This privacy notice aims to give you information on how INEQE Group Limited (“INEQE”) collects and processes the personal data provided by you in connection with the Independent Safeguarding Review of Christ Church being carried out by INEQE (the “Review”).

It is important that you read this privacy notice so that you are fully aware of how and why we are using your data.

The data controller — the company that is responsible for the personal data provided by you to INEQE in connection with the Review— is INEQE Group Limited. You can contact us by email or letter. If you have any questions about this privacy notice, including any requests to exercise your legal rights, you can contact us using the details set out in this notice.

We may change this privacy notice from time to time, to reflect how we are processing your data. If we make significant changes, we will communicate this to you by appropriate means.

We will collect, use, store and transfer personal data about you in order for us to carry out the Review.

Personal data means any information relating to an identified or identifiable living individual. It does not include data where identity has been permanently removed (anonymous data).

Your personal data to which this privacy notice is relevant is the personal data we collect from you in relation to the Review, which will be the personal data you provide by email or in interviews or other discussions or interactions with us.

You don’t have to give us any of your personal data but, if you don’t, our ability to take your input into account in connection with the Review may be limited.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes, to the extent relevant to the Review.

We will use your personal data only for the purposes of, or in connection with, the Review

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where it is necessary for our legitimate interests (or those of a third party) in connection with the Review, and your interests and fundamental rights do not override those interests. INEQE has ‘legitimate interests’ in processing personal information for the purpose of, or in connection with, the Review. Where INEQE relies on legitimate interests as the legal basis for processing personal data, it has considered whether or not those interests are overridden by the interests or fundamental rights or freedoms of the individuals whose data are being processed and concluded that the processing is, on balance, fair.
• Where we need to comply with a legal or regulatory obligation. In some cases, INEQE processes personal data in order to assist with investigations by police and/or other competent authorities.
• INEQE may also process your personal data on the basis of consent you give.

Processing special categories of data. Where we process sensitive personal data (such as data concerning health or a person’s sex life or sexual orientation), other legal bases for processing may apply, including where our processing is necessary for a substantial public interest reason, the establishment, exercise or defence of legal claims, for provision of medical care and treatment, or where you have otherwise given us your explicit consent.

In the circumstances described in the letter to which this notice is attached, your personal data may be shared with Christ Church and/or their professional advisors in connection with the Review.  Christ Church and their professional advisors will be data controllers of any personal data we provide to them. 

In addition, certain companies who play an essential part in enabling us to provide our products and services to you, such as IT and system administration providers and others who help us run our business may have access to your personal data. You can rest assured, however, that we require all third party service providers to respect the security of your personal data and to treat it in accordance with the law and we do not allow our third-party service providers to use your personal data for their own purposes.

Personal data collected and processed by INEQE may be shared with the following recipients, or categories of recipients, where necessary:

• Our employees, for the purposes of the Review;
• Our contractors and suppliers, where they process personal data on our behalf, for example IT consultants and hosted software providers and professional providers;
• the police and/or other competent authorities as applicable.

Typically, INEQE will not transfer your personal data to countries outside the UK or the European Economic Area. On the limited occasions when this might occur, we will ensure that any such transfer meets the requirements of UK GDPR.

We’re committed to keeping your personal data secure and have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We may retain your personal data for as long as is necessary to fulfil the purposes set out in this privacy notice and/or our reasonable requirements. On expiry of the relevant retention period, your personal data will be deleted, suppressed or anonymised, as applicable.

Under the UK GDPR and The Data Protection Act 2018 you have the right to:

• Obtain access to, and copies of, the personal data that we hold about you
• Require us to correct the personal data we hold about you if it is incorrect
• Require us to erase your personal data in certain circumstances
• Require us to restrict our data processing activities in certain circumstances
• Receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller
• To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you
• Where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.

If you would like to exercise any of these rights, please contact us in writing. Please note that these rights are not absolute and we may be entitled (or required) to refuse requests where exceptions apply.

If you are not satisfied with how we are processing your personal data, you can complain to the Information Commissioner’s Office (ICO). You can also find out more about your rights under the UK GDPR (and other data protection legislation) from the www.ico.org.uk.

If you wish to contact us in relation to this notice, please email us at: [email protected]

You may also write to us at: Ocean House, 13 Edgewater Road, Belfast, BT3 9JQ.