Privacy Policy

High Rise Centre Lisburn is owned and operated by Employers For Childcare Trading Limited (registered company number NI050684).

For more information on Employers For Childcare, including its privacy notice, visit employersforchildcare.org.

High Rise is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from others, and keep it safe. This Privacy Notice (“Notice”) sets out our data processing practices and your rights and options regarding the ways in which your personal information is used and collected (including through our website – highriseni.org).

This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information. The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you may be unable to make an online booking.

1. What personal information do we use?

In order to deliver a service to you, we may collect, store and otherwise process the following kinds of personal information:

  1. your name and contact details including postal address, telephone number, email address and emergency contact details.
  2. your date of birth and gender;
  3. details of your qualifications/experience (where you have applied for a job);
  4. details of any relevant health or medical conditions;

and/ or any other personal information which we obtain as per paragraph 1.

Do we process special categories of data?

The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example, information about your health, ethnicity and religious beliefs. In certain situations, High Rise may collect and/or use these special categories of data (for example, information on climbers’ medical conditions relevant to their use of our facilities). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so.

2. How we collect personal information about you

  1. When you give it to us directly
    For example, personal information that you submit through our website by making a booking to use our facilities or signing up for our email newsletter, or personal information that you give to us when you communicate with us by email, phone or letter.
  2. When we obtain it indirectly
    For example, your personal information may be shared with us by third parties. This may include an organisation making a booking on behalf of a group of individuals. We do not procure any personal data from third party companies.
  3. When it is available publicly
    Your personal information may be available to us from external publicly available sources. We use a variety of social media outlets to engage with stakeholders. We cannot guarantee that information shared through these media will be private, for example, if you share your contact details in an unsecure and public space then these may be viewed by parties other than ourselves.

    Please do not share personal information in a public forum. For the relevant privacy notices, please see:

    Facebook privacy notice
    Twitter privacy notice
    LinkedIn privacy notice

    If you send us a private or direct message via social media the message will be stored but will not be shared with any other organisations.

  4. When you visit our website
    When you visit our website, we automatically collect the following types of personal information:

    1. Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
    2. Information about your visit to the website, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.

    This data is logged anonymously and is not used to identify any individual. We do not collect or use your personal information by using cookies on our website.

  5. CCTV
    CCTV cameras are used to record all entrance and exit points, public areas within the centre and the car park. These are for security purposes allowing for the premises to be monitored when no staff are present, for acting as a deterrent to any potential criminal activity and to review in the case of an incident on site. Recordings are stored securely and deleted when no longer required. Except for legitimate purposes such as to law enforcement bodies, images will not be provided to third parties. Surveillance systems are not used to record sound.

    Images are monitored by High Rise’s authorised personnel during working hours only and can be accessed remotely at other times if required. Live feeds from CCTV cameras are monitored only where this is reasonably necessary, for example to protect health and safety.

    High Rise will ensure that live feeds from cameras and recorded images are only viewed by approved members of its staff whose role requires them to have access to such data. This may include High Rise’s HR staff involved in investigating situations.

    No surveillance cameras will be placed in areas where there is an expectation of privacy (for example, in the toilets).

    High Rise does not carry out covert monitoring or surveillance (that is, where you are unaware that the monitoring or surveillance is taking place) unless, in highly exceptional circumstances, there are reasonable grounds to suspect that criminal activity or extremely serious malpractice is taking place and, after suitable consideration, High Rise reasonably believes there is no less intrusive way to tackle the issue.

    In general, we may combine your personal information from these different sources set out in a-e above, for the purposes set out in this Notice.

  6. Photographs and videos
    We may take group action photographs and record videos for the purposes of promoting the activities on offer within our centre. In using the centre, you consent to this (in exceptional circumstances where you have any concern about this you can speak to a centre manager).

    In group photographs and videos, we will endeavour to keep personal identification to a minimum. Should we request an individual photograph or video, you will be asked to give your permission for images to be captured. You can refuse consent for this.

3. How and why we will use your personal information

Your personal information, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use your personal information:

  1. to allow you to make a booking to use our facilities;
  2. to otherwise provide you with services, products or information you have requested;
  3. to provide further information about our work, services or activities (where necessary, only where you have provided your consent to receive such information);
  4. to answer your questions / requests and communicate with you in general;
  5. to allow you to apply for a job or volunteer role with us;
  6. to manage relationships with our partners and service providers;
  7. to analyse and improve our work, services, activities, products or information (including our website), or for our internal records;
  8. to keep our facilities safe and secure;
  9. to run/administer the activities at High Rise, including our website, and ensure that content is presented in the most effective manner for you and for your device;
  10. to audit and/ or administer our accounts;
  11. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);
  12. for the prevention of fraud or misuse of services;
  13. for the establishment, defence and/ or enforcement of legal claims.
  14. for any relevant membership or certification purposes.

