Privacy Policy

LIFT IRELAND DATA PROTECTION POLICY

Last updated June 2025

 

Privacy Policy

 

This policy outlines our approach to data privacy to fulfil our obligations under the General Data Protection Regulation.

1. Who We Are

Throughout this document “we”, “us” and “our” and “ours” refers to LIFT Ireland Foundation Limited. LIFT Ireland Foundation Limited is a company registered in Ireland with registered office at 39/40 Mount Street Upper, Dublin 2, D02 X7H6. We are the organisation responsible for the control of your personal data, referred to in Data Protection Law as the Data Controller.

 

2. The Information We Collect About You

There are a number of reasons for gathering personal data about you. For instance, we need to know how to get in touch with you and to register you for events.

The personal data we collect includes:

  • Identity and Contact Information: name, contact details, online user identities, such as IP address, cookies identifiers, address, email address, work and personal phone numbers.
  • Information you provide us about others or others provide about you: information you give us about someone else (for example a colleague) or someone gives us information about you, we may add it to any personal information we already hold and will use it in the ways described in this privacy policy.
  • Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this privacy policy. You need to ensure that they confirm that they know you are sharing their personal information with us for the purposes described in this privacy policy.
  • Information from online activities: we collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. For detailed information on cookies we use and the purpose for which we use them, see our cookies policy, which is available on our website.
  • Other personal information: photographs at our events, information you provide us when completing surveys.

 

3. The Purpose and Legal Basis for Processing Your Information

As you use our services, attend our events, make enquiries and engage with us, information is gathered about you. We may also collect information about you from other people and other parties, for example when your employer or school registers you for an event.

 

4. How We Use Your Information

  • To enter into a contract with you: To provide our services to you and to perform our contract with you.
  • For our legitimate business interest: To manage our business we may use your information to run our business on a day to day basis including accounting, internal reporting, market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud in our legitimate interest. Our legitimate interest in the effective management of our business.
  • Provide Services: We may use your personal information to update you on our services, to invite you to events that we may feel interest you in our legitimate interest. We may also update you on related services by our partner organisations that we may feel interest you in our legitimate interest. In this case we will not pass your information to that partner organisation but will update their information to you. Our legitimate interest is to promote our services. We may monitor whether any emails have been opened by you.
  • Where we process your information for our legitimate interest, we ensure there is a balance between our legitimate interest and your fundamental rights and freedoms.
  • Consent: We will, in certain circumstances, rely on your explicit consent to process your personal data. This consent can be withdrawn at any time using the contact details set out above.

 

5. Consequences of Failing to Provide Information

Where we need to collect personal data by law, or under the terms of contract with you and you fail to provide that data when requested we may not be able to perform the services we have or are trying to enter into with you.

 

6. Your Information and Third Parties

Third party service providers: we may share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as accountants, IT service providers, printers, debt collection agencies, business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administration services.

Your employer and/or education institution: where you participate in our services through your employer or educational institution, we may share your personal information with your employer and/or educational institution.

Our Facilitators and Roundtable Leaders: we may provide your information to our facilitators and roundtable leaders for the successful holding of roundtables.

 

7. Storage Periods

We will retain your personal information for the purposes of satisfying any legal, accounting or reporting requirements. How long certain information is stored depends on the nature of the information we hold and the purposes for which it is processed. For example we may hold some personal information for a period of seven years from the date of completion of any contract with you. In other instances we may hold on to your information for longer where it is required under law.

 

8. Transfer Outside the European Economic Area

We may transfer your personal data outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection and in such circumstances we take specific steps, in accordance with data protection law to protect your personal information. In particular for transfers of personal data outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protections approved by the European Commission.

 

9. Your Rights

You have several rights under data protection law in relation to how we use your personal information. You have the right free of charge to:

  1. Find out if we use your information, to access your information to receive copies of the information we have about you;
  2. To request that inaccurate information is corrected and incomplete information updated;
  • Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interest or performance of a task in the public interest. However, doing so may have an impact on the services and products we can/are willing to provide;
  1. Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes;
  2. Have your data deleted or its use restricted – you have a right to this under certain circumstances for example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or you object to our use of your personal information for our particular legitimate business interest;
  3. Obtain a transferable copy of certain data which can be transferred to another provider known as the right to data portability. This right applies where personal data has been processed based on consent or for performance of a contract and the processing is carried out by automated means. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access. This right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive personal data transferred to us and we will not be responsible for the accuracy of same.
  • Withdrawal of Consent at any time, where any processing is based on consent. If you withdraw your consent, it will not effective the lawfulness of processing based on your consent before its withdrawal.

