In this section

iPhone Blue 56x84

Who to contact

Contact us in confidence if you have any questions about this privacy statement, or the security practices of this site.

Data Protection Policy

About Fáilte Ireland 

Fáilte Ireland is the National Tourism Development Authority, and it is the statutory body established by the National Development Authority Act, 2003 whose principal place of business is at 88-95 Amiens Street, Dublin 1 (also referred to as "Authority," "we," "our," "us") is the Data Controller when you provide your personal data to us.

Under legislation, we are required to work to promote tourism and the development of tourism facilities and services in Ireland.

Our mission is to support the implementation of Government policy to maximise the long-term sustainable growth in the economic, social, cultural and environmental contribution of tourism to Ireland. We do this by working with a wide range of people across the public and private sectors and across tourism communities. We provide a wide range of supports, information and services to people, businesses, organisations and stakeholders across leisure tourism (including accommodation, food & drink, attractions, activities, festivals & events, transport, touring & guiding, etc.,) and business tourism (including conferences, meetings and business events, venues, planners and other intermediaries).

Fáilte Ireland fully respects your right to privacy. Fáilte Ireland is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data.


This policy was last updated in September 2022

  • Summary
  • The purpose of this Data Protection Policy is to provide you with an overview of how Fáilte Ireland processes its data subjects’ personal data. This Data Protection Policy is designed to help you obtain information about our data protection practices.

    Any information that we process about you will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Acts, 1988 to 2018 and other Irish or EU Data protection legislation. Fáilte Ireland holds personal data received from several sources in connection with the performance and delivery of our public functions and the promotion of tourism and the development of tourism facilities and services.

  • About this data protection policy
  •  

    This Data Protection Policy provides information on what personal data Fáilte Ireland processes on whom and why, along with information as to how that data is managed and how you can exercise your legal rights under the GDPR. It is designed to be as transparent and informative as possible and to ensure you that we handle your data with the utmost care and integrity. This Data Protection Policy is displayed in the footer of Fáilte Ireland’s website www.failteireland.ie.

     

    In the interest of maximum transparency, this Data Protection Policy is supplemented with Privacy Statements. These Privacy Statements provide more in-depth information on data processing, purpose and storage and retention specific to different types of Subjects (employees, board members, people operating in tourism and availing of business services, general public and holidaymakers, stakeholders and dignitaries, suppliers, etc).

    Please see the table below which provides an overview of these Privacy Statements. 

    Privacy Statement Title

    Publication

    Subjects

    Employee Privacy Statement

    Internal

    Employees 

    (Past, present and potential)

    Board Members Privacy Statement

    Internal

    Board Members 

    (Past, present and potential)

    Business Services Privacy Statement

    External

    People operating in tourism and with whom Fáilte Ireland works including people working in the tourism industry, stakeholders, other public bodies.

    Supplier Privacy Statement

    External

    Suppliers and contractors for products and services which Fáilte Ireland procure and use. 

    Consumer Privacy Statement

    External

    Members of the public/holidaymakers/ visitors and tourists. 


     

     

  • Lawful basis and purpose of processing personal data
  • Fáilte Ireland uses a number of lawful bases in processing personal data of a range of subject groups. The largest group of subjects are those who operate within the tourism sector, including other public bodies, with whom Fáilte Ireland work and to whom Fáilte Ireland deliver its services in line with its statutory obligations. Fáilte Ireland uses its Legislative Mandate as an Official Authority under the National Tourism Development Authority Act, 2003 (NTDA Act, 2003) as the lawful basis to process personal data for the purposes of ‘the promotion of tourism and the development of tourism facilities and services’ in Ireland. Where legislative mandate cannot apply, Fáilte Ireland uses the most appropriate lawful basis including purpose of a contract, consent, vital interest and legitimate interest. Fáilte Ireland will ensure that the lawful basis of processing personal data are aligned with the Data Maps (as per Article 30 of the GDPR) and also our Privacy Statements.

    Summary of Lawful Bases used by Fáilte Ireland in processing personal data 


    Subjects

    Personal Data

    Lawful Basis

    Employees 

    (Past, present and potential)

    Contact & financial data, work ID, & PPSN

    Purpose of a Contract 

    Employees 

    (Past, present and potential)

    Imagery

    Legitimate Interest

    Employees 

    (Past, present and potential)

    Family details; next of kin

    Vital interest

    Board Members 

    (Past, present and potential)

    Contact & financial data; Imagery,  Declaration of interest data

    Legislative Mandate 

    People People operating in the tourism sector, groups, stakeholders, dignitaries, other public bodies, media with whom we work to develop the tourism economy

    Contact & financial data; Imagery

    Legislative Mandate

    Members of the public/holidaymakers/ Leisure & business tourism visitors attending public events

    Contact data;

    Voice recording; Imagery (crowd images)

    Legislative Mandate

    Members of the public/holidaymakers/ Leisure & business tourism visitors 

    Contact data Imagery

    Consent

    Children and vulnerable adults

    Contact data Imagery

    Consent

    Users of Ireland’s Content Pool imagery toolkit. 

    Contact data; Imagery

    Purpose of a Contract

    Suppliers and people who we contract goods and services from

    Contact data; professional data Imagery 

    Purpose of a Contract


    If you submit personal data relating to other people – such as your friends, family, colleagues and others – you are also deemed to be representing that you have the authority to do so and permit us to use their personal data for the purposes described in this Data Protection Policy.

     

    Please contact dataprotection@failteireland.ie if you have any questions about our privacy practices which are not addressed here.

     


  • Children’s data
  • We do not knowingly collect personal information from children without proper parental consent and we make every effort to ensure we have controls in place to secure the privacy of children. Individuals aged 16 or under must ensure they have parent/guardian’s provide written permission before providing any personal information to us. If you believe that we may have collected personal information from someone under the age of 16 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.

  • Use of our websites
  • Our websites use certain cookies, please see below:


    Website Name

    Cookie Policy

    www.discoverireland.ie/ https://www.discoverireland.ie/cookie-policy
    https://www.visitdublin.com/ https://www.visitdublin.com/cookies-policy
    http://nyfdublin.com/ https://nyfdublin.com/cookie-policy/
    https://www.pucafestival.com/ https://www.pucafestival.com/cookie-policy/
    https://www.Fáilteireland.ie/ https://www.Fáilteireland.ie/cookies.aspx
    https://www.meetinireland.com/ https://www.meetinireland.com/cookies-policy
    https://www.dublinconventionbureau.com/ https://www.dublinconventionbureau.com/cookies-policy/

  • Sharing your data
  • Fáilte Ireland will only share your personal data with partners and third parties when and where is absolutely necessary, including without limitation to the following:
     

    • • Tourism promotions partners such as Tourism Ireland and tourism development partners, essential to the development of Ireland tourism economy and therefore essential to the fulfilment of our legislative mandate.
    • • Suppliers of professional services including without limitation to the following: legal, audit and grant processing services, business supports and training services.  

    Where we need to share your personal information, we will do so with care and integrity and in line with this Data Protection Policy and our legal obligations. We will ensure that the appropriate technical and organisational measures, processes are data sharing agreements are in place to keep your personal information secure.

     

    If you would like more information about who your data may be shared with, please e-mail dataprotection@failteireland.ie.

     


  • Data transfer outside of the European Economic Area
  • Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed 'adequate' by the European Commission, we may enter into 'Standard Contractual Clauses (SCCs)’ with the recipient. These contracts contain standard commitments approved by the European Commission protecting the privacy and security of the information being transferred.

  • Linked services, third-party sites and content
  • In some of our articles, videos, emails and blogs, we may reference other websites and provide links that are outside of our control. This Data Protection Policy does not cover these other websites and links. Fáilte Ireland does not accept any responsibility or liability for other sites' privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information. Please refer to YouTube’s Terms of Service and Google's Privacy Policy

  • Storage and retention
  • We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include:

    (i) The length of time we have an ongoing relationship and/or provide our services to you or your business. 
     

    (ii) Whether there is a legal requirement to which we are subject for e.g. relating to retention of personal data associated with payments and grant services.  
     

    (iii) Whether the retention is advisable in light of our legal position (such as regarding applicable statutes of limitations, litigation, or regulatory investigations).

     

    Personal data is stored primarily on Fáilte Ireland’s data management system. All personal data is retained in a secure environment with restricted access.If you would like more information about how long Fáilte Ireland holds your data, please e-mail dataprotection@failteireland.ie.

     

     

  • How do we protect your information?
  • We take our obligations very seriously and will take appropriate legal, organisational and technical measures to protect your personal data from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

     
    SSL;
    Restricted Access;
    IT Authentication;
    Firewalls; &
    Anti-Virus/Malware
     

    We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.

  • Where the data subject does not provide their personal data
  • If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).

  • Your rights
  • Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.

    Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.

    Right to object – you have the right to object to certain types of processing such as, direct marketing.

    Here are examples of how you can invoke your rights:

    (a) Get a copy or to find out what Personal data Fáilte Ireland holds on you and why (known as a Subject Access Request);

    (b) Rectify or update your information (e.g., surname, address, mobile number, etc.,); or

    (c) Erase your personal information (known as the Right to Be Forgotten)

    Please complete the Personal Data Request Form available here.

    For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.

     

    If you are a registered user of Fáilte Ireland's Trade Portal you can update your personal information held on the Fáilte Ireland Trade Portal at any time.

     


  • To access what personal data is held, identification will be required
  •  

    To access a copy of your personal data that is held by Fáilte Ireland, please complete the Personal Data Request Form available here.

     

    For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.

    You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.


  • Changes to this data protection policy
  • We reserve the right to modify this Data Protection Policy at any time. You shall be bound by the then-current Data Protection Policy and accordingly, you should review the Data Protection Policy periodically. If we make material changes to our Data Protection Policy, we will provide you with notice of amendments and update the ‘Last Updated’ date at the top of this Data Protection Policy.

  • Complaints, questions and assistance
  • If you have any comments, concerns or complaints about our use of your personal data, we ask that you contact us first to try and resolve the matter. You are encouraged to raise any issues with our Data Protection Officer: dataprotection@failteireland.ie.

  • Complaining to the Data Protection Commission (DPC)
  • If you wish to make a complaint about how Fáilte Ireland processes your personal data or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.
     
    The Data Protection Commission can be contacted at:
     
    Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.
    Telephone: +353 (0) 57 8684800
    Telephone: +353 (0) 76 1104800
    Lo-Call Number: 1890 252 231