This privacy notice aims to give you information on how INEQE Group Limited, trading as INEQE Safeguarding Group collects, shares and processes your personal data whilst conducting independent safeguarding Audits and Reviews, including any data you may provide as part of the audit or review.
It is important that you read this privacy notice so that you are fully aware of how and why we will use your data.
Please be aware that this notice may be amended to take account of legislative or regulatory changes or to reflect procedural changes in respect of data security.

Where INEQE Group Ltd and the organisation being audited or reviewed have concluded that they are acting as Joint Data Controllers (i.e. the organisations that are responsible for personal data), they will have signed an agreement, which describes the Joint Controllers relationship and respective responsibilities of the organisation being audited or reviewed and INEQE Group for the processing and sharing of personal data necessary to conduct the independent safeguarding audit or review.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you for the following purposes:

• To enable us to conduct an independent safeguarding Audit or Review
• To assess whether the contracting organisation has complied with any legal or regulatory requirements in respect of safeguarding.
• To undertake an analysis of relevant documents.
• To evaluate current procedures and policy.
• To evaluate governance structures in respect of safeguarding.
• To arrange and participate in interviews.
• To facilitate the publication of a report with recommendations.

In order to complete the Audit or Review we may collect or share:

• Personal details including name
• Email address
• Phone number
• Details of your role or association with the organisation.
• Training records – relevant to your role (if any)
• Minutes of meetings at which you were present and named as an attendee
• Details about safeguarding incidents, reports or investigations

We may collect your personal information in a number of ways, principally:

• Directly from you.
• From the organisation.
• From a member of staff, colleague or other third party.
• From open-source data.

We will only use or share your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• In the fulfilment of a contract, such as the independent safeguarding Audit or Review.
• Where we or the contracting organisation need to comply with a legal or regulatory obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• For certain processing purposes, we may request your consent to authorise the processing.
• We may share your personal data with or between the following:
  • The contracting organisation
  • Beneficary organisations
  • Other statutory or regulatory bodies (e.g the Information Commissioner (ICO)).

For the purpose of the Audit we may process personal data for the following lawful purposes:

• Consent:Where you have given us clear consent to process your personal data for a specific purpose.
• We have a contractual obligation: We will process your personal data where this is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
• Compliance with our legal obligations: In some cases, Ineqe Group Limited process personal data in order to comply with health and safety legislation and assist with investigations by police and/or other competent authorities.
• Vital interests: Where the processing is necessary to protect someone’s life.
• Public task:Where the processing is necessary to enable us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
• Legitimate interests. In other cases, INEQE Group Limited has ‘legitimate interests’ in processing personal information about individuals we interact with.

Where the lawful basis relies on legitimate interests for processing personal data, the data controllers have considered whether or not those interests are overridden by the interests or fundamental rights or freedoms of the individuals whose data are being processed and concluded that the processing is, on balance, fair and a Ligitimate Interest Assessment has been completed.

Where we conduct a survey, the legal basis upon which we rely is consent. In other words, where you have given us clear consent to process your personal data for a specific purpose.

Where we do process sensitive personal data, other legal bases for processing may apply, including where our processing is necessary for the establishment, exercise or defence of legal claims or judicial acts, for provision of medical care and treatment, or where there is of substantial public interest.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We do not sell any of your personal data to any third party.

We may, however need to disclose your personal information in the following circumstances:

• We are under a legal duty,
• To protect the public,
• To safeguard children and individuals at risk
• For regulatory reasons
• Where we need to disclose it to protect our rights, property or safety of our staff, customers or others.

We’re committed to keeping your personal data secure and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Personal data will not be transferred to countries outside the UK, Switzerland or European Economic Area (EEA). In the event that this may occur, we will ensure that any such transfer meets the requirements of GDPR.

We typically use the following platforms for the processing, sharing, collection and storage of data:

• Microsoft Azure
• Cosmos DB
• ZOHO
• Egress
• Dropbox
• Microsoft
• Docusign.

A cookie is a small piece of information that is placed on your computer or device when you visit our websites. They are used by most websites to make them work efficiently.

They are used to remember the choices you made when visiting our sites.

Our websites store cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customise your browsing experience and for analytics and metrics about our visitors both on this website and other media.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.

Because we respect your right to privacy, if we use a survey as part of the investigative process, we will only use what is called a ‘necessary’ cookie. This enables the auditor to identify that the survey has been completed from a particular IP address.

Necessary – These cookies are necessary for websites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. They are always active.

INEQE Safeguarding Group shall delete or otherwise destroy all personal data processed for purposes relating to the independent Audit or Review once the contract is fulfilled, except where the fulfilment of INEQE’s statutory or professional obligations require continued processing of specific personal data for explicitly specified purposes.

A certificate of destruction will be supplied by INEQE Group to the contracting organisation in respect of the data processed once the contract is completed.

Under the (UK) Data Protection Act 2018 you have the right to:

• Your right to withdraw consent – You have the right to withdraw consent (where relevant).
• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to be informed – You have the right to be informed about any personal information we hold about you.
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you would like to exercise any of these rights, please contact us in writing. Please note that these rights are not absolute and we may be entitled (or required) to refuse requests where exceptions apply.

Enquiries about the content, meaning or implications of this Privacy Notice can be made to either Joint Controller, however in the first instance, Subject Access Requests (SAR) should be directed to the relevant contact point at INEQE, (whose details are set out in this privacy notice).

We do not usually charge a fee for access to your data unless the request is excessive or vexatious.

If you are not satisfied with how we are processing your personal data, you can complain to the UK Information Commissioner’s Office (ICO). You can also find out more about your rights under the GDPR (and other data protection legislation) from the Information Commissioner’s Office.

Name: INEQE Group Ltd, trading as INEQE Safeguarding Group,
Address: Ocean House, 13 Edgewater Road, Belfast, BT3 9JQ
Phone Number: 028 90232060
Email: [email protected]

If you have any concerns about how we are processing your personal data, you can complain to the Information Commissioner’s Office (ICO). You can also find out more about your rights under the GDPR (and other data protection legislation) from the Information Commissioner’s Office.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113