This privacy statement covers the following topics:
- Website information
- Rights for individuals
- Data controller
- Lawful basis for processing personal data
- Types of personal data we collect
- Why we need your information
- How we collect your personal data
- How we use your personal data
- What we ask from you
- Disclosure of personal data
- How long we retain personal data
- Data matching
- Data Protection Notification
- Monitoring of email
- Information Commissioner's Office
- Notification of changes to our privacy statement
- Further information
Belfast City Council (we) delivers a wide range of services to the residents of Belfast and those people who visit the city. To do this in an effective way, we are required to collect and use personal data.
The UK General Data Protection Regulation (UK GDPR), which came into effect on 1 January 2021 regulates the processing of personal data and places legal obligations on us to comply with a number of data protection principles.
These principles are there to protect your personal data and they make sure that we:
- processes all personal information lawfully, fairly and in a transparent manner.
- collects personal information for a specified, explicit and legitimate purpose.
- ensures that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- ensures the personal information is accurate and up to date.
- retains personal data for no longer than necessary for the purpose for which it is processed.
- keeps your personal information safe and secure and protect its integrity and confidentiality.
The following information will explain how we collect and manage personal data about you.
This site is owned, managed and operated by Belfast City Council.
Belfast City Council is committed to fulfilling its responsibilities under the UK General Data Protection Regulation. We are a registered data controller with the Information Commissioner and take appropriate steps to protect your privacy and information.
Our address is:
Belfast City Hall
Our privacy statement applies to the Belfast Zoo website - www.belfastzoo.co.uk only.
If you have any queries about this site, you can contact us at:
Marketing and Corporate Communications
Belfast City Council
Belfast City Hall
The UK GDPR gives you rights relating to the processing of your personal information, which are:
- Your right of access
You have the right to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.
- Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
- Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
We are the ‘data controller’ for the personal data that it gathers from members of the public, internal staff, external contractors and other individuals who interact with us.
If you have any queries regarding the processing of your personal data or wish to withdraw your consent to the processing of it, please contact firstname.lastname@example.org or phone us on 028 9077 6277.
We have a dedicated Data Protection Officer who you can contact by email at
email@example.com or write to:
Information Governance Unit
Belfast City Council,
City Hall Belfast,
We process personal data for specific purposes and these purposes will determine the lawful basis for the processing. This is addressed under Article 6 of GDPR. The lawful bases for processing by the council as a public authority will be one or more of the following:
(a) Consent: you have given clear consent for us to process your personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering a contract.
(c) Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the personal data which overrides those legitimate interests. (This cannot apply when a public authority is processing data to perform official tasks.)
There may be occasions when consent is the only lawful basis we have to process your personal data. When this occurs, we will endeavour to seek your consent at the time it gathers your personal data. You will normally be asked to provide a signature or indicate consent by ticking a box but this will only be carried out after a full explanation has been provided and you are clear as to what you are consenting to.
Consent is a core principle of data protection legislation. It must be freely given, specific, informed and unambiguous indication of the data subject's wishes, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to the individual.
We collect the following type of personal data and this list is not exhaustive but provides a general guide:
- first name
- family name or surname
- telephone numbers
- date of birth
- health data
- training records
- financial information
- licensing information
- enforcement action
- complaint information
Special category personal data
Special category data is personal data, which UK GDPR considers sensitive and deserving of extra attention:
- racial or ethnic origin
- religious or other philosophical beliefs
- political opinions
- trade union membership
- physical or mental health or condition
- sex life or sexual orientation.
- offences (including alleged offences)
- processing of genetic data
- processing biometric data for the purposes of identifying a natural person.
Therefore, we will apply additional security and access measures to this type of personal data.
- to provide you with a public service in compliance with its legal responsibilities
- contact you by post, email or telephone
- update your records
- establish your needs and subsequently provide you with the assistance that you require
- prevent and detect fraud and corruption in the use of public money
- obtain your opinion about our services
- inform you of other relevant council services and benefits
- ensure we meet our legal obligations including those related to diversity and equality
- to protect visitors from harm or injury
- for law enforcement functions, for example, licensing, planning enforcement, trading standards and food safety where we are legally obliged to undertake such processing
- where the processing is necessary to comply with legal obligations, for example, the prevention and/or detection of crime
- to assist us in responding to emergencies or major accidents. This allows us, in conjunction with the emergency services, to identify individuals who may need additional help and support.
The following are examples of how we collect your personal data:
- when you apply for a job with us
- when you attend our premises for a specific purpose and provide your details
- through the submission of questionnaires online or via mail
- submitting details for Animal Experiences, Memberships, Keeper for a Day, Adoptions and any other packages
- entering competitions
- submitting complaints
- working in partnership with us
- emergency planning
- CCTV covering our property and land
- via enforcement action
- face to face contact with BCC officers who you interact with.
The personal data may be held in paper and electronic format, but will always be managed in a safe and secure manner.
