Privacy Notice

The Rivers Trust (referred to as we, us or our in this Privacy Notice), is a partner organisation on the Source to Tap Project (referred to as the Project in this Privacy Notice).

We are responsible for this Privacy Notice because we manage the Project’s website, social media (Facebook, Twitter, YouTube and Instagram), newsletter, events and activities delivered by us through the Project, and the Project’s Riverfly Monitoring Volunteer Programme.

To help us manage our relationship with you through the Project, we may need to collect, store and use information that can be used to identify you. From a legal point of view, this is known as ‘processing personal information’.

Collecting and processing your personal information is necessary if we are to satisfy the expectations and requirements of our users, e.g. by communicating with you and providing you with an interactive service through the Project.

This Privacy Notice will explain:

  • Who we are.
  • How and why we process your personal data.
  • Your rights.
  • How you can get in touch with us if you need to.

Our aim is to respect your privacy and comply with current UK data protection legislation (i.e. EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)). References in this Privacy Notice are made to GDPR, but you should note that GDPR and DPA both apply in the UK.

SUMMARY NOTICE

  • We keep to a minimum the information we hold about you.
  • We use your information to provide our services to you, respond to your enquiries, manage our relationship with you and meet our legal obligations.
  • We delete your data when we no longer need it.
  • Generally, we do not share your personal information with third parties, except when there is a lawful basis to do so.
  • You have lots of privacy rights.
  • We take security seriously.
  • We are happy to answer your questions about any of this

 

FULL NOTICE

The sections below tell you what personal information is, who we are and what we do, what personal information we collect and what we do with it. They explain how GDPR protects you by explaining what we are allowed to do with your personal information and clarify how to complain or withdraw your consent. They also tell you how long we keep your personal information, how you can get a copy of it or ask for it to be changed or removed, and with whom we might lawfully share your personal information.

Who we are?

The Rivers Trust is the umbrella organisation for over 60 local member Trusts, we are the only group of environmental charities in the UK and Ireland, dedicated to protecting and improving river environments for the benefit of people and wildlife.

The Rivers Trust is registered in England & Wales as a company limited by guarantee (Company Registration No: 05136671) and as a charity (Registered Charity No: 1107144).

The Rivers Trust’s registered office is:

Rain-Charm House

Kyl Cober Parc

Stoke Climsland

Callington

Cornwall

PL17 8PH

United Kingdom

Telephone: +44 (0)1579 372142

E-mail: info@theriverstrust.org

The Rivers Trust is a partner organisation on the Source to Tap Project. We manage the Project’s website, social media (Facebook, Twitter, YouTube and Instagram), newsletter, events and activities delivered by us through the Project, and the Project’s Riverfly Monitoring Volunteer Programme which can be found here. In relation to the above areas of work on the Project, for the purposes of GDPR, we are the ‘controller’ of any personal information you give us.

We also manage the Project’s pilot Land Incentive Scheme (LIS). In relation to the LIS, for the purposes of GDPR, we are the ‘processor’ of any personal information you give us.

Other Privacy Notices Relating to the Source to Tap Project

Land Incentive Scheme (LIS) – There is a separate Privacy Notice relating to the LIS which can be found here. This can also be found on the Farm Grants section of this website.

Who does this Privacy Notice apply to?

This Privacy Notice relates to the collection and use of the personal information of individuals, sole traders and individuals in non-limited business partnerships. Although data about larger commercial entities is not considered ‘personal’ information (and therefore not captured by GDPR), where we can identify an individual acting in their professional capacity, either directly or indirectly, the legislation will apply.

For example, if we have the name and number of a business contact on file, or their email address identifies them (e.g. initial.lastname@company.com), GDPR is relevant.

It is intended that this Privacy Notice covers the following.

  • Visitors to our website.
  • Visitors to our Project Office at Waterways Ireland HQ in Enniskillen.
  • Individuals making general enquires about the project or our services.
  • Individuals attending events and activities delivered by us.
  • Readers of and contributors to the Source to Tap Newsletter.
  • Volunteers participating in the Project’s Riverfly Monitoring Volunteer Programme.
  • Suppliers (and/or their staff).
  • Contractors (and/or their staff).
  • Elected representatives (MPs, MLAs, Councillors).
  • Members of community-based groups.
  • Journalists.

