Privacy Notice

This webpage is part of the legacy website for the Source to Tap Project, supported by the European Union’s INTERREG VA, managed by the Special EU Programmes Body (SEUPB). This project has now come to an end and this site should be used for reference only.

This Privacy Notice is a revised version of the Privacy Notice that was available on the Source to Tap project website (also when the project was live. The Privacy Notice has been revised to reflect the fact that, as of the end of the project at the end of September 2022, elements of project are no longer available.

NI Water (referred to as we, us or our in this Privacy Notice), is the lead partner on the Source to Tap Project (referred to as the Project in this Privacy Notice).

We are responsible for this Privacy Notice because we manage the Project’s website and social media (Facebook, Twitter, YouTube and Instagram).

To help us manage our relationship with you through the Project, we may need to collect, store and use information that can be used to identify you. From a legal point of view, this is known as ‘processing personal information’.

Collecting and processing your personal information is necessary if we are to satisfy the expectations and requirements of our users, e.g. by communicating with you and providing you with an interactive service through the Project.

This Privacy Notice will explain:

  • Who we are.
  • How and why we process your personal data.
  • Your rights.
  • How you can get in touch with us if you need to.

Our aim is to respect your privacy and comply with current UK data protection legislation (i.e. EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)). References in this Privacy Notice are made to GDPR, but you should note that GDPR and DPA both apply in the UK.


  • We keep to a minimum the information we hold about you.
  • We use your information to provide our services to you, respond to your enquiries, manage our relationship with you and meet our legal obligations.
  • We delete your data when we no longer need it.
  • Generally, we do not share your personal information with third parties, except when there is a lawful basis to do so.
  • You have lots of privacy rights.
  • We take security seriously.
  • We are happy to answer your questions about any of this



The sections below tell you what personal information is, who we are and what we do, what personal information we collect and what we do with it. They explain how GDPR protects you by explaining what we are allowed to do with your personal information and clarify how to complain or withdraw your consent. They also tell you how long we keep your personal information, how you can get a copy of it or ask for it to be changed or removed, and with whom we might lawfully share your personal information.

Who we are?

NI Water (including Northern Ireland Water Alpha Ltd and its employees) is the sole provider of public water and sewerage services in Northern Ireland. We are a non-departmental public body (NDPB) and a Government-Owned Company (GoCo), established in April 2007. For the purposes of GDPR, we are the ‘controller’ of any personal information you give us.

We may require the services of external third parties to process your personal information on our behalf. These companies are referred to as ‘processors’. Any data processors NI Water uses also have their own legal responsibility for handling your data.

NI Water’s registered office address is:

Northern Ireland Water Limited
Westland House
40 Old Westland Road
BT14 6TE

Telephone: 03457 440088

Who does this Privacy Notice apply to?

This Privacy Notice relates to the collection and use of the personal information of individuals, sole traders and individuals in non-limited business partnerships. Although data about larger commercial entities is not considered ‘personal’ information (and therefore not captured by GDPR), where we can identify an individual acting in their professional capacity, either directly or indirectly, the legislation will apply.

For example, if we have the name and number of a business contact on file, or their email address identifies them (e.g., GDPR is relevant.

It is intended that this Privacy Notice covers the following.

  • Visitors to this website.
  • Individuals making general enquires about the project or our services.
  • Suppliers (and/or their staff).
  • Contractors (and/or their staff).
  • Elected representatives (MPs, MLAs, Councillors).
  • Members of community-based groups.
  • Journalists.

What is Personal Information?

Personal information is anything that identifies and relates to a living person. This can include information that, when put together with other information, can then identify a person, for example, your name and contact details.

How do we collect personal data?

We collect personal information in a number of ways and circumstances:

  • We may collect personal information about you when you provide information to us over the telephone, in a letter, email or fax, on Contact Us forms or via social media (e.g. Facebook, Twitter, YouTube and Instagram);
  • When you have given a third-party permission to share with us the information, they hold about you.
  • When you choose to complete any surveys, we send you.
  • When any of our partners collect information on our behalf.
  • Via articles, which may include photographs, in the Source to Tap Newsletter. This helps promote the essential nature of the work we do and, in particular to celebrate project achievements. The newsletter also has a limited external circulation to some of NI Water’s key stakeholders, including MLAs, MEPs and MPs, Education and Library Boards, Chambers of Commerce, Borough, City and District Councils, Agencies, Associations, Charities, Colleges, Councils, Federations, Institutes, etc.

What personal information we collect and what we do with it

The personal information we process may include:

  • Identification data, including your name and contact details, such as: address, email address, telephone (landline and/or mobile) number.
  • Your communications with us.
  • Your social media username or ‘handle’, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  • Your responses to any surveys you chose to take part in.
  • Recordings of telephone calls.
  • Information provided in the course of tender processes.
  • At public information meetings and at events and activities delivered by us, with the data subjects’ informed consent, names and contact details of attendees, for the purposes of keeping them updated on the project. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.

Who we share your personal information with and why?

We work with a number of organisations to manage the Source to Tap project, and need to share some of your personal data with these parties:

  • to undertake the day -to-day running of the project.
  • to provide evidence to the Project funders of our project activities in relation to the restricted purpose for which the funding is granted to the project.
  • to ensure that the project provides equal opportunities on an ongoing basis;
  • to help analyse the effectiveness of the project in tackling some of the issues the project is designed to address.

Where we share data with third parties, there will be a legal agreement in place to make sure the organisation complies with applicable data protection legislation.

Who sees or has access to your personal data will depend on why we need to process it, but the organisations we share with may include the following:

  • The Department of Agriculture, Environment and Rural Affairs
  • The Department of Housing, Planning and Local Government
  • Special EU Programmes Body (SEUPB)
  • European Commission Auditors
  • European Court of Auditors
  • European Territory Co-operation Audit Authority
  • Northern Ireland Audit Office
  • Comptroller & Auditor General Ireland
  • eTenders NI
  • Microsoft (in relation to personal data held by The Rivers Trust)
  • MailChimp® (which securely hosts the email addresses of those who sign up to our Source to Tap Newsletter)
  • Northern Ireland Water (as a delivery partner on the project and in relation to personal data held on its Esri ArcGIS platform (geospatial data only) and its EStream Extranet Site (other data, including personal data)).
  • Irish Water/Uisce Éireann (as a delivery partner on the project)
  • East Border Region (as a delivery partner on the project)
  • AME (in relation to IT support services).

Our lawful basis for processing personal data

GDPR states that a data controller (like NI Water) must have a lawful basis for processing your information. We have identified the lawful bases for which we process your information listed in the Privacy Notice as follows:

Consent, as a lawful basis for processing your personal data means that you have given us your explicit consent by either signing a Consent Form or freely giving us your personal data. Giving us your Consent means you are in charge of what information you give us and what we can do with that information.

Protecting your personal information

We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, NI Water has put in place appropriate technical, physical and organisational procedures to safeguard and secure the information we collect about you.

Where is your personal information processed?

All of NI Water’s offices and staff are based in the United Kingdom of Great Britain and Northern Ireland.

Your data is processed in Northern Ireland by us and by The Rivers Trust, and the Republic of Ireland by our project partner Irish Water/Uisce Éireann (as a data processor), as well as in the wider European Union by the SEUPB, the EU Desk Officer for the project and the EU’s IT server contractor in Vienna, Austria.

Occasionally, we may use other suppliers or service providers (e.g. MailChimp®) that normally operates elsewhere in the UK, the Republic of Ireland or further afield (e.g. the wider EU or the USA).

  • MailChimp® (used to hold contact details of those who have signed up to receive our Source to Tap Newsletter) is hosted in the United States of America. Personal data is transferred to the host (MailChimp®) on the basis that it has signed up to the US Privacy Shield, certifying that it adheres to the principles of the Privacy Shield and has certified its compliance with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks.

We will not transfer or process your personal data outside the European Economic Area (EEA), unless we have your specific consent or the nature of the processing requires it (for example, because you have chosen to use a service, such as signing up to our project newsletter, that routes data outside the EEA). All processors of personal information relating to EU citizens are required to comply with GDPR.

