When we collect your information, we take care that it is handled securely and processed in accordance with the law. This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Who are we?
The Embrace a Giant Spirit website belongs to Tourism NI, the trading name of The Northern Ireland Tourist Board, with registered offices at Floors 10-12, Linum Chambers, Bedford Square, Bedford Street, Belfast BT2 7ES, hereafter referred to as Tourism NI.
Data Protection Officer
What type of information do we collect from you?
Most of the information we process is provided to us directly by you for one of the following reasons:
- You have made an enquiry to us
- You have requested our services
- You have subscribed to our newsletter or insights
- You have visited our website
- You wish to attend, or have attended an event
Tourism NI collects personally identifiable information, such as your email address, name, home or work address or telephone number and in some occasions, financial information.
Tourism NI also collects anonymous demographic information which is not unique to you such as your postcode, age, gender, preferences, interests and information regarding what pages are accessed and when.
There is also information about your computer hardware and software that is automatically collected by Tourism NI when you visit our website. This information can include your IP address; browser type; domain names; access times, referring website addresses and any of our cookies you have previously consented to.
A digital CCTV system operates on Tourism NI premises. It is continuously recorded for the purposes of public safety and security. Further information related to the CCTV system can be obtained from SERCO on 028 9069 8870.
Links to other websites
The Data Protection Act 2018 & the General Data Protection Regulation (GDPR) provides rights for individuals:
- The right to be informed
- The right to be informed encompasses our obligation to provide ‘fair processing information’, typically through a privacy notice.
- It emphasises the need for transparency over how we use personal data.
The right of access
Individuals have the right to access their personal data and supplementary information.
The right of access allows individuals to be aware of and verify the lawfulness of the processing.
You can request access from the Data Protection Officer by completing our Subject Access Request Form.
The right to rectification
Your personal data can be rectified if it is inaccurate or incomplete.
The right to erasure
The right to erasure is also known as ‘the right to be forgotten’.
The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing for example upon the withdrawal of consent for direct marketing.
The right to restrict processing
Individuals have a right to ‘block’ or suppress processing of personal data.
The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
The right to object to processing
Individuals have the absolute right to object to the processing of their personal data if it is for: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Rights in relation to automated decision making and profiling.
The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.
List of Organisations:
Please click here to view the list of 3rd party organisations we - along with sister brands Tourism NI and Discover Northern Ireland - may share information with.
We may also be required to disclose your information by law, for example, by a court order, or when we receive a Freedom of Information request, or for the purposes of prevention of fraud or other crime. Tourism NI is required to participate in the National Fraud Scheme, which requires the disclosure of financial information.
People who subscribe on embraceagiantspirit.com:
When a subscription is entered we collect the personal information of the applicant. This information is used for the delivery of the service requested and for subsequent Tourism NI monitoring and reporting. When we receive a subscription request, we will notify all those persons involved that we have received their application and that we are processing their personal information for that purpose only. We will not share or use the supplied personal information for the purposes of direct marketing without your explicit consent. Where you have given consent you can withdraw it at any time.
Tourism NI will publish aggregated anonymised data on its performance on its website. We will keep personal information contained in application files in line with our retention policy. This means that information relating to subscribers will be retained for a minimum of 5 years. It will be retained in a secure environment and access to it will be restricted.
Securing your information
When you give us personal information, we take steps to ensure that it’s treated securely. All information submitted to our websites is encrypted. When you are on a secure page, a lock icon will appear on the top of web browsers such as Microsoft Edge and Google Chrome.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information, which you provide to us, may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in September 2019.