Privacy policy

This privacy policy provides a broad description of the way the Safeguarding Board for Northern Ireland (SBNI) processes your personal information. To understand how your own personal information is processed, you may need to refer to any personal communications you have received or contact us directly.

This privacy policy explains how your personal information is managed by SBNI

Why are you processing my personal information?

Primarily, we collect information for undertaking our statutory functions as outlined in the Safeguarding Board Act 2011.

Reasons we process your information may include:

  • Undertaking Case Management Reviews;
  • Commissioning, delivery and improvement of services for the purpose of child protection;
  • Provision of training/awareness raising events; and
  • Ascertaining the views of children, young people, parents/carers and staff.

Processing requirements

To be able to process your personal information we must have a lawful basis for doing so and at least one of the following must apply:

1) Consent – an individual has given clear consent to process their personal data and then only for a specific purpose.

2) Contract – the processing is necessary for a contract with an individual, or because the individual has been asked to take specific steps before entering into a contract.

3) Legal obligation – processing is necessary to comply with the law.

4) Vital interests – processing is necessary to protect someone’s life.

5) Public task – processing is necessary to perform a task in the public interest or for official functions and the task or function has a clear basis in law.

Processing within the SBNI is likely to fall under 2, 3 or 5 above.

Do I need to give my consent?

Whilst the majority of our data is obtained on a lawful basis as outlined above, we may occasionally request your consent in writing when collecting data/sharing information for raising awareness for communication purposes. For example, running campaigns, competitions, the views gathered from children/young people, parents/carers and staff on safeguarding issues. This may include images/photos and voice recordings relating to our Strategic Plan.

You may contact us at any time to withdraw your consent or to ask that your personal data be deleted. Please see contact details below.

Information may be shared without your consent when required by law, for the purposes of child protection.

What types of personal information is collected?

We only collect the information we need to. This may include your name, address, date of birth, contact details, demographics, and some equality data.

We may also collect information related to child protection, financial and contractual information, as part of service level agreements.

Where do you get my personal data from?

Much of the personal data we hold is received from SBNI Member Agencies, multi-agency partner organisations, from the public or private individuals who make contact with us.

We gather some personal information from surveys, consultations, tender applications, service level agreements and enquiries we receive.

This can include information you provide in person, on an official form (online or in paper form) or by telephone.

For the management of our Online Safety Hub, data processing is carried out on our behalf by INEQE Group Ltd, with whom we have a Data Sharing Agreement. Under this agreement, if you wish to submit articles to the Hub, your personal data may be shared with us by INEQE Group Ltd with your consent.

Do you share my personal data with anyone else?

Yes. In the process of undertaking Case Management Reviews, we need to share personal information with SBNI Member Agencies, other partner Agencies, bodies and professionals involved in individual cases. Information from Case Management Reviews that is placed on the website to share learning is anonymised to ensure confidentiality.

Do you transfer my personal data to other countries?

Only in exceptional circumstances, for example, where information needs to be shared with child protection agencies outside of Northern Ireland for the purposes of Case Management Reviews.

Any transfers will be made in full compliance with GDPR and only when we have a legitimate basis for doing so.

How long do you keep my personal data?

We will only retain your data for as long as necessary, in line with the Retention and Disposal Schedule and specific guidance issued by the Department of Health in Northern Ireland (Good Management, Good Records).

What rights do I have?

  • You have the right to obtain confirmation that your data is being processed, and access to your personal data.
  • You are entitled to have personal data rectified if it is inaccurate or incomplete.
  • You have a right to have personal data erased and to prevent processing, in specific circumstances.
  • You have the right to ‘block’ or suppress processing of personal data, in specific circumstances.
  • You have the right to data portability, in specific circumstances.
  • You have the right to object to the processing, in specific circumstances.
  • You have rights in relation to automated decision-making and profiling.

How do I complain if I am not happy?

If you are unhappy about anything in this privacy policy, or with how your personal information is being used, please contact the Data Protection Officer at the following address:


Data Protection Officer:

Name: Mr Stephen Murray

Address: Public Health Agency, 12 - 22 Linenhall Street, Belfast, Antrim, BT2 8BS

Telephone: 028 9536 3534

Email: [email protected] 


If you are still not happy, you have the right to complain to the Information Commissioner’s Office (ICO):


Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113

Email: [email protected]

Changes to our privacy policy

This privacy notice will be kept under regular review and any updates will be placed on our website.

If you would like to know more about how we use cookies, please see our cookie policy.

Updated July 2023