What is Personal Information?

Personal information is anything that identifies and relates to a living person. This can include information that, when put together with other information, can then identify a person, for example, your name and contact details.

How do we collect personal data?

We collect personal information in a number of ways and circumstances:

  • We may collect personal information about you when you provide information to us over the telephone, in a letter, email or fax, on Contact Us forms or via social media (e.g. Facebook, Twitter, YouTube and Instagram);
  • We may also collect personal information given to us if we meet in person; for example, visiting you at your home or business address or information you give us as evidence of your attendance at an event that we are delivering.
  • When you have given a third-party permission to share with us the information, they hold about you.
  • When you take part in project engagement activities.
  • When you choose to complete any surveys, we send you.
  • When any of our partners collect information on our behalf.
  • Via articles, which may include photographs, in the Source to Tap Newsletter. This helps promote the essential nature of the work we do and, in particular to celebrate project achievements. The newsletter also has a limited external circulation to some of The Rivers Trusts’ key stakeholders, including MLAs, MEPs and MPs, Education and Library Boards, Chambers of Commerce, Borough, City and District Councils, Agencies, Associations, Charities, Colleges, Councils, Federations, Institutes, etc.
  • At public information meetings and with the attendees’ informed consent, for the purposes of keeping them updated on the project. The information is used solely for project information purposes and is destroyed securely at the end of the project.

What personal information we collect and what we do with it

The personal information we process may include:

  • Identification data, including your name and contact details, such as: address, email address, telephone (landline and/or mobile) number.
  • Video and photographic imagery taken at activities and events which we deliver.
  • Your communications with us.
  • Your social media username or ‘handle’, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  • Your responses to any surveys you chose to take part in.
  • Recordings of telephone calls.
  • Information provided in the course of tender processes.
  • Information provided in the course of recruitment exercises including but not limited to:
    • employment history, other relevant experience, achievements, skills and qualifications,
    • equalities monitoring information (if provided).
    • the outcome and results of any interviews or tests, which form part of the recruitment process.
    • employment references and the results of any pre-employment screening.
    • any other additional information provided by you in the context of the recruitment and selection process (e.g. a completed health questionnaire, etc.)
  • The Source to Tap Newsletter includes some personal information and is distributed publicly by electronic means to recipients signed up to receive the newsletter
  • At public information meetings and at events and activities delivered by us, with the data subjects’ informed consent, names and contact details of attendees, for the purposes of keeping them updated on the project. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.

Who we share your personal information with and why?

We work with a number of organisations to manage the Source to Tap project, and need to share some of your personal data with these parties:

  • to undertake the day -to-day running of the project.
  • to provide evidence to the Project funders of our project activities in relation to the restricted purpose for which the funding is granted to the project.
  • to ensure that the project provides equal opportunities on an ongoing basis;
  • to help analyse the effectiveness of the project in tackling some of the issues the project is designed to address.

Where we share data with third parties, there will be a legal agreement in place to make sure the organisation complies with applicable data protection legislation.

Who sees or has access to your personal data will depend on why we need to process it, but the organisations we share with may include the following:

  • The Department of Agriculture, Environment and Rural Affairs
  • The Department of Housing, Planning and Local Government
  • Special EU Programmes Body (SEUPB)
  • European Commission Auditors
  • European Court of Auditors
  • European Territory Co-operation Audit Authority
  • Northern Ireland Audit Office
  • Comptroller & Auditor General Ireland
  • eTenders NI
  • Tenders.ie
  • Microsoft (in relation to personal data held by The Rivers Trust)
  • MailChimp® (which securely hosts the email addresses of those who sign up to our Source to Tap Newsletter)
  • Northern Ireland Water (as a delivery partner on the project and in relation to personal data held on its Esri ArcGIS platform (geospatial data only) and its EStream Extranet Site (other data, including personal data)).
  • Irish Water/Uisce Éireann (as a delivery partner on the project)
  • East Border Region (as a delivery partner on the project)
  • AME (in relation to IT support services).

