Privacy Policy

InterTradeIreland (referred to as we, us or our in this processing notice) is the cross-border Trade and Business Development Body funded by the Department of Enterprise, Trade and Employment (DETE) in Ireland and the Department for the Economy (DFE) in Northern Ireland. Our statutory function is to support businesses, through innovation and trade initiatives, to take advantage of North/South co-operative opportunities to improve capability, and drive competitiveness, growth, and jobs.

InterTradeIreland recognises its responsibility and is committed to respecting your privacy and protecting the personal data you share with us through compliance with GDPR and UK Data Protection Legislation. This Privacy Notice aims to tell you how InterTradeIreland collects and processes personal data about you through your interaction with the website, our social media pages and other circumstances where this policy is hyperlinked (such as job opportunity pages and processes), how this personal data is used and stored, with whom it may be shared, and your rights as the data subject regarding your personal data. It is important that you read this processing notice so that you are fully aware of how and why we are using your data.

InterTradeIreland website may contain links to other government and non-government websites, plug-ins, and applications. If you follow a link to any of these websites, the operators of these sites may collect or share information about you, which will be used by them in accordance with their own Privacy Policy. We encourage you to review the privacy policy before you submit any personal data to those linked websites. We do not accept any responsibility or liability for other organisations’ policies.

The Trade and Business Development Body (InterTradeIreland) is the controller of, and is responsible for, your personal data. We are registered with the Information Commissioners Office (ICO) as a Controller for the personal data that we process. Our Registration Number is: ZA510290 and our registered address is:

The Trade and Business Development Body
InterTradeIreland
Kilmorey Street
Newry
County Down
BT34 2DE

If you have any questions about this processing notice (including any requests to exercise any of your legal rights) please contact our Data Protection Officer at either the above address or by email at: dpo@intertradeireland.com

Personal Data means any information or data about a living person i.e. the “Data Subject” from which that person can be identified. InterTradeIreland may collect, use, store, transfer and otherwise process personal data about you, which we have grouped together as follows:

• Identity Data includes first name, last name, image, online username or similar identifier, title, date of birth and gender
• Contact Data includes email address, physical address, and telephone numbers
  
• Financial Data includes bank account and payment card details
  
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
  
• Usage Data includes information about how you use our website and services
  
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences
  
• Accessibility and Health and Safety Data includes information about your health and genetic and biometric data
  

Other than Accessibility and Health and Safety Data, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership) through use of the website or when otherwise dealing with or concerning you. Nor do we collect any information about criminal convictions and offences.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We use different methods to collect personal data from and about you. The ways we collect it, what we collect and how and why we use that personal data is set out below.

We may collect information about you when you:

• Engage with us by telephone, by post/email, in person
• Visit our website or other digital platforms
  
• Complete an enquiry, questionnaire, survey or contact request
  
• Register to attend a webinar, workshop, an event such as a conference or exhibition, or other similar events
  
• Participate in photographic and video recording at our online or physical events
  
• Request access to our programmes and services
  

The nature of the personal data we collect about you may include your name, company name, email address, mailing address, telephone number, business plans, bank details, payslips, and CV’s. This list is not exhaustive. We hold these details only if deemed relevant to the specific programme/assistance we are providing to you.

We capture personal data through Closed-circuit television (CCTV) installed for maintaining the security of our premises and for preventing and investigating crime.

We collect and process the personal data:

• To fulfil our legal and regulatory obligations
• To carry out our statutory function as a public body
  
• To deliver our services to clients who engage with us
  
• As an employer in respect of job applicants, and our current/former employees
  
• To provide you with information, products, or services that you request from us
  
• To carry out our obligations arising from any contracts entered into between you and us
  
• To notify you about changes to our service
  

The UK GDPR requires all organisations that process personal data to have a Lawful Basis for doing so. In order to collect and use your personal information lawfully, InterTradeIreland may rely on one or more of the following Legal Bases:

• Consent
• Performance of a contract or steps to enter into a contract
  
• Compliance with a legal obligation
  
• To protect the vital interests of the data subject or another person
  
• Performance of a task carried out in the public interest or official authority vested in the Controller
  
• Legitimate Interests
  

Please note that the above lists are non-exhaustive. We will only use your personal data for the purposes for which we collected it, unless permitted by law or we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated and incompatible purpose, we will notify you where necessary and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. Where we rely on legitimate interest, you can contact us for more details on the consideration of these interests.

