- Summary
This Privacy Statement relates to the personal data collected by us in respect to the services we provide. It defines how we collect, share, store, our legal basis, how long we keep your data, and explain your rights. Any information that we process about you will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Acts, 1988 to 2018 and other Irish or EU Data protection legislation. Fáilte Ireland holds personal data received from several sources in connection with the performance and delivery of our public functions. In some instances, personal data is provided directly to us by the data subject concerned (e.g., business owner or sole trader). We may also indirectly receive personal data about a data subject; for example, an employer may provide its employee personal data.
- Retaining your data
We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include:
(i) The length of time we have an ongoing relationship and/or provide our services;
(ii) Whether there is a legal requirement to which we are subject; and
(iii) Whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
We will keep personal data contained in application files in line with our Retention Schedule. It will be retained in a secure environment and access to it be restricted.
Activity |
Type of data |
What we use your data for |
Lawful basis |
Retention |
Successful Tenders |
The types of personal data you may be asked to supply can be categorised as follows: name, address, email address, phone number, eircode/post code, tax reference number/PPNS tax status, curriculum vitae, financial statement, turnover, etc., references and insurance details.
|
|
Comply with legal obligations (such as anti-money laundering regulations). Declaration of personal circumstances as per Article 57 of Directive 2014/24/EU, Confirmation of adherence to Statutory Obligations and Manpower levels.
|
7 years and 6 months
|
Unsuccessful tenders |
First names, surnames, address E-mail addresses Mobile/Landline Work History/Experience (CVs) Financial/Bank Account Details
|
C&AG is every year and Internal Audit is every two years. Once this is audited, they will never go back and re-audit it again
|
Legal Obligation. (Article 6(1)(c))
|
2 years
|
Your recorded imagery on CCTV |
Imagery
|
It is installed for the purposes of crime prevention at some of the venues we work in/operate. Where this is used, we will display appropriate notices.
|
The processing is necessary for the purposes of the legitimate interests pursued by the Fáilte Ireland, taking into account the fundamental rights and freedoms of the data subject
|
Recorded images will be stored for a period of 1 month, following which they will be deleted, except in a case where the recording forms part of a report made to the Health and Safety Authority following the occurrence of a reportable accident or dangerous occurrence in the workplace, in which case the recording will be retained for a period of 10 years.
|
Visitors to Our Premises: Covid-19 Contact Tracing Log |
First name, surname, mobile number
|
Fáilte Ireland is acting on the HSE guidance, which permits us to process visitor’s personal data, including health data.
|
The lawful Basis is of Public Interest in the area of public health. Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018.
|
Your information will be securely retained for 30 days after which it will be deleted/destroyed.
|
If you would like more information about how long Fáilte Ireland holds your data, please e-mail dataprotection@failteireland.ie
Additionally, if you submit Personal Data relating to other people – such as your colleagues and/or companions – in connection with the Services, you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Statement.
- Children's data
We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.
- Use of our websites
Fáilte Ireland’s website collects specific information automatically and stores it in log files. The information may include Internet Protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Fáilte Ireland website, including a history of the pages you view. We use this information to help us design our site to suit our users’ needs better. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyses trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. See the Cookie Policy on our websites for more details.
- Sharing your data
To provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:
• Our suppliers and third parties who provide services to us to help us administer and audit our services.
Where we need to share your personal information, we will do so in line with this Statement and our legal obligations, including ensuring that the third party we are sharing it with has appropriate technical and organisational measures and processes in place to keep your personal information secure, and that they only use it in accordance with our instructions.
Your personal data will be shared with the following organisations in the exercise of their public task, making payments, complying with our legal obligation, and detecting and preventing fraud. Your consent for these purposes is not required.
• Department of Finance
• Department of Media, Tourism, Arts, Culture, Sport and the Gaeltacht
• External Auditors
• Office of the Revenue Commissioners (ROI)
• An Garda Siochána
- Linked services, third-party sites and content
In some of our articles, videos and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. Fáilte Ireland does not accept any responsibility or liability for other sites’ privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information.
- Your rights
Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.
Right to object – you have the right to object to certain types of processing such as, direct marketing.
- To access what personal data is held, identification will be required
-
For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.
- Data transfer out of the European Economic Area
Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed 'adequate' by the European Commission, we may enter into 'Standard Contractual Clauses (SCCs) with the recipient. These contracts contain standard commitments approved by the European Commission protecting the privacy and security of the information being transferred.
- How do we protect your information?
Fáilte Ireland will take appropriate legal, organisational and technical measures to protect your personal information. Fáilte Ireland takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
• SSL;
• Restricted Access;
• IT Authentication;
• Firewalls; &
• Anti-Virus/Malware
We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.
- Where the data subject does not provide their personal data
If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).
- Changes to our privacy statement
We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then-current Privacy Statement and accordingly, you should review the Privacy Statement each time you use this website. This is a live document under regular review. This policy was last updated in October 2020.
- Complaints, questions and assistance
If you have any comments, concerns or complaints about our uses of your personal data, we ask that you contact us first to try and resolve the matter.
You are encouraged to raise any issues with Fiona Buckley (DPO):
Post:
Data Protection Officer (DPO),
Fáilte Ireland,
Unit 2,
Nessan House,
Riverview Business Park,
Bessboro Road,
Blackrock,
Cork,
Ireland
T12R8HE
- Complaining to the Data Protection Commission (DPC)
In the event that you wish to make a complaint about how Fáilte Ireland processes your personal data or how your complaint has been handles, you have the right to lodge a complaint directly with the Data Protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.
The Data Protection Commission can be contacted at:
Post:
Data Protection Commission (DPC),
Canal House,
Station House,
Portarlington,
Co. Louth.
Telephone: +353 (0) 57 8684800 / +353 (0) 76 1104800
Lo-Call Number: 1890 252 231
E-mail: info@dataprotection.ie
Schedule 1
We have set out below a list of third parties with whom we share your data.
Aramark
|
Cleaning, Catering, Shredding, CCTV and Security
|
Byrne Wallace Solicitors
|
Legal Services
|
Celtrino
|
Fáilte Ireland must comply with EU e-invoicing Directives and must therefore, have the e-invoicing facility in place.
|
CookieBot
|
Manages the Cookie Banner and Policy
|
Ergo
|
ICT Staff and ClickDimensions
|
First Direct Couriers
|
Courier Service
|
Insurance Brokers / Agencies and
Companies
|
|
Kefron
|
Storage of hard copies of records
|
PwC
|
External auditors
|
ROI Local Authorities
|
|
Sport Ireland
|
|
Sport Northern Ireland
|
|
Tourism Ireland
|
|
Tourism Northern Ireland
|
|
For full details on compliance on data processing on its consumer privacy statement, employee privacy statement, contractors and suppliers.