salary information, invoices etc)
  • Minutes of project meetings
  • Project Progress reports
  • Project relevant minutes/reports/attendance sheets/timesheets/claim forms
  • Project Publicity Information
  • Project Evaluations

East Border Region Ltd Employees:

  • Full Name
  • Postal Address
  • Email Address
  • Contact Telephone Numbers
  • Job Application
  • National Insurance Number
  • Bank Account Details
  • Pension Details
  1. How we keep your information safe and where it is stored?

We protect your personal information by implementing appropriate and up to date technological and organisational control measures and in accordance with our internal policies and external regulatory requirements; these keep our computers, files and building secure.

All East Border Region Ltd staff PC’s and Laptops are password protected. Only authorised East Border Region Ltd staff can have access to the various types of personal information that we collect and process.

East Border Region Ltd staff use encrypted USB pens when verifying INTERREG VA claims at project partner premises.

In relation to INTERREG IVA project information we are required by European Union regulations to retain this information until December 2020 in accordance with the INTERREG IVA Programme retention policy.

All of this information is held in a secure external storage facility. This information is only held by East Border Region Ltd for the purposes of adhering to our requirements to retain INTERREG IVA documentation until December 2020. All INTERREG IVA project information will be destroyed in accordance with GDPR thereafter.

Privacy Risks

If we are planning to store or process your personal data in new ways, we will consider the risks and decide whether or not a Data Impact Assessment is required. Where the plan for new storage or processing is considered to be high risk, we will carry out a Data Impact Assessment.

If we decide that a Data Impact Assessment is not required, we will document the reasons for this decision.

Reinforcing our Data Protection standards

East Border Region Ltd staff are obliged to treat any personal data collected in full compliance with the requirements of the General Data Protection Regulation 2018. When you contact us to ask about your personal information, we will ask you to identify yourself with certain ID to enable us respond to any ‘Subject Access Request’ you may make for disclosure of your personal information, or to exercise other Data Subject rights detailed in Section 10. Verification of your identity is important in enabling us to protect your information.

  1. How long we hold your personal information?

We will only use and store your information for as long as it is required for the purpose for which it was originally collected. How long it will be stored for depends on the nature of the personal information, what it is being used for and sometimes, statutory legal requirements which obligate us to hold certain personal information for specified periods.

  1. Who we share your information with?

We only share information with others where there is a legal requirement to do so, to fulfil our task responsibilities, to meet employment contractual obligations, or in response to employee requests.

We do not sell or share your personal information for other organisations to use.

  1. Your personal information rights as the ‘Data Subject’

The General Data Protection Regulation offers Data Subjects specific rights in relation to the collection and processing of their personal data. In order to exercise any of these rights, please contact our Data Protection Officer as explained in section 12 of this document. We can assist you with the following:

Being informed about what information we process (Right to be Informed) We will inform you about what personal information we collect and process through this Privacy Notices and direct communication with you.

Accessing your personal information (Right of Access)

You may ask us for a copy of the personal information we hold relating to you, and how we collect, share and use your personal information. This will be provided free of charge unless the request is considered to cause an excessive administrative burden.    A request to obtain a copy of the   personal information we hold regarding you, known as a ‘Subject Access Request’, can include both hard copy and electronic records. Your request will be processed, and the information provided to you within 1 calendar month from the date of receiving the request. We will require proof of identify and address before we can release this information.

Updating and correcting your personal information (Right to Rectification)

You may ask us to update / correct personal information we hold about you that is inaccurate or incomplete. It is your responsibility to ensure that all personal data provided to us is accurate and complete, and if it changes you must let us know as soon as possible.

Deleting your personal information (Right to Erasure also known as the Right to be Forgotten)

You may ask us to delete or destroy your personal information. In some cases, we will retain your information where it is required for legal purposes.

Restricting your personal information (Right to Restriction)

You may request us to restrict the processing of your personal information if for example you consider the data is inaccurate or that the processing is unlawful, but you do not want us to erase your data. We may continue to process your personal data where you provide consent to such processing, it is necessary for legal purposes or in the public interest.

Removing your consent (Right to Object)

You can change your mind whenever you give us your consent, for example to receive direct communications or marketing, or to enable us use your sensitive information, such as medical data in the case of employment.  We will provide you with information on the actions we have taken if you remove your consent or object to us continuing to process your personal information.