Where any Personal Data about you that we use constitutes Special Category Personal Data” (as described in article 9 of UK GDPR, and previously known as “sensitive personal data”), we may process this as is necessary on one or more of the following grounds:

• In limited circumstances, with your explicit written consent
• Where we need to carry out our legal obligations or exercise rights in connection with employment
  
• Where it is needed in the public interest (such as for equal opportunities monitoring)
  
• Where it is needed to assess your working capacity
  
• Where it is needed in relation to legal claims
  
• Where needed to protect your interest and you are not capable of giving consent
  
• Where you have already made the information public
  

We may use such data:

• Relating to absence (including information on your family’s sickness) to comply with employment and other laws or to administer health-related benefits
• Relating to health or disability status to ensure health and safety in the workplace, to assess and provide for fitness to work and to administer benefits (including pension benefit entitlement status)
  
• Relating to race, nationality, ethnicity, religion, philosophical belief, nationality, sexual life, and sexual orientation to ensure meaningful equal opportunity monitoring and reporting
  
• Relating to trade union status for compliance with trade union rules and employment law obligations
  

NOTE:

Legitimate Interest can mean our interest or the interest of another party. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Whenever we rely on your consent (as noted above), you have the right to revoke such consent at any time by emailing dpo@intertradeireland.com. Unless another basis of use exists, we will collect your consent to use your personal data for our marketing and remarketing purposes generally by using tick boxes or where your actions clearly demonstrate your consent (such as by providing your contact details for a specified purpose).

We may collect and use your personal and contact information to send you marketing communications including emails, bulletins, corporate e-zine, social media promotional campaigns, new programme consultations or funding-call workshops. These communications are to keep you informed on the latest news and events relating to the work of InterTradeIreland that we believe may be of interest to you, where you have consented to be contacted for such purposes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us, as appropriate, at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service experience or other transactions. We will get your express opt-in consent before we share your personal data with any company outside of our own for marketing unrelated to our company.

InterTradeIreland will ensure that only relevant persons in each work area who need access to your personal information as part of their duties in providing your services are authorised and permitted to access. Staff that have access to sensitive personal information operate with additional level of security restriction.

In line with our Data Protection Policy, all staff and service providers including managing agents, consultants and partner organisations will take appropriate technical and organisational security measures to safeguard personal information stored and used by InterTradeIreland.

This will include:

• Completion of regular GDPR and Data Protection training
• Being trained in how they can protect your personal data
  
• Storing paper files and documents in a secure environment
  
• Protecting personal data held on computer systems with secure passwords
  

We only share personal information with others when there is a legal or statutory requirement to do so, to fulfil our public task responsibilities, to meet employment contractual obligations or in response to subject access requests.

We may have to share your personal data with the parties (all established in the UK or EEA unless otherwise stated) set out below for the purposes set out above:

• HM Revenue & Customs, regulators and other authorities such as police and security services, National Crime Agency for Data Matching, Northern Ireland Audit Office, the Office of the Comptrollers, the Auditor General in Ireland, The Department for the Economy (DFE) Northern Ireland and the Department of Enterprise, Trade and Employment (DETE) in Ireland, North South Ministerial Council and other partner agencies involved in economic development, who require reporting of processing activity and performance in meeting Government targets;
• Delivery organisations, suppliers and contracted third party service providers that store and process personal information on our behalf, to help deliver our services to you, or enable us to fulfil our public task responsibilities in exercise of our official authority;
• Professional advisers including lawyers, bankers, auditors, and insurers based in the European Union or United Kingdom who provide consultancy, banking, legal, insurance and accounting services;
  
• Service providers, including (as at the date noted above and who may be updated from time to time) such as:
  
  • Banking and Payment service providers;
    
  • Payroll system providers;
    
  • Accounting system provider;
    
  • Information System Provider;
    
  • Pension AVC and Medical Insurance organisations;
    
  • Trade Union;
    
  • Childcare providers;
    
  • Advertising Networks;
    
  • Event management organisations/facilitators;
    
  • Email Distributors;
    
  • Marketing Automation partners;
    
  • Customer survey companies;
    
  • Data Storage and hosting partners;
    
  • IT Specialists;
    
  • Website and Portal Developer;
    
• Other parties where you ask us to share that data, or we ask you and you consent.
  

The information you provide as part of a job application is treated in confidence and will be shared only with members of the selection panel and Human Resources for the purposes of the selection and recruitment process. Where we want to take up a reference, we will not do so without informing you beforehand.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. InterTradeIreland do not sell or exchange your personal data with other organisations.

InterTradeIreland is a Cross-Border trade and business development body whose office is based in Northern Ireland (UK) but operates in providing their support services across the island, in both Ireland and Northern Ireland. This gives rise to the storage and transfer of personal data in and between both jurisdictions by processors, controllers, managing agents and consultants acting on our behalf.

Following the UK (including Northern Ireland) ceasing to be a member state of the European Union (Brexit) and the subsequent expiry of the post Brexit transitional arrangements agreed between the UK and EU, the EU GDPR has been replaced in the UK by the UK GDPR. Accordingly, our Data Protection Policy will include application of both the UK GDPR and EU GDPR. We do not transfer your personal data outside the UK or the European Economic Area (EEA).

InterTradeIreland is committed to adhere to the requirements of the UK GDPR and the corresponding EU GDPR, in respect of all personal data transfers. We provide assurance that the data subject has the entitlement to exercise his/her rights directly with InterTradeIreland by contacting our Data Protection Officer: dpo@intertradeireland.com.

