The Arts Council of Northern Ireland (ACNI) is committed to protecting and respecting your privacy. This privacy notice outlines how we use and process the personal information that you provide to us, in compliance with General Data Protection Regulation (GDPR). The Arts Council is registered with the Information Commissioner’s Office as “Arts Council of Northern Ireland”.
Information we collect
Any information you provide will be carefully protected and stored within a secure system. We will keep your information confidential, in accordance with the GDPR, except where disclosure is required and permitted by law.
We may collect and process the following information about you:
- Information including your name, address, email address, telephone number, fax number, and similar contact or otherwise identifying details.
- Information that you provide voluntarily on our website (www.artscouncil-ni.org),or through our grant application website hosted by a third party (www.grantrequest.com)
- The necessary financial and banking information required to distribute grant monies and make general payments.
- Information on your visits to our sites and the resources that you access.
- Information collected as part of programme or project level evaluations to establish the public benefit gained.
- A record of our contact with you through all mediums.
- Information required as part of the staff recruitment process and the fulfilment of our duties as an employer.
How we use your information
We will use your information to:
- Provide you with information and services that you request from us or that we feel may be of interest to you, where you have given permission to be contacted in this regard.
- Comply with our legal and regulatory obligations, such as fraud checks and S75 equality monitoring.
- Process grant payments and discharge any associated financial obligations.
- Provide appropriate online content and improve our websites.
- Assist with ACNI’s organisational planning, performance of business functions and comply with auditing responsibilities
- Perform our duties as an employer.
- ACNI may share selected information with third parties as part of certain business operations. ACNI will only share information with third parties confirmed to have appropriate data safeguards in line with the standards required by GDPR and the Information Commissioner’s Office (ICO).
The lawful basis for ACNI’s use of your information
We use the following lawful basis for processing your information:
- Consent. Where you have provided explicit consent for ACNI to process your information for the purpose expressed at the time of consent i.e. signing up to our email newsletter or consenting to appear in a video recording.
- Contractual. ACNI will process your information to meet our contractual obligations with you i.e. in the release of grant funds.
- Legitimate interests. ACNI will process your data where we have a legitimate interest to do so. Such as the performance of normal business functions and auditing.
- Legal Obligation. ACNI will process your data where we have a legal obligation to do so i.e. cooperating with law enforcement officials in a fraud investigation.
How we store your data
The data that we collect from you will be stored at our premises, the ACNI offices, secure off-site document storage or on servers provided by third party organisations that have been vetted for compliance with GDPR and ICO guidelines. All electronic data is backed up on external devices stored within regions compliant with UK law regarding the protection and storage of data. All reasonable steps have been made to ensure the secure storage of your data. Our security practices are kept under regular review.
The retention and destruction of your data
ACNI will not retain your data for longer than required by the purpose for which it was collected, unless legally obliged to do so. How long we hold your information will vary depending on its purpose.
Once the purpose for holding your personal data has expired, it will be destroyed in accordance with our retention schedule.
The involvement of third party data processors
ACNI in the course of normal business operations may engage with third party organisations, some of these organisations may be involved in the collection, processing or storage of your data. The ACNI Data Controller or Data Protection Officer will examine the involvement of any Third Party Data Processors for compliance with GDPR and will only share your data with them if we have a lawful basis to do so, it is necessary for the execution of the purpose for which the data was collected and we are satisfied with their data protection safeguards. Current third parties involved in the collection, processing or storage of personal data on a long term basis are: Danske Bank. NILGOSC. Buzzacott. Newszapp.
Cookies and analytics
A detailed list of the cookies we use can be found here
If you do not wish to accept cookies you can activate the appropriate settings on your web browser, however, you may be unable to access some parts of our site as a result. We will keep your information confidential except where disclosure is required and permitted by law.
Under GDPR as a data subject, you have the following rights:
- You have the right to be Informed about the collection and use of your data
- You have the right to access your personal data
- You have the right to request rectification of inaccurate or incomplete data
- You have the right to request erasure of your personal data
- You have the right to restrict processing of your data
- You have the right to demand data portability
- You have the right to object to the processing of your data
- You have the right to dispute automatic decision making in certain circumstances
Your rights, with regard to how we handle and process your information, are clearly defined in the General Data Protection Regulation (GDPR). You may find more information about GDPR, our obligations and the rights provided to you by it on the ICO website.
National Fraud Initiative
The Arts Council of Northern Ireland is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
Participants in the National Fraud Initiative must inform individuals in a privacy notice that their data will be processed, as required by the General Data Protection Regulations (GDPR) and Data Protection Act 2018 (DPA 2018). Privacy notices were previously known as Fair Processing Notices (FPNs).
The Comptroller and Auditor General audits the accounts of the Arts Council. The Comptroller and Auditor General is also responsible for carrying out data matching exercises under his powers in Articles 4A to 4G of the Audit and Accountability (Northern Ireland) Order 2003.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Comptroller and Auditor General currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Comptroller and Auditor General for matching. Details are set out in the NIAO’s website, www.niauditoffice.gov.uk
The use of data by the Comptroller and Auditor General in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under the Data Protection Act 2018.
Data matching by the Comptroller and Auditor General is subject to a Code of Practice. This may be found at www.niauditoffice.gov.uk For further information on the Comptroller and Auditor General’s legal powers and the reasons why he matches particular information, see the Level 3 notice on the NIAO website at www.niauditoffice.gov.uk.
For further information on data matching at the Arts Council contact James McCumiskey, email@example.com, 028 92 623532.
Changes to our privacy notice
- Emailing firstname.lastname@example.org with the subject heading “FAO: Data Controller”.
- Writing to the Data Controller, Arts Council of Northern Ireland, Linen Hill House, 23 Linenhall Street, Lisburn, BT28 1FJ