East Border Region Ltd
East Border Region Ltd is committed to protecting your personal information and to being transparent about what we use it for. This Privacy Notice tells you what to expect when East Border Region Ltd collects your personal information. It has been written in accordance with the EU General Data Protection Regulation (GDPR) which came into effect on 25th May 2018, and explains the following:-
East Border Region Ltd is the Data Controller in relation to the processing activities described in sections 3, 4 and 5. This means that East Border Region Ltd decides why and how your personal information is processed. Where this Privacy Notice refers to ‘we’, ‘our’ or ‘us’, unless it mentions otherwise, it is referring to East Border Region Ltd.
East Border Region Ltd is a Local Authority led cross border network. The East Border Region comprises six Local Authorities namely; Newry, Mourne & Down District Council, Armagh, Banbridge & Craigavon Borough Council, and Ards and North Down Borough Council in Northern Ireland and Louth, Monaghan and Meath County Councils in the Republic Of Ireland and has a total population of 826,000.
East Border Region was established in 1976 to promote innovative, cross border economic development in the areas of agriculture, Industry, Commerce and Tourism and to improve the living conditions and employment prospects of those living in the region. East Border Region has been involved in the delivery of INTERREG Programmes for many years. EBR was an Implementing Agent in the INTERREG IIIA Programme administering €25 million and a Lead Partner of 13 projects in the INTERREG IVA Programme totalling €16 million. In the current INTERREG VA Programme EBR is a project partner in 6 projects totaling €74 million and performs financial and non-financial verification on 2 further projects totaling €17 million
In addition, a number of transnational projects are being developed with colleagues across Europe. East Border Region is a truly democratic, representative, transparent, multi skilled cross border organisation.
Personal data is data that relates to an identifiable living person i.e. the ‘Data Subject’. For example, this could include your:-
Special Categories of Personal Data: GDPR refers to sensitive personal data as ‘Special Categories of Personal Data’. This relates to an identifiable living person but reveals any of the following:-
We collect and process a range of personal data in order to deliver our services to our Local Authority members, our INTERREG VA project partners and our employees
To collect and use your personal information lawfully, we rely on one or more of the following legal basis:-
If you choose to withhold requested information, we may not be able to provide you with certain services.
The majority of personal information we hold, and process has been sourced directly from the data subject and on occasion indirectly from third parties. For example,
East Border Region Ltd collects and processes personal data for a number of purposes. We only collect, hold and process certain categories of personal information where it is necessary and proportionate to do so in order to deliver our services or meet a legal or regulatory requirement.
If we do not need certain categories of your personal information we will not ask for it. If we already hold categories of your personal information and do not consider it likely that we will continue to require all of it for the same purpose for which it was originally collected, we will destroy it in accordance with our Retention and Disposal Schedule.
The following personal data is collected/processed by East Border Region Ltd:
Directors of East Border Region Ltd:
Local Authority CEO’s/Advisors and Members of East Border Region Ltd Audit & Governance Committee and Members of East Border Region Ltd Members Forum:
INTERREG VA Projects:
INTERREG IVA Projects:
East Border Region Ltd Employees:
We protect your personal information by implementing appropriate and up to date technological and organisational control measures and in accordance with our internal policies and external regulatory requirements; these keep our computers, files and building secure.
All East Border Region Ltd staff PC’s and Laptops are password protected. Only authorised East Border Region Ltd staff can have access to the various types of personal information that we collect and process.
East Border Region Ltd staff use encrypted USB pens when verifying INTERREG VA claims at project partner premises.
In relation to INTERREG IVA project information we are required by European Union regulations to retain this information until December 2020 in accordance with the INTERREG IVA Programme retention policy.
All of this information is held in a secure external storage facility. This information is only held by East Border Region Ltd for the purposes of adhering to our requirements to retain INTERREG IVA documentation until December 2020. All INTERREG IVA project information will be destroyed in accordance with GDPR thereafter.
Privacy Risks
If we are planning to store or process your personal data in new ways, we will consider the risks and decide whether or not a Data Impact Assessment is required. Where the plan for new storage or processing is considered to be high risk, we will carry out a Data Impact Assessment.
If we decide that a Data Impact Assessment is not required, we will document the reasons for this decision.
Reinforcing our Data Protection standards
East Border Region Ltd staff are obliged to treat any personal data collected in full compliance with the requirements of the General Data Protection Regulation 2018. When you contact us to ask about your personal information, we will ask you to identify yourself with certain ID to enable us respond to any ‘Subject Access Request’ you may make for disclosure of your personal information, or to exercise other Data Subject rights detailed in Section 10. Verification of your identity is important in enabling us to protect your information.
We will only use and store your information for as long as it is required for the purpose for which it was originally collected. How long it will be stored for depends on the nature of the personal information, what it is being used for and sometimes, statutory legal requirements which obligate us to hold certain personal information for specified periods.
We only share information with others where there is a legal requirement to do so, to fulfil our task responsibilities, to meet employment contractual obligations, or in response to employee requests.
We do not sell or share your personal information for other organisations to use.
The General Data Protection Regulation offers Data Subjects specific rights in relation to the collection and processing of their personal data. In order to exercise any of these rights, please contact our Data Protection Officer as explained in section 12 of this document. We can assist you with the following:
Being informed about what information we process (Right to be Informed) We will inform you about what personal information we collect and process through this Privacy Notices and direct communication with you.
