Supplier and Contractor Privacy Statement

Fáilte Ireland is the National Tourism Development Authority, and it is the statutory body established by the National Development Authority Act, 2003 whose principal place of business is at 88-95 Amiens Street, Dublin 1 (also referred to as "Authority," "we," "our," "us") is the Data Controller when you provide your personal data to us.

Our role is to guide and support sustainable growth in tourism earnings and employment. We provide consumer and competitor insights, mentoring, investment and trade support across the business, event and leisure sectors to secure sales growth from targeted overseas and domestic market segments.

Working in partnership with tourism businesses, Local Government, State Agencies and Government Departments, we also seek to foster a competitive and innovative enterprise base, a sensitively managed natural and built environment within tourism communities and a public policy environment to meet the needs of visitors.

Fáilte Ireland fully respects your right to privacy. Fáilte Ireland is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.

  • Summary
  • This Privacy Statement relates to the personal data collected by us in respect to the services we provide. It defines how we collect, share, store, our legal basis, how long we keep your data, and explain your rights. Any information that we process about you will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Acts, 1988 to 2018 and other Irish or EU Data protection legislation. Fáilte Ireland holds personal data received from several sources in connection with the performance and delivery of our public functions. In some instances, personal data is provided directly to us by the data subject concerned (e.g., business owner or sole trader). We may also indirectly receive personal data about a data subject; for example, an employer may provide its employee personal data.

  • Retaining your data
  • We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include: 

    (i) The length of time we have an ongoing relationship and/or provide our services;
    (ii) Whether there is a legal requirement to which we are subject; and
    (iii) Whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

    We will keep personal data contained in application files in line with our Retention Schedule. It will be retained in a secure environment and access to it be restricted. 

    Activity Type of data What we use your data for    Lawful basis Retention 

    Successful Tenders
    The types of personal data you may be asked to supply can be categorised as follows: name, address, email address, phone number, eircode/post code, tax reference number/PPNS tax status, curriculum vitae, financial statement, turnover, etc., references and insurance details.
     
    Comply with legal obligations (such as anti-money laundering regulations). Declaration of personal circumstances as per Article 57 of Directive 2014/24/EU, Confirmation of adherence to Statutory Obligations and Manpower levels.
    7 years and 6 months
    Unsuccessful tenders
    First names, surnames, address E-mail addresses Mobile/Landline Work History/Experience (CVs) Financial/Bank Account Details
    C&AG is every year and Internal Audit is every two years. Once this is audited, they will never go back and re-audit it again
    Legal Obligation. (Article 6(1)(c))
    2 years
    Your recorded imagery on CCTV
    Imagery
    It is installed for the purposes of crime prevention at some of the venues we work in/operate. Where this is used, we will display appropriate notices.
    The processing is necessary for the purposes of the legitimate interests pursued by the Fáilte Ireland, taking into account the fundamental rights and freedoms of the data subject
    Recorded images will be stored for a period of 1 month, following which they will be deleted, except in a case where the recording forms part of a report made to the Health and Safety Authority following the occurrence of a reportable accident or dangerous occurrence in the workplace, in which case the recording will be retained for a period of 10 years.
    Visitors to Our Premises: Covid-19 Contact Tracing Log
    First name, surname, mobile number
    Fáilte Ireland is acting on the HSE guidance, which permits us to process visitor’s personal data, including health data.
    The lawful Basis is of Public Interest in the area of public health.  Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018.
    Your information will be securely retained for 30 days after which it will be deleted/destroyed.

    If you would like more information about how long Fáilte Ireland holds your data, please e-mail dataprotection@failteireland.ie 

    Additionally, if you submit Personal Data relating to other people – such as your colleagues and/or companions – in connection with the Services, you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Statement.

  • Children's data
  • We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.

  • Use of our websites
  • Fáilte Ireland’s website collects specific information automatically and stores it in log files. The information may include Internet Protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Fáilte Ireland website, including a history of the pages you view. We use this information to help us design our site to suit our users’ needs better. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyses trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. See the Cookie Policy on our websites for more details.

