This privacy code provides an overview of how we comply with data protection legislation to protect the rights of the individuals we deal with. It sets out:
Who we are and what we do
How we collect personal information
What personal information we collect, and why
How we safeguard personal information
With whom we share personal information, and why
How we handle transfers of personal information to countries outside Europe
Your rights under data protection legislation
How to make a complaint
How to find out more
Visit County Durham is the tourism organisation for County Durham which works on behalf of businesses and public agencies to support the growth and development of the county’s visitor economy.
Our activities are particularly wide-ranging but may be summed up in six main areas:
1. Business support
2. Information services
4. Product development
5. Visitor experience
6. Workforce development
3.1 By the use of "cookies" on our website - cookies are small text files or variables which enable a website to "remember" who you are. Most browsers are automatically set to accept cookies but if you are using Microsoft's Internet Explorer or Netscape Navigator, you should be able to configure your browser to restrict cookies or block all cookies if you wish. This will however, affect your ability to log into and use the knowledge-exchange areas, e-tendering opportunities area, the media centre, and any other restricted areas of our website. Browser-specific instructions on how to restrict or block cookies may be found on the IAB's website.
We use session cookies (which are temporary cookies) to maintain your session with the server in the areas of our site that are available to registered users. Our session cookies store a unique identifier to allow the server to distinguish between individual users' sessions. Session cookies are deleted when you close your browser. We sometimes use persistent cookies to enable pop-up advertisements and to prevent the server from displaying the pop-up advertisement more than once. Persistent cookies remain on your hard disk until you delete them. No cookies on our site are served or used by third parties.
3.2 Through completion of online forms on our website - We collect information about you when you register to use the knowledge-exchange areas, e-tendering opportunities area, the media centre, and any other restricted areas of our website. We collect information about you if you complete any of the various forms on our site to contact us, make enquiries, apply to us, respond to surveys or give us feedback. We need you to give us certain information, which will be indicated on the form. It would help us if you give us any other information we ask for that you think might be relevant but you are under no obligation to do so.
3.3 Through web site statistics - We do keep a record of traffic data which is logged automatically by our server, such as your IP address, the URL you visited before ours, the URL you visit after leaving our site and which pages you visit. We also collect some site statistics such as page hits and page views. We are not readily able to identify any individual from traffic data or site statistics.
3.4 By you contacting us by other methods other than the website - The website provides various telephone and fax numbers and email addresses for you to contact us. We will collect information from you through any of these methods. We may also collect other information you supply to us after your initial contact with us.
The information we collect about you will depend on the nature of your business with us but will be used for one or more of our six areas of destination management referred to above in who we are and what we do. Here is a brief description of the information we collect and how we use it.
4.1 Information you give us on your own initiative - We will use the details you give us to provide information you ask for or to put you in contact with other organisations that may be able to help, process any application you make and review and improve our services.
4.2 Business information that we set out to collect - We actively seek information from businesses from both inside and outside the Region (including those outside of the UK) so that we can build up profiles of businesses and build relationships between them. We obtain this information both directly from businesses, through face-to-face meetings, telephone calls, or through our website, and indirectly from suppliers of business information. Most of this information will relate to the business itself and will not be "personal". However insofar as this information contains contact details from which individuals may be identified, or relates to sole traders or partnerships, it will usually consist of personal information that is protected by data protection legislation. The personal information we hold is very valuable, as it enables us to make personal introductions between businesses and also provides a central point of contact for us.
4.3 Information required for funding applications - We also collect information from a business when it applies to us for funding. Details are given to businesses before they apply to us, and on the actual application forms. We need this information so that we can appraise projects and decide whether or not to fund them. If a business receives funding, we will collect further information so we can monitor how the funding is spent, and therefore show we are delivering the outputs the funders require us to. The type of information we collect, and with whom we share information we collect depends on the funding package.
4.4 Direct marketing preferences – When you give us your contact details, we may ask you whether or not you would like to receive further information from us about inward investment opportunities, business development and funding opportunities. This may be our own information or that produced by our subsidiaries or by other organisations. We may send this information to you by a variety of means, including email, fax and post. If you do agree, you can change your mind at any time and ask us not to send you further information (see your rights under data protection legislation below). We may also ask you if you would like us to pass on your details to other organisations in the local business network including the business links, enterprise agencies, Chamber of Commerce, Learning Skills Council and other similar organisations so they can inform you of business events and opportunities and offer you opportunities to develop and advance your business. If you agree but then change your mind, you will need to contact these organisations direct to ask to be removed from their lists.
