Dungannon Development Association (DDA) (and Breakthru – a project of Dungannon Development Association), a registered NI charity (NIC 100748). We are a limited company (NI018563) and our registered address is 4 Savings Bank Street, Dungannon, BT70 1DT.
We are a ‘data controller' for the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016/679 (“Data Protection Law”). This means that we are responsible for, and control the processing of, your personal information.
How we collect information about you
We collect information from you in the following ways:
When you interact with us directly: This could be if you register with us for a programme or event, be referred to one of our services, ask a question about drugs or alcohol, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website or face book page or get in touch through the post, or in person.
When you interact with us through third parties: This could be if you provide information to an organisation we work with and provide your consent for your personal information to be shared with us.
When you visit our website: We may collect information about how our website is used and track which pages users visit. We use this information to monitor and improve our website. Where possible we use anonymous or aggregated data that does not identify individuals. See further information about cookies below.
Information we collect and why we use it
The type of personal data we may collect from you varies according to the nature of the engagement or activity you may be involved in.
Examples of the type of personal data we may collect and/or receive during the normal course of our work are:
• Identification and contact information – name, address, date of birth, telephone no., email address, next of kin contact details.
• Employment information – NI number, previous employment, bank details, education/qualifications, disabilities, criminal convictions.
We will mainly use this information:
• To provide the service you have been offered.
• To update you with administrative messages about events or services you have requested.
• To keep a record of your connection with us.
• To administer the employment/volunteering arrangement.
Sensitive Personal Information
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive personal information can include information about a person's health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
We will only use this information:
• For the purposes of providing the best level of service suitable to your needs.
• To collect service user information as part of funder contractual monitoring.
• We will not pass on your details to anyone else without your express permission except in exceptional circumstances (Example posing a serious threat to oneself or to others).
Lawful basis for using your information
The lawful reason that allows DDA to process your personal information is called ‘legitimate interests'. This means that the reason we are processing information is because there is a legitimate interest for DDA to process your information to help us to achieve our vision of ensuring that everyone engaging in DDA services gets both support and respect.
Whenever we process your personal information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
The lawful basis for processing sensitive personal information is ‘consent'. Under ‘consent' the individual or parent/guardian will give their express agreement to the processing of their personal information for one or more specific purposes. ‘Consent' can be withdrawn for a specific purpose at any time.
DDA will collect personal information about employees/volunteers to comply with a ‘legal obligation' to which DDA is subject to.
Keeping your information safe
We understand the importance of protecting personal information. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
• Paper information is kept secured in a locked or restricted area and/or cabinet,
• Electronic hardware is either under supervision or secured in a locked or restricted area. In addition, IT equipment and mobiles are password protected.
• Paper information is transmitted through sealed addressed envelopes.
• Electronic information is transmitted either through a direct line or is encrypted.
• External agencies with access to personal information must enter into a privacy agreement with us.
Sharing your personal data
Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with DDA data protection and information security requirements.
We may also share your information with other service providers for the purposes of the provision of health, social care or treatment.
We will gain your consent before sharing your information with third parties.
We will never sell your data to any third party nor will we share your details with other entities for marketing purposes.
Retention of personal information
We retain your personal information as per DDA's data retention policy. Your information will be stored in DDA offices.
Access to and correcting information
• Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with and how long we keep it for. All requests for access must be made in writing and you will be required to provide proof of your identity.
• Right to object: You can object to our processing of your information by contacting us as detailed above.
• Consent: If you have given us your consent to use personal information you can withdraw your consent at any time.
• Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
• Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
• Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
• Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
• No automated decision-making: We do not currently carry out any automated decision-making.