Privacy Notice

Data Controller Details
Department of Finance
Clare House, 303 Airport Road, Belfast BT3 9ED
(028) 9185 8111

Data Protection Officer Details

Jenny Lynn
Room 20, Dundonald House, Upper Newtownards Road, Belfast BT4 3SB
(028) 9052 4149

This privacy notice explains how the Department of Finance (DoF) uses information about you and the ways in which we will safeguard your data.

This privacy notice does not provide exhaustive detail of all aspects of DoF’s collection and use of personal information. More detail can be found in each of our business areas:

  • Land and Property Services (LPS)
  • Northern Ireland Statistics and Research Agency (NISRA)
  • NICS Human Resources (NICSHR)
  • Construction and Procurement Delivery (CPD)
  • Enterprise Shared Services (ESS)
  • Departmental Solicitor’s Office (DSO)
  • Finance and Corporate Services Division (FCSD)
  • Group Internal Audit and Fraud Investigation Service (GIAFIS)
  • Public Spending Directorate (PSD)
  • Strategic Policy and Reform Directorate (SPAR) 

DoF is the data controller of the personal data we process. The personal data we need to process includes your:

  • personal details
  • family and social circumstances
  • financial details
  • employment and education details
  • goods or services provided
  • business details of sole traders
  • property details

We also process special categories of personal data that include details on:

  • health
  • racial or ethnic origin
  • religious or philosophical beliefs
  • trade union membership
  • sexuality and sexual orientation

We do not collect more information than we need to fulfil our stated purposes, and will not hold it for longer than is necessary.

We collect and process personal information in order to meet our legal obligations and for the performance of our public functions.

We collect personal information to enable us to deliver our services, to maintain our accounts and records, to support and manage Northern Ireland Civil Service staff and for the purposes of litigation and legal advice. We also process personal information for the purposes of detection and investigation of suspected or actual fraud, loss or crime, data matching under the National Fraud Initiative and as required by other legislation.

We also process personal information where it is necessary for the purposes of the legitimate interests pursued by the Department or by a third party i.e. for nominations for awards or rewards, to send out invitations for meetings or events, to send out information about opportunities for working with us, and to know who will be in our buildings for security, and health and safety purposes.

We will only collect and hold the minimum amount of personal data necessary in order to provide and manage our services.

We obtain personal information directly from you and from other sources, such as other government departments.

We also collect information when you complete surveys or participate in consultations.

We can also obtain your personal data from publicly accessible sources.

In many circumstances, we will not disclose personal information at all (for example, where personal data is provided for the production of official statistics) and, in others, will seek your consent before doing so. However, in certain cases, we share your data with the following to meet our legislative or public function requirements, to pursue debt, for fraud or crime prevention and detection purposes, to process benefits, or in your vital interests:

  • your family, associates or representatives;
  • employment and recruitment agencies;
  • current, past and prospective employers;
  • educators and examining bodies;
  • central government bodies;
  • local government bodies;
  • other public bodies;
  • credit reference agencies;
  • suppliers and service providers;
  • debt collection and tracing agencies;
  • financial organisations;
  • courts, tribunals and parties to litigation;
  • police forces;
  • emergency responders.

Our Departmental guidance on data sharing provides further information on the factors we shall consider when deciding whether information should be disclosed to other parties.

Any personal information we process will only be used for the purposes stated or if necessary to fulfil legal or regulatory requirements.

Most of the personal data we use is processed within the European Economic Area (EEA). Sometimes, it may be necessary to transfer personal information outside the EEA. Where this is required, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of data protection legislation.

We keep personal information about you only for as long as is necessary to fulfil the purpose and in line with the DoF Retention and Disposal Schedule, after which time it will be destroyed securely.

The DoF website uses leading technologies and encryption software to safeguard your data and keeps strict security standards to prevent any unauthorised access to it.

What information does the DoF website collect?
The Department collects three kinds of information from visitors to the website:

  • feedback (through visitors emailing us)
  • customer satisfaction surveys (via optional online surveys)
  • site usage information, using cookies and page tagging techniques including JavaScript

If you email us from the DoF website, we will keep a record of your message for a maximum of three months after the conclusion of correspondence, for reference and audit purposes, after which it will be deleted.

This website and some of the tools and services we link to use cookies. You can find more information on these cookies on the following pages:

What happens when I link to another site?
This website contains links to other websites, both of government departments and other organisations. This privacy notice applies only to this site, so you should always be aware when you are moving to another site and read the privacy notice of any other site(s) which may collect personal information about you. This website does not pass on to any other site any personal information you have given.

What happens when I come to this website site from another site?
Where you are directed to this website from another site (whether a third party site or a government site) we may receive personal information relating to you from the other site(s). You should read the privacy notices for these sites as these will govern the use of any personal information that you provide and which may then be provided to this website.

Under data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you. The Department tries to be as open as possible in terms of giving you access to your personal data. You can find out if we hold any information by making a Subject Access Request (SAR). If we do hold information about you, we will, where possible:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form.

If, at any point, you believe the information we process on you is incorrect, you can ask to have this information corrected. In certain circumstances, you may also ask us to erase or restrict the processing of your data.

To make a request, you can use our online request portal, or by emailing

If you wish to object or raise a complaint about how we have handled your data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner at

We keep our privacy notice under regular review. This privacy notice was last updated in March 2020.

If you want to find out more about this privacy notice or our data protection policy, you can email us at