Who we are

The Tees Valley Combined Authority (TVCA) is a Combined Authority covering the Local Authority areas of Darlington, Hartlepool, Middlesbrough, Redcar & Cleveland and Stockton-on-Tees. We are a statutory body and you can contact us as follows:

Tees Valley Combined Authority

Cavendish House

Teesdale Business Park 

Stockton-on-Tees

TS17 6QY

Email: info@teesvalley-ca.gov.uk

Data Protection Officer: DPO@teesvalley-ca.gov.uk

If you wish to complain about the use of your personal data, you can contact the Information Commissioner’s Office at the below address:

ICO

Wycliffe House

Water Lane

Wilmslow SK9 5AF www.ico.org.uk

Introduction

This Policy outlines the Tees Valley Combined Authority’s Privacy, Cookies and Fair Processing Policy.

This Policy outlines our commitment in using data both fairly and in accordance with Data Protection principles.

This policy applies to data you provide to us or which we collect about you, including data collected via the websites that the Tees Valley Combined Authority operates at the following URLs:

www.teesvalley-ca.gov.uk

Tees Valley Combined Authority

www.enjoyteesvalley.com

Enjoy Tees Valley

www.teesvalleycareers.com

Tees Valley Careers

www.teesinvest.com

Invest Tees Valley

www.teesvalleybusiness.com

Tees Valley Business

Buylocal.teesvalley-ca.gov.uk

Buy Local Tees Valley

These websites and trading styles are all brands of Tess Valley Combined Authority which remains the data controller and the responsible statutory body in relation to these websites and brands.

Tees Valley Combined Authority, along with the websites associated above process all data fairly and lawfully in line with Data Protection laws.

How we collect different types of information

The personal information we collect is that which data subjects provide to the organisation via direct engagement. This includes, but is not limited to information provided via:

Other sources of personal data processed by the organisation may appear in separate fair processing notices relating to particular activities. All such notices should be read in conjunction with, and add to, this privacy policy.

Who the information relates to

The information we collect, as described above, is from a variety of different sources. This personal data relates to the following categories of data subject:

*Supplier information

If you are one of our suppliers, we will use information we hold on you to manage the contract between us and to improve services. The information we hold may include information about your performance in providing services to us or to our clients.

** Employee information

If you are an employee of TVCA we will handle your personal data in accordance with our employee specific privacy notice, which you will have received with your welcome pack and is available on request from DPO@Teesvalley-ca.gov.uk

Cookies Information

Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and allows us to improve our sites. You can view our full Cookie Policy at https://teesvalley-ca.gov.uk/privacy-policy/

The TVCA website uses cookies, including analytics, to help gather usage and performance information about our web pages, this helps us analyse the performance and website usage.

A cookie consists of information sent by a web server to a web browser, and stored by the browser.

The information is then sent back to the server each time the browser requests a page from the server, this enables the web server to identify and track the web browser.

TVCA may use both session and persistent cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. We will use the persistent cookies to enable our website to recognise you when you return. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

TVCA use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking Tools –> Internet Options –> Privacy –> Block all cookies, then using the sliding selector. Blocking all cookies will however have a negative impact upon the usability of many websites, including this one.

A full list of all cookies used on this website is provided below:

Name Provider Purpose Expiry
_ga Google Analytics Used to identify users and generates statistical data on the way they use our website. 2 years
_gid Google Analytics Used to identify users and generates statistical data on the way they use our website. 24 hours
_gat Google Analytics Used by Google Analytics to limit request rates. 10 minutes
cerber_groove website A security cookie used to validate the user session. 2 weeks
hidebanner website Stores the users cookie consent state for our website 1 year
wordpress_logged_in_[hash] website Used to identify if the current user is logged in. session
wordpress_sec_[hash] website Used to store authentication details. session
wordpress_test_cookie website Used to identify if the current browser supports the use of cookies. session
wp-settings-[user_id] website Used to customize users view of the admin interface, and possibly the main site interface. session
wp-settings-time- website Used to customize users view of the admin interface, and possibly the main site interface. session
wpSGCacheByPass website Used to improve the speed and performance of the website 1 hour
admin_auth website Stores the last administrator session 5 years
user_auth website Stores the last user session 5 years
PHPSESSID website Stores a message when a form is submitted which can be displayed on a different page. session

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How we process personal information

Purpose

Personal information is processed for the following specified purposes:

Fair Processing

Tees Valley Combined Authority is committed to the highest standards in relation to all aspects of fair processing and this is outlined throughout our information governance principles (this is the collection, storage, security, use, appropriate release and destruction in relation to data).

Fair Processing Notices

Our commitment to the highest standards in all aspects of fair processing is important to us to ensure our stakeholders are aware of how we collect and process their information.

We pride ourselves by being fair and transparent to ensure effective relationships with our stakeholders are maintained. Accountability for their information is our main priority.

Individual notices for specific circumstances may be provided to data subjects or appear on our website from time to time for specific types of data collection and processing. Such notices are supplementary to and are not intended to override this general Privacy Policy. Individual fair processing notices should be read alongside this Privacy Policy.

How we keep information safe

Only employees of Tees Valley Combined Authority or those specifically authorised by us will have access to your information.

We keep this information secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing and against its accidental loss, destruction or damage.

