NIAO Privacy Notice

This privacy notice tells you what to expect when the Northern Ireland Audit Office collects personal information and explains how we protect your privacy. It applies to information we collect and why we collect it for the following purposes:

• job applicants and our current and former employees
• our statutory audit work
• complaints, correspondence and other communications such as data subject access requests or freedom of information enquiries
• visitors to our website
• use of cookies by the Northern Ireland Audit Office
• visitors to our premises

If you have any queries or concerns about our use of your personal information or this notice, please contact us at info@niauditoffice.gov.uk

Job applicants, current and former Northern Ireland Audit Office employees

The information you provide as part of the application process will be treated in confidence and will be shared only with members of the selection panel and Human Resources for the purposes of the recruitment process. Where we want to disclose information about you to other third parties, for example where we want to take up a reference, we will not do so without informing you beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for a 12-month period after the recruitment campaign has been completed and will then be destroyed or deleted. This information is used solely for monitoring purposes to form statistical reports on our recruitment activities.

Once a successful candidate has taken up employment with the Northern Ireland Audit Office, they should refer to the HR Record Retention and Disposal Policy for HR employment records guidance Once employment has ended, we will retain your information in accordance with the requirements of our retention schedule and then delete it.

Our Statutory Work

When the Northern Ireland Audit Office undertakes audit work under our statutory powers, we may collect information from public bodies that contain some personal data.

Personal data may be used in audit tests (such as when testing payrolls or housing benefit systems) and to help form judgments and report on financial and Value for Money audits and to promote economy, efficiency and effectiveness in the use of public money. We will only use this information for the purpose it was collected. We will hold it securely and when it is no longer needed it will be disposed of in accordance with our retention schedule.

Please note that a privacy notice is available for our National Fraud Initiative (NFI) work and is available within the NFI section of our website here.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the bottom of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to comply with legal requirements:

• Consent - we have permission from you after we give you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for recruitment purposes are:

• Consent - we have permission from you after we give you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Consent - we have permission from you after we give you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

People who make a complaint or correspond with us

When we receive a complaint, correspondence or concerns about a public body we audit, data subject access or complex freedom of information request, we hold the correspondence in a secure file.

We will only use the personal information we collect to process the complaint, correspondence or request. However, we may have to disclose your details when investigating it. If you do not want your personal information disclosed we will try to respect this. However, it may not be possible to investigate your request on an anonymous basis. We compile and publish statistics showing information such as the number of complaints and correspondence we receive, but not in the form which identifies anyone. We will keep information provided to us in relation to complaints, correspondence, data subject access or complex freedom of information requests in line with our retention policy.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can raise your concerns with the ICO.

ICO Northern Ireland contact details

The Information Commissioner’s Office – Northern Ireland
10th Floor
Causeway Tower
9 James Street South
Belfast
BT2 8DN

Telephone: 0303 123 1114
Email: ni@ico.org.uk

Visitors to our website

There may be instances where it is necessary for us to communicate with visitors to our website for administrative or operational reasons. Where we collect specific information from you for this purpose, we will not pass it on to any other organisation.

We also collect standard internet log information and details of visitor behaviour patterns when someone visits our website. We do this to find out about the number of visitors to the various parts of our site, to monitor the download of our reports and publications and to help improve the service we provide.

This data collection process is carried out electronically in the background and therefore visitors to our website may not be aware that it is taking place. We believe that this process is not intrusive to the visitors’ privacy as we do not have any method of determining the identities of visitors to our website. The standard internet log information collected will only be used for the aforementioned purposes and will not be passed on to any other organisation.

NIAO Cookie Compliance

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your computer, mobile phone or tablet. These are known as cookies. They cannot be used to identify you personally.

What are cookies?

Cookies are used to improve services for you by:

• enabling a service to recognise your computer so you don't have to give the same information several times during one task;
• recognising that you may already have given a username and password so you don't need to do it for every web page requested;
• measuring how many people are using services, so that popular services can be made easier and faster to use; and
• analysing anonymous data to help us understand how people interact with government services so we can make them better.

What do cookies look like?

If you click on a cookie you'll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the website server that gave you the cookie.

How we use cookies

This website uses the following cookies:

•  _ga, _gat and _gid for Google Analytics
• cookie-agreed and cookie-agreed-version for remembering your Cookies preferences

How to manage your cookies

We will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by nidirect, or any other website, you can do this through your browser settings. Your browser is the way you access the internet for example Internet Explorer, Firefox, Safari. The ‘Help’ function within your browser should tell you how you can restrict or block cookies.

For information on how to restrict or block cookies on the browser of your mobile phone you will need to refer to your handset manual.

About cookies website(external link opens in a new window / tab)

Please be aware that restricting cookies may impact on the way our website works for you.

Northern Ireland Audit Office’s website search engine

The search engine on our website is designed to be as powerful and easy to use as other popular search engines. It does not collect information from visitors to our website.

Other websites

Our website may contain links to other websites which are outside our control and are not covered by this notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy notice, which may differ from ours.

Visitors to our Premises

When visiting our premises in person we collect the minimum amount of personal information required for Health and Safety purposes. All visitors are requested to sign a visitor’s book in our reception. No names from previous days are viewable and we only retain the visitor book log sheets for 2 years, after which they are securely destroyed. Where CCTV is in use it will be clearly displayed and only retained for the period described in our retention schedule.

Access to personal information

You have a right to access the personal data that we hold about you by making a ‘subject access request’ under GDPR, for which you will be asked for proof of identity. In line with legislation, a subject access request should be addressed to the Data Protection Officer at:

Northern Ireland Audit Office,
106 University Street,
Belfast,
BT7 1EU

You may also contact the Data Protection Officer via email with the subject ‘Data Protection Officer’ to info@niauditoffice.gov.uk or by calling (028) 9025 1000.

If we do hold information about you, we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

This information will be provided without delay and at the latest within one month of
receipt.

How long we keep information

We retain all information in accordance with the requirements of our retention schedule and then delete it.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy policy was last updated in June 2025.