The Tees Valley Combined Authority (TVCA) is a Combined Authority covering the Local Authority areas of Darlington, Hartlepool, Middlesbrough, Redcar & Cleveland and Stockton-on-Tees. We are a statutory body and you can contact us as follows:
Tees Valley Combined Authority
Teesdale Business Park
Data Protection Officer: DPO@teesvalley-ca.gov.uk
If you wish to complain about the use of your personal data, you can contact the Information Commissioner’s Office at the below address:
Wilmslow SK9 5AF www.ico.org.uk
This Policy outlines the Tees Valley Combined Authority’s Privacy, Cookies and Fair Processing Policy.
This Policy outlines our commitment in using data both fairly and in accordance with Data Protection principles.
This policy applies to data you provide to us or which we collect about you, including data collected via the websites that the Tees Valley Combined Authority operates at the following URLs:
|www.teesvalley-ca.gov.uk||Tees Valley Combined Authority|
|www.enjoyteesvalley.com||Enjoy Tees Valley|
|www.teesvalleycareers.com||Tees Valley Careers|
|www.teesinvest.com||Invest Tees Valley|
|www.teesvalleybusiness.com||Tees Valley Business|
|Buylocal.teesvalley-ca.gov.uk||Buy Local Tees Valley|
These websites and trading styles are all brands of Tess Valley Combined Authority which remains the data controller and the responsible statutory body in relation to these websites and brands.
Tees Valley Combined Authority, along with the websites associated above process all data fairly and lawfully in line with Data Protection laws.
The personal information we collect is that which data subjects provide to the organisation via direct engagement. This includes, but is not limited to information provided via:
The information we collect, as described above, is from a variety of different sources. This personal data relates to the following categories of data subject:
If you are one of our suppliers, we will use information we hold on you to manage the contract between us and to improve services. The information we hold may include information about your performance in providing services to us or to our clients.
** Employee information
If you are an employee of TVCA we will handle your personal data in accordance with our employee specific privacy notice, which you will have received with your welcome pack and is available on request from DPO@Teesvalley-ca.gov.uk
A cookie consists of information sent by a web server to a web browser, and stored by the browser.
The information is then sent back to the server each time the browser requests a page from the server, this enables the web server to identify and track the web browser.
TVCA may use both session and persistent cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. We will use the persistent cookies to enable our website to recognise you when you return. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
TVCA use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking Tools –> Internet Options –> Privacy –> Block all cookies, then using the sliding selector. Blocking all cookies will however have a negative impact upon the usability of many websites, including this one.
A full list of all cookies used on this website is provided below:
|_ga||Google Analytics||Used to identify users and generates statistical data on the way they use our website.||2 years|
|_gid||Google Analytics||Used to identify users and generates statistical data on the way they use our website.||24 hours|
|_gat||Google Analytics||Used by Google Analytics to limit request rates.||10 minutes|
|cerber_groove||website||A security cookie used to validate the user session.||2 weeks|
|hidebanner||website||Stores the users cookie consent state for our website||1 year|
|wordpress_logged_in_[hash]||website||Used to identify if the current user is logged in.||session|
|wordpress_sec_[hash]||website||Used to store authentication details.||session|
|wp-settings-[user_id]||website||Used to customize users view of the admin interface, and possibly the main site interface.||session|
|wp-settings-time-||website||Used to customize users view of the admin interface, and possibly the main site interface.||session|
|wpSGCacheByPass||website||Used to improve the speed and performance of the website||1 hour|
|admin_auth||website||Stores the last administrator session||5 years|
|user_auth||website||Stores the last user session||5 years|
|PHPSESSID||website||Stores a message when a form is submitted which can be displayed on a different page.||session|
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Personal information is processed for the following specified purposes:
Tees Valley Combined Authority is committed to the highest standards in relation to all aspects of fair processing and this is outlined throughout our information governance principles (this is the collection, storage, security, use, appropriate release and destruction in relation to data).
Our commitment to the highest standards in all aspects of fair processing is important to us to ensure our stakeholders are aware of how we collect and process their information.
We pride ourselves by being fair and transparent to ensure effective relationships with our stakeholders are maintained. Accountability for their information is our main priority.
Only employees of Tees Valley Combined Authority or those specifically authorised by us will have access to your information.
We keep this information secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Unfortunately, the transmission of information via the internet is not completely so and this is something we recognise. We will always do our best to protect any personal data, once we receive your data, we use strict procedures and have security processes in place to prevent any loss, breach or unauthorised access to it; we strive by a policy that data should only be accessed by those that need to.
If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall, without undue delay, work to mitigate those risks and contact you and/or the data privacy supervisory authority in accordance with applicable laws.
There are times where we need to share information with those within our constituent authorities, organisations within our group structure or suppliers that provide us with a service.
These providers are obliged to keep your details secure and use them only to fulfil a purpose. If we wish to pass your sensitive or confidential information onto a third party, we would only do so once we have obtained your consent, unless we are legally required to do so.
We may disclose information to other partners without consent where it is necessary, either to comply with a legal obligation, or where permitted under Data Laws, e.g. this could be where the disclosure is necessary for the purposes of the prevention and/or detection of crime or necessary to perform our contract with you.
We have an information sharing protocol with our constituent authorities and those that provide us with services (e.g. Transport Team, Internal Auditors, External Auditors) so they are aware of the responsibilities between Tees Valley Combined Authority (as the controller) and the service being provided (as the processor). We do this so you can be confident that all our constituent authorities and those that provide services to us comply with our privacy principles.
We also take responsibility for any information that is shared with us by a constituent authority and act in accordance with the principles and privacy notices of an organisation/authority for any occasions where Tees Valley Combined Authority may act as a processor. We apply the same commitment to this information.
At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your prior expressed consent.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To respond to enquiries submitted by you via our website or other contact points||(a) Identity|
|(a) Performance or preparation to perform of a contract with you and/or|
(b) Either: Necessary for our legitimate interests or further to performance of a public task and/or
(c) Your consent
|To process and deliver any grant or funding applications:|
(a) Manage payments, fees and charges
(b) Process and verify claims
(c) Monitor performance against fund specific requirements
(e) Marketing and Communications
|(a) Performance of a contract with you|
(b) Either: Necessary for our legitimate interests or further to performance of a public task and/or
(c) Your consent
|To manage our relationship with you which will include:|
(b) Asking you to provide further information on any enquiry or application you’ve made to us
(c) creating and organising committees
(d) declarations of interest from committee members
(d) Marketing and Communications
(e) List of Financial or other interests
|(a) Performance of a contract with you and/or|
(b) Necessary to comply with a legal obligation and/or
(c) Either: Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) or Performance of a Public Task and/or
(d) Your consent
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity|
|(a) Necessary for our legitimate interests (for running our website and organisation, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity|
(e) Marketing and Communications
|Either necessary for our legitimate interests or further to performing a public task (where applicable) (to study how users interact with our website and/or services, to develop them, to grow our organisation and its influence/impact on the local community and to inform our marketing strategy)|
|To use data analytics to improve our website, services, marketing, user relationships and experiences||(a) Technical|
|Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our organisation and to inform our marketing strategy)|
|To make suggestions and recommendations to you about events, committees, grants or services that may be of interest to you||(a) Identity|
(f) Marketing and Communications
|Either: necessary for our legitimate interests (to develop our products/services and grow our business) or (where applicable) in performance of a public task|
We will only disclose your information to third parties when:
In the event that we need to transfer personal information outside of the European Economic Area (EEA), we will take all steps reasonably necessary to ensure that the appropriate safeguards are in place and that your information is processed securely.
We will retain your information in line with the period outlined at the time the data is collected and only for as long as it is necessary to do so and in accordance with our Data Retention and Destruction Policy.
Tees Valley Combined Authority would only send you a marketing email when you gave your consent to sign up to a mailing list, distribution list or newsletter.
We ensure that we have a system in accordance with data protection principles for any marketing we will ask you to give a positive opt-in to receiving marketing. This would always be your choice.
Tees Valley Combined Authority will only use your consented information to the purpose you sign up to a mailing list for (and nothing else) which will be explicitly given from the onset, for example:
As part of our internal procedures to ensure information is current and up to date, we will regularly review our e-marketing mailing lists to ensure that you still would like to receive information from us. We will always advise you that you are able to withdraw consent at any time regarding your information being included on our e-marketing mailing list and ask if you would like to specifically opt-out of the electronic mailing list; this option will always be visible and clear within any marketing contacts we send you.
We like to ensure we keep information accurate and up to date. It is important that if we have any of your information inaccurate, incomplete or we have made an error, you notify us. Equally it is your duty to inform us of changes to your personal information. Please do so during the course of your relationship with us by emailing DPO@Teesvalley-ca.gov.uk
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer via DPO@Teesvalley-ca.gov.uk
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact DPO@teesvalley-ca.gov.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You have a right to lodge a complaint about us with the Supervisory Authority at an any time. You can make a complaint to The Information Commissioner’s Office via this page: https://ico.org.uk/make-a-complaint/
Data can also be requested via a Freedom of Information request. We also have a FOI Publication Scheme on our website, that commits the Tees Valley Combined Authority to make information available to the public as part of its normal business activities. These can be found at https://teesvalley-ca.gov.uk/transparency/publication-scheme/
If you have any questions or concerns, please contact our Data Protection Officer at DPO@Teesvalley-ca.gov.uk
For further information the Information Commissioner’s Office Website provides further details regarding data protection principles and responsibilities at https://ico.org.uk
Contact us today to find out why you should invest in Tees Valley