Tourism NI Privacy Notice

Who are we? 
Tourism NI, the trading name of The Northern Ireland Tourist Board, with registered offices at Floors 10-12, Linum Chambers, Bedford Square, Bedford Street, Belfast BT2 7ES, hereafter referred to as Tourism NI.   

For the purposes of this privacy policy Tourism NI is the data controller. 

Data Protection Officer 
Brian Gillanders
Email: dpo@tourismni.com 
Tel: 02890441536 

What type of information do we collect from you?

Most of the information we process is provided to us directly by you for one of the following reasons:

• You have made an enquiry to us
• You have requested our services
• You have subscribed to our newsletter or insights
• You have visited our website
• You wish to attend, or have attended an event

Tourism NI collects personally identifiable information, such as your email address, name, home or work address or telephone number and in some occasions, financial information.

Tourism NI also collects anonymous demographic information which is not unique to you such as your postcode, age, gender, preferences, interests and information regarding what pages are accessed and when.

There is also information about your computer hardware and software that is automatically collected by Tourism NI when you visit our website. This information can include your IP address; browser type; domain names; access times, referring website addresses and any of our cookies you have previously consented to. 

A digital CCTV system operates on Tourism NI premises. It is continuously recorded for the purposes of public safety and security. Further information related to the CCTV system can be obtained from SERCO on 028 9069 8870. 

Links to other websites:

Our web sites and electronic communications may contain links to other websites, both those of government departments and of other organisations. This privacy policy applies only to our site, so you should always be aware when you are moving to another site and read the privacy statement of any site that collects personal information. 

The Data Protection Act 2018 & the General Data Protection Regulation (GDPR) provides rights for individuals: 

The right to be informed 
You have the right to be informed about how and when we may process personal data.  
This is typically done via a privacy notice.  

The right of access 
You have the right to ask us for copies of your personal information. This right always applies, there are some exemptions which means that you may not always receive all the information we process.

You can request access from the Data Protection Officer by completing our Subject Access Request Form.

The right to rectification 
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. 
You have the right to ask us to erase your personal information in certain circumstances where there is no compelling reason for its continued processing, for example; upon the withdrawal of consent for direct marketing.

The right to restrict processing 
You have the right to ask us to restrict the processing of your information in certain circumstances.

The right to data portability 
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. This right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

The right to object to processing 
You have the right to object to the processing of your personal data if it is for: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

Rights in relation to automated decision making and profiling. 
The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. You have the right not to be subject to a decision based solely on automated processing, including profiling.

The right to withdraw consent at any time, where relevant 
We are required to make it as easy to withdraw consent as to give consent.

The right to lodge a complaint with a supervisory authority 
The Information Commissioner for Northern Ireland may be contacted here:

Information Commissioner's Office 
3rd Floor 
14 Cromac Place 
Belfast 
BT7 2JB 
Tel: 028 9027 8757 or 0303 123 1114 
Email: ni@ico.org.uk 
Map and directions

Or Online at https://ico.org.uk/concerns/ 

The legal basis for the processing and the purpose of the processing. 
A key function of Tourism NI as defined by The Tourism (Northern Ireland) Order 1992 is to encourage tourism, provide advice and information about travelling to and holidays in Northern Ireland and to publicise or advertise holidays in Northern Ireland. The order also empowers us carry out surveys and collect statistics and information relating to the tourist industry and assist in making Northern Ireland attractive to tourists. 

As such, Tourism NI collects and uses your personal information to operate Tourism NI websites and deliver the services you have requested. Tourism NI also uses your personally identifiable information to inform you of other products or services available from Tourism NI and its affiliates, where you have requested us to. Tourism NI may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.  

Tourism NI, as defined by the by The Tourism (Northern Ireland) Order 1992, is also empowered to deliver financial assistance to the tourism industry and regulate tourist accommodation. For additional information on the Tourism (Northern Ireland) Order 1992, please use the links below:

Financial Assistance: PART III FINANCIAL ASSISTANCE TO TOURIST INDUSTRY 

Tourist Accommodation: PART IV REGULATION OF TOURIST ACCOMMODATION 

Consent will not be required to process personal data for these purposes alone and refusal to supply information will result in the failure to secure financial assistance or failure to be certified as a tourism establishment. 

Profiling 
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk. 

Like many other websites, our website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better, more personalised service.  

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website. 