Accessing your personal information (Right of Access)
You may ask us for a copy of the personal information we hold relating to you, and how we collect, share and use your personal information. This will be provided free of charge unless the request is considered to cause an excessive administrative burden. A request to obtain a copy of the personal information we hold regarding you, known as a ‘Subject Access Request’, can include both hard copy and electronic records. Your request will be processed, and the information provided to you within 1 calendar month from the date of receiving the request. We will require proof of identify and address before we can release this information.
Updating and correcting your personal information (Right to Rectification)
You may ask us to update / correct personal information we hold about you that is inaccurate or incomplete. It is your responsibility to ensure that all personal data provided to us is accurate and complete, and if it changes you must let us know as soon as possible.
Deleting your personal information (Right to Erasure also known as the Right to be Forgotten)
You may ask us to delete or destroy your personal information. In some cases, we will retain your information where it is required for legal purposes.
Restricting your personal information (Right to Restriction)
You may request us to restrict the processing of your personal information if for example you consider the data is inaccurate or that the processing is unlawful, but you do not want us to erase your data. We may continue to process your personal data where you provide consent to such processing, it is necessary for legal purposes or in the public interest.
Removing your consent (Right to Object)
You can change your mind whenever you give us your consent, for example to receive direct communications or marketing, or to enable us use your sensitive information, such as medical data in the case of employment. We will provide you with information on the actions we have taken if you remove your consent or object to us continuing to process your personal information.
Moving your information (Right to Portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. Where possible, we will share a digital copy of your personal information directly with you or another organisation.
Right not to be subject to automated decision-making including profiling
We do not currently use automated decision-making in relation to any personal data you may provide. Should East Border Region Ltd decide to do so in the future, it will not be used without human intervention to enable the expression and consideration of individual views. This will ensure that no decision is taken regarding you based solely on an automated process.
To enable us effectively to deliver our services to you, we need you to do the following:
These actions on your part will enable us to ensure that your personal information is accurate and kept up to date.
If you wish to obtain a copy of your personal information, i.e. submit a Subject Access Request or require any other information / assistance in relation to this Privacy Notice and your rights, please contact the East Border Region Ltd Data Protection Officer as follows:
Data Protection Officer
East Border Region Ltd
2 Monaghan Court
Monaghan St
Newry
BT35 6BH
Email: sharon@eastborderregion.com
Tel: 0044 (0)28 3025 2684
East Border Region Ltd endeavours to meet the highest standards when collecting and using your personal information and in doing so, encourages people to bring to our attention if they think that the collection or use of their personal information is considered to be unfair or inappropriate.
If you wish to make a complaint regarding the way we have collected or processed your personal information, please contact our Data Protection Officer by telephone, written or email correspondence.
Data Protection Officer’s contact details:
Data Protection Officer
East Border Region Ltd
2 Monaghan Court
Monaghan St
Newry
BT35 6BH
Email: sharon@eastborderregion.com
Tel: 0044 (0)28 3025 2684
Please be assured that all complaints received will be fully investigated. To enable us address your complaint quickly and effectively resolve it, we ask that you provide us with as much information as possible.
If you are dissatisfied with the Data Protection Officer’s findings in relation to your complaint, you have the right to complain to either the Data Protection Commission in Ireland or the Information Commissioner’s Office in the UK.
Information Commissioner’s Office, UK contact details:
Information Commissioner’s Officer
Wycliffe House
Water Lane
Wilmslow Cheshire England
SK9 5AF
Email: casework@ico.org.uk
Tel: 0044 (0)303 123 1113
www.ico.org.uk
Data Protection Commission, Ireland contact details:
Data Protection Commission
Canal House
Station Road
Portarlington
Co Laois R32 AP23
Email: info@dataprotection.ie
Tel: 00353 (0761) 104 800
www.dataprotection.ie
Dublin office:
Data Protection Commission
21 Fitzwilliam Square
Dublin 2 D02 RD28
The EU General Data Protection Regulation provides a one stop shop (OSS) to apply for organisations established in the European Union that are engaged in cross-border processing of personal data. This allows East Border Region Ltd as a cross-border body to deal with a single Lead Supervisory Authority (LSA), in this case the Information Commissioner’s Office UK, since our main establishment i.e. our headquarters is located in Northern Ireland. The Information Commissioner’s Office UK will liaise with the Data Protection Commission in Ireland regarding complaints relating to East Border Region’s data processing activities where these substantially affect or are likely to substantially affect a Data Subject residing in Ireland.
We will amend this Privacy Notice from time to time to ensure it continues to reflect how and why East Border Region Ltd as an organisation collects and uses personal data. The current version will always be posted on our website www.eastborderregion.com
Note: This East Border Region Ltd GDPR Privacy Notice was last updated on 19th September 2018
East Border Region Ltd’s website may contain links to other websites (“Third-Party Websites”) which are outside of our control and therefore not covered by this Privacy Notice. If you access Third- Party Websites using the links provided, the operators of such sites may collect information from you which will be used by them in accordance with their own Privacy Notices / Policies. We encourage you to review the Privacy Notices / Policies of those Third-Party Websites so that you understand if / how they collect and / or use information from you or your computer.