This Privacy Notice from Armagh Observatory and Planetarium (AOP) informs our staff, students, customers and service users how we process your personal data in accordance with our legal obligations under the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
AOP is committed to building trust and confidence in our ability to keep your information secure and this Notice explains how we do this.
Who we are
Throughout this document, “we”, “us”, “our” and “ours” refer to Armagh Observatory and Planetarium (AOP). AOP is an institution excelling in research and public outreach in science, set within a heritage environment that is rich in scientific history.
Your privacy is important
We recognise the importance in keeping all personal and sensitive information secure. AOP is committed to taking all reasonable steps to ensure that our procedures and security are fit for this purpose. We are committed to ensuring that all personal data is processed lawfully, fairly and in a transparent manner.
The law and why we process your information
The following is a broad description of the way AOP as a data controller processes personal information in accordance with our legal obligations under the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR). To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any specific privacy notices we have provided, or contact AOP to ask about your personal circumstances.
For us to process your personal information we must have a lawful basis for processing for doing so and at least one of the following conditions must apply:
- Consent – Your consent to us processing your information will be based on a clear indication from you that you are agreeable to us processing your information for a specified and clearly defined reason.
- Contract – Processing your information is necessary if we have a contract to fulfil with you or if we have to take steps at your request before entering into a contract.
- Legal Obligation – Processing your information is necessary in order for us to comply with common law (not including contractual obligations) or statutory obligation.
- Vital Interests – Processing your information is vital in protecting someone’s life.
- Public task – Processing your information is necessary for AOP to perform a task in the public interest or for our official functions, and the task has a clear basis in law.
The processing that AOP carries out is most likely to fall under conditions 1, 2, 3 and 5 above. The list of relevant legislation from which AOP derives the power to process personal data is too long and varied to list here but should you require further, more specific information, please contact us.
Why we process your information
AOP will process personal and special categories of data to comply with its contractual, statutory and operational responsibilities towards its employees and students and related to academic supervision responsibilities for students while administering and supporting their studies and research. Data will be processed in accordance with Data Protection Principles and will be used solely for the purposes for which it was obtained. For customers and service users we collect data from you (‘user data’) when you register to receive updates from us. This data can sometimes comprise personal data about individuals, to which UK data protection laws apply. These terms and conditions and our data protection policy describe the AOP’s approach to fulfilling its obligations under those data protection laws.
The types of personal information which we process
- Biographical data including name, marital status, title, age, date of birth and gender.
- Contact data including address, email address and telephone numbers.
- Emergency contact details, for example, next of kin.
- Images including photographs and video.
- Records of all contact we have with you including applications to courses and academic reports.
- Academic records.
- Financial data including bank account and payment card details.
- Technical data including internet protocol (IP) address, cookie identifiers, your login data, browser type and version, time zone setting and location, operating system and platform and other technology on all AOP-owned and personal devices you use to login to the AOP network.
- Marketing and communications data including your preferences in receiving marketing from us and your communication preferences.
- Data that you provide in the course of your interaction with AOP for example, applications for accommodation; entry into prize draws and competitions, and information shared in the internal AOP newsletter.
- Telephone numbers and duration of calls made from AOP extensions.
- We also collect, use and share aggregate data such as statistical or demographic data. Aggregate data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature.
- Any other information that you provide to us to fulfil your requests.
We also process sensitive classes of information that may include:
- Religious or philosophical beliefs
- Trade union membership
- Health details
Our use of user data
We will use user data we collect from you only in accordance with the following guidelines:
- to provide the updates to you
- to provide and improve our service to you
- to notify you of any changes to our terms and conditions of use
- to send you information about our other products and services if you so wish
Where we may collect your information from if there is a lawful basis to do so:
- Information from you directly during our interactions with you, such as biographical data.
- From your nominated referees.
- Technical information automatically from any device used to access the AOP network.
Who we may share your information with if there is a lawful basis to do so
We sometimes need to share the personal information we process with the individuals themselves, and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA). Examples of this are:
- Someone appointed by you to act on your behalf or someone who has statutory authority to act for you;
- Other public bodies for example HMRC, AOP payroll providers and UK Visa and Immigration;
- Contractors and suppliers appointed by us
- Employment Agencies and potential employers
We may need to share information with these organisations for more than one reason and not all your personal information may need to be shared each time. We aim to minimise the personal information shared and the instances of sharing to what is needed for the specific purpose and in line with the Data Protection Act.
We use CCTV on our buildings to maintain the security of property, premises and staff, and for the prevention and investigation of crime. For these reasons the information processed may include visual images, personal appearance and behaviours. CCTV images may be shared with law enforcement agencies and may be used as evidence in court. In some cases, CCTV images may be shared with insurance agencies.
If you choose not to give personal information
We only process personal information where it is necessary to do so. If you choose not to disclose personal information this may impact on our ability to provide you with some of our services. If you choose not to give us information we will explain if this is likely to mean that we cannot deliver on our obligations to you.
Retention of records
AOP will ensure compliance with GDPR and DPA by ensuring that effective management of records, from when they are created, how they are stored and used, through to their disposal or archival is in place.
How long we keep your personal information.
AOP will always ensure that, in relation to your personal information, we keep only what we need for no longer than we need it. Personal data which PRONI has received under the Public Records Act (NI) 1923 has been archived in the public interest, in line with the DPA and GDPR. Our legal basis for retaining and disposing of information is set out in our Retention and Disposal Schedule.
What rights do I have?
The GDPR provides you with a specific set of legal rights over your personal and sensitive data. Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If you wish to make a request, please contact:
The Corporate Manager
Armagh Observatory and Planetarium
Northern Ireland, BT61 9DG
How to complain if you are not happy with how we process your personal information
If you are unhappy with any aspect of this privacy notice, or how your personal information is being processed, please contact the AOP Corporate Manager at the address above in the first instance. If you are still not happy, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO):
The Information Commissioner’s Office – Northern
Ireland 3rd Floor 14 Cromac Place, Belfast BT7 2JB Telephone: 028 9027 8757 / 0303 123
1114 Email: firstname.lastname@example.org
Changes to this Privacy Notice
We keep our privacy notice under regular review. If we make changes, we will update this
notice. Check this notice to make sure you are aware of what information we collect, how
we use it and the circumstances we may share it with other organisations.
This privacy notice was last updated in December 2020.