Who are we and what do we do?

Middlesbrough Council, working with Redcar and Cleveland Borough Council, provides the South Tees Wellbeing Network.

What type of personal data do we collect and how do we collect it?

We collect personal data including name, contact details including address, email address, telephone numbers, date of birth, age, job role or family/carer status, employer name if applicable, topics of interest, details of events booked or attended, computer IP address, device information, geolocation, and analytics data about how you use our services. We collect most of this information directly from you, but we also collect the more technical data from third parties such as our contracted suppliers.

How the Law allows us to use your personal data

We only use your data where you have given us your ‘consent’.

What is your personal data used for?

We use your data to send you details of appropriate services working within your area, notify you of training or wellbeing activities that are available to you, develop links with colleagues who are working towards similar outcomes, and to coordinate registration and attendance at network events.

Will your personal data be shared?

We share your information with Redcar and Cleveland Borough Council to manage and operate our services. Where you have indicated that you wish to attend events or receive certain services, we may share your information with other providers or professionals who may be helping us to deliver those events and services. We use contracted suppliers to capture and manage your data including ActiveCampaign, EventBrite, and Square Space and they may use your data for their own purposes as explained in their privacy policy or notice.

How do we keep your personal data secure?

We ensure that we and our contract suppliers use the following measures to keep your data secure: data protection and security policies, information security incident reporting, data and device encryption, system and data access controls, user accounts and passwords, physical and environmental security, staff vetting practices, staff training and awareness, data back-ups, ICT network penetration testing, and business continuity and disaster recovery plans. Any data that we send or receive to other organisations is encrypted and protected.

How long will we keep your personal data?

The personal data that is held for us by ActiveCampaign is deleted when you unsubscribe from our services and for EventBrite we will delete your data 3 months after each event is held.

Is your personal data processed overseas?

The contracted suppliers that we use store your data overseas as follows. ActiveCampaign stores data in the United States of America, Australia, and the Republic of Ireland. EventBrite stores data in the United States of America.

We have signed contract agreements with our suppliers that guarantee the security of personal data that is transferred overseas. The UK Government has agreed that the data protection laws in the Republic of Ireland provide an ‘adequate’ level of protection to personal data sent there.

Marketing

We will use your data to send you direct marketing messages where you have provided your consent or received a similar service from us in the past.

What are your information rights?

Your Information Rights are set out in law and, subject to some exceptions, you have the:

·       Right to rectification – to ask for information to be corrected

·       Right to erasure – to have your personal data deleted

·       Right to object – to how you data is used

·       Right to restriction – to request limits on how your data is used

·       Right to portability – to request that we move your data to another organisation

·       Right of subject access – to request a copy of data the Council holds about you

Making a complaint

If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office. Visit the website of the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/

Event Recordings:

Please note that many of our events are hosted virtually or in part, in a hybrid event format on Microsoft Teams accounts ran by Redcar and Cleveland Council and/or Middlesbrough Council. These recordings may be recorded for later sharing on You Tube, directly via links to our membership and available publicly on our You Tube channel. We may also use short edits or entire content from our recordings in blogs, on our website, social media pages, training sessions and promotional materials. We attempt to minimise delegates presence on any videos by cropping video to remove chat and visual video streams of those attending an event and where we host live Q&A sections, we only record for the purpose of providing in anonymised text form, alongside publicly posted video. We go to every effort to anonymise delegates at our events leaving recordings focusing on our event speakers, who have given full consent. We also advise members to switch off video and mics during presentations to remove risk of being included in the recordings. You can also request removal of a section of video where you feature. We will consider all requests, please e-mail info@teeswellbeingnetwork.org to enquire further.

Contact

If you would like to discuss anything in this privacy notice or your information rights, please contact:

The Data Protection Officer

Middlesbrough Council

PO Box 500, Middlesbrough, TS1 9FT

Phone: 01642 245432

Email: dataprotection@middlesbrough.gov.uk