Privacy Policy

The 11 Northern Ireland Councils are the joint data controllers under UK Data Protection Legislation for the personal information (personal data) that you provide for the purposes of registering for access to the Northern Ireland Enterprise Support Service (NIESS).  By providing your personal data you are consenting to its use in the administration and management of the NIESS service whose lawful basis for processing is under Article 6(1)(e) of the UK General Data Protection Regulation as it is providing a service for the performance of a public task.

The equality monitoring form requests more sensitive information, known as special category personal data. Any information you provide on the equality monitoring form is processed under Article 6(1)(c) and Article 9(2)(g) of the UK General Data Protection Regulation (Schedule 1 Part 2 (8)(a) and (b) of the Data Protection Act 2018 applies). It is requested to enable the Council to meet its legal obligations in relation to equality monitoring and reporting, but is processed, retained and stored anonymously.

Personal data may be shared internally with staff who are involved in the administration and management of the NIESS and on occasions, between internal departments with the purpose of supporting an effective delivery of service. To ensure you receive the most appropriate support, the councils are required to share your personal data with selected contractors appointed as delivery agents to deliver the NIESS. Additionally, our delivery agent may share your personal data with their sub-contractors, appointed as agents to provide mentoring services on behalf of each of the 11 councils. Please note, this sharing is necessary for you to access relevant support and therefore your details will only be shared with an organisation that will provide you with the correct assistance and advice, whilst focusing on your needs.

The councils will not share or disclose your personal data to any other organisation without your consent or unless the law permits or places an obligation on the council to do so. Personal data is held and stored by the councils in a safe and secure manner and in accordance with their Records Retention and Disposal Schedule. If you have a query regarding your personal data or wish access to it, please contact the NIESS Programme Management Office at ess@belfastcity.gov.uk

We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. By using the Go Succeed Members Area, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Website.

When you register for the Go Succeed Members Area we collect the following personal data for a membership on our Website:

• Name: To personalise your experience and manage your account.
• Email Address: For account access, updates, and communication purposes.
• Local Council Area: To better understand our member demographics and improve our services.

How We Use Your Data

We will use your Go Succeed Members Area personal data for the following purposes:

• Account Management: To create, manage, and support your membership account.
• Communication: To send you emails about your account, service updates, and other relevant information.
• Service Improvement: To analyse user demographics and improve our services based on the local council areas provided.
  

Legal Basis for Processing

Under GDPR, we rely on the following legal grounds to process your personal data:

• Consent: By registering as a member, you consent to our collection and use of your personal data as described in this Privacy Policy.
• Legitimate Interests: We may also process your data as it is necessary for the legitimate interests of our Website to manage memberships and improve our services.

Data Retention

We will retain your Go Succeed Members Area personal data for as long as you hold a membership account with us. After you terminate your membership, we may retain your data for a reasonable period to fulfill any legal, regulatory, or reporting requirements.

Data Security

We take appropriate technical and organisational measures to secure your personal data and protect it from unauthorised access, disclosure, alteration, or destruction. These measures include:

Technical Security Measures:

• Enterprise-grade hosting infrastructure through Kinsta with isolated server environments
• Web Application Firewall (WAF) and DDoS protection
• Premium security monitoring and malware scanning
• Secure Socket Layer (SSL) encryption for all data transmission
• Secure password hashing and salting
• Regular automated security updates and patches
• IP filtering and access controls
• Rate limiting to prevent brute force attacks
• Regular automated backups with encrypted storage

Organizational Data Protection Measures:

• Restricted administrator access to authorized personnel only
• Secure API integration with SendGrid for email communications
• Implementation of strong password policies
• Regular security audits and vulnerability assessments
• Data minimization – only collecting necessary personal information
• Secure member authentication processes
• Clear data retention and deletion policies
• Internal data handling procedures and staff training
• Documented incident response procedures

User Data Protection:

• Secure processing of membership information
• Secure member portal access
• Individual user authentication
• Encrypted storage of personal information
• Controlled access to course progression data

Your Rights

Under GDPR, you have the following rights regarding your Go Succeed Members Area personal data:

• Access: You can request a copy of the personal data we hold about you.
• Rectification: You have the right to correct any inaccuracies in your personal data.
• Erasure: You can request that we delete your personal data, subject to certain conditions.
• Restriction: You can ask us to restrict the processing of your personal data under certain circumstances.
• Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Objection: You can object to our processing of your personal data under certain circumstances.
• Withdraw Consent: If you provided consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at ess@belfastcity.gov.uk.

Cookies

Our Website uses cookies to enhance your user experience. For more information on how we use cookies, please refer to our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the new policy on our Website. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: ess@belfastcity.gov.uk.