When you give us personal information, we make every effort to ensure that it is processed securely. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

All information submitted to our website is encrypted and protected with encryption on SSL. When you are on a secure page, a lock icon will appear on the top of web browsers such as Microsoft Edge and Google Chrome.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. When we receive your information, we make our best effort to ensure its security on our systems. We keep our computers, files, and buildings secure. Your personal information will be stored on our secure physical and cloud-based servers, customer, payroll, accounting and management information storage and communication systems, in spreadsheets and other electronic documents and/or in hard copy within a manual filing system, which is accessible only by nominated staff in each work area. We protect your personal information with security measures including encryption, restricted access, and password controls.

Your personal data will only be used and retained by InterTradeIreland for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements, and satisfy any potential claims that may arise. This includes complying with requirements to maintain information after you have left your employment/engagement with InterTradeIreland.

How long we store personal data for can vary depending on: the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, how long a legal claim may be taken, whether we can achieve those purposes through other means, and sometimes, statutory legal requirements which require us to hold certain personal information for a specified length of time.

We will retain your personal data for longer than our usual retention periods where necessary, such as where it is connected to ongoing or anticipated legal proceedings.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for other purposes, in which case we may use this information indefinitely without further notice to you.

The InterTradeIreland Records Retention and Disposal Schedule details our retention guidelines. For further information on how long we keep information, you can access our Records Retention and Disposal Schedule by contacting our Data Protection Officer by email at: dpo@intertradeireland.com.

GDPR offers you specific rights in relation to how your personal data is collected and processed including:

You have the right to be informed about the collection and use of your personal data. Our Privacy Policy will provide you with the information needed to allow you to see how and why InterTradeIreland uses your personal data.

You may ask us for a copy of the personal information we hold relating to you, and how we collect, share, and use your personal information. A request to obtain a copy of the personal information is known as a 'Subject Access Request' and will be provided to you within the regulatory timeframe. We will require proof of identify and address before we can release this information.

If you believe that personal data we hold on you is inaccurate or misleading then you have the right to request that it is updated or corrected. It is your responsibility to ensure that all personal data provided to us is accurate and complete, and if it changes, you must let us know as soon as possible.

You can ask for your personal information to be deleted or destroyed where there is no good reason for us continuing to process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. In some cases, InterTradeIreland will retain information where it is required for lawful purposes, and if applicable, these purposes will be notified to you, at the time of your request.

You may ask us to restrict the processing of your personal information, if for example you consider the data is inaccurate or that the processing is unlawful.

You can change your mind whenever you give us your consent, for example to receive direct communications or marketing, or using your sensitive information, such as medical data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

You have the right to obtain and reuse your personal data in an electronic format and to ask us to share a digital copy of your personal information directly with yourself or another organisation.

You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Should you seek to exercise any of these rights, you should contact our Data Protection Officer: dpo@intertradeireland.com. Note, however, that we may not always be able to comply with your request and you will be notified if we are unable to do so.

InterTradeIreland do not currently use automated decision-making in relation to any personal data you may provide. Should InterTradeIreland decide to do so in the future, we will not do so without human intervention to enable the expression and consideration of individual views. This will ensure that no decision is taken regarding you based solely on an automated process.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or we receive a number of requests. In this case, we will notify you and keep you updated.

When you visit our website, we may collect standard information that your browser sends to every website you visit, such as originating IP address, browser type, access time and referring websites. This data may be used to improve the operation and security of our website by assisting in authenticating your identity and to remember your user preferences and settings. Cookies are small text files that are stored on your browser or device by websites, apps, online media, and advertisements. Strictly necessary cookies are required for our website, applications, and services to function properly for example these cookies allow you to access secure areas of the website. These help us provide you with a personalised service and help make our website, applications and services work better for you.

Performance cookies and analytics technologies collect information about how visitors and users use our website, applications, and services, for instance which functionality visitors use most often and if they get error messages from areas of the website, applications, or services. We use this information to measure the effectiveness of campaigns, analyse site visits and trends to compile statistical reports on website activity.

You can block cookies by activating the settings on the browser that blocks all or some cookies. However, if you block all cookies you may not be able to access all or parts of our website or services or in a few cases some of our website features may not function as a result.

Our dedicated Cookie Policy can be accessed here.

InterTradeIreland endeavors to meet the highest standards when collecting and using your personal information. If you have a complaint about the use of your personal information or how it has been processed, you can in the first instance contact us to give us the opportunity to put things right as quickly as possible. If you wish to make a complaint, you may do so in writing and by email as follows:

Please be assured that all complaints received will be fully investigated. To enable us to address your complaint quickly and resolve it effectively, we ask that you provide us with as much information as possible.

If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

• Telephone: 0303 123 1113 (local rate) or 01625 545 745
• Fax: 01625 524 510
• Email: casework@ico.org.uk
  
• Website: https://ico.org.uk/

We will amend this privacy notice from time to time to ensure it continues to reflect how and why InterTradeIreland as an organisation collects and uses personal data. The current version will always be posted on our website at www.intertradeireland.com

Last Updated: 20th May 2024