At ICC Belfast, we take your privacy seriously. It is important that you know what we do with the personal information you provide us, why we gather it and what it means to you.
This notice is being provided to you in line with our obligations under the General Data Protection Regulations (GDPR), which will come into force on 25th May 2018.
When we collect your information
We only collect the information you give us. We collect it through a variety of channels.
You do not have to provide us with any personal data or private information about yourself to access our websites – iccbelfast.com.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Name and contact details – this includes your name, title, address, email address and telephone numbers.
Data of birth information
Profile information – this includes your username and password and your interests and preferences.
Linked account information – this includes your Facebook ID, LinkedIn and Twitter handle if you link your accounts to us.
Marketing preferences – this includes your preferences in receiving marketing from us and your communication preferences.
Survey responses and competition entries Customer service history – this includes interactions with us over the phone, via the website or on social media.
Information about your device and how you use our websites and apps – this includes information you give us when you browse our websites or apps, including your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as how you use our websites and apps.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Unless we have told you otherwise in a specific privacy notice, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). The only exception to this is where you have specific disability needs which we need to be aware of in order to make reasonable adjustments and be able to perform our contract with you and comply with our obligations pursuant to social protection and equality laws (for example, when you make a booking using an Access Card). if you don’t provide personal data
Your Rights as an Individual
As a data subject, individuals have a number of rights in relation to their personal data.
Individuals have the right to make a subject access request. This request should be sent to Alan Reilly, Data Protection Officer at firstname.lastname@example.org. If an individual makes a subject access request, the company will tell him/her:
whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual
to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers
for how long his/her personal data is stored (or how that period is decided)
his/her rights to rectification or erasure of data, or to restrict or object to processing
his/her right to complain to the Information Commissioner if he/she thinks the company has failed to comply with his/her data protection rights
whether or not the company carries out automated decision-making and the logic involved in any such decision-making
The company will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, the company will charge a fee, which will be based on the administrative cost to the company of providing the additional copies.
In any event the individual has the right to complain directly to the Information Commissioners Office (ICO) - report a concern on the ICO website or call 0303 123 1113.
International Data Transfer
The company does not transfer data outside the EEA.
Use of Sub-Processers
The company does not use sub-processors.
ICC Belfast WI-FI Access
You will need to provide a valid email address in order to gain access to our WiFi network at ICC Belfast when you are visiting. We will only send you marketing information about events if you opt in to our marketing database at the time of registration. Your data will then be treated according to our marketing privacy notice and retention policy which is below.
You will need to provide a valid email address on our website if you wish to receive our events newsletter electronically. The information will be sent to you on a fortnightly basis until you unsubscribe from these services.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your name and contact details and payment information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: purchase tickets, parking or other products or services from us; create an account on our websites or apps; subscribe to our mailing lists or newsletters; request marketing to be sent to you; take part in a competition, promotion or survey; or give us some feedback.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as information about your device and how you use our websites and apps from analytics providers such as Google based outside the EU. Name and contact details, payment information and purchase history from providers of technical, payment and delivery services.
We will only send information about events to you if you have agreed for us to do so. This request will allow us to keep you informed about events or related news and offers which we think will be of interest to you.
When purchasing tickets, you are given the opportunity to opt in to receiving news and information from ICC Belfast by email and/or by post.
We may also use this information to process any transactions you undertake with us and for internal administration and analysis purposes, which may be carried out by a third party. Any third party which undertakes this work for us will not share your personal information with any other party – all personal information will remain confidential.
Email contact information will be held on our database for no longer than 3 years. You can unsubscribe from receiving information about our events at any time by following the ‘unsubscribe’ link of the bottom of any emails.
If you would like to change the information you have given us, feel that what we currently have on record is incorrect or would like to be removed from our mailing lists, email email@example.com.
Customer Complaints & Enquiries
In the case of a general enquiry or customer complaint that we receive, the personal information you supply will only be used to answer your query. Once the enquiry and complaint has been processed your data will be deleted.
Third Party Information
Unless otherwise indicated your personal information is not disclosed to any third parties. We do not sell, rent or trade your personal information to third parties for marketing purposes without your consent. We will never share financial information with third parties. Under the Data Protection Act, we have a legal duty to protect any personal information which you may give us.
Our website may contain links to and from other websites. Please note that these websites may deal with privacy differently and we will have no liability or responsibility for the privacy practices or the content of any linked site. We do not necessarily support or endorse the services or business provided on any linked site. If you decide to access third party linked sites from our website, then you do so at your own risk and we have no right to intellectual property on those sites.
Subject Access Requests
You have the right to get a copy of the information that is held about you by ICC Belfast. This is known as a subject access request. This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.
To make a subject access request to ICC Belfast you must apply in writing. You can do so by emailing firstname.lastname@example.org or by post to; Data Protection Officer, Belfast Waterfront and Ulster Hall Ltd, 2 Lanyon Place, Belfast, BT1 3WH.
In some cases, ICC Belfast may need to ask for proof of identification before the request can be processed. ICC Belfast will inform the individual if it needs to verify his/her identity and the documents it requires.
ICC Belfast will normally respond to a request within a period of one month from the date it is received.
ICC Belfast will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, ICC Belfast may charge a fee, which will be based on the administrative cost to ICC Belfast of providing the additional copies.
COVIDCert Check NI ‘Verifier app’
The Northern Ireland Executive has legislated in the Health Protection (Coronavirus, Restrictions)(No.4) Regulations (Northern Ireland) 2021 that it is in the public interest to permit only those persons who possess evidence of, inter alia, being fully vaccinated against COVID-19 to be present on the premises of BWUH Ltd to minimise as far as possible the risk of transmission of the virus which causes COVID-19.
The COVIDCert Check NI verifier app has been developed by the Department of Health (DoH), via DHCNI, to enable businesses to certify a member of the public’s Covid Status. BWUH Ltd will use it in the public interest to permit only those persons who possess evidence of, being fully vaccinated against COVID-19 to be present on BWUH Ltd premises to minimise as far as possible the risk of transmission of the virus which causes COVID-19.
This privacy notice has been drafted in line with UK GDPR. Although personal data is not being processed by the Department in relation to this app, this privacy notice has been drafted to ensure transparency and to maximise the public’s confidence in the app.
The NI Verifier app processes a citizen’s COVID Certification Service status to establish whether the citizen may or may not enter the Verifier’s premises. It is likely that in doing so a Verifier will process your data under UK GDPR:
• Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
• Article 6(1)(e) – your data is processed as part of our public task
• Article 9(2)(g) – the processing is necessary for reasons of substantial public interest.
• Article 9(2)(i) – the processing is necessary for reasons of public interest in the area of public health.
While BWUH Ltd will not have access to any special category data, special category data may be inferred by confirmation of Covid Certification- i.e. the Verifier will know that the person wishing to access their premises meets the relevant criteria and may be, for example, vaccinated. BWUH Ltd employees using the verifier app are aware of the importance of ensuring all personal data processed in the verification process is kept confidential.
The NI Verifier application reads 2D barcodes that store personal data and allows the verifier to read and display this information. However, this information gathered from the 2D barcode is never stored or transmitted on the NI Verifier app. App permissions are used to securely store keys that are used to verify that a 2D barcode has been signed by a trusted authority. These permissions are not used to store any data related to the Service user or app usage. The storage used does not hold any personal data.
While the NI Verifier app provides proof of the service user’s COVID-19 vaccination status, this version of the NI Verifier app provides no additional functions.
Department of Health COVIDCert Check NI ‘Verifier app’ Data Protection Impact Assessment