The Tees Valley Combined Authority (TVCA) is a Combined Authority covering the Local Authority areas of Darlington, Hartlepool, Middlesbrough, Redcar & Cleveland and Stockton-on-Tees. We are a statutory body and you can contact us as follows:
Tees Valley Combined Authority
Teesside Airport Business Suite,
Teesside International Airport,
Darlington,
DL2 1NJ
Email: [email protected]
Data Protection Officer: [email protected]
If you wish to complain about the use of your personal data, you can contact the Information Commissioner’s Office at the below address:
ICO
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
This Policy outlines the Tees Valley Combined Authority’s Privacy, Cookies and Fair Processing Policy.
This Policy outlines our commitment in using data both fairly and in accordance with Data Protection principles.
This policy applies to data you provide to us or which we collect about you, including data collected via the websites that the Tees Valley Combined Authority operates at the following URLs:
| www.teesvalley-ca.gov.uk | Tees Valley Combined Authority |
| www.teesvalleycareers.com | Tees Valley Careers |
| Teesvalley.jobs | Tees Valley Jobs |
These websites and trading styles are all brands of Tess Valley Combined Authority which remains the data controller and the responsible statutory body in relation to these websites and brands.
Tees Valley Combined Authority, along with the websites associated above process all data fairly and lawfully in line with Data Protection laws.
The personal information we collect is that which data subjects provide to the organisation via direct engagement. This includes, but is not limited to information provided via:
Other sources of personal data processed by the organisation may appear in separate fair processing notices relating to particular activities. All such notices should be read in conjunction with, and add to, this privacy policy.
The information we collect, as described above, is from a variety of different sources. This personal data relates to the following categories of data subject:
If you are one of our suppliers, we will use information we hold on you to manage the contract between us and to improve services. The information we hold may include information about your performance in providing services to us or to our clients.
If you are an employee of TVCA we will handle your personal data in accordance with our employee specific privacy notice, which you will have received with your welcome pack and is available on request from [email protected]
Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and allows us to improve our sites. You can view our full Cookie Policy at https://teesvalley-ca.gov.uk/privacy-policy/
Personal information is processed for the following specified purposes:
Tees Valley Combined Authority is committed to the highest standards in relation to all aspects of fair processing and this is outlined throughout our information governance principles (this is the collection, storage, security, use, appropriate release and destruction in relation to data).
Our commitment to the highest standards in all aspects of fair processing is important to us to ensure our stakeholders are aware of how we collect and process their information.
We pride ourselves by being fair and transparent to ensure effective relationships with our stakeholders are maintained. Accountability for their information is our main priority.
Individual notices for specific circumstances may be provided to data subjects or appear on our website from time to time for specific types of data collection and processing. Such notices are supplementary to and are not intended to override this general Privacy Policy. Individual fair processing notices should be read alongside this Privacy Policy.
Only employees of Tees Valley Combined Authority or those specifically authorised by us will have access to your information.
We keep this information secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Unfortunately, the transmission of information via the internet is not completely so and this is something we recognise. We will always do our best to protect any personal data, once we receive your data, we use strict procedures and have security processes in place to prevent any loss, breach or unauthorised access to it; we strive by a policy that data should only be accessed by those that need to.
If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall, without undue delay, work to mitigate those risks and contact you and/or the data privacy supervisory authority in accordance with applicable laws.
There are times where we need to share information with those within our constituent authorities, organisations within our group structure or suppliers that provide us with a service.
These providers are obliged to keep your details secure and use them only to fulfil a purpose. If we wish to pass your sensitive or confidential information onto a third party, we would only do so once we have obtained your consent, unless we are legally required to do so.
We may disclose information to other partners without consent where it is necessary, either to comply with a legal obligation, or where permitted under Data Laws, e.g. this could be where the disclosure is necessary for the purposes of the prevention and/or detection of crime or necessary to perform our contract with you.
