The Controller - Who we are:
We are the Ballyvesey Group of Companies (see attached Appendix 1 for full listing).
Data Protection in the Ballyvesey Group is administered by the GDPR Steering Group.
• Alan Thomson (Finance)
• James Darragh (Compliance & HR)
• Gordon Willis (ICT)
• David Andrews (Chief Information Officer)
All members of the GDPR Steering Group have received training on data protection and information
security relating specifically to their responsibilities. In addition, at least one member of the Steering
Group holds a General Data Protection Regulations Practitioner Certificate.
The steering group can be contacted by emailing: email@example.com
Or, alternatively by writing to:
Data Protection, Ballyvesey Group, 607 Antrim Road, Newtownabbey, BT36 4RF
Categories of Data Collected:
To provide a service to our customers it is necessary to collect data. The data we collect may include,
Public Data, Company Data, Third Party Data and Personal Data. Personal Data is protected in law by
the General Data Protection Regulations 2018 and UK Data Protection Act 2018.
Processing of Data:
Client & third party data is collected if required to carry out the reasonable instructions of the client
in the performance of the legitimate business interests of Ballyvesey Group. Client and or Third
Party data may also be collected to meet any legal obligation place upon the controller by a
statutory provision. These purposes may include, but are not limited to, the raising of orders,
invoices and accountable record keeping, to produce revenue in the interests of the business,
statutory taxation, prevention of fraud and criminal offences and protecting the company assets and
Who will receive the data:
In most cases the data will only be processed by the Group Company engaged by the client in the
course of their business operations. For accountable record keeping and statutory obligations, some
data may be shared throughout other parts of the Ballyvesey Holdings Group wherein they process
parts of the data on behalf of Ballyvesey Group. Data will only be provided to third parties where
there is a legal obligation to do so, or the client requires us, in order to fulfil their operational
requirements. Information may be provided to a Credit Reference Bureau when processing a credit
Ballyvesey Group, on rare occasions may be legally obliged to provide some information to other
countries within EEA, such as Republic of Ireland etc. for border / custom controls and inter-state
taxation. No data is transferred out of EEA at this time, if we facilitate a client request which requires
this, we will discuss those obligations at that time.
In order to comply with the legal obligations of statutory provisions for taxation we will retain
relevant records for a period of seven years. In doing this we will practice data minimisation and only
retain the actual data we will need to meet this requirement.
Ballyvesey Group undertakes to protect the rights and freedoms of all individuals whose data we
process. We will uphold the principles in Article 5 of the General Data Protection Regulations, as
directed by European Court of Justice and when applicable the rights provided under statute by any
Act of the United Kingdom’s Parliament having gained Royal Assent from the Data Protection Bill
2018. We respect any individual’s right to:
• Submit a Subject Access Request for their personal data
• Request correction and/or deletion of inaccurate or incorrect personal data
• Object to our processing of their personal data, if our processing is not lawful, fair, nor
• Have us explain to you the impact of failing to provide, withdrawing consent, or objecting to
our processing of your personal data and the effects that may have
If you are still not satisfied that we have dealt with any complaint regarding your personal data, in a
comprehensive and professional manner, you have the right to complain to the Information
Commissioner’s Office (ICO).
To protect the legitimate business interests of the Ballyvesey Group, the results of a credit history
check may be determined by automated decision making processes provided by the Credit
Reference Bureau. If you disagree with the result, you can request that we humanly review that
decision. Price comparison and limited customer profiling processes may be used to determine the
best value for our customers and to maintain competitiveness in the market. We will endeavour to
inform you as and when any further automated processes, other than those already stated, are used
within the operation parameters of our business.