NewcastleGateshead Initiative Limited Privacy Notice
About this document
This privacy notice explains what happens with any Personal Data we gather from you. This may be in your capacity as a supplier to us, as a contact to whom we send information about our events and activities or as a recipient of any service we provide.
The notice deals with how we use your data in relation to:
- Any business relationship between us
- Enabling you to attend our events and use our services
- Notifying you of events and our marketing activities to you; and
- Your use of our website.
We recognise our obligations under data protection legislation and we are strongly committed to keeping your Personal Data safe and secure.
You should read this notice so that you understand how we will handle your Personal Data. Our aim is to only use and hold your data in the way you’d reasonably expect us to. We reserve the right to amend this privacy notice from time to time. Where we do amend this notice, we will make sure that we will tell you about the changes we’ve made.
If you visit a website operated by a third party through a hyperlink included in our website, your information may be used differently by the operator of a linked website.
Who we are
We are NewcastleGateshead Initiative Limited
Our registered address:
Baltic Place East
South Shore Road
Tyne and Wear
Registration number with the Information Commissioner’s Office: Z6329568
If you have any questions regarding this notice or how we process Personal Data, please contact us using the details below:
NGI Data Protection Representative
Baltic Place East
South Shore Road
0191 440 5720
What data do we gather about you?
In connection with our dealings with you we will gather the following information from you:
- Contact details.
- IP address.
- Records of any correspondence with you if you contact us.
- Survey information if we ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through with us (including through our website) and of the fulfillment of your or our orders.
- Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- Details of other dealings we have with you.
How do we collect your data?
We collect data about you from the following sources:
- Information you provide to us including via our website when you supply it to us by entering your details via an online form and more generally by visiting the website.
- Information you provide to us when you attend events – in person or via video call or webinar platforms – organised by us.
- Professional information you provide as a representative of a partner organisation.
- Professional information you provide as part of interactions with our Convention Bureau.
- Professional information you provide as part of interactions with Invest Newcastle.
- Information you provide for research purposes such as surveys regarding our events, only obtained with informed consent.
- Information we generate through our observation of our interactions with you.
- Information you provide to us as a volunteer for an NGI or NGI partner-led event.
How do we store your data and keep it secure?
The security of your data is very important to us. We use strict and up-to-date security methods to keep your data secure and to prevent unauthorised or unlawful access to your Personal Data, and against the accidental loss of, or damage to, Personal Data. All information you provide to us is stored on our secure servers and in secure filing systems. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of Personal Data.
We have in place policies, procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction including procedures to deal with a security breach. We will ensure your Personal Data is only accessible by those who need to see your data for their specific role and have agreed to keep it confidential. We will only transfer Personal Data to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate technical and organisational measures themselves.
How and why we will use your data?
- We will usually only process your Personal Data where you have given your consent or where the processing is necessary:
- For the purposes of a contract we have with you;
- To comply with our legal obligations; or
- To pursue our legitimate interests such as: operating our business effectively; promoting our business and improving it and in order to maintain network and information security.
- As indicated above, we sometimes process your data on the basis of legitimate interests. You have a right to object to this processing. If you object to us processing your data based on legitimate interests, we must no longer process that Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims. If you wish to exercise the right to object contact us at firstname.lastname@example.org
- If volunteering we may use your data for accreditation, scheduling and notifying you of volunteer shifts and contacting the emergency contact provided if necessary. This information may also be shared with delivery partners when required.
We may rely on consent in certain circumstances such as:
- To send you marketing materials by email, text or social media (such as facebook or whatsapp). Where you have opened an account through the “My Account” function on our website or you have otherwise completed a form, we will provide you with an option to join our mailing list. If you opt to join our mailing list we will send you regular communications about topics you have expressed an interest in. We will only send you marketing emails, texts and through social media if you give us your consent to do so.
- For some marketing-related purposes, for example to use an image taken of you at one of our events.
- To use your sensitive data if you tell us about a disability or health condition you have so we can make reasonable adjustments to the event or site at which it is held to accommodate you where we do not have another basis to process your data.
- For surveys we send relating to our events, webinars or market research projects.
- For cookies and similar technologies. In order to place cookies, tags and other technologies on your browser or device, we need to have your permission. We do this by providing a clear notice in the form of a cookie banner on each of our websites which tells you what cookies are used for, as well as providing you with useful information about the technologies we use and a link to this policy. Cookies policy for ngi.org.uk
If you have provided your consent to the processing of your Personal Data, you have the right to withdraw your consent to that processing at any time, where relevant. Where consent relates to marketing, every email, text and other marketing communication you receive will carry an unsubscribe link, allowing you to opt out of any future communications. Please contact email@example.com if you wish to withdraw consent or if you have any issues when trying to unsubscribe.
We use the data we collect about you to help us make better decisions about you and to operate our business efficiently. This may involve the following activities
- To ensure that content from our website is presented in the most effective manner for you and for your computer.
- Where you have opened an account through our website’s “My Account” function, to help us manage that account.
- To provide you with brochures, information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To inform you about events, briefings and webinars we are organising including by email or text and contacting you with regard to dealings between us including in relation to events you have said you will attend or are interested in.
- To allow you to participate in interactive features of our website, when you choose to do so.
- To notify you about changes to our websites, products or services.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregated information about our website users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregated information to help advertisers reach the kind of audience they want to target (for example, women aged 21-35 in Newcastle postcodes). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
If you visit our website but you don’t fill in any forms we won’t make routine use of your personal data (such as an online identifier) other than in statistical form e.g. Google Analytics statistics about the online footfall to our website. Unless you fill in a form on our website, we probably can’t identify you.
How we keep your data accurate
We will keep the Personal Data we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the Personal Data we hold about you. We will contact you from time to time to check your details are still up to date. We will also contact you if we become aware of any event which is likely to result in a change to your Personal Data.
How long will we keep your data?
We will not keep your Personal Data for longer than is necessary for the purpose(s) for which we process it. This means that data will be destroyed or erased from our systems when it is no longer required. For guidance on how long certain data is likely to be kept before being destroyed, contact firstname.lastname@example.org
What rights do you have in respect of your Personal Data?
You have the right to:
- Request access to any Personal Data we hold about you. Before we agree to access, you must provide us with sufficient evidence of your identity and sufficient details of the information you wish to see, to enable us to locate it and provide it to you;
- Ask us to remove you from a mailing list. Instructions on how to stop further mailings will usually be contained in any direct marketing material we send you;
- Correct any errors in information we hold about you, and to change or correct any details you have already given us. Please inform us about changes to your details so that we can keep our records accurate and up to date;
- Have incomplete Personal Data completed;
- Have Personal Data erased;
- Have the processing of your Personal Data restricted (for example, if you think the data we hold about you is inaccurate you can ask us to stop processing it, until we will either correct it or confirm it is accurate);
- Be provided with the Personal Data that you have supplied to us, in a portable format that can be transmitted to another data controller without difficulty;
- Object to certain types of processing, including processing based on legitimate interests (see above), automated processing (which includes profiling) and processing for direct marketing purposes (see above); and
- Not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.
If you wish to exercise any of the rights set out above, you must make the request in writing to email@example.com. Please note some of these rights are restricted in some circumstances.
Who will have access to the data we hold?
Our employees who need to access your data will view it in order that we can provide services to you. All of our employees will receive annual data protection training and understand the need to keep your information confidential.
In addition to our employees, we also use service providers who may hold Personal Data on our behalf, for example software suppliers, partner organisations and marketing suppliers.
We will carry out due diligence on our service providers and make sure we have a contract with them which satisfies the requirements of data protection legislation.
Apart from employees and our service providers, we will not disclose your Personal Data to a third party without your consent, unless we are satisfied that they are legally entitled to the data. Where we disclose your Personal Data to a third party, we will have regard to our obligations under the law.
We may disclose your personal information to third parties:
- If we or substantially all of our assets are bought by a third party, or we wish to enter negotiations in respect of the sale of our business or assets to a third party, Where this is the case, Personal Data held by us may be one of the transferred assets; and
- If we are under a duty to disclose or share your Personal Data in order to comply with legal obligations or to protect the rights, property, or safety of NewcastleGateshead Initiative Limited, our customers, suppliers or other employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- If you are volunteering on an event, the information you have provided will also be used by the lead delivery partner for the event.
You are entitled to request details of the recipients of your Personal Data or the categories of recipients of your Personal Data.
Transferring your data outside the European Economic Area (EEA)
We will not transfer your Personal Data outside the EEA unless such transfer is compliant with the law. This means that we cannot transfer any of your Personal Data outside the EEA unless:
- The EU Commission has decided that the country or international organisation we are transferring the Personal Data to ensures an adequate level of protection for your Personal Data;
- The transfer of your Personal Data is subject to appropriate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or
- We are otherwise permitted to do so by law (including if you explicitly consent to the proposed transfer).
We currently transfer Personal data outside the EEA:
- Some Personal Data is stored on cloud systems, the servers for which are based outside the EEA.
- Mailchimp, which is for our email marketing: https://mailchimp.com/legal/privacy/
- Wufoo/Survey Monkey for online forms: https://www.surveymonkey.com/mp/legal/privacy-policy/
- Hubspot for our GEOTN CRM: https://legal.hubspot.com/privacy-policy
- Eventbrite for events tickets: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
- Groupmax (Lanyon) for information relating to conference delegates: https://www.lanyon.com/privacy-policy/privacy-policy-global.shtml
- Cvent, for our research surveys: https://www.lanyon.com/privacy-policy/privacy-policy-global.shtml
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
There are different categories of cookies. We use Google Analytics cookies which are “analytical” type cookies. We use them to enable us:
- To recognise and count the number of visitors and to see how visitors move around our site when they are using it.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
Most browsers are automatically set to accept cookies but you should be able to configure your browser to restrict cookies or block all cookies if you wish. This can, however, affect your ability to log in to certain areas of websites, including “My Account”. Browser-specific instructions on how to restrict or block cookies may be found on the IAB’s website.
We use session cookies (which are temporary cookies) to maintain your session with the server in the areas of our site that are available to registered users. Our session cookies store a unique identifier to allow the server to distinguish between individual users’ sessions. Session cookies are deleted when you close your browser. We sometimes use persistent cookies to enable pop-up advertisements and to prevent the server from displaying the pop-up advertisement more than once. Persistent cookies remain on your hard disk until you delete them.
In addition to the information you provide on registration, we will collect:
- Details about which of our services you utilise.
- Information each time you visit our website and which pages you visit.
- Information from the documents you complete.
- Information from content you download.
You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Embedded content from other websites
Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Use of an ISP
We reserve the right to appoint an Internet service provider (“ISP”) to host our websites on our behalf, which may be situated outside the European Economic Area (the “EEA”). In order to deliver the service to you, it may be necessary to transfer your information outside the EEA and by agreeing to our terms and conditions, you consent to any such transfer.
Right to make a complaint
Any complaints about our handling of personal information can be sent to our data protection representative in the first instance firstname.lastname@example.org If your complaint relates to the handling of your personal information by an organisation with which we share information, then please let us know that. We aim to respond to your complaint within 20 days of receiving it. You have a right of appeal in relation to any decision we make, which we will tell you about when we respond to your complaint. We will always review our policy and procedure in line with any justified complaints.
If you are not happy with the way we handle your complaint or you have any issues with our processing of your Personal Data and would like to make a complaint, you may contact the Information Commissioner’s Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.