nidirect website privacy notice

Department of Finance privacy information

This privacy notice is for the nidirect website (www.nidirect.gov.uk) only. The privacy notice for the NI Direct Identity Assurance (NIDA) service (your nidirect account is available at Enterprise Shared Services – privacy notices.

Digital Shared Services (DSS), a Directorate of Enterprise Shared Services (ESS) within the Department of Finance, is responsible for the provision of IT infrastructure services for the NI Civil Service, including the nidirect website (www.nidirect.gov.uk) and some wider public sector organisations.

To carry out its functions, DSS processes a range of personal information. This Privacy Information Statement relates to the nidirect website. The type of data held and the reasons DSS are required to process it are set out below.  The Department of Finance is the data controller of the information, unless otherwise stated and is committed to protecting your privacy at all times when using your personal data.

Data Controller

Data Protection Officer

Types of personal data collected

The personal data the nidirect website collects from you includes:

• any personal information you have voluntarily provided through customer feedback and enquiry forms
• your postcode and address if you use an nidirect service that includes a postcode or address lookup function (such as the find a GP practice service)
• your Internet Protocol (IP) address, and details of which version of web browser you used
• information on how you use the site, using cookies and page tagging techniques

Use of cookies

Where you provide your consent, the nidirect website uses Google Analytics and New Relic cookies to collect information about how you use the site.

Google Analytics processes information about:

• the pages you visit on nidirect
• how long you spend on each nidirect page
• how you got to the site
• what you click on while you’re visiting the site

We make sure you cannot be directly identified by Google Analytics data. We do this by using Google Analytics’ IP address anonymisation feature and by removing any other personal data from the titles or URLs of the pages you visit.

We will not combine analytics information with other data sets in a way that would directly identify who you are.

New Relic software processes anonymised information about:

• how well the pages performed on your device
• performance bottlenecks your device experienced
• JavaScript errors your device encountered

You can find more information about how the nidirect website uses cookies on the following pages:

• Cookies
• How we use cookies

Purpose for processing

Your information is collected to:

• identify web errors, broken links or technical problems
• get feedback from our customers to help improve our services
• allow you to access government services and make transactions
• give you information about local services
• monitor use of the site to identify security threats
• monitor the performance of the site to identify inefficiencies and JavaScript errors

We use the information we collect through Google Analytics and New Relic to see how you use the nidirect website and to see how well the site performs on your device.

We do this to help:

• make sure nidirect is meeting the needs of its users
• make improvements, for example improving site search
• make performance improvements, for example improving page load time and data usage

Lawful basis for processing

The legal basis for processing personal data for site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the nidirect website.

The legal basis for processing data collected with Google Analytics and New Relic is your consent.

The legal basis for processing all other personal data is that it’s necessary:

• to perform a task in the public interest
• in the exercise of our functions as a government department

What we do with your data

The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

The data we collect with Google Analytics cookies is transferred and stored with Google where we analyse it with Google Analytics software. We do not allow Google to use or share this data for their own purposes.

We will not:

• sell or rent your data to third parties
• share your data with third parties for marketing purposes

How long we keep your data

We will only keep your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

We will:

• keep your feedback until we have responded to your query and then it will be deleted
• delete access log data which contains your IP address after 30 days

Online services linked to from the nidirect website

There are a variety of online services on or linked to from the nidirect website. Some of these will gather personal information. As this data does not go to Digital Shared Services, this privacy notice does not cover these services. Links to the privacy notices for these services can be found on the page below:

• Privacy notices for government services

This privacy notice also does not cover any data submitted to the GP online services for making appointments or ordering repeat prescriptions. For these services, you should refer to the privacy notice of the relevant GP practice.

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics and New Relic may be transferred outside the EEA for processing.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

Under data protection legislation, you have rights as an individual which you can exercise about the information the Department of Finance hold about you. The Department tries to be as open as possible in terms of giving you access to your personal data. You can find out if the Department hold any information by making a subject access request. If the Department does hold information about you, it will:

• give you a description of it
• tell you why the Department is holding it;
• tell you who it could be disclosed to
• let you have a copy of the information in an intelligible form

To make a request for any personal information the Department may hold, or to raise an objection about the processing it carry outs, you should put the request in writing and email it to DataProtectionOfficer@finance-ni.gov.uk.

If, at any point, you believe the information the Department processes on you is incorrect, you can ask to have this information corrected.

If you wish to raise a complaint about how the Department has handled your data, you can contact the Department’s Data Protection Officer who will investigate the matter.

If you are not satisfied with the Data Protection Officer’s response or believe the Department is not processing your personal data in accordance with the law, you can complain to the Information Commissioner at:

• casework@ico.org.uk

or:

Changes to this privacy notice

This privacy notice is kept under regular review. This privacy notice was last updated in May 2022.

More useful links

• Social media 'house rules'