HIA Interim Advocate’s Office Privacy Notice
General Data Protection Regulation 2016 and Data Protection Act 2018
The HIA Interim Advocate’s Office is committed to protecting your privacy. This Privacy Notice explains how the HIA Interim Advocate’s Office uses information about you and the ways in which we will safeguard your data.
Why we process your personal information
Personal information is collected by the HIA Interim Advocate’s Office as part of its public task (see ‘Lawful basis for processing data’ below).
When individuals or organisations communicate with the Interim Advocate’s Office (hereafter referred to as ‘the Office’) they may provide personal information as part of the communication.
One of the roles of the Interim Advocate is to act as a channel of communication to the sector. As part of this, the Interim Advocate’s Office maintains a client database listing the names, telephone numbers, email and postal addresses and details of any institutions provided by members of the public who contact the office either looking for assistance or seeking updates on the HIA Redress Scheme.
We process this personal information in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018. The lawful basis for processing under GDPR is in relation to our public task under Article 6(1)(e) of GDPR.
Lawful basis for processing data
In order to comply with data protection legislation, we must have a lawful basis for processing any personal data. The processing that this Office carries out in this case is on a ‘public task’ basis (i.e. the processing is necessary for the Office to perform a task in the public interest or in order to discharge its official functions).
The type of personal data we process:
The information we receive in correspondence to the Interim Advocate may include:
- personal details;
- family details;
- education, training and employment details;
- financial details;
- goods and services;
- lifestyle and social circumstances;
- visual images, personal appearance and behaviour; and
- surveys, consultations or needs assessments.
It is recognised that individuals communicating with the Office may choose to provide additional personal information. Some of the personal information we process may also be special category (sensitive) personal data which may relate, for example, to an individual’s health. These sensitive classes of information, known as ‘special categories of personal data’ under GDPR, may include:
- racial and ethnic origin;
- offences and alleged offences;
- criminal proceedings, outcomes and sentences;
- trade union membership;
- physical or mental health details;
- religious or similar beliefs; and
- sexual life.
In these cases, the condition that the Office relies on to process special category (sensitive) personal data lawfully is that the processing is necessary for reasons of substantial public interest.
In addition to personal data we may receive from individuals and as part of our communication with the public, we may request personal contact details to be provided by the party to enable Office business to be transacted. This may include name, telephone number, e-mail address or postal address and details of institutions in which clients had been placed as a child.
How we obtain the personal data
The Office receives personal information from members of the public or organisations with a stakeholder interest in the area of Historical Institutional Abuse. Personal information may be received from individuals and organisations within Northern Ireland, Great Britain, the Republic of Ireland, Australia, the United States of America and other countries. If personal data is supplied, the Office will safeguard the security of the data by ensuring:
- it is not be shared outside of the office without the individual’s explicit consent;
- where personal data is transferred by consent to other organisations or countries, documents will be password protected and the password communicated in a separate email to the receiving individual or organisation; and
- the use of a secure encrypted IT system and where necessary, further encrypting documents before being shared.
Communications containing personal information may be, for example, in the format of:
- hard copy and e-mail submissions;
- telephone calls; and
- records from public and targeted events and meetings with victims and survivors of Historical Institutional Abuse.
When an individual first contacts the Interim Advocate’s Office, they will be asked to provide consent for their details to be maintained and managed on the HIA Interim Advocate’s Contacts Log. The Office will only ask for information that the client feels comfortable providing and which is necessary to enable the Office to provide the advice and support requested. However, it is important to note that when communicating, an individual does not have to provide the information we may ask for. Where an individual does not provide consent, the Office will not store any personal information on the database. Once the client’s original request has been dealt with, the information provided to facilitate the response will not be retained and the Office will not make any further, unsolicited, contact.
Contact details provided, including those of third parties, may be used to seek additional or personal information and/or verify information supplied.
Who the information may be shared with
Unless the law permits, or places an obligation on the Office to do so, personal information provided as part of an individual’s communication will not be shared outside of the Office without their explicit consent.
The length of time the Interim Advocate’s Office retains personal data
The personal information supplied will be managed in accordance with Data Protection legislation. In particular, the information will be kept for no longer than is necessary for the purposes of conducting its business.
The Office will conduct regular reviews of the HIA Interim Advocate’s Contact Log and will verify with clients that they are remain content for their details to continue to be maintained by the Office for communication purposes at least once per calendar year. A client who no longer wishes to receive updates or communications from the Interim Advocate’s Office can ask for their details to be removed from the database at any time by contacting the HIA Data Protection Officer using the contact details provided at the end of this Notice.
Where personal information is received by:
- hard copy format, it is scanned to create an electronic copy, which is saved and retained securely within HPRM, the standard system for records management in the NICS
- electronic format, it is saved and retained securely within HPRM
- telecommunication format, it is recorded on a telephone call log document and saved securely within HPRM
Access to these records is tightly restricted to the Office and TEO records management administrators.
Under the Schedule, seven years after the last record is received in an Office file, records will be reviewed, then either retained by the Office or transferred to the Public Record Office of Northern Ireland (PRONI) to review and determine if they are to be permanently preserved.
What are your rights?
- You have the right to be informed and you can also obtain confirmation that your data is being processed.
- You have the right to access your personal data.
- You are entitled to have your personal data rectified if it is inaccurate or incomplete.
- You have the right to have your personal data erased and to prevent processing in specific circumstances. Under Article 17 of the General Data Protection Regulation (GDPR) 2016 individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. However, the right is not absolute and only applies in certain circumstances.
- You have the right to restrict processing of personal data in specific circumstances. Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.
- You have the right to data portability in specific circumstances. This enables you to receive the personal data that you have provided, and to request that it is transmitted directly to another data controller.
- You have the right to object to the processing of personal data in specific circumstances. Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data.
- You have rights in relation to automated decision making and profiling. However, we can advise that the Interim Advocate’s Office do not use personal data for the purpose of automated decision making and profiling.
More detailed information in relation to this can be obtained through the Information Commissioner’s Office website, https://ico.org.uk/
If you are dissatisfied with how your personal information is being processed, please contact the Interim Advocate’s Data Protection Officer using the details provided below.
Data Protection Officer
The HIA Interim Advocate’s Office
Tel: (+44) 28 90893977
If you are still dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Alternative Formats or General Enquiries
This HIA Interim Advocate’s Office Privacy Notice document is available online at http://hiainterimadvocate.org.uk/
If you have any other queries about this Privacy Notice or require it in an alternative format or language, including hard copy, please contact the HIA Interim Advocate’s Office:
HIA Interim Advocate 2nd Floor
87-91 Great Victoria Street
Tel: (+44) 28 90893977
Changes to this Privacy Notice
We keep this Privacy Notice under regular review and we will place any updates on the HIA Interim Advocate’s website (see link above). This Privacy Notice was last updated on 9 January 2020.