  • Sharing your data
  • To provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:

    Our suppliers and third parties who provide services to us to help us administer and audit our services.

    Where we need to share your personal information, we will do so in line with this Statement and our legal obligations, including ensuring that the third party we are sharing it with has appropriate technical and organisational measures and processes in place to keep your personal information secure, and that they only use it in accordance with our instructions.

    Your personal data will be shared with the following organisations in the exercise of their public task, making payments, complying with our legal obligation, and detecting and preventing fraud. Your consent for these purposes is not required.

    Department of Finance
    Department of Media, Tourism, Arts, Culture, Sport and the Gaeltacht
    External Auditors
    Office of the Revenue Commissioners (ROI)
    An Garda Siochána

  • Linked services, third-party sites and content
  • In some of our articles, videos and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. Fáilte Ireland does not accept any responsibility or liability for other sites’ privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information.


  • Your rights
  • Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.

    Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.

    Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.

    Right to object – you have the right to object to certain types of processing such as, direct marketing.

  • To access what personal data is held, identification will be required
  • To access a copy of your personal data that is held by Fáilte Ireland, please complete the Personal Data Access Request Form.

    For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.

    You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.

  • Data transfer out of the European Economic Area
  • Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed 'adequate' by the European Commission, we may enter into 'Standard Contractual Clauses (SCCs) with the recipient. These contracts contain standard commitments approved by the European Commission protecting the privacy and security of the information being transferred.

  • How do we protect your information?
  • Fáilte Ireland will take appropriate legal, organisational and technical measures to protect your personal information. Fáilte Ireland takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

    SSL;
    Restricted Access;
    IT Authentication;
    Firewalls; &
    Anti-Virus/Malware

    We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.

  • Where the data subject does not provide their personal data
  • If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).

  • Changes to our privacy statement
  • We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then-current Privacy Statement and accordingly, you should review the Privacy Statement each time you use this website. This is a live document under regular review. This policy was last updated in October 2020.

  • Complaints, questions and assistance
  • If you have any comments, concerns or complaints about our uses of your personal data, we ask that you contact us first to try and resolve the matter. 

    You are encouraged to raise any issues with Fiona Buckley (DPO):

    Post:
    Data Protection Officer (DPO),
    Fáilte Ireland,
    Unit 2,
    Nessan House,
    Riverview Business Park,
    Bessboro Road,
    Blackrock,
    Cork,
    Ireland
    T12R8HE

  • Complaining to the Data Protection Commission (DPC)
  • In the event that you wish to make a complaint about how Fáilte Ireland processes your personal data or how your complaint has been handles, you have the right to lodge a complaint directly with the Data Protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.

    The Data Protection Commission can be contacted at:

    Post:
    Data Protection Commission (DPC),
    Canal House,
    Station House,
    Portarlington,
    Co. Louth.

    Telephone: +353 (0) 57 8684800 / +353 (0) 76 1104800
    Lo-Call Number: 1890 252 231
    E-mail: info@dataprotection.ie

    Schedule 1
    We have set out below a list of third parties with whom we share your data.
     

    Aramark

    Cleaning, Catering, Shredding, CCTV and Security

    Byrne Wallace Solicitors

    Legal Services

    Celtrino

    Fáilte Ireland must comply with EU e-invoicing Directives and must therefore, have the e-invoicing facility in place.

    CookieBot

    Manages the Cookie Banner and Policy

    Ergo

    ICT Staff and ClickDimensions

    First Direct Couriers

    Courier Service

    Insurance Brokers / Agencies and
    Companies

     

    Kefron

    Storage of hard copies of records

    PwC

    External auditors

    ROI Local Authorities

     

    Sport Ireland

     

    Sport Northern Ireland

     

    Tourism Ireland

     

    Tourism Northern Ireland

     

    For full details on compliance on data processing on its consumer privacy statement, employee privacy statement, contractors and suppliers.