CCTV privacy statement

About Fáilte Ireland

Fáilte Ireland is the National Tourism Development Authority, and it is the statutory body established by the National Development Authority Act, 2003 whose principal place of business is at 88-95 Amiens Street, Dublin 1 (also referred to as “Authority”, “we”, “our”, “us”) is the Data Controller when you provide your personal data to us.

Our role is to support the tourism industry and work to promote Ireland as a tourist destination.

Fáilte Ireland fully respects your right to privacy. Fáilte Ireland is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.

Table 1: Purpose of CCTV
Purposes Lawful Basis Retention
CCTV may be specified as security control resulting from insurable risk assessment which, in turn, informs the terms of Failte Ireland’s Insurance Policy. In this event, the purpose of using CCTV is to uphold the Insurance Policy by deterring and evidencing fraud, theft, accident, damage and crime; including where CCTV is required by a landlord as part of a property lease agreement
Purpose of a Contract 
There is a contract between Fáilte Ireland and our Insurance Provider. It is required to uphold the terms and conditions as stipulated in the Contract and securing the assets with CCTV controls.
Recorded images will be stored for a period of 1 month, following which they will be deleted, except in a case where the recording forms part of a report made to the Health and Safety Authority following the occurrence of a reportable accident or dangerous occurrence in the workplace, in which case the recording will be retained for a period of 10 years
Safeguard employees, contractors and visitors to Fáilte Ireland premises where so ever identified in a health and safety risk assessment. Risk assessments are carried out by a Competent Person as per the Health and Safety Statement.
Legal obligation 
Under the Safety, Health and Welfare at Work Act, 2005 Fáilte Ireland has a duty of care to its employees, contractors and visitors to its premises.


CCTV will not be used by Fáilte Ireland for any other purposes other than those outlined in the Table 1. When more purposes for the use of CCTV images are proposed, these must be approved in advance by Fáilte Ireland’s Data Protection Officer (DPO) and, if necessary, by the Data Protection Commission (DPC). Those accepted purposes will be listed in this procedure.

Table 2: CCTV will not be used for
For the avoidance of doubt, CCTV monitoring/profiling of an individual based on any of the following characteristics is prohibited by this policy;
Monitoring based on the characteristics and classifications contained in equality and other related legislation e.g., age, civil status, family status, race, gender, sexual orientation, disability, religion, membership of the Travelling Community, etc.,
Monitoring the attendance of employees.
Archiving in the public interest, for scientific or historical research or for statistics.
Recording audio or facial recognition
CCTV will not be located in areas where staff and the public would expect privacy such as break rooms, changing rooms, showers and toilets.
We do not engage in automated decision-making/profiling

This privacy statement was last updated in October 2023.

  • Your rights
  • Right of access – you have the right to request a copy of the information that we hold about you in accordance with Article 15 GDPR.
    Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Article 16 GDPR.
    Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Article 17 GDPR.
    Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Article 18 GDPR.
    Right to portability – this cannot be facilitated because there is only one National Tourism Authority in the Republic of Ireland.
    Right to object – you have the right to object to certain types of processing such as, direct marketing in accordance with Article 21 GDPR.

  • To access what personal data is held, identification will be required
  • To access a copy of your personal data that is held by Fáilte Ireland, please complete the Personal Data Access Request Form available here.
    For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
    You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.
    The provision of access to a data subject to CCTV recordings of his/her recognisable images and/or other personal data will involve providing stills. Where stills are provided Fáilte Ireland will aim to supply a still for every second of the recording in which the data subject’s recognisable images and/or other personal data appears. If the image is of such poor quality so as not to clearly identify an individual, that image may not be considered to be personal data and may not be released by Fáilte Ireland.
    Recognisable images and/or other personal data of other parties other than the data subject appear on the CCTV recordings these will be redacted (i.e., blanked out) on any copies or stills provided to the data subject. Alternatively, unedited copies of the CCTV recordings may be released provided consent is obtained from those other parties whose recognisable images and/or other personal data appear on the CCTV recordings.
    If the CCTV recording is of such poor quality as to not clearly identify recognisable images and/or other personal data relating to the data subject, then the recording will not be considered as personal data and may not be released by Fáilte Ireland.

  • Data transfers outside of the European Economic Area
  • There are no international data transfers taking place which involve CCTV.

  • How do we protect your information
  • Fáilte Ireland will take appropriate legal, organisational and technical measures to protect your personal information. Fáilte Ireland takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data.

  • Changes to this privacy statement
  • We reserve the right to modify this Privacy Statement at any time. You shall be bound by the then-current Privacy Statement and accordingly, you should review the Privacy Statement periodically. If we make material changes to our Privacy Statement, we will provide you with notice of amendments and update the ‘Last Updated’ date at the top of this Privacy Statement. 

  • Complaints, questions and assistance
  • If you have any comments, concerns, or complaints about our uses of your personal data, we ask that you contact us first to try and resolve the matter.

    You are encouraged to raise any issues with Fiona Buckley (DPO):



  • Complaining to the Data Protection Commission (DPC)
  • In the event that you wish to make a complaint about how your personal data is processed by Fáilte Ireland or how your complaint has been handles, you have the right to lodge a complaint directly with the Data protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the Data protection Commission (DPC).

    The Data Protection Commission (DPC) can be contacted at:

    Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.

    Telephone: +353 (0) 57 8684800

    Telephone: +353 (0) 76 1104800

    Lo-Call Number: 1890 252 231





  • Schedule 1
  • We have set out below a list of third parties with whom we share your data.

    One Complete Solution Limited (OCS) - Cleaning, Catering, Shredding, CCTV and Security