Privacy Policy and Data Protection Statement

Introduction

This Privacy Statement explains how and why the Certification Officer (CO) processes your personal data under the Data Protection Act. It covers personal data held manually, electronically and on the website: www.nicertoffice.org.uk  

If you have a query about this Privacy Statement please contact our office by email at info@nicertoffice.org.uk

How We Use Your Personal Data

The CO collects personal data about you to fulfil his legal functions in accordance with his duties under The Industrial Relations (Northern Ireland) Order 1992 and The Trade Union and Labour Relations (Northern Ireland) Order 1995.

Categories of Data Collection

(a) Complaints & issues raised against a trade union

If you make a complaint against a trade union to the CO, the details on your application form/letters and/or emails are processed and stored electronically. Upon determination of a complaint, we will retain your correspondence for a period of three years after the conclusion of the complaint. At this point, we delete your details and any related correspondence from our files.

We retain your information for this period to allow for any appeals in a higher court and in accordance with our retention and disposal policy. The CO asks you for personal information such as your name, e-mail address, postal address, postcode, daytime and/or mobile phone number, and information about your union membership in order to progress any complaints. You may also voluntarily provide us with personal information about any special needs you may have so that we can ensure our services meet your requirements.

(b) General Enquiries

If you make an enquiry by post or email about any aspect of the CO’s powers, or a general enquiry unconnected to a complaint, your personal details are stored electronically for one year, following which your data will be erased.

(c) Financial Irregularities investigations

A financial irregularity investigation can be undertaken either leading from a complaint or the CO coming across information via other sources in delivering on our statutory duties. Any information, including personal information, e.g. home or email address, bank statements etc, are retained for three years. However should an investigation lead to a prosecution, the CO is legally obliged to share your information, if required, with other statutory bodies during the three-year retention period.

(d) Making a Freedom of Information (FOI) or Subject Access Request (SAR)

If you wish to make a FOI request or SAR, your personal contact details, and details of your request, are collated and processed for a response. The CO’s response is retained and stored electronically for a two-year period following a request.  If you wish to make a complaint to the Information Commissioner’s Office (ICO) regarding a decision on either an FOI request or SAR, the CO is legally obliged to share your case records, which includes personal data, with the ICO in order to progress your complaint. You may withdraw your complaint at any time.

(e) Sensitive Personal Information

Some of the information you provide may be sensitive personal data, such as medical information. We will only ever use such sensitive personal data where this is essential to provide advice or to ensure you can access services to meet your needs, for example reasonable adjustments to attend a hearing.

Confidentiality, Storage and Security of Personal Data

The CO views the confidentiality and privacy of service users as paramount. All personal information provided is held securely, and personal information will not be sold or traded to another organisation or company.

In order to carry out our functions and respond to enquiries effectively, we may sometimes need to share information with Government Departments, law enforcement agencies, and public authorities. However, we will only do this where permitted by law, save for the power conferred on the CO by Article 70(1)(b) of The Industrial Relations (Northern Ireland)  Order 1992.

Under Article 70(1) (a) or (b) the CO may regulate the procedure to be followed:

  1.  
    1. on any application or complaint made to him; or
    2. where his approval is sought with respect to any matter;

and, without prejudice to the generality of the power conferred by this paragraph, the provision made by the Certification Officer in exercise of that power shall include such provision as he considers appropriate for restricting the circumstances in which the identity of an individual who has made, or is proposing to make, any such application or complaint is disclosed to any person.

 

Where the CO might share personal data with an external company or service, for example printing contractors that we employ as part of our work, we will ensure that personal data that we may pass on to them will be held securely and used by them only to provide the services for which it was shared. The CO safeguards the information you provide using physical, electronic and management procedures on use of personal data.

Lawful Basis for Processing

Under data protection law, the CO must have a ‘lawful basis’ to justify the collecting, storing and use of personal data. Where sensitive personal data is used, the CO also needs to have a second lawful basis to justify the use of your sensitive data. The purpose of most activities where the CO processes personal data relates to the CO’s legal duties under the Industrial Relations (Northern Ireland) Order 1992 and the Trade Union and Labour Relations (Northern Ireland) Order 1995.  

The first lawful basis for processing personal data is necessary, under Article 6(1)(e) of the General Data Protection Regulations (GDPR), “for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the “data controller”.

Sensitive personal data may be processed as part of the CO’s powers to investigate and/or prosecute, as well as responding to Freedom of Information or Subject Access Requests. Consequently, our lawful second basis is legal under Article 9(2)(f) of the GDPR, which states; “processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity”.

Your Rights Under the Data Protection Law

You have a right to request a copy of the information the CO holds about you and to have any inaccuracies corrected. You may also have the right to have your personal information erased; to restrict our use of your personal data; and object to our processing of your personal data. Please address requests (with a return e-mail address where possible) to:


Certification Officer for Northern Ireland
4th Floor
James House
Cromac Avenue
Belfast BT7 2JA

Alternatively, by email:  info@nicertoffice.org.uk

You have the right to refer a complaint to the Information Commissioner’s Office (ICO) on matters of concern regarding your personal data. The functions of the UK independent authority is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

E-mail: casework@ico.org.uk or Telephone: 0303 123 1113

Data Transfers

Territories outside the European Economic Area (EEA) may not have laws that provide the same level of protection for personal information as those inside the EEA. However, if we process your personal information on servers or use third party service providers based in such territories, we will endeavour to ensure that your personal information be afforded the same level of protection as in the EEA.

Changes to this Privacy Statement

If this privacy statement changes in any way, we will place an updated version on our website.