Unfortunately, the transmission of information via the internet is not completely so and this is something we recognise. We will always do our best to protect any personal data, once we receive your data, we use strict procedures and have security processes in place to prevent any loss, breach or unauthorised access to it; we strive by a policy that data should only be accessed by those that need to.

If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall, without undue delay, work to mitigate those risks and contact you and/or the data privacy supervisory authority in accordance with applicable laws.

How we share information

There are times where we need to share information with those within our constituent authorities, organisations within our group structure or suppliers that provide us with a service.

These providers are obliged to keep your details secure and use them only to fulfil a purpose. If we wish to pass your sensitive or confidential information onto a third party, we would only do so once we have obtained your consent, unless we are legally required to do so.

We may disclose information to other partners without consent where it is necessary, either to comply with a legal obligation, or where permitted under Data Laws, e.g. this could be where the disclosure is necessary for the purposes of the prevention and/or detection of crime or necessary to perform our contract with you.

We have an information sharing protocol with our constituent authorities and those that provide us with services (e.g. Transport Team, Internal Auditors, External Auditors) so they are aware of the responsibilities between Tees Valley Combined Authority (as the controller) and the service being provided (as the processor). We do this so you can be confident that all our constituent authorities and those that provide services to us comply with our privacy principles.

We also take responsibility for any information that is shared with us by a constituent authority and act in accordance with the principles and privacy notices of an organisation/authority for any occasions where Tees Valley Combined Authority may act as a processor. We apply the same commitment to this information.

At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your prior expressed consent.

Lawful Grounds for Processing

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.  We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.  Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To respond to enquiries submitted by you via our website or other contact points

(a) Identity

(b) Contact

(a) Performance or preparation to perform of a contract with you and/or

 (b) Either: Necessary for our legitimate interests or further to performance of a public task and/or

(c) Your consent

To process and deliver any grant or funding applications:

(a) Manage payments, fees and charges

(b) Process and verify claims

(c) Monitor performance against fund specific requirements

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Either: Necessary for our legitimate interests or further to performance of a public task and/or

(c) Your consent

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to provide further information on any enquiry or application you’ve made to us

(c) creating and organising committees

(d) declarations of interest from committee members

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(e) List of Financial or other interests

(a) Performance of a contract with you and/or

(b) Necessary to comply with a legal obligation and/or

(c) Either: Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) or Performance of a Public Task and/or

(d) Your consent

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our website and organisation, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Either necessary for our legitimate interests or further to performing a public task (where applicable) (to study how users interact with our website and/or services, to develop them, to grow our organisation and its influence/impact on the local community and to inform our marketing strategy)

To use data analytics to improve our website, services, marketing, user relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our organisation and to inform our marketing strategy)

To make suggestions and recommendations to you about events, committees, grants or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Either: necessary for our legitimate interests (to develop our products/services and grow our business) or (where applicable) in performance of a public task

Disclosure of Data

We will only disclose your information to third parties when:

In the event that we need to transfer personal information outside of the European Economic Area (EEA), we will take all steps reasonably necessary to ensure that the appropriate safeguards are in place and that your information is processed securely.

Data Retention

We will retain your information in line with the period outlined at the time the data is collected and only for as long as it is necessary to do so and in accordance with our Data Retention and Destruction Policy.

Marketing

Tees Valley Combined Authority would only send you a marketing email when you gave your consent to sign up to a mailing list, distribution list or newsletter.

We ensure that we have a system in accordance with data protection principles for any marketing we will ask you to give a positive opt-in to receiving marketing. This would always be your choice.

Tees Valley Combined Authority will only use your consented information to the purpose you sign up to a mailing list for (and nothing else) which will be explicitly given from the onset, for example:

As part of our internal procedures to ensure information is current and up to date, we will regularly review our e-marketing mailing lists to ensure that you still would like to receive information from us. We will always advise you that you are able to withdraw consent at any time regarding your information being included on our e-marketing mailing list and ask if you would like to specifically opt-out of the electronic mailing list; this option will always be visible and clear within any marketing contacts we send you.

If we make a mistake or your information changes

We like to ensure we keep information accurate and up to date. It is important that if we have any of your information inaccurate, incomplete or we have made an error, you notify us. Equally it is your duty to inform us of changes to your personal information. Please do so during the course of your relationship with us by emailing DPO@Teesvalley-ca.gov.uk

Your rights in connection with personal information

 Under certain circumstances, by law you have the right to:

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer via DPO@Teesvalley-ca.gov.uk

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact DPO@teesvalley-ca.gov.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Other Information Rights

The Right to Complain

You have a right to lodge a complaint about us with the Supervisory Authority at an any time. You can make a complaint to The Information Commissioner’s Office via this page:  https://ico.org.uk/make-a-complaint/    

Freedom of Information

Data can also be requested via a Freedom of Information request. We also have a FOI Publication Scheme on our website, that commits the Tees Valley Combined Authority to make information available to the public as part of its normal business activities. These can be found at https://teesvalley-ca.gov.uk/transparency/publication-scheme/

Data Protection Officer

If you have any questions or concerns, please contact our Data Protection Officer at DPO@Teesvalley-ca.gov.uk

Changes to our Notice

We will review this Privacy Policy on a regular basis to ensure that the information is up to date and relevant. Any changes we make to this Privacy Policy will be posted on our website(s) and where appropriate, you will be notified to you by e-mail or post.

Further Information

For further information the Information Commissioner’s Office Website provides further details regarding data protection principles and responsibilities at https://ico.org.uk