GDPR Compliance Statement

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.

Link to regulation

The Rural Centre places a high importance on information security.

Our GDPR principles
we will process all personal data fairly and lawfully
we will only process personal data for specified and lawful purposes
we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
we will not keep personal data for longer than is necessary
we will keep all personal data secure
we will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection

GDPR compliance
We continually review and updatare all our internal processes, procedures, data systems and documentation in order to help ensure that we compy to GDPR as a controller and processor of data.

We will implement the relevant policies and practices to ensure we protect any data handled by The Rural Centre for its employees, clients, suppliers, partners and stakeholders, specifically including the following:

employees will be made aware of the GDPR and restrictions and obligations within it as may be relevant to them, with the relevant training provided as necessary.

suppliers who process personal data on behalf of The Rural Centre will be asked to provide details of their state of compliance with GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations.

Our GDPR actions to date
we have appointed a Data Protection Officer
we maintain a log of GDPR compliance work
we continually review and updatate our policies
we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently on the basis of consent and contract
we have introduced legitimate interest assessments where we rely on legitimate interest as the lawful basis for processing any personal data
we will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice 

What information do we collect?
We collect contact details such as name, job title, organisation, addresss, email and telephone numbers etc  though:

registration forms from meeting/ seminar/workshop/ EU Projects 
when you contact us by telephone, email or other means of communication for information on EU policies, programmes, training, workshops, events, European Projects that we organise or participate in
registration to receive newsletters or any for our service so we can respond to your request using the communication method you have provided us
emails correspondence, notes from phone calls and face-to-face meetings as a record of information, support or a service we have provided to you
we collect passport details if you are participating in an event that requires a travel such as a flight so we comply to airline requirements for booking. These details are only held for aas long as required for travel
photographs, video and/or sound recordings of events, training sessions, European projects for use in printed and electronic media, for promotional and archival purposes.
if you apply for a job or volunteer post we collect your personal contact details and employment history, as well as equality monitoring information and unspent criminal convictions (where applicable) in completing job applications and pre-employment checks.

How we collect your personal data

When you register to attend an event such as a conference or training session
When you register to receive and email alert or newslettter 
When you contact us for advice or support
When you attend an event we have organised or participate in
When you visit our websites (eurolink-eu.net)
When you complete one of our surveys
When you apply for a job or volunteer with us
When you participate in a study vist, EU Project that requires travel such as flight or accommodation

Information we collect about you from other sources

Website Cookies: A session cookie to store your session id, this cookie is unique to your visit and is required for logging into the site or using the information and dowloadable docuents on the site.

Google Analytics: We use Google Analytics, a popular web analytics service provided by Google Inc. Google uses cookies to collect and analyse information about how the website is used. Google undertakes not to associate your IP address with other data held by Google. Find out more about Google Analytics here.

standard internet log: information such as your IP address and visitor behaviour patterns. We use Google Analytics to analyse website traffic. You can get more information about Google’s security and privacy principles here and control how your information is used by Google (e.g. for ad personalisation) here.

This privacy notice does not cover any websites linked to from within our own websites

We use your personal information to:

manage registration and attendance at training, workshops, events, EU Projects and study visits and to evaluate feedback afterwards
gather and analyse statistics around email opening and website traffic to help us improve our online services
maintain records of services, advice or support that we have provided to you
To book travel such as flights and accommodation to participate in study visits, EU Projects and any events that require travel and/ or accommodation

We use the following lawful bases to process personal data:

Where it is in our legitimate interest to provide confirmations or updates about products or services we provide you with, such as fulfilling your request to attend events, participate in training courses, or help you with advice and support.
Where you have registered to receive an email alert or newsletter where you can unsubscribe at any time from the email itself or by contacting us.
Where we have legal obligations under UK or EU law, such as fraud prevention, the exercise of consumer rights, and under equal opportunity responsibilities

We do not regularly share personal data with other people or organisations without your consent except in the following circumstances:

To act as a representative membership body we may from time to time share limited personal information (name, organisation, job role and email address) about you in your role as a specialist or policy officer to other organisations such as government bodies, media contacts or other community and voluntary sector groups. We do this where we determine that it is within our legitimate interests and of benefit to you in your professional capacity, and the impact on your privacy is limited. In other circumstances we will seek your consent before doing this.

Data security and retention

We minimise the amount of personal data we keep about you and the period of time we hold it for.

In some cases, we retain records for the length of time that we are legally obliged to do so (for example, invoices, payment information, job application and monitoring information, minutes of general meetings and trustee decisions). In other cases, we apply our retention schedule when we no longer require personal data and ensure its secure deletion or disposal.

We make sure that we don’t collect more personal information than we need in order to carry out our activities and review our practices regularly.

When we use third party services and cloud services to process personal data we take due diligence to make sure that they are reputable and have appropriate data protection practices.

The General Data Protection Regulation provides the following rights to you:

The right to be informed about the processing of your personal information
The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
The right to object to processing of your personal information
The right to restrict processing of your personal information
The right to have your personal information erased (the “right to be forgotten”)
The right to request access to your personal information and to obtain information about how we process it
The right to move, copy or transfer your personal information (“data portability”)
Rights in relation to automated decision-making which has a legal effect or otherwise significantly affects you

Contact us
Should you require any further information about our GDPR policies please contact us using the details below:

Data Protection Manager
The Rural Centre
The Old Primary School
4 Augher Road
Clogher
Co Tyrone BT76 0AD

Tel: +44 (0) 2885549606
email: europedirect@eurolink-eu.net

The Rural Centre is a company ltd by Gtee NI45661 with Charitable Status NIC105690