 

Please note the above rights are not absolute and may in certain circumstances be limited by data protection law. We are obliged to respond without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to complexity or number of requests) we may extend this period by a further two calendar months. Should this be necessary, we will explain the reason why. If you make your request electronically we will, where possible provide the relevant information electronically unless you ask otherwise.

 

You have the right to complain to the Data Protection Commissioner or other supervisory authority. You can contact the Office of the Data Protection Commission at www.dataprotection.ie, telephone number: (057) 868 4800.

 

10. Opt-out

You have the right to opt-out of marketing at any time by contacting us at the details set out below or by selecting any of the unsubscribe links in emails that we send you.

 

11. How to Contact Us

If you have any questions about how your personal data is gathered, stored, shared or used please contact us at the details set out below. In addition if you wish to find out more information on how to exercise any of your data rights please contact us on www.liftireland.ie/contact

 

 

 

12. Data Processors

LIFT respects the rights of all people to manage any personal data that has been collected by LIFT and processed by its respective Data Processors.  We commit to treating that data with integrity, and to continuously improving our systems.  We also encourage you to discuss with us any potential GDPR concerns you may have.  LIFT commits to processing any data access requests within the required 30 days period.

 

LIFT Ireland, as a Data Controller, has an obligation to only use Data Processors that take measures to meet the requirements of the General Data Protection Regulations (GDPR).  LIFT operates with a cloud services model, using Data Processors that are all committed to adhering to the most updated General Data Protection Regulations in the European Union (EU) and the European Economic Area (EEA). 

 

All Data Processors used by LIFT have processes in place to respond promptly to Data Subject Requests (DSRs). Any transfers of Customer Personal Data out of the EU are governed by the Standard Contractual Clauses (also known as the Model Clauses) or Binding Corporate Rules (BCRs).  The Data Processors’ responsibilities include implementing the appropriate technical and organizational measures to assist LIFT in responding to requests from data subjects exercising their GDPR rights.

 

In the event of LIFT being notified of a data breach by our data processors or elsewhere, LIFT will convene a senior management meeting including legal advisors to assess the risk and determine the appropriate course of action based on the nature of the breach and professional advice.

 

LIFT uses the following Data Processors to manage LIFT’s data (which includes some personal data eg.  Names, contact information, place of work/study):

   

  1. Microsoft Office 365:

 

  • Purpose: most of LIFT’s data is generated in Office applications such as Excel, Outlook and Sharepoint, and is used to manage the day to day running of the business.
  • Technical, organisational and security measures:

General Data Protection Regulation – Microsoft GDPR | Microsoft Docs

Office 365 Data Subject Requests Under the GDPR and CCPA – Microsoft GDPR | Microsoft Docs 

 

  1. Dropbox-Sign:

 

  • Purpose: electronic signatures on Terms Of Service documents.
  • Technical, organisational and security measures:

Privacy Policy

 

  1. Calendly:

 

  • Purpose: booking online roundtables or events (eg. Facilitator training).
  • Technical, organisational and security measures:

Privacy Policy

Data Processing Addendum
Calendly’s privacy and security compliance

 

  1. Mentimeter:

 

  • Purpose: capturing responses to short surveys.  Data can be anonymised on request.
  • Technical, organisational and security measures:

Data Processing Agreement

Privacy Policy

 

  1. Mailchimp:

 

  • Purpose: email marketing. 
  • Technical, organisational and security measures:

Privacy Policy

Data Processing Addendum

 

  1. Phonovation:

 

  • Purpose: provide SMS services.
  • Technical, organisational and security measures:

Privacy Policy

 

  1. OnePageCRM:

 

  • Purpose: manage relationships with prospective and current partners.
  • Technical, organisational and security measures:

Privacy Policy

Terms Of Service – including Data Processing Schedule

 

  1. Amazon Web Services:

 

  • Purpose: host LIFT website (https://liftireland.ie)
  • Technical, organisational and security measures:

