The Rivers Trust (referred to as we, us or our in this Privacy Notice), is a partner organisation on the Source to Tap Project (referred to as the Project in this Privacy Notice).
We are responsible for this Privacy Notice because we manage the Project’s website, social media (Facebook, Twitter, YouTube and Instagram), newsletter, events and activities delivered by us through the Project, and the Project’s Riverfly Monitoring Volunteer Programme.
To help us manage our relationship with you through the Project, we may need to collect, store and use information that can be used to identify you. From a legal point of view, this is known as ‘processing personal information’.
Collecting and processing your personal information is necessary if we are to satisfy the expectations and requirements of our users, e.g. by communicating with you and providing you with an interactive service through the Project.
This Privacy Notice will explain:
Our aim is to respect your privacy and comply with current UK data protection legislation (i.e. EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)). References in this Privacy Notice are made to GDPR, but you should note that GDPR and DPA both apply in the UK.
The sections below tell you what personal information is, who we are and what we do, what personal information we collect and what we do with it. They explain how GDPR protects you by explaining what we are allowed to do with your personal information and clarify how to complain or withdraw your consent. They also tell you how long we keep your personal information, how you can get a copy of it or ask for it to be changed or removed, and with whom we might lawfully share your personal information.
Who we are?
The Rivers Trust is the umbrella organisation for over 60 local member Trusts, we are the only group of environmental charities in the UK and Ireland, dedicated to protecting and improving river environments for the benefit of people and wildlife.
The Rivers Trust is registered in England & Wales as a company limited by guarantee (Company Registration No: 05136671) and as a charity (Registered Charity No: 1107144).
The Rivers Trust’s registered office is:
Kyl Cober Parc
Telephone: +44 (0)1579 372142
The Rivers Trust is a partner organisation on the Source to Tap Project. We manage the Project’s website, social media (Facebook, Twitter, YouTube and Instagram), newsletter, events and activities delivered by us through the Project, and the Project’s Riverfly Monitoring Volunteer Programme which can be found here. In relation to the above areas of work on the Project, for the purposes of GDPR, we are the ‘controller’ of any personal information you give us.
We also manage the Project’s pilot Land Incentive Scheme (LIS). In relation to the LIS, for the purposes of GDPR, we are the ‘processor’ of any personal information you give us.
Other Privacy Notices Relating to the Source to Tap Project
Who does this Privacy Notice apply to?
This Privacy Notice relates to the collection and use of the personal information of individuals, sole traders and individuals in non-limited business partnerships. Although data about larger commercial entities is not considered ‘personal’ information (and therefore not captured by GDPR), where we can identify an individual acting in their professional capacity, either directly or indirectly, the legislation will apply.
For example, if we have the name and number of a business contact on file, or their email address identifies them (e.g. email@example.com), GDPR is relevant.
It is intended that this Privacy Notice covers the following.
What is Personal Information?
Personal information is anything that identifies and relates to a living person. This can include information that, when put together with other information, can then identify a person, for example, your name and contact details.
How do we collect personal data?
We collect personal information in a number of ways and circumstances:
What personal information we collect and what we do with it
The personal information we process may include:
Who we share your personal information with and why?
We work with a number of organisations to manage the Source to Tap project, and need to share some of your personal data with these parties:
Where we share data with third parties, there will be a legal agreement in place to make sure the organisation complies with applicable data protection legislation.
Who sees or has access to your personal data will depend on why we need to process it, but the organisations we share with may include the following:
Our lawful basis for processing personal data
GDPR states that a data controller (like The Rivers Trust) must have a lawful basis for processing your information. We have identified the lawful bases for which we process your information listed in the Privacy Notice as follows:
|Data collection activity||Lawful basis|
|Contractors tendering/quoting for services and Job applicants to the Project||Contract|
|Newsletter – signing up to receive the newsletter||Consent|
|Riverfly Monitoring Volunteer Programme||Consent|
|Attendees to the Project events and activities||Legitimate Interest|
Consent, as a lawful basis for processing your personal data means that you have given us your explicit consent by either signing a Consent Form or freely giving us your personal data. Giving us your Consent means you are in charge of what information you give us and what we can do with that information.
Contract, as a lawful basis for processing your personal data means, our processing is necessary for the performance of or to enable us to enter into a contract to which you are a party. We must retain the data (even when a contract is not awarded) as we are required to do so as evidence for the Project’s Audit Authorities. This must be retained for 7 years after the end date of the project.
Legitimate Interest, as a lawful basis for processing your personal data means, we process your data to satisfy our own interests and the interests of a third party, in this case the Project’s funders and audit authorities. This data must be retained for 7 years after the end date of the project.
Protecting your personal information
We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, The Rivers Trust has put in place appropriate technical, physical and organisational procedures to safeguard and secure the information we collect about you.
Where is your personal information processed?
All of The Rivers Trust’s offices and staff are based in the United Kingdom of Great Britain and Northern Ireland.
The Source to Tap project office is in Northern Ireland (Enniskillen).
Your data is processed in Northern Ireland us and the Republic of Ireland by our project partner Irish Water/Uisce Éireann (as a data processor), as well as in the wider European Union by the SEUPB, the EU Desk Officer for the project and the EU’s IT server contractor in Vienna, Austria.
Occasionally, we may use other suppliers or service providers (e.g. MailChimp®) that normally operates elsewhere in the UK, the Republic of Ireland or further afield (e.g. the wider EU or the USA).
We will not transfer or process your personal data outside the European Economic Area (EEA), unless we have your specific consent or the nature of the processing requires it (for example, because you have chosen to use a service, such as signing up to our project newsletter, that routes data outside the EEA). All processors of personal information relating to EU citizens are required to comply with GDPR.
In this Project we work with other partners organisations based in the UK and in the Republic of Ireland. Information on the Project’s partner organisations can be found here.
How we process your personal information
The Rivers Trust will process the personal information you provide in a manner that complies with current UK data protection legislation.
We will endeavour to:
Personal information that you supply to us may be used in a number of ways. For example, if you have attended an activity or event we have delivered as part of the Project, we need to keep your name and address so we can keep you up-to-date with future events but also to prove attendance to the events to the Project auditors.
What to expect when you contact us in relation to the Project
When you contact us by telephone to our General Enquiries Project Number (+44(0)7825669379) your call is being received by our Project partner, Northern Ireland Water. You can find out how Northern Ireland Water processes your call and personal data here.
When you contact us by telephone to +353(0)86 050 4356) your call is being received by our Project partner, Irish Water/Uisce Éireann. You can find out how Irish Water/Uisce Éireann processes your call and personal data here.
When you contact us by telephone to, either +44 (0)7948 354026 or +44 (0)7948 354027 you are contacting The Rivers Trust directly. We will only add your telephone number to our database if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022). We do not record calls from customers.
All post, including enclosures, received by us is scanned electronically on to our systems. The hard-copy post is either destroyed or kept on file for a period of 7 years after the end date of the project (i.e. 31st March 2028).
If you email us, we will respond to you using the email address you give us. We may add your email address to our contact database, but only if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022).
If you contact us using firstname.lastname@example.org or via our contact form on the project website, your email is being received by our Project partner, Northern Ireland Water. You can find out how Northern Ireland Water processes your emails and personal data here.
If you contact us using email@example.com or firstname.lastname@example.org , your email is being received by our Project partner, Irish Water/Uisce Éireann. You can find out how Irish Water/Uisce Éireann processes your emails and personal data here.
Contacting us via social media:
We strongly advise not posting your personal contact or other sensitive information on a public social media site. If you contact us using social media, we will ask you to private message us to gather suitable information. We will suggest an alternative contact method if we think this is more appropriate.
The Rivers Trust only uses the information you provide in connection with a job application and will not disclose your information or use it for any other purpose. All the information we collect is stored securely on a centralised database. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.
The Rivers Trust only uses the information you provide in connection with a call to tender or request for quotation for the provision of goods/services to the Project for the purposes of fulfilling procurement requirements for the Project’s auditors and will not disclose your information or use it for any other purpose. All the information we collect is stored securely on a centralised database. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.
Your rights as data subject
You have lots of privacy rights. The following explains what your rights are:
You can tell any of the Partners that you want to exercise any of your available rights, and they will promptly pass that request to The Rivers Trust (as controller), with the exception of the Land Incentive Scheme (LIS) – There is a separate Privacy Notice relating to the LIS which can be found here.
The authority responsible for overseeing data protection matters in Northern Ireland (and the rest of the UK) is the Information Commissioner’s Office (ICO). To learn more about all these rights, please see the ICO’s website:
The authority responsible for overseeing data protection matters in the Republic of Ireland is the Data Protection Commissioner (DPC). Guidance about your rights available on its website:
Please be aware that there may be circumstances when we are unable to comply with your request to exercise your rights. If this is ever the case, we will inform you of the reason and provide details of how you can register a complaint with the relevant authority responsible for data protection in your jurisdiction if you believe we have got this wrong. However, complaints can often be dealt with satisfactorily without the involvement of any authorities, so please let us know if you have any such complaints in the first instance.
Changes to this Privacy Notice
We may update the Privacy Notice from time to time – please ensure you visit the Source to Tap website for the latest version: