Privacy Policy

The North East Combined Authority is committed to protecting your privacy when you work with us.

We are also committed to keeping your data safe and we want to make it clear how we collect, store and process information.

This notice complies with the UK General Data Protection Regulation (GDPR) and is aligned to our Data Protection Policies.

If you have any questions about our Privacy Notice, you can contact us at:

Name: North East Mayoral Combined Authority

Address: 1st Floor, The Lumen, Helix, St James Boulevard, Newcastle upon Tyne, NE4 5BZ

Phone Number: 0191 211 6602 E-mail: enquiries@northeast-ca.gov.uk Our Data Protection Officer can be contacted via: dataprotection@northeast-ca.gov.uk

Our websites

The North East Combined Authority operate the below websites. This policy applies to the websites at the following URLs:

These websites and trading styles are all brands of NECA which remains the data controller and the responsible statutory body in relation to these websites and brands.

What information we collect

How the law allows us to use your personal information

There are a number reasons why we often need to collect and use personal information. Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details. We rely on something called the ‘lawful bases’ on which we may process your data.

Generally, we collect and use personal information where:

  • you have entered into a contract with us
  • it is necessary to perform our statutory duties
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for employment purposes you, or your legal representative, have given consent
  • it is necessary to deliver health or social care services
  • you have made your information publicly available
  • it is necessary for legal cases
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes

If we rely on your consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact dataprotection@northeast-ca.gov.uk

We only use what we need

We will only collect and use personal information if we need to, for example to enable us to deliver a service or meet a requirement.

If we use your personal information for research and analysis, we will always keep you anonymous or use a different name unless you have agreed that your personal information can be used for that research.

We do not sell your personal information to anyone else.

What you can do with your information

The law gives you a number of rights to control what personal information is used by the North East Combined Authority and how we use it. This will vary according to the lawful basis on which we process your individual data.

You can ask for access to the information we hold on you. We would normally expect to share what we record about you with you whenever we work with you, engage as a stakeholder or provide other services.

However, you also have the right to ask us to disclose to you all of the information held about you. When we receive a request from you in writing, we must give you access to everything you are legally entitled to see that we have recorded about you.

We cannot let you see any parts of your record which contain:

  • Confidential information about other people; or
  • Data that a professional person thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or
  • If we think that giving you the information may stop us from preventing or detecting a crime

This applies to personal information that is in both paper and electronic records. If you give us permission, we will also let others see your record (except if one of the points above applies).

If you cannot ask for your records in writing, we will make sure there are other ways that you can. If you have any queries about access to your information please contact dataprotection@northeast-ca.gov.uk

You can ask to change information you think is inaccurate

You should let us know if you disagree with something we have recorded about you.

We will correct factual inaccuracies. However, we may not always be able to change or remove certain information we hold about you but we may include your comments in the record to show that you disagree with it.

If you have any queries about the accuracy of your data, please contact [insert email] or phone [insert number].

You can ask to delete information (right to be forgotten)

In some circumstances you can ask for your personal information to be deleted, for example:

  • Where your personal information is no longer needed for the purpose it was collected in the first place
  • Where you have withdrawn your consent for us to use your information (where there is no other lawful basis for us to continue to use it)
  • Where there is no lawful basis for the use of your information
  • Where deleting the information is a legal requirement

Where your personal information has been shared with others, we will instruct those using your personal information to comply with your request for erasure.

Please note that we cannot delete your information where for example:

  • we are required to use it by law
  • it is used for freedom of expression
  • it is used for public health purposes
  • it is for, scientific or historical research, or statistical purposes where it would make information unusable
  • it is necessary for legal claims

You can ask to limit what we use your personal data for

You have the right to ask us to restrict what we use your personal information for; where:

  • you have identified inaccurate information, and have told us about this
  • where we have no lawful basis to use that information, but you want us to restrict what we use it for, rather than erase the information altogether.

When information has been restricted, it can only be used to; ensure secure storage, to handle legal claims and protect others with your consent, or where it is for important public interests of the UK.

Where possible, we will seek to comply with your request, but we may need to hold or use information because we are required to by law.

Who we share your information with

We will never share your data with third parties for marketing or commercial reasons.

We will share data with our partners, delivery organisations and funders where it is essential for them to provide a service or those that providing funding, if we have an agreement with them or if we have a lawful basis to do so.

We may share data for research or evaluation purposes. This data is always anonymised, and we use aggregated data for research purposes. Any case studies that are developed are checked with the business / person before any dissemination.

We will often complete a data protection privacy impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.

How we protect your information

We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way and will only make them available to those who have a right to see them. Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
  • Pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Combined Authority could work on your information for us without ever knowing it was yours
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • Regular testing of our systems, technology and ways of working including keeping up to date on the latest security updates (commonly called patches)

How long we keep your personal information

There is often a legal reason for keeping your personal information for a set period of time. This is set out in our retention schedule.

For each service, the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.

Where you can get advice

If you have any other questions about how your personal information is handled, please contact our Data Protection Officer at dataprotection@northeast-ca.gov.uk

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) Alternatively, visit ico.org.uk or email casework@ico.org.uk

National fraud initiative fair processing notice

View our National Fraud Initiative Fair Processing Notice.