Arc21 respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
What is GDPR?
New legislation governing the use of personal data by organisations, and the rights of individuals, came into force on 25 May 2018. This is the General Data Protection Regulation (GDPR), and it will apply to the United Kingdom regardless of Brexit.
It aims to standardise and strengthen the right of European citizens to data privacy. These changes are designed to help you gain a greater level of control over your data, while offering more clarity about how your data is collected and processed.
Requirements and language of the GDPR build upon existing data protection legislation, but GDPR imposes new obligations and stricter requirements on organisations.
Personal information we collect
We collect information from you to help us to provide a better service for you. GDPR applies to personal data, meaning information relating to a living individual. Examples include name, address, email address or phone number.
How we collect your personal data
You may give us your identity and contact details by filling in forms or by corresponding with us by post, phone, email or otherwise. You may also allow us to take your photograph at events which we may publish on our website or in our information materials. This includes personal data you provide when, for example, you:
apply for or receive our services;
request information to be sent to you;
enter a survey; or
give us some feedback.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform a contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
What are data controllers and data processors?
A data controller is an individual or organisation that process personal data. ARC21 is a data controller for the personal data gathered on our forms or which you provide to us.
A data subject is anyone about whom personal data is held. This may be someone signed up to hear about our events or for the purposes of providing our services.
GDPR covers all data controllers and data subjects based in the EU, so if an organisation processes the personal data of people in the EU, or is a data controller or processor established in the EU, the GDPR will apply.
Personal data may be shared between arc21 staff who are involved in providing this service and between constituent councils departments or statutory bodies with the purpose of supporting an effective delivery of service or as required by law. Your personal data will not be shared or disclosed to any other organisation without your consent or unless the law places an obligation on us to do so.
ARC21 takes appropriate measures to secure personal data and protect it from unauthorised access, use, disclosure, alteration or damage consistent with applicable data protection laws. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. ARC21 is ISO 9001:2015 certified and it is a requirement that all our employees and any third parties we engage with process your personal information in accordance with applicable data protection law.
We also have procedures in place to deal with any suspected data security breach. We will notify you and the Information Commissioner’s Office (ICO) of a suspected security breach where we are legally required to do so.
You may have a right in accordance with applicable data protection law to:
• request details of the information we hold about you and how we process it;
• have personal information rectified or deleted and to restrict our processing of that information;
• stop unauthorised transfers of your personal information to a third party;
• have personal information relating to you transferred to another organisation; and
• to lodge a complaint in relation to our processing of your personal information with the Information Commissioners Office.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform our services. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
Right to be forgotten
You have the right to request removal of personal data related to you on any one of a number of grounds, including cases where the fundamental rights of the data subject take precedence over the data controller’s interests and require protection.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by communicating with the Corporate Services Director, arc21, Belfast Castle, Antrim Road, Belfast BT15 5GR (Telephone Number 028 90 373 000 or E-mail firstname.lastname@example.org