Digital Marketing, Social Media Monitoring & Advertising 
As part of our marketing and communications activity, we collect technical, web and aggregated data for the purposes of digital marketing including search engine marketing and on-line advertising.  We use advertising options available on social networks to target specific audiences using interest, location and demographic data made available in the social network and search engines. 

To ensure compelling and integrated communications, there are occasions where we may integrate a user's activity by tracking user's behaviour with a combination of cookies and pixel tagging data on our website discovernorthernireland.com with relevant social media advertising and web site advertising channels. 

We also use social media listening software to surface and bring publicly available social content to our attention. 

Your marketing choices 
You have a choice about whether or not you wish to receive information from us. If you want to receive direct marketing communications from us then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information. 

We will not contact you for marketing purposes by email, post, phone or text message unless you have given your prior consent.

You can change your marketing or research preferences at any time by clicking the ’unsubscribe’ link on any email we send you. You can also do this by contacting us via:

• Post
• ‘Contact Us’ form on the website
• Telephone: (028) 9023 1221

How long do we keep your information? 
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity as described in our approved disposal and retentions schedule, or as long as is set out in any relevant contract or agreement you hold with us. 

Who has access to your information? 
We will not sell or rent your information to third parties. 
Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes without your prior consent.

Organisations we may share information with:  
We work closely with a number of third party service providers, agents, subcontractors and other organisations for the purposes of completing public tasks and providing services to you on our behalf.

In order to arrange events, workshops, familiarisation trips, webinars etc, we will also share your information with our tourism partners, such as Fáilte Ireland and Tourism Ireland, and with tourism product and service providers e.g. accommodation providers, event organisers. 

We work in conjunction with our tourism partners to deliver specific projects such as the Digital Asset Management (DAM) system (Northern Ireland’s Content Pool). Your personal information will be managed in line with this privacy policy.

When we work with or use third party service providers, we disclose only the personal information that is necessary to deliver the service, and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. 

List of Organisations:

Please click here to view the list of 3rd party organisations we may share information with.

We may also be required to disclose your information by law, for example, by a court order, or when we receive a Freedom of Information request, or for the purposes of prevention of fraud or other crime. Tourism NI is required to participate in the National Fraud Scheme, which requires the disclosure of financial information. 

People who subscribe on tourismni.com:
When a subscription is entered we collect the personal information of the applicant. This information is used for the delivery of the service requested and for subsequent Tourism NI monitoring and reporting. When we receive a subscription request, we will notify all those persons involved that we have received their application and that we are processing their personal information for that purpose only. We will not share or use the supplied personal information for the purposes of direct marketing without your explicit consent. Where you have given consent you can withdraw it at any time. 

Tourism NI will publish aggregated anonymised data on its performance on its website. We will keep personal information contained in application files in line with our retention policy. This means that information relating to subscribers will be retained for a minimum of 5 years. It will be retained in a secure environment and access to it will be restricted.

Securing your information 
When you give us personal information, we take steps to ensure that it’s treated securely. We restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place.
 
We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of your personal data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

All information submitted to our websites is encrypted. When you are on a secure page, a lock icon will appear on the top of web browsers such as Microsoft Edge and Google Chrome. 

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

16 or Under 
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information. 

Transferring your information outside of Europe 
As part of the services offered to you through this website, the information, which you provide to us, may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. 

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services. 

National Fraud Initiative: Northern Ireland
As a public sector organisation Tourism NI is required to participate in the National Fraud Initiative, under which the Northern Ireland Audit Office (NIAO), has statutory powers to conduct data matching exercises for the purpose of assisting in the prevention and detection of fraud. The powers are contained in the Serious Crime Act 2007, which adds Articles 4A to 4H to the Audit and Accountability (Northern Ireland) Order 2003.

This requires us provide the Northern Ireland Audit Office with details of all those companies and individuals we make payments to. This will include staff salaries and expenses as well as the details of those we buy goods and services from, or those who have benefited from our funding initiatives.

The Audit Office will undertake data matching, which involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. This allows potentially fraudulent claims and payments to be identified.
Tourism NI is now collating the information to be shared with the NI Audit Office.

For details on how NIAO process your information please see their privacy statement. https://www.niauditoffice.gov.uk/publications/nfi-privacy-notice-2022

Review of this Policy
We keep this Policy under regular review. This Policy was last updated in November 2022.