This page explains what information is gathered when using the NISRA website and sites managed by NISRA. It also explains the purpose for using this information, how it used and for how long it is kept.
NISRA privacy information
The Northern Ireland Statistics and Research Agency (NISRA) is an Agency within the Department of Finance (DoF). Digital Shared Services (DSS), a Directorate of Enterprise Shared Services (ESS) within the Department of Finance, is responsible for the provision of IT infrastructure services for the NI Civil Service, including the NISRA website (www.nisra.gov.uk) and some wider public sector organisations.
To carry out its functions, DSS processes a range of personal information. This Privacy Information Statement relates to theNISRA website and associated sites managed by NISRA. The type of data held and the reasons DSS are required to process it are set out below. The Department of Finance is the data controller of the information, unless otherwise stated and is committed to protecting your privacy at all times when using your personal data.
The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 – the Act - requires organisations that process personal data to meet certain legal obligations. Within the meaning of the Act, Department of Finance (DoF) is the organisational Data Controller for NISRA. Given below are the contact details for the DoF Data Controller and Data Protection Officer.
Department of Finance
303 Airport Road
Data Protection OfficerJenny Lynn
Data Protection Officer
Department of Finance
telephone: (028) 9052 4149
On occasion NISRA provides independent statistics and research services for other organisations or Government Departments. Whenever that is the case NISRA will let you know.
This Privacy Notice explains how NISRA will use your personal information and protect your privacy. This Privacy Notice does not provide exhaustive detail; specifically a separate Privacy Notice in respect of NISRA’s Civil Registration Services can be found at the NISRA Privacy Notices page. The remainder of this document therefore relates to how NISRA will manage personal data collected and processed for statistics and research purposes.
Types of personal data collected
The personal data NISRA collects from you includes:
- any personal information you have voluntary provided through customer feedback and enquiry forms;
- when we carry out our statistics and research duties, NISRA collects and processes information on personal data (for example, employment) and special personal data (for example, ethnic origin and religious belief);
- your Internet Protocol (IP) address, and details of which version of web browser you used; and
- information on how you use the site, using cookies and page tagging techniques.
We do not collect more information than we need to fulfill our stated purposes and will not hold it for longer than is necessary.
Where you provide your consent, NISRA websites use Google Analytics cookies to collect information about how you use the site.
Google Analytics processes information about:
- the pages you visit on nidirect
- how long you spend on each nidirect page
- how you got to the site
- what you click on while you are visiting the site
We make sure you cannot be directly identified by Google Analytics data. We do this by using Google Analytics’ IP address anonymisation feature and by removing any other personal data from the titles or URLs of the pages you visit.
We will not combine analytics information with other data sets in a way that would directly identify who you are.
Purpose for processing
NISRA collects and processes personal information for statistics and research purposes, in order to meet our legal obligations and public functions. These obligations and functions include:
- statistics and research duties under the Census Act (1969);
- statistics and research duties under the Statistics of Trade and Employment Order (1988);
- statistics and research duties using personal data collected under Civil Registration law (Birth, Death, Marriage, Civil Partnership, Adoption and Gender Recognition registration);
- using data obtained under the Statistics and Registration Services Act (2007) to provide statistics on Northern Ireland;
- using redundancy data obtained under the Employment Rights (NI) Order (1996) to provide statistics on Northern Ireland;
- carrying out surveys on the Northern Ireland population, economy or workforce;
- producing and disseminating official statistics and research;
- identify web errors, broken links or technical problems;
- get feedback from our customers to help improve our services
- monitor use of the sites to identify security threats; and
We use the information we collect through Google Analytics to see how you use the NISRA websites. We do this to help make sure NISRA is meeting the needs of its users.
Lawful basis for processing
The legal basis for processing personal data for site security is our legimate interests, and the legimate interests of our users, in ensuring the security and integrity of the NISRA websites.
The legal basis for processing data collected with Google Analyatics is your consent.
The Data Protection Act requires that processing of personal data is only undertaken under a fixed list of conditions. Unless stated otherwise, NISRA’s processing of personal data is carried out under the following condition: “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”
In addition, NISRA may also process special personal data. Again unless stated otherwise, the condition that NISRA process this data is that: “Processing is necessary for archiving in the public interest, scientific or historical research purposes or statistical purposes based on UK law.”
We will only collect and hold the minimum amount of personal data necessary in order to provide and manage our services.
How we obtain personal data
NISRA may obtain personal information directly from you, your family, members of your household, public bodies and businesses. In some circumstances NISRA will provide you with a Privacy Information Statement, to explain in more detail how NISRA may use your personal information.
We may also collect information when you complete surveys or participate in consultations.
What we do with your data
NISRA treats all the data we hold with respect, keeping it secure and confidential.
The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.
We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.
Your personal data will solely be used for statistics or research purposes. Personal data collected or held by NISRA for statistics or research purposes will not be disclosed for other purposes. Only NISRA officials or organisations under/in contract with NISRA and involved in the production of statistics or research will be able to access and use your personal data.
The data we collect with Google Analytics cookies is transferred and stored with Google where we analyse it with Google Analytics software. We do not allow Google to use or share this data for their own purposes.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
How long we keep your personal data
NISRA will hold personal data in line with the Department of Finance Retention and Disposal Schedule. The Act does allow for personal information held solely for statistics or research purposes to be retained for future use. However NISRA will only continue to hold personal data where there is a clear need for this data to be used in future statistics or research.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics may be transferred outside the EEA for processing.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Under data protection legislation, you have rights as an individual which you can exercise about the information NISRA holds about you. NISRA tries to be as open as possible in terms of giving you access to your personal data. You can find out if the Agency hold any information by making a subject access request. However the Act does allow Organisations to withhold access to personal data if they are held solely for statistics and research purposes.
To make a request for any personal information we may hold, or to raise an objection about the processing it carries out, you should put the request in writing and email it to email@example.com .
If, at any point, you believe the information NISRA processes on you is incorrect, you can ask to have this information corrected.
If you wish to raise a complaint about how NISRA has handled your data, you can contact the Department’s Data Protection Officer who will investigate the matter.
If you are not satisfied with the Data Protection Officer’s response or believe NISRA is not processing your personal data in accordance with the law, you can complain to the Information Commissioner at:
Changes to this privacy notice
This privacy notice is kept under regular review. This privacy notice was last updated on 21 December 2023.