Being transparent and providing accessible information to individuals about how we may use personal data is a key element of the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
The Department for the Economy (DfE) is committed to building trust and confidence in our ability to process your personal information in line with these requirements.
Data Controller Name: Department for the Economy (DfE)Netherleigh
Telephone: 028 9052 9900
Data Protection Officer Name: Bernard McCaughan
Telephone: 028 9052 9900
Description of our processing
The Department processes personal data in a number of ways in order to carry out its functions.
Its Strategic Objectives are to:
- Accelerate innovation and research
- Enhance education, skills and employability
- Drive inclusive, sustainable growth
- Succeed in global markets
- Build the best economic infrastructure
- Deliver a regulatory environment that optimises economic opportunities for business and commerce, while also protecting consumers and workers
- Ensure the Department has effective governance and manages its resources, both financial and staff
To understand how your own personal information is processed you can refer to communications you receive from us, check any specific privacy notices we have provided, for example on our website or contact us at firstname.lastname@example.org.
In order to comply with data protection legislation, we must have a lawful basis for processing any personal data and at least one of the following must apply:
- Consent: an individual must give clear consent for us to process their personal data and then only for a specific purpose
- Contract: the processing is necessary for a contract the Department has with an individual, or because they have asked the individual to take specific steps before entering into a contract
- Legal obligation: the processing is necessary for the Department to comply with the law (not including contractual obligations)
- Vital interests: the processing is necessary to protect someone’s life
- Public task: the processing is necessary for the Department to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
The processing that this Department carries out is most likely to fall under Public Task or Legal Obligation.
Why we might need to process your information
Examples of why we might need to process your personal data include:
- corresponding with you
- delivering our services
- complying with various legislative requirements
- enforcing various legislative requirements
- complying with EU Programme requirements
- maintaining our accounts and records and transferring data between NICS Departments
- carrying out audits and fraud investigations
- carrying out data matching under the national fraud initiative
- for statistical and research purposes
- using CCTV systems
- supporting and managing our employees
Please see our business area privacy notices for more information.
What types of personal information we process
We process information relevant to our various functions. This may include:
- personal details including IP addresses
- family details
- education, training and employment details
- financial details
- details of lifestyle and social circumstances
- visual images
- responses to consultations
We also process classes of information which are sensitive. Sensitive data includes:
- racial or ethnic origin
- political opinions
- religious or similar beliefs
- union membership
- criminal offences, allegations and proceedings
- physical or mental health
- sexual life
Personal data collected through this website
The Department collects three kinds of information from visitors to this website:
- feedback (through visitors emailing us)
- customer satisfaction surveys (via optional online surveys)
If you email us from this website we will keep a record of your message for a maximum of three months after the conclusion of correspondence, for reference and audit purposes, after which it will be deleted.
Who is the information processed about?
We process personal information about:
- you, in relation to Departmental functions and in order to correspond with you
- departmental and other employees
- professional experts and consultants
- Departmental suppliers
- individuals captured by CCTV images
Who is the information shared with?
We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the DPA.
The types of organisations we may need to share personal information with, for one or more reasons
Where necessary or required, we may share information with other organisations for the reasons included above in the "Why we might need to process your information" section. Some examples of the organisations we may have to share your information with include:
- suppliers, service providers, legal representatives
- auditors and audit bodies
- people making an enquiry or complaint
- financial organisations
- professional advisers and consultants
- central and local government
- voluntary and charitable organisations
- police forces
- security organisations
We may need to share information for more than one reason and not all of your personal information may need to be shared each time. We aim to ensure that the personal information shared and the instances of sharing are limited to what is needed for the specific purpose and in line with the DPA.
It may sometimes be necessary to transfer personal information outside the UK. When this is needed information may be transferred to countries or territories around the world. However any transfers must be made in full compliance with all aspects of the DPA.
Retention of records
The Department will ensure that personal data is kept no longer than necessary. It manages records effectively from when they are created, including how they are stored and used, through to their destruction or archiving. The disposal of records is determined by the Department’s retention and disposal of records schedule.
What rights do you have?
There are a number of rights available under data protection legislation:
- You have the right to obtain confirmation that your data is being processed, and access to your personal data
- You are entitled to have personal data rectified if it is inaccurate or incomplete
- You have a right to have personal data erased and to prevent processing, in specific circumstances
- You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
- You have the right to data portability, in specific circumstances
- You have the right to object to the processing, in specific circumstances
- You have rights in relation to automated decision making and profiling
However, not all of these rights apply to personal data processed by this Department.
Details of how your personal data is used to carry out specific Departmental functions is available at:
How to complain if you are not happy with how we process your personal information
If you are unhappy with any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer at the address above.
If you are remain unhappy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):Information Commissioner’s Office
Tel: 0303 123 1113