Some areas of our website require you to actively submit personal data in order for you to benefit from specific features, such as our range of online services, for example, email, online forms or online payments. You will be informed at each of these personal data collection points what data is required and what data is optional.
Some of this personal data may uniquely identify you, such as your name, address, email address, phone number, but we will only collect the personal data it needs.
Personal data may be gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet. We collect IP addresses for the purposes of system administration and to audit the use of our site. Each time you log onto our site and each time you request one of our pages, our server logs your IP address.
Although we log your session, it will not normally link your IP address to anything that can enable us to identify you. However, we can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our rules or terms of service or to protect our service, site, users or others.
How Belfast Zoo collects your personal data
Belfast Zoo captures personal data for a variety of reasons including marketing communications, in relation to contractual agreements (e.g. animal experiences, memberships, adoptions, Explorer’s Club etc.) and capturing feedback. Personal data may be captured electronically, in writing, in person or over the telephone. Personal data will be held and stored in a safe and secure manner in compliance with Data Protection legislation and in line with Belfast City Council’s Records Retention and Disposal Service. Personal data may be shared internally within the Council with staff who are involved in providing or supporting the relevant service. Personal data will not be shared with any third parties without consent, unless the law permits or places an obligation on Belfast City Council to do so.
All the personal data processed by us is held within the UK. No outside organisation is allowed access to your personal data unless the law permits this to happen.
We will use the personal data we collect to ensure you receive a proper service and to improve your interaction with us on a wide range of matters.
The data is used to manage your specific needs and inform you about changes to services, initiatives and events, dealing with complaints, employing contractors and dealing with enforcement action.
We will endeavour to inform you at the time your data is gathered why it is required, what it will be used for, which will be explained to you.
We will ensure that there are effective safeguards and systems in place to make sure personal information is kept safely and securely and provides awareness training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly.
- That you provide us with accurate and up to date personal data.
- That you do not abuse staff when providing or seeking personal data.
- That you inform us of any changes to your personal data.
- That you inform us if you find any error or inaccuracies.
We will not disclose your personal data to any external organisation or person unless it is satisfied that it has a legal basis to do so and proper measures are in place to protect the data from unlawful and unauthorised access.
However, we may be required to share your personal data with other internal council departments to ensure it can manage your issues or requirements appropriately.
We also work closely with Central and Local Government departments throughout Northern Ireland and Great Britain and may share personal data with these departments, including statutory and non- statutory organisations for various projects and initiatives. It may also share information with the Police Service of Northern Ireland, Her Majesty’s Revenue and Customs and other law enforcement agencies for lawful purposes including the prevention and detection of crime and animal welfare etc.
We may also use external organisations to carry out services on its behalf and this requires providing them with access to personal data. These organisations will act as data processors for us and they are legally obliged to keep your personal data secure and only process it under the specific direct instructions of us and in line with data protection legislation.
We will not supply your information to any other organisation for marketing purposes without your prior consent.
We are required to keep personal data for specified time periods to meet its statutory obligations and business needs and to comply with GDPR. We have developed a retention and disposal schedule that has been approved by the Public Record Office Northern Ireland (PRONI) and the Northern Ireland Assembly. Personal data is held for different time periods due the specific purpose it was gathered for or because the law compels we to do so in this manner.
We may also retain personal data solely on the basis that you have provided your consent for this to happen. If you wish to withdraw your consent, you can do so and request we delete and destroy your data, by writing to the relevant department (if known) or directly to our Data Protection Officer asking for this to happen. Your personal data will be reviewed to establish if the law permits its destruction and deletion.
Your personal data will only be held as long as necessary and permitted by law and will be disposed of in a secure manner when no longer needed.
We are required by law to protect the public funds we administer. We may share information provided for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The N.I. Audit Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see if they match. This is usually personal data.
Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency, which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the National Fraud Initiative to assist in the prevention and detection of fraud. We are required to provide personal data to the Comptroller and Auditor General or his agent for data matching under legislative powers included in the Audit and Accountability (NI) Order 2003, articles 4A to 4H.
The use of data in a data matching exercise does not require the consent of the individuals concerned under data protection legislation.
As a data controller, we must notify the Information Commissioner's Office. You may view our Data Protection Notification by searching for our registration number ZA104779 on the Information Commissioner's website.
We may monitor your email and other online communications it receives (including members of staff). Any such monitoring will take place in accordance with the law.
The Information Commissioner's Office (ICO) regulates compliance with UK GDPR within the UK. If you consider us to have breached any of the requirements of the UK GDPR, you may contact the ICO who may carry out an assessment, audit or investigation to establish whether we are compliant with the UK GDPR.
The ICO can be contacted at:
Information Commissioner’s Office
14 Cromac Place
Telephone: 0303 123 1114
We will post details of any changes to our privacy statement on this website to help make sure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.
This privacy statement was updated in September 2021.
If you require further information about the use of your data or wish to make a subject access request for copies of your personal data held by us, please contact:
firstname.lastname@example.org or phone us on 028 9077 6277.
If you wish to contact the Council’s Data Protection Officer, please email email@example.com