Our lawful basis for processing personal data

GDPR states that a data controller (like The Rivers Trust) must have a lawful basis for processing your information. We have identified the lawful bases for which we process your information listed in the Privacy Notice as follows:

Data collection activityLawful basis
Contractors tendering/quoting for services and Job applicants to the ProjectContract
Newsletter – signing up to receive the newsletterConsent
Riverfly Monitoring Volunteer ProgrammeConsent
Attendees to the Project events and activitiesLegitimate Interest

Consent, as a lawful basis for processing your personal data means that you have given us your explicit consent by either signing a Consent Form or freely giving us your personal data. Giving us your Consent means you are in charge of what information you give us and what we can do with that information.

Contract, as a lawful basis for processing your personal data means, our processing is necessary for the performance of or to enable us to enter into a contract to which you are a party. We must retain the data (even when a contract is not awarded) as we are required to do so as evidence for the Project’s Audit Authorities. This must be retained for 7 years after the end date of the project.

Legitimate Interest, as a lawful basis for processing your personal data means, we process your data to satisfy our own interests and the interests of a third party, in this case the Project’s funders and audit authorities. This data must be retained for 7 years after the end date of the project.

Protecting your personal information

We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, The Rivers Trust has put in place appropriate technical, physical and organisational procedures to safeguard and secure the information we collect about you.

Where is your personal information processed?

All of The Rivers Trust’s offices and staff are based in the United Kingdom of Great Britain and Northern Ireland.

The Source to Tap project office is in Northern Ireland (Enniskillen).

Your data is processed in Northern Ireland us and the Republic of Ireland by our project partner Irish Water/Uisce Éireann (as a data processor), as well as in the wider European Union by the SEUPB, the EU Desk Officer for the project and the EU’s IT server contractor in Vienna, Austria.

Occasionally, we may use other suppliers or service providers (e.g. MailChimp®) that normally operates elsewhere in the UK, the Republic of Ireland or further afield (e.g. the wider EU or the USA).

  • MailChimp® (used to hold contact details of those who have signed up to receive our Source to Tap Newsletter) is hosted in the United States of America. Personal data is transferred to the host (MailChimp®) on the basis that it has signed up to the US Privacy Shield, certifying that it adheres to the principles of the Privacy Shield and has certified its compliance with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks.

We will not transfer or process your personal data outside the European Economic Area (EEA), unless we have your specific consent or the nature of the processing requires it (for example, because you have chosen to use a service, such as signing up to our project newsletter, that routes data outside the EEA). All processors of personal information relating to EU citizens are required to comply with GDPR.

In this Project we work with other partners organisations based in the UK and in the Republic of Ireland. Information on the Project’s partner organisations can be found here.

How we process your personal information

The Rivers Trust will process the personal information you provide in a manner that complies with current UK data protection legislation.

We will endeavour to:

  • keep your information accurate and up to date,
  • not keep it for longer than needed, and
  • keep it safe, only permitting access to those who need to use it.

Personal information that you supply to us may be used in a number of ways. For example, if you have attended an activity or event we have delivered as part of the Project, we need to keep your name and address so we can keep you up-to-date with future events but also to prove attendance to the events to the Project auditors.

What to expect when you contact us in relation to the Project

Telephone:

When you contact us by telephone to our General Enquiries Project Number (+44(0)7825669379) your call is being received by our Project partner, Northern Ireland Water. You can find out how Northern Ireland Water processes your call and personal data here.

When you contact us by telephone to +353(0)87 700 1512) your call is being received by our Project partner, Irish Water/Uisce Éireann. You can find out how Irish Water/Uisce Éireann processes your call and personal data here.

When you contact us by telephone to, either +44 (0)7948 354026 or +44 (0)7948 354027 you are contacting The Rivers Trust directly. We will only add your telephone number to our database if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022). We do not record calls from customers.

Post:

All post, including enclosures, received by us is scanned electronically on to our systems. The hard-copy post is either destroyed or kept on file for a period of 7 years after the end date of the project (i.e. 31st March 2028).

Email:

If you email us, we will respond to you using the email address you give us. We may add your email address to our contact database, but only if you give explicit consent for us to do so, so that we can contact you in future in relation to the project. The information is used solely for project information purposes and is securely destroyed at the end date of the project (i.e. 31st March 2022).

If you contact us using info@sourcetotap.eu or via our contact form on the project website, your email is being received by our Project partner, Northern Ireland Water. You can find out how Northern Ireland Water processes your emails and personal data here.

If you contact us using pat@sourcetotap.eu or fionnuala@sourcetotap.eu , your email is being received by our Project partner, Irish Water/Uisce Éireann. You can find out how Irish Water/Uisce Éireann processes your emails and personal data here.

Contacting us via social media:

We strongly advise not posting your personal contact or other sensitive information on a public social media site. If you contact us using social media, we will ask you to private message us to gather suitable information. We will suggest an alternative contact method if we think this is more appropriate.

Recruitment:

The Rivers Trust only uses the information you provide in connection with a job application and will not disclose your information or use it for any other purpose. All the information we collect is stored securely on a centralised database. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.

Contractors:

The Rivers Trust only uses the information you provide in connection with a call to tender or request for quotation for the provision of goods/services to the Project for the purposes of fulfilling procurement requirements for the Project’s auditors and will not disclose your information or use it for any other purpose. All the information we collect is stored securely on a centralised database. The information is used solely for project information purposes and is securely destroyed 7 years after the end date of the project (i.e. 31st March 2028) in order to satisfy the project auditors.

Your rights as data subject

You have lots of privacy rights. The following explains what your rights are:

  • As your personal data is being processed on the basis of Consent, you can withdraw your consent to the use of your personal data at any time. However, in some cases, we may not be required or able to comply for legal reasons. If this is the case, we will tell you and explain why.
  • Subject to some legal exceptions, you have the right to request a copy of the personal data we or the Project Partners hold about you. You have the right to ask for all the information we hold about you and the services you receive from us. When we receive a request from you in writing, we should respond formally to you within one month of receiving your request.
  • You have the right to have any inaccuracies corrected. You should let us know if you disagree with something, we hold about you. We may not always be able to change or remove that information. Where we can, we’ll correct factual inaccuracies and will include your comments in the record to show that you disagree with it.
  • You have the right to be forgotten. In some circumstances, you can ask for your personal data to be deleted, for example:
    • when it is no longer needed for the reason it was first collected.
    • when you have withdrawn your consent for us to process your information (and where there is no other lawful reason for us to continue processing it).
    • when there is no legal reason for the continued use of your information.
    • when deleting the information is a legal requirement.
  • Where your personal data has been shared with others, we’ll do what we can to make sure those using your personal data comply with your request for erasure. Please note that we can’t delete your information where:
    • it is for scientific or historical research or statistical purposes, and deleting it would make information unusable; or
    • it is necessary for financial or legal claims.
  • You have the right to ask us to restrict what we use your personal data for:
    • where you have identified inaccurate information and have told us of it.
    • where we have no legal reason to use that information, but you want us to restrict what we use it for rather than erase the information altogether.
  • Where restriction of use has been granted, we’ll inform you before we carry on using your personal data. Where possible, we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.

You can tell any of the Partners that you want to exercise any of your available rights, and they will promptly pass that request to The Rivers Trust (as controller), with the exception of the Land Incentive Scheme (LIS) – There is a separate Privacy Notice relating to the LIS which can be found here.

The authority responsible for overseeing data protection matters in Northern Ireland (and the rest of the UK) is the Information Commissioner’s Office (ICO). To learn more about all these rights, please see the ICO’s website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights/

The authority responsible for overseeing data protection matters in the Republic of Ireland is the Data Protection Commissioner (DPC). Guidance about your rights available on its website:

https://www.dataprotection.ie/docs/A-guide-to-your-rights-Plain-English-Version/r/858.htm

Please be aware that there may be circumstances when we are unable to comply with your request to exercise your rights. If this is ever the case, we will inform you of the reason and provide details of how you can register a complaint with the relevant authority responsible for data protection in your jurisdiction if you believe we have got this wrong. However, complaints can often be dealt with satisfactorily without the involvement of any authorities, so please let us know if you have any such complaints in the first instance.

Changes to this Privacy Notice

We may update the Privacy Notice from time to time – please ensure you visit the Source to Tap website for the latest version:

http://www.sourcetotap.eu/privacy-notice/