Privacy Notice

The purposes why SEUPB collect and use personal data, how the data is disclosed, how long it is kept, and the controller's legal basis for processing.

Introduction

The Special EU Programmes Body (“the Body”) collects, holds and processes a considerable amount of information, including Personal Data about you as our employees, clients, customers, suppliers or agency staff, to allow us to provide services and to deliver business objectives effectively and efficiently. 

We respect your trust in us to use, store and share your information. In this notice we explain how we collect personal information about you, how we use it and how you can interact with us about it. 

Through agreeing to this privacy notice you are consenting to the SEUPB processing your personal data for the purposes outlined below. You can withdraw consent at any time by contacting us at dataprotection@seupb.eu / Tel: Reception 028 9026 6660 or writing to our office at The Clarence West Building, 2 Clarence West Building, 2 Clarence Street West, Belfast, BT2 7GP.

We recognise our responsibility in managing Personal Data and are committed to protecting and respecting your privacy through compliance with applicable Data Protection Laws, including the Data Protection Act 2018, UK GDPR and EU GDPR. 

We will only use personal information you give to us for the purposes for which you provide it, or in accordance with the law, or for the prevention and detection of crime. We will only hold your Personal Data for as long as necessary for these purposes and will not pass it to any other parties unless this is made clear to you. All employees who have access to your personal data or who are associated with the handling of that data are obliged to respect the confidentiality of your personal information. 

This Privacy Notice describes the types of Personal Data we collect, how we use it, with whom we share it, and the rights of and choices available to you as a data subject regarding our use of your information.

What is personal data?

Personal Data is information that relates to an identified or identifiable living person ('data subject'). 

Special Category Data (Sensitive Personal Data) also relates to an identifiable living person, but specifically reveals or concerns: 

  • Racial or ethnic origin; 
  • Political opinions; 
  • Religious or philosophical beliefs; 
  • Trade union membership; 
  • Genetic data; 
  • Biometric data (where used for identification purposes); 
  • Data concerning health; 
  • Data concerning a person’s sex life; and 
  • Data concerning a person’s sexual orientation. 

Special Category Data and Criminal Offence Data need more protection because they are sensitive.

Meeting our legal and regulatory obligations

To use your personal information lawfully, we rely on one or more of the following legal bases: 

Your consent; 

  • Performance of a contract; 
  • Legal obligation; 
  • Protecting the vital interests of you or others; 
  • Public task; 
  • Our legitimate interests, such as ensuring the security of our I.T systems and producing financial reports.

Any personal information we process will only be used for the purposes stated or if necessary to fulfil legal or regulatory requirements. We also process personal information where it is necessary for the purposes of the legitimate interests pursued by the SEUPB i.e. network and information security, pension administration and payroll functions. 

In order to lawfully process Special Category and Criminal Offence data we must identify additional lawful bases in accordance with applicable Data Protection Laws. These are: 

  1. Where the data subject has given explicit consent to the processing of those personal data for one or more specified purposes and is recorded as the condition for processing. Examples of our processing include staff dietary requirements and health information we receive from individuals who require a reasonable adjustment to access our services. 
  2. Where processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the SEUPB or the data subject in connection with employment, social security or social protection. Examples of our processing includes staff sickness absences and year end pay roll reporting. 
  3. Where processing is necessary to protect the vital interests of the data subject or of another natural person. An example of our processing would be using health information about a member of staff in a medical emergency.
  4. Where processing is necessary for the establishment, exercise or defence of legal claims. An example of processing could be where an applicant for employment alleges discrimination on the grounds of religious belief or political opinion 
  5. Where it is necessary for reasons of substantial public interest. SEUPB administers public funds specifically European Regional Development Funding. SEUPB was set up under statute and administers funds under EU legislation. There is a substantial public interest in ensuring funds are used appropriately, in accordance with legislation and fraud & dishonesty is avoided. An example of our processing includes the information we seek or receive as part of investigating a complaint. 
  6. Where processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. An example of our processing is the Peace Programmes Learning Platform and transfers the SEUPB may make to the Public Records Office of Northern Ireland and/or The National Archives of Ireland. 
  7. The SEUPB processes criminal offence data. Examples of our processing of criminal offence data include pre-employment checks and declarations by an employee in line with contractual obligations. 

Additional information is detailed in our Appropriate Policy Document. A copy of this can be obtained upon request. 

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checking and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us to keep it up to date, we may not be able to provide you with our services.

What personal information does the SEUPB collect and how we use this information?

The SEUPB collects and processes Personal Data from various sources for a wide range of business purposes. All staff within the SEUPB are obliged to treat any Personal Data collected or processed, in full compliance with the requirements of applicable Data Protection Laws . The treatment of Personal Data is regularly addressed with staff through training and awareness briefings.

Human Resources

SEUPB needs to keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the organisation and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left our employment. This includes enabling us to comply with the employment contract, to comply with any legal

requirements, pursue the legitimate interests of the Body and protect our legal position in the event of legal proceedings. If you do not provide the personal information we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision

Recruitment and Selection

SEUPB collects and processes personal information about you throughout the recruitment and selection process, including job applications received through our website or e-mail, or in hard copy from you. We process this information as necessary to serve our recruitment activity. Any information requested will be used for recruitment purposes only, unless your application is successful when your personal information will be used for the purposes of performing an employment contract and will transfer to staff files. 

In order to operate the Special EU Programmes Body recruitment system (“GetGot Jobs”), we will collect and store personal information you submit to us via our recruitment website. 

The online recruitment system is provided and hosted by the Special EU Programmes Body and its third party supplier. By submitting your personal information you are consenting to the SEUPB holding and using it in accordance with this Privacy Notice.

When you visit www.seupb.eu/jobs, download an online application form or receive a hard copy application form to complete and submit, you may be asked to provide certain information about yourself including name, contact details, date of birth and job history. Some of the information is mandatory for SEUPB to consider your application for a job vacancy or meet its statutory monitoring and reporting responsibilities. However, where indicated, some of the information is optional and you can choose not to complete. 

We may collect and process a wide range of personal information about you at different stages of the recruitment process. 

  • We will collect and process contact information: your name; e-mail address; phone number(s); postal address. We will also collect and process information contained in the application form, such as: education & qualifications; employment history; National Insurance Number; details of criminal offences; and details of any disability as defined in legislation. 
  • We will also collect data from you to meet our statutory obligations which will be anonymised for reporting purposes. 
  • If you attend an interview we will collect and process additional personal information about you. 
  • We collect and process sensitive information as necessary, in compliance with all applicable legislation, and in the furtherance of an employment contract. 
  • We will collect references which will contain personal information about you but only from referees provided by you and only when we are considering offering you a job in the Body. 

If you make an application through the online recruitment system, the personal information you provide as part of the recruitment and selection process will only be held and processed for the purpose of the selection processes of the SEUPB and in connection with any subsequent employment or placement, unless otherwise indicated. Your personal information will be retained for as long as is permitted by legislation and then destroyed. 

The information you provide to us will be held on third party supplier computers in the UK who act for us for the purposes set out in this privacy notice. They may provide support services to SEUPB or on behalf of SEUPB. Except as set out in this privacy notice or as required by law, your personal information will not be provided to any third party without your prior consent. 

By submitting your personal information and application you: 

  1. declare that you have read, understood and accepted the statements set out in this data protection privacy notice; 
  2. declare that the information given in the application is complete and true to the best of your knowledge, and understand that deliberate omissions and incorrect statements could lead to your application being rejected or to your dismissal; 
  3. give your consent to the processing of the personal information contained in the application and any other personal data you may provide separately in a manner and to the extent described; and 
  4. authorise SEUPB to verify or have verified on their behalf all statements contained in the application and to make necessary reference checks. 

Unsuccessful applicant data will be held within the recruitment system for a period of one year before being deleted in order that you can access and re-use data in future applications and we can respond to statutory reporting requests. Successful applicant data not transferred to an employee file will be deleted after a period of seven years.

Employee Data

We will collect and process personal information about you from our recruitment and selection activity. Once you have accepted a contract of employment with SEUPB this data will be transferred to your Personnel File. Once employed, our commitment and responsibility for the legitimate, accurate and secure collection and processing of your personal information continues: 

  • We will collect additional personal information from you on commencement of employment including Sensitive Personal Data in relation to your medical history, your next of kin, emergency contact details, and your bank details.
  • We will process personal information about you concerning your contract of employment and any amendments to it; correspondence with or about you, for example, letters to you about a pay rise or, at your request, letters to third parties confirming your salary details; information needed for payroll, benefits and travel and expenses purposes; correspondence with you on sick/maternity/paternity pay; sickness absence certificates and correspondence to and from your medical professionals; Social Welfare forms, doctors reports; records of annual leave and other absences, for example Special Leave, or any of the other statutory leave entitlements or any applications made under Flexible Working opportunities. 
  • We may collect personal information about you in the exercising of policies including but not exclusively: Grievance and Disputes, Disciplinary or Dignity at Work policies, and through meetings or communications with colleagues or managers, or through the Performance Management System. 
  • We will collect personal information including sometimes Sensitive Personal Data in the course of various employee and Industrial Relations processes, including but not exclusively: meetings with Trade Union and employee representatives, legal proceedings, Work Relations Commission, Labour Court, Employment Tribunals and the Labour Relations Agency. The data collected will relate to your employment terms and conditions with SEUPB, and may include; pay, annual leave, special leave, sick absences, medical determinations.
  • We may collect your biometric data in the form of a fingerprint or your face to create a unique biometric key for your work device. This biometric data (the image of your face or fingerprint) is destroyed after the biometric key is created. This key is only used to log on to your work device and will not be used for any other purpose. You will be asked for your consent before this data is collected and you may opt out if you prefer. If you opt out an alternate method of log on will be provided to you. You may opt in or opt out of this process at any point during your employment.  

You will of course inevitably be referred to in many of the SEUPB’s documents and records that are produced by you or your colleagues in the course of carrying out your duties and the business of the Body. 

In addition, we reserve the right to monitor computer, telephone and work mobile telephone use, as detailed in our ICT Network, Internet & e-mail Policy. We also keep records of your hours of work by way of our electronic flexi-time recording system. 

We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our pension or health insurance schemes.

Communications

We may collect and use your personal and contact information to send you communications, such as emails, text messages, postal mailings and social media messaging. These include information on: 

  • Annual stakeholder perception and awareness surveys 
  • Corporate magazine ‘Your EU!’ 
  • Corporate e-zine ‘EuroPA’ 
  • New PEACE PLUS Programme Consultation 
  • Funding Call Workshops 
  • Corporate news about the SEUPB 
  • Programme-related guidance, advice and notifications 
  • Project training events 
  • Programme and/or project launch events 
  • PEACE Programmes Learning Platform online archive 

The above is not an exhaustive list. 

We also store (and therefore process) your name, email address, job title/position and place of work in various secure internal databases and spreadsheets with restricted access, which are only accessible by nominated SEUPB communications staff. We will only send you communication materials that you have consented to receive and consent can be withdrawn at any time through the unsubscribing process detailed within each communication. 

Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. The SEUPB may from time to time use such information to identify its visitors. The SEUPB may also collect statistics about the behaviour of visitors to its website. If you provide us with any contact information via private message on social media, it will only be used to manage your enquiry and will not be used for any other reason. 

The SEUPB will only collect the information needed so that it can provide you with communication and PR services. The SEUPB does not sell or broker your personal information.

PEACE Programmes Learning Platform

This digital archive has been specifically created as a repository of information which provides a detailed overview of activity, research, outputs and impact delivered by each successive PEACE Programme from its inception in 1995. The Platform also aims to support the exchange of best practice and experiences in peace-building at a regional, national and international level. The Platform will additionally act as collaborative tool through which individuals and organisations can communicate with each other on issues relating to peace-building and the sharing of best practice. 

The creation of the Platform is a task carried out in the public interest and all data contained on it is processed under Article 6 (1) (e) of the UK GDPR and EU GDPR - it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

The Platform will process data such as (not an exhaustive list) project evaluations, marketing and publicity materials, monitoring reports, news articles, funding details, project details, corporate documents, academic papers, etc. related to data subjects such as SEUPB staff, funded project staff and beneficiaries, researchers, government departments, elected representatives, members of programme monitoring and steering committees etc. It will only gather personal data such as name and email address and organisation (if provided) from registered users/those who create an account. This personal data will be used for the following purposes: to approve a registration request; to identify a user of the site; to enable participation in the collaborative features within the Platform; to request contact details for a project; to submit content for the site; and in the case of a project owner, match them to a project and allow them to provide additional content for the project. 

As the data contained on the platform is being processed under Article 6 (1) (e) of the UK GDPR and EU GDPR, some Rights of the Data Subject may be derogated from in certain circumstances. The rights affected include: 

a) The right of access 

b) The right to rectification 

c) The right to restrict processing

d) The right to be informed 

e) The right to data portability 

f) The right to object 

There is a minimal probability that any data processed by the platform may ‘cause substantial damage or substantial distress to a data subject’. However, the SEUPB will consider any requests to have personal data removed from public view on ethical grounds. If a data subject complains of distress, and in order to make the processing of the data fair, especially if the data is available to search engines and is found to be inaccurate, the SEUPB will consider if the following is appropriate: 

  • Temporary restriction of the data; 
  • Reclosure / takedown (removal from public access); 
  • Adding a supplementary statement to the record; 
  • Amending or adding metadata or catalogue description. 

The above will be considered on a case-by-case basis and in accordance with appropriate legislation after the data subject has contacted the SEUPB. If the SEUPB agrees to delete the requested data, it will be done so, after considering the individual request from the data subject. This will by actioned by providing a data subject with a copy of their personal data, adding a supplementary statement to a record or withdrawing from public access the relevant historical data at the data subject’s request.

Programme Management & Delivery

The Managing Authority and Joint Secretariat sections within the SEUPB may collect and use your personal and contact information to send you communications, such as emails, text messages, and postal mailings on information in relation to Programme Monitoring Committees (PMCs), Steering Committees and Review Panel Members. 

In sending out such information, we process your personal data, in the form of your email address. We also store (and therefore process) your name, email address, job title/position and place of work in various internal databases, spreadsheets, and / or in hard copy within manual filing systems which are only accessible by nominated the SEUPB Managing Authority and Joint Secretariat staff. We will only send you communication materials that you have consented to receive and consent can be withdrawn at any time by unsubscribing to the communication. 

The SEUPB, in relation to the implementation and delivery of the EU-funded PEACE and INTERREG Programmes, uses an online electronic monitoring system (eMS). This will soon be updated to JeMS. eMS and JeMS are programme monitoring systems which allow the SEUPB to collect and store all necessary information and communicate with applicants/beneficiaries electronically via a secure online communication portal. 

Data, including personal information, is collected for the purpose of providing access to the eMS/JeMS system, assessing project application forms, awarding funds to selected projects, as well as implementing, managing, monitoring and evaluating the subsidy contracts, protecting the financial interests of the EU (notably for verifications and audits) and for communicating on respective programmes. 

The recipients of this data are the programme authorities, the European Commission, the programme Member States authorities represented in the programme monitoring committee and group of auditors, contact points, the company carrying out second level audits on behalf of the audit authority and the group of auditors, the INTERACT programme authorities and any other entity to which the SEUPB may give access to its database, on a strict need to know basis. 

Any personal data, and/or special category data, collected in eMS/JeMS will be processed by the SEUPB in accordance with applicable Data Protection Laws and the SEUPB Appropriate Policy Document. 

The applicants and partners are authorised by the SEUPB to collect and process personal data required in the online forms, provided that they have informed the data subjects whose personal data are collected and processed about the conditions of collection and processing of those data according to the eMS/JeMS terms and conditions (by providing them with a copy of these terms and conditions) before transmitting those data to the SEUPB through eMS/JeMS. 

The persons whose personal data are processed have the right to access and correct their own personal data. For this purpose, they must send any queries about processing of their personal data to the SEUPB by sending a request through the SEUPB self-service portal.

How your information will be handled

In deciding what personal information to collect, hold and process, the SEUPB is committed to ensuring that we uphold the highest standards. We adopt and maintain the high standards in respect of the handling and use of your personal information and only collect, hold and use your personal information where it is necessary and proportionate to do so. We will keep your personal information secure and safe, ensuring that there are effective safeguards and systems in place to make sure your personal information is kept secure and that any personal information is deleted when it is no longer needed. 

As a Body we will consider and address the privacy risks when planning to use or hold your Personal Data in new ways, such as when introducing new systems. We will provide regular training to staff who handle personal information and we will comply with obligations to report any failure in our systems which results in a Data Breach and information being lost or miscommunicated.

How we keep your information safe (Where your personal data is stored)

We protect your personal information with security measures under the laws that apply. We keep our computers, files and buildings secure. 

Your personal information will be stored on data storage systems, in spreadsheets, and/or in hard copy within a manual filing system, which is accessible only by nominated the SEUPB staff in each work area. Access to Sensitive Personal Data will be further limited to relevant staff only. We store your data on secure servers in the European Economic Area and/or the United Kingdom. Personal data is not normally stored on laptops. However, where data is stored all SEUPB laptops are encrypted for security purposes.

If you, as an SEUPB employee, have chosen to opt-in to the biometric logon system with the SEUPB, the key used to do so is only stored on your work device; it cannot be accessed, extracted or moved elsewhere.  Upon exiting the organisation your work device will be wiped and the biometric key will be destroyed.

How long we hold your personal data

To meet our legal and regulatory obligations, we keep your information for no longer than is necessary for the purposes for which the data is processed before disposing of the data securely.

Data Protection Officer

Our Data Protection Officers (DPO), Claire Finlay and Laura McKnight, oversee how we collect, use, share and protect your personal information to ensure your rights are fulfilled.

Your personal information rights

Data Subjects have specific rights in relation to the collection and processing of their Personal Data. We can help you with:

Being Informed: You can ask us about the collection and use of your personal data, our purposes for processing, our retention periods and who we will share it with. 

Accessing Your Personal Information: You can ask us for a copy of the personal information we hold. You can ask us about how we collect, share and use your personal information. 

Updating and Correcting Your Personal Information: You can ask us to update or correct personal information we hold about you that is inaccurate or incomplete. 

Deleting Your Information (your right to be forgotten): You may ask us to delete or destroy your personal information in certain circumstances. In some cases, SEUPB will retain information where it is required for lawful purposes such as: 

  • to exercise the right of freedom of expression and information; 
  • to comply with a legal obligation; § for the performance of a task carried out in the public interest or in the exercise of official authority; 
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims. 

Restricting the Processing of your Personal Information: You may ask us to limit the ways in which we use your personal data in specific circumstances. 

Moving Your Information (your right to portability): Where possible we can share a digital copy of your personal information directly with you or another organisation. 

Removing Your Consent (Your right to Object): Where applicable, wherever you give us your consent to process your personal data, you can change your mind, such as in relation to direct communications or marketing. Should you seek to exercise any of these rights, you should contact: 

Claire Finlay/Laura McKnight 
Data Protection Officer 
Special EU Programmes Body 
7th Floor 
The Clarence West Building 
2 Clarence Street West 
Belfast BT2 7GP 
Email: dataprotection@seupb.eu 
Tel: 028 9026 6660

Sharing your personal data

Access to your personal information is normally only provided to relevant staff in the SEUPB. However, where necessary we may pass your Personal Data to third parties who perform functions on our behalf and who also provide services to us, for example, our Pension Administrator, or people providing contracted services to/for us such as occupational health providers, IT support providers, payroll support providers, professional advisors. These parties are required to comply with the provisions of applicable Data Protection Laws and adhere to the conditions set out in this Privacy Notice. 

We may also release personal information to regulatory or law enforcement agencies, if they require us to do so and we will also disclose your information where we are permitted and requested to do so by law. 

The SEUPB will not sell or share your personal information for marketing purposes. 

Sometimes it may be necessary to transfer personal information outside of the European Economic Area and/or the United Kingdom. Where this is required, the transfer will be in full compliance with applicable Data Protection Laws.

Accessing and updating your personal data

You are entitled to access the personal information we hold about you. This request known as a Subject Access Request will be processed and information provided to you within one month of receiving your request. If you wish to do this, please contact: 

Claire Finlay/Laura McKnight 
Data Protection Officer Special EU Programmes Body 
7th Floor, The Clarence West Building 
2 Clarence Street West 
Belfast BT2 7GP 
Email: dataprotection@seupb.eu 
Tel: 028 9026 6660

Making a complaint

If you have a complaint about the use of your personal information or how it has been processed you can in the first instance contact us to give us the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so in person, by telephone, in writing and by e-mail by contacting:

Complaints Officer 
Special EU Programmes Body 
7th Floor, The Clarence West Building 
2 Clarence Street West
Belfast BT2 7GP 
Email: feedback@seupb.eu 
Tel: 028 9026 6660 

Please be assured that all complaints received will be fully investigated. We ask that you supply as much information as possible to help us resolve your complaint quickly. If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: - 

The Information Commissioner’s Office – Northern Ireland 
3rd Floor 
14 Cromac Place 
Belfast BT7 2JB 
Telephone: 028 9027 8757 / 0303 123 1114 
Email: ni@ico.org.uk

Updates to this notice

We will make changes to this Privacy Notice from time to time, particularly when we change how we use your personal information or change our technology. 

Keep Up To Date

Keep up to date with our latest calls, project results & activities, programme news & events. We won't clutter up your inbox, we'll only email you when we've got something important to share!