In this Project we work with other partners organisations based in the UK and in the Republic of Ireland. Information on the Project’s partner organisations can be found here.

How we process your personal information

NI Water will process the personal information you provide in a manner that complies with current UK data protection legislation.

We will endeavour to:

  • keep your information accurate and up to date,
  • not keep it for longer than needed, and
  • keep it safe, only permitting access to those who need to use it.

What to expect when you contact us in relation to the Project


When you contact us by telephone to our General Enquiries Project Number (+44(0)7825669379 ) your call is being received by us. You can find out how we processes your call and personal data here.

We will only add your telephone number to our database if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022). We do not record calls from customers.


All post, including enclosures, received by us is scanned electronically on to our systems. The hard-copy post is either destroyed or kept on file for a period of 7 years after the end date of the project (i.e. 31st March 2028).


If you email us, we will respond to you using the email address you give us. We may add your email address to our contact database, but only if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022).

If you contact us using or via our contact form on the project website, your email is being received by us. You can find out how we processes your emails and personal data here.

Contacting us via social media:

We strongly advise not posting your personal contact or other sensitive information on a public social media site. If you contact us using social media, we will ask you to private message us to gather suitable information. We will suggest an alternative contact method if we think this is more appropriate.

Your rights as data subject

You have lots of privacy rights. The following explains what your rights are:

  • As your personal data is being processed on the basis of Consent, you can withdraw your consent to the use of your personal data at any time. However, in some cases, we may not be required or able to comply for legal reasons. If this is the case, we will tell you and explain why.
  • Subject to some legal exceptions, you have the right to request a copy of the personal data we or the Project Partners hold about you. You have the right to ask for all the information we hold about you and the services you receive from us. When we receive a request from you in writing, we should respond formally to you within one month of receiving your request.
  • You have the right to have any inaccuracies corrected. You should let us know if you disagree with something, we hold about you. We may not always be able to change or remove that information. Where we can, we’ll correct factual inaccuracies and will include your comments in the record to show that you disagree with it.
  • You have the right to be forgotten. In some circumstances, you can ask for your personal data to be deleted, for example:
    • when it is no longer needed for the reason it was first collected.
    • when you have withdrawn your consent for us to process your information (and where there is no other lawful reason for us to continue processing it).
    • when there is no legal reason for the continued use of your information.
    • when deleting the information is a legal requirement.
  • Where your personal data has been shared with others, we’ll do what we can to make sure those using your personal data comply with your request for erasure. Please note that we can’t delete your information where:
    • it is for scientific or historical research or statistical purposes, and deleting it would make information unusable; or
    • it is necessary for financial or legal claims.
  • You have the right to ask us to restrict what we use your personal data for:
    • where you have identified inaccurate information and have told us of it.
    • where we have no legal reason to use that information, but you want us to restrict what we use it for rather than erase the information altogether.
  • Where restriction of use has been granted, we’ll inform you before we carry on using your personal data. Where possible, we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.

You can tell any of the Partners that you want to exercise any of your available rights, and they will promptly pass that request to NI Water (as controller).

The authority responsible for overseeing data protection matters in Northern Ireland (and the rest of the UK) is the Information Commissioner’s Office (ICO). To learn more about all these rights, please see the ICO’s website: gdpr/individual-rights/

The authority responsible for overseeing data protection matters in the Republic of Ireland is the Data Protection Commissioner (DPC). Guidance about your rights available on its website:

Please be aware that there may be circumstances when we are unable to comply with your request to exercise your rights. If this is ever the case, we will inform you of the reason and provide details of how you can register a complaint with the relevant authority responsible for data protection in your jurisdiction if you believe we have got this wrong. However, complaints can often be dealt with satisfactorily without the involvement of any authorities, so please let us know if you have any such complaints in the first instance.

Changes to this Privacy Notice

We may update the Privacy Notice from time to time – please ensure you visit the Source to Tap website for the latest version: