DfI Privacy

Being transparent and providing accessible information to individuals about how we may use personal data is a key element of the Data Protection Act (DPA) and the UK General Data Protection Regulation (UK GDPR). The Department for Infrastructure (DfI) is committed to building trust and confidence in our ability to process your personal information.

Privacy Notices for individual business areas are available below:

Contacts

Data Controller Name: Department for Infrastructure
Clarence Court
10-18 Adelaide Street
BELFAST BT2 8GB

Data Protection Officer Name: Paul McGrory

Description of our processing

The following is a broad description of the way the Department as a data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any specific privacy notices we have provided, or contact the relevant area of the Department to ask about your personal circumstances.

For the Department to process personal information we must have a lawful basis for doing so and at least one of the following must apply:

  1. Consent: an individual must give clear consent for us to process their personal data and then only for a specific purpose
  2. Contract: the processing is necessary for a contract the Department has with an individual, or because they have asked the individual to take specific steps before entering into a contract
  3. Legal obligation: the processing is necessary for the Department to comply with the law (not including contractual obligations)
  4. Vital interests: the processing is necessary to protect someone’s life
  5. Public task: the processing is necessary for the Department to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law

The processing that the Department carries out is most likely to fall under 3 and 5 above.

Why we might need to process your information

  • To enable us to respond to correspondence about our work
  • When making public appointments
  • To carry out data matching under the national fraud initiative
  • To help us make and carry out policies in planning, development, transport, water and sewage
  • To provide driver and operator licensing and driver and vehicle testing
  • To assist in the provision and maintenance of public roads
  • For infrastructure-related research purposes
  • For the production of official statistics
  • Supporting and managing our employees
  • Maintaining our accounts and records
  • The use of CCTV and camera systems for crime prevention and detection
  • For official communications and publicity materials

Privacy notices for specific areas of work are available here

What types of personal information we process

We process information relevant to the above reasons/purposes. This may include:

  • personal details
  • family details
  • education, training and employment details
  • financial details
  • goods and services
  • lifestyle and social circumstances
  • visual images, personal appearance and behaviour,
  • responses to surveys or consultations

We also process sensitive classes of information that may include:

  • racial and ethnic origin
  • offences and alleged offences
  • criminal proceedings, outcomes and sentences
  • trade union membership
  • physical or mental health details
  • religious or similar beliefs
  • sexual life

Who is the information processed about?

We process personal information about:

  • users of our services
  • suppliers
  • employees
  • complainants
  • enquirers
  • survey or consultation responses
  • professional experts and consultants
  • individuals captured by CCTV images

Who is the information shared with?

We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA).

The types of organisations we may need to share personal information we process with, for one or more reasons.

Where necessary, or required, we may share information with other organisations for the reasons included above in the ‘Why we might need to process your information section’. Some examples of the organisations we may have to share your information with include:

  • family, associates and representatives of the person whose personal data we are processing
  • staff
  • current, past or potential employers
  • healthcare social and welfare organisations
  • suppliers, service providers, legal representatives
  • auditors and audit bodies
  • educators and examining bodies
  • survey and research organisations
  • people making an enquiry or complaint
  • financial organisations
  • professional advisers and consultants
  • police forces
  • security organisations
  • central and local government
  • voluntary and charitable organisations
  • Northern Ireland Fire and Rescue Service (NIFRS)

We may need to share information with these organisations for more than one reason and not all your personal information may need to be shared each time.  We aim to minimise the personal information shared and the instances of sharing to what is needed for the specific purpose and in line with the Data Protection Act.

Transfers

It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. However any transfers must be made in full compliance with all aspects of the Data Protection Act.

Retention of records

The Department will ensure compliance with Article 5(d) of the UK GDPR[1]  which requires that personal data is erased without delay when no longer required.  Effective management of records from when they are created, how they are stored and used, through to their disposal or archive is in place. The destruction of records is determined by the Department’s approved retention policy.

What rights do you have?

How to complain if you are not happy with how we process your personal information

If you are unhappy with any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer at the address above.

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

[1] personal data shall be: d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

Back to top