Moving your information (Right to Portability)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format.  Where possible, we will share a digital copy   of your personal information directly with you or another organisation.

Right not to be subject to automated decision-making including profiling

We do not currently use automated decision-making in relation to any personal data you may provide. Should East Border Region Ltd decide to do so in the future, it will not be used without human intervention to enable the expression and consideration of individual views. This will ensure that no decision is taken regarding you based solely on an automated process.

  1. Your responsibilities as the ‘Data Subject’

To enable us effectively to deliver our services to you, we need you to do the following:

  • Firstly, ensure that you provide us with accurate information.
  • Inform us in writing as soon as possible if there are any changes required regarding the personal information you have previously provided.
  • Inform us in writing as soon as possible if you notice mistakes or inaccuracies in the information we hold regarding you.

These actions on your part will enable us to ensure that your personal information is accurate and kept up to date.

  1. Contact details for our Data Protection Officer

If you wish to obtain a copy of your personal information, i.e. submit a Subject Access Request or require any other information / assistance in relation to this Privacy Notice and your rights, please contact the East Border Region Ltd Data Protection Officer as follows:

Data Protection Officer

East Border Region Ltd

2 Monaghan Court

Monaghan St

Newry

BT35 6BH

Email: sharon@eastborderregion.com

Tel: 0044 (0)28 3025 2684

  1. How to make a Data Protection Complaint

East Border Region Ltd endeavours to meet the highest standards when collecting and using your personal information and in doing so, encourages people to bring to our attention if they think that the collection or use of their personal information is considered to be unfair or inappropriate.

If you wish to make a complaint regarding the way we have collected or processed your personal information, please contact our Data Protection Officer by telephone, written or email correspondence.

Data Protection Officer’s contact details:

Data Protection Officer

East Border Region Ltd

2 Monaghan Court

Monaghan St

Newry

BT35 6BH

Email: sharon@eastborderregion.com

Tel: 0044 (0)28 3025 2684

Please be assured that all complaints received will be fully investigated. To enable us address your complaint quickly and effectively resolve it, we ask that you provide us with as much information as possible.

  1. Role of the Information Commissioner’s Office UK and the Data Protection Commission in Ireland

If you are dissatisfied with the Data Protection Officer’s findings in relation to your complaint, you have the right to complain to either the Data Protection Commission in Ireland or the Information Commissioner’s Office in the UK.

Information Commissioner’s Office, UK contact details:

Information Commissioner’s Officer

Wycliffe House

Water Lane

Wilmslow Cheshire England

SK9 5AF

Email: casework@ico.org.uk

Tel:     0044 (0)303 123 1113

www.ico.org.uk

Data Protection Commission, Ireland contact details:

Data Protection Commission

Canal House

Station Road

Portarlington

Co Laois R32 AP23

Email: info@dataprotection.ie

Tel:         00353 (0761) 104 800

www.dataprotection.ie

Dublin office:   

Data Protection Commission

21 Fitzwilliam Square

Dublin 2 D02 RD28

The EU General Data Protection Regulation provides a one stop shop (OSS) to apply for organisations established in the European Union that are engaged in cross-border processing of personal data. This allows East Border Region Ltd as a cross-border body to deal with a single Lead Supervisory Authority (LSA), in this case the Information Commissioner’s Office UK, since our main establishment i.e. our headquarters is located in Northern Ireland.  The Information   Commissioner’s Office UK will liaise with the Data Protection Commission in Ireland regarding complaints relating to East Border Region’s data processing activities where these substantially affect or are likely to substantially affect a Data Subject residing in Ireland.

  1. Updates to this Privacy Notice

We will amend this Privacy Notice from time to time to ensure it continues to reflect how and why East Border Region Ltd as an organisation collects and uses personal data. The current version will always be posted on our website www.eastborderregion.com

Note: This East Border Region Ltd GDPR Privacy Notice was last updated on 19th September 2018

  1. Links to other websites

East Border Region Ltd’s website may contain links to other websites  (“Third-Party Websites”) which  are outside of our control and therefore not covered by this Privacy Notice. If you access Third- Party Websites using the links provided, the operators of such sites may collect information from you which will be used by them in accordance with their own Privacy Notices / Policies. We encourage you to review the Privacy Notices / Policies of those Third-Party Websites so that you understand if / how they collect and / or use information from you or your computer.

Join Our Newsletter

Sign up below to receive monthly newsletters.

Read our privacy policy for more info.