GDPR Compliance Statement
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.
What information does the GDPR apply to?
The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller.
The Rural Centre places a high importance on information security.
Our GDPR principles
we will process all personal data fairly and lawfully
we will only process personal data for specified and lawful purposes
we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
we will not keep personal data for longer than is necessary
we will keep all personal data secure
we will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA)
We continually review and updatare all our internal processes, procedures, data systems and documentation in order to help ensure that we compy to GDPR as a controller and processor of data.
We will implement the relevant policies and practices to ensure we protect any data handled by The Rural Centre for its employees, clients, suppliers, partners and stakeholders, specifically including the following:
employees will be made aware of the GDPR and restrictions and obligations within it as may be relevant to them, with the relevant training provided as necessary.
suppliers who process personal data on behalf of The Rural Centre will be asked to provide details of their state of compliance with GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations.
Our GDPR actions to date
we have appointed a Data Protection Officer
we maintain a log of GDPR compliance work
we continually review and updatate our policies
we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently on the basis of consent and contract
we have introduced legitimate interest assessments where we rely on legitimate interest as the lawful basis for processing any personal data
we will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice
How we collect your personal data
- When you register to attend a meeting/ event/ workshop/ training
- When you register to receive email alerts or newslettters
- When you contact us by telephone, email or other means
- When you visit our websites (eurolink-eu.net)
- When you complete an evaluation or survey
- When you apply for a job or volunteer with us
- When you participate in a study vist, EU Project or other activity
The information we collect and why we collect it
- Name, job title, organisation, addresss, email and telephone numbers etc so we can respond to your requests for information using the communication method you have provided/ to manage registration and attendance at training/ workshops. events.
- Name, job title, organisation, addresss, email and telephone numbers etc to gather feedback through evaluations and surveys after events to improve our services.
- Notes and minutes from phone calls and face-to-face meetings as a record of information, support or a service we have provided to you
- Passport details if you are participating in an event that requires flights and/ or accommodation so we comply to service providers booking requirements. These details are only held for as long as required for travel.
- Photographs, video and/or sound recordings of events, training sessions etc. for use in printed and electronic media as evidence of activities for funders, for promotional and archival purposes.
- If you apply for a job or volunteer post we collect your personal contact details and employment history, as well as equality monitoring information and unspent criminal convictions (where applicable) in completing job applications and pre-employment checks.
- Gather and analyse statistics around emails, social media and website traffic to help us improve our online services
Information we collect about you from other sources
Website Cookies: A session cookie to store your session id, this cookie is unique to your visit and is required for logging into the site or using the information and dowloadable docuents on the site.
Standard internet log: information such as your IP address and visitor behaviour patterns. We use Google Analytics to analyse website traffic. You can get more information about Google’s security and privacy principles here and control how your information is used by Google (e.g. for ad personalisation) here.
This privacy notice does not cover any websites linked to from within our own websites
We use the following lawful bases to process personal data:
Where it is in our legitimate interest to provide confirmations or updates about products or services we provide you with, such as fulfilling your request to attend events, participate in training courses, or help you with advice and support.
Where you have registered to receive an email alert or newsletter where you can unsubscribe at any time by contacting us.
Where we have legal obligations under UK or EU law, such as fraud prevention, the exercise of consumer rights, and under equal opportunity responsibilities
We do not regularly share personal data without your consent except in the following circumstances:
Any personal data you give us will be held securely and in accordance with data protection rules and principles. Your personal details will be treated as private and confidential, and will only be retained for as long as is necessary in line with our retention policy. The information will be safeguarded and will not be disclosed to anyone not connected to The Rural Centre unless:
- You have agreed to its release
- If The Rural Centre is legally bound to disclose the information
- The Rural Centre regards disclosure as necessary in order to properly carry out its statutory functions
The Rural Centre may also disclose information or personal data to other relevant public authorities where it is lawful to do so and where, for the purposes of national security, law enforcement, or other issues of overriding public interest, such disclosure is necessary.
We will ensure that any disclosure made for this purpose is lawful, fair, considers your right to privacy and is made only to serve the Commission’s statutory objectives as a regulator.
Data security and retention
We ensure we collect only the personal data we need to in order to carry out our activities and retain it as long as is necessary in line with our retention policy.
In some cases, we retain records for the length of time that we are legally obliged to do so (for example, invoices, payment information, job application and monitoring information, minutes of general meetings and trustee decisions). In other cases, when an activiy such as travel has been completed we ensure the secure deletion and disposal of personal data.
When we use third party services and cloud services to process personal data we take due diligence to make sure that they are reputable and have appropriate data protection practices.
The General Data Protection Regulation provides the following rights to you:
To be informed about the processing of your personal information
To have your personal information corrected if it is inaccurate and to have incomplete personal information completed
To object to processing of your personal information
To restrict processing of your personal information
To have your personal information erased (the “right to be forgotten”)
To request access to your personal information and to obtain information about how we process it
To move, copy or transfer your personal information (“data portability”)
Rights in relation to automated decision-making which has a legal effect or otherwise significantly affects you
Should you require any further information about our GDPR policies please contact us using the details below:
Data Protection Manager
The Rural Centre
The Old Primary School
4 Augher Road
Co Tyrone BT76 0AD
Tel: +44 (0) 2885549606
The Rural Centre is a company ltd by Gtee NI45661 with Charitable Status NIC105690