We have an information sharing protocol with our constituent authorities and those that provide us with services (e.g. Transport Team, Internal Auditors, External Auditors) so they are aware of the responsibilities between Tees Valley Combined Authority (as the controller) and the service being provided (as the processor). We do this so you can be confident that all our constituent authorities and those that provide services to us comply with our privacy principles.
We also take responsibility for any information that is shared with us by a constituent authority and act in accordance with the principles and privacy notices of an organisation/authority for any occasions where Tees Valley Combined Authority may act as a processor. We apply the same commitment to this information.
At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your prior expressed consent.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To respond to enquiries submitted by you via our website or other contact points | (a) Identity (b) Contact | (a) Performance or preparation to perform of a contract with you and/or (b) Either: Necessary for our legitimate interests or further to performance of a public task and/or (c) Your consent |
| To process and deliver any grant or funding applications: (a) Manage payments, fees and charges (b) Process and verify claims (c) Monitor performance against fund specific requirements | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Either: Necessary for our legitimate interests or further to performance of a public task and/or (c) Your consent |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to provide further information on any enquiry or application you’ve made to us (c) creating and organising committees (d) declarations of interest from committee members | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (e) List of Financial or other interests | (a) Performance of a contract with you and/or (b) Necessary to comply with a legal obligation and/or (c) Either: Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) or Performance of a Public Task and/or (d) Your consent |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our website and organisation, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | Either necessary for our legitimate interests or further to performing a public task (where applicable) (to study how users interact with our website and/or services, to develop them, to grow our organisation and its influence/impact on the local community and to inform our marketing strategy) |
| To use data analytics to improve our website, services, marketing, user relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our organisation and to inform our marketing strategy) |
| To make suggestions and recommendations to you about events, committees, grants or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | Either: necessary for our legitimate interests (to develop our products/services and grow our business) or (where applicable) in performance of a public task |
We will only disclose your information to third parties when:
In the event that we need to transfer personal information outside of the European Economic Area (EEA), we will take all steps reasonably necessary to ensure that the appropriate safeguards are in place and that your information is processed securely.
We will retain your information in line with the period outlined at the time the data is collected and only for as long as it is necessary to do so and in accordance with our Data Retention and Destruction Policy.
Tees Valley Combined Authority would only send you a marketing email when you gave your consent to sign up to a mailing list, distribution list or newsletter.
We ensure that we have a system in accordance with data protection principles for any marketing we will ask you to give a positive opt-in to receiving marketing. This would always be your choice.
Tees Valley Combined Authority will only use your consented information to the purpose you sign up to a mailing list for (and nothing else) which will be explicitly given from the onset, for example:
As part of our internal procedures to ensure information is current and up to date, we will regularly review our e-marketing mailing lists to ensure that you still would like to receive information from us. We will always advise you that you are able to withdraw consent at any time regarding your information being included on our e-marketing mailing list and ask if you would like to specifically opt-out of the electronic mailing list; this option will always be visible and clear within any marketing contacts we send you.
We like to ensure we keep information accurate and up to date. It is important that if we have any of your information inaccurate, incomplete or we have made an error, you notify us. Equally it is your duty to inform us of changes to your personal information. Please do so during the course of your relationship with us by emailing [email protected]
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer via [email protected]
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You have a right to lodge a complaint about us with the Supervisory Authority at an any time. You can make a complaint to The Information Commissioner’s Office via this page: https://ico.org.uk/make-a-complaint/
Data can also be requested via a Freedom of Information request. We also have a FOI Publication Scheme on our website, that commits the Tees Valley Combined Authority to make information available to the public as part of its normal business activities. These can be found at https://teesvalley-ca.gov.uk/transparency/publication-scheme/
If you have any questions or concerns, please contact our Data Protection Officer at [email protected]
We will review this Privacy Policy on a regular basis to ensure that the information is up to date and relevant. Any changes we make to this Privacy Policy will be posted on our website(s) and where appropriate, you will be notified to you by e-mail or post.
For further information the Information Commissioner’s Office Website provides further details regarding data protection principles and responsibilities at https://ico.org.uk
Join us on social media for the latest news