4. Lawful bases

The GDPR requires us to rely on one or more lawful bases to process your personal information. We are committed to upholding the principles of the GDPR when processing personal data. We consider the grounds listed below to be relevant in allowing us to use your personal information:

    Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you email newsletters or to collect special categories of your personal information. Special categories of personal information are explained in paragraph 1 above).
  1. Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
  2. Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, to provide you access to our facilities in return for your booking fee).
  3. Where it is in your/someone else’s vital interests (for example, in case of medical emergency suffered by a participant/ climber).
  4. Where there is a legitimate interest in us doing so.

The GDPR allow us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights as an individual).

In broad terms, our “legitimate interests” means the interests of running High Rise as a commercial entity and ensuring the best possible user experience.

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

We have a security and confidentiality policy in place that all staff adhere to. Employers For Childcare, as the owner and operator of High Rise, is regularly audited and subject to independent, external scrutiny in order to evidence adherence to the highest internationally recognised data and information security measures as shown through our ISO 27001:2013 accreditation. Employers For Childcare is also registered as a Data Processor with the Information Commissioner’s Office (ICO).

5. Comminications for marketing/promotional purposes

We will use your contact details to confirm bookings with you. With your consent, we may also use your contact details to provide you with information about our work, events, services and/or activities which we consider may be of interest to you (for example, about services you previously used, or events involving our facilities at High Rise).

Where you have provided us with your consent previously but do not wish to be contacted by us about our work, events, services and/or activities in the future, please let us know by email at contact@highriseni.org. You can opt out of receiving emails from High Rise at any time by clicking the “unsubscribe” link at the bottom of our emails.

We use a third party provider, Constant Contact, to deliver e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see Constant Contact’s privacy notice.

Completing customer satisfaction surveys and research

We may use a third party, Survey Monkey, as a tool to gather feedback from users about their experience of High Rise, or for other research purposes. For more information, see the Survey Monkey privacy notice . As a service user you may receive requests for feedback. No service user is under any obligation to provide feedback in order to continue to use the service.

We will only use the information gathered for the purposes that it is requested and will use the information only in ways that will not identify anyone.

6. Children's personal information

When we process children’s personal information, where required to deliver the service to them, we will not do so without their consent or the consent of a parent/ guardian as appropriate. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.

7. How long do we keep your personal information?

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 11 below), we will remove it from our records at the relevant time.

If you request to receive no further contact from us, we may keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.

8. Will we share your personal information?

Your details may be forwarded within High Rise to the appropriate department in order to deal with your query however they will not otherwise be shared. We do not share, sell or rent your personal information to third parties for marketing purposes. Where necessary, such as for the purposes of law enforcement or to provide medical assistance, we may share your personal information with the relevant authorities.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site.

The Clip n’ Climb booking platform is hosted by Entre-prises on behalf of High Rise. For more information see the Entre-prises privacy notice.

We strongly advise you to review the Privacy Notice of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.

Service providers

We may employ third party companies and individuals to facilitate our own service provision, to provide a service on our behalf, to perform related services or to assist us in analysing how our service is used.

These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

9. Security/storage of and access to your personal information

High Rise is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.

Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers which have features to prevent unauthorised access.

10. International Data Transfers

Personal Data is not exported outside of the EEA however we may employ third party companies and individuals to facilitate our own service provision, to provide a service on our behalf, to perform related services or to assist us in analysing how our service is used. These third parties have access to personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

These third parties may be located outside of the EEA in which case we will only use third parties that have been certified to the obligations and standards equivalent to those in the EEA, which means they lawfully transfer and protect the personal data of EU/EEA residents. For example, in using Constant Contact to send email updates we can confirm that Constant Contact’s privacy program has been certified to the obligations and standards of the EU-US and Swiss-US Privacy Shields, which means they lawfully transfer and protect the personal data of EU/EEA residents to the U.S. pursuant to the rules of the Federal Trade Commission and the EU. We use your Personal Information for providing and improving the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of Northern Ireland shall have exclusive jurisdiction over the matter.

11. Exercising your rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here.

We seek to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you that you are entitled to we will engage with you and endeavour to:

  1. give you a description of it
  2. tell you why we are holding it
  3. tell you who it could be disclosed to
  4. let you have a copy of the relevant information in an intelligible form
  5. remove your data if this would not prevent the administration of a service we are contracted to deliver.

To make a request for any personal information we may hold you need to put the request in writing: by emailing subject_request@employersforchildcare.org.

12. Changes to this notice

We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website. This Notice was last updated on 7 June 2019.

13. Links and third parties

We can from time to time link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

14. How to contact us

Please let us know if you have any questions or concerns about this Notice or about the way in which High Rise processes your personal information by contacting us at the channels below. Please ask for or mark messages for the attention of either Sarah Clarke (Centre Manager) or Ella Lindsay (Assistant Centre Manager).

contact@highriseni.org
Telephone: 028 9263 6195
Post: High Rise, 11a Altona Road, Blaris Industrial Estate, Lisburn BT27 5QB

Job applicants, current and former employees

Recruitment for High Rise is managed through Employers For Childcare. You will find more information in Employers For Childcare’s Privacy Notice.

Jurisdiction

This Policy shall be governed and construed in accordance with the laws of Northern Ireland, without regard to its conflict of law provisions.