4.5 Research statistics - We anonymise the information we collect and then use it to produce and publish regional statistics. We will always ensure the statutory safeguards for statistical research are in place. So we will never use personal information in the course of this research to support measures or decisions with respect to particular individuals or in such a way that is likely to cause substantial damage or substantial distress to any individual. Any resulting research statistics will not be made available in a form which identifies individuals, unless those individuals have agreed to be identified.
We recognise that you retain rights in the personal information we hold about you. We will keep that information secure, and use it only for specific legitimate purposes.
5.1 We have obligations to keep personal information secure, which we take seriously - We will keep personal information secure by taking appropriate technical and staff measures against the unauthorised or unlawful processing of that information and against its accidental loss, destruction or damage.
The Chief Executive has overall responsibility for implementation of security procedures. We take steps to ensure the personal information we have is high quality. However we cannot do this without your help! So please ensure you give us accurate information, tell us as soon as possible of any changes, and tell us as soon as possible if you notice mistakes in the information we hold about you as this helps us to keep our information reliable and up-to-date. We will also contact you from time to time to check whether the information we have on you is still accurate and up to date. We will keep personal information until you inform us you no longer wish us to.
Information relating to funding is kept for as long as is required by the funders.
5.2 We keep confidential information confidential - Please note that under a freedom of information code of practice, we are not permitted to class as "confidential" information that is not actually confidential in reality, even if it is marked confidential. However in respect of any information we receive from you that is truly confidential, we will take steps to ensure it remains confidential. Unauthorised disclosure or misuse of personal information by staff will lead to disciplinary action.
5.3 We review our policies and audit our procedures regularly - We review this code and our other data protection policies regularly to make sure they are appropriate and up to date. We also carry out regular audits to monitor our security policies and procedures and revise them if necessary.
If you have applied to us for funding, then your information has to be shared with various government authorities and auditors for the purpose of avoiding any financial irregularity. If we hold your information for any other reason, then almost all our sharing of your information will be at your specific request. So most of the time, information is shared on a case-by-case basis. If we do enter into any "block" sharing of your information with other organisations in the business support network, it will be strictly for the purposes specified above in who we are and what we do and done only with your consent, or as permitted by law. From 1 January 2005, we may be required to disclose information about your business in response to an access request under the Freedom of Information Act 2000, unless an exemption applies.
7.1 Data protection laws globally - Although we have laws within Europe that protect personal information, most other countries outside Europe do not. By 'Europe' we mean the European Economic Area, which comprises the EU member states, Norway, Iceland and Liechtenstein. European data protection legislation prohibits the transfer of personal information to any country outside Europe, unless that country provides adequate protection.
7.2 How we transfer personal information overseas - Data protection legislation allows us to transfer your personal information outside Europe if you give us your unambiguous consent. By 'consent' we mean a freely given, specific and informed indication of your wishes. So we will ask you specifically whether you would like us to pass on your details to an inward investor, or to one of our overseas offices, when we collect your information, and before we hand over your details where reasonably practicable.
You have various rights. You are most likely to want to exercise the following ones.
Your right to see a copy of the information we hold about you, on payment of a statutory fee which is currently £10. Before we agree to this, you must provide with sufficient evidence of your identity and sufficient details of the information you wish to see to enable us to locate it. If you would like to see a copy of the information we hold about you, please download, print and complete our Subject Access Request Form.
Your right to be removed from our mailing lists. Instructions on how to stop further mailings will usually be contained in any direct marketing material we send you. Otherwise please contact our Data Protection Officer. Your right to correct any errors in information we hold about you, and to change or correct any details you have already given us. Please inform us about changes to your details so that we can keep our records accurate and up to date.
For further information, please contact our Data Protection Officer.
Any complaints about our handling of personal information should be addressed to Head of Legal Services, at the address on the homepage. If your complaint relates to the handling of your personal information by an organisation with which we share information, then please let us know that. We aim to respond to your complaint within 20 days of receiving it. You have a right of appeal in relation to any decision we make, which we will tell you about when we respond to your complaint. We will always review our policy and procedure in line with any justified complaints.
10.1 Data Protection Officer - If you want to know more about what information we have about you, or the way we use your information, you can contact our Data Protection Officer.
10.2 Data Protection Register - When we ask you for information, we will comply with the law, including the Data Protection Act 1998. We are a data controller for the purposes of that Act. Our entry in the register of data controllers is Z9528069. In brief, our register entry describes:
the personal information processed by us or on our behalf and the category or categories of individuals to which they relate the purpose or purposes for which personal information is processed the recipients to whom we intend to disclose personal information, and any countries or territories outside the European Economic Area to which we transfer personal information.
10.3 Information Commissioner – For independent advice about freedom of information, data protection, privacy and data-sharing issues, you can contact the Information Commissioner at:
Tel: 01625 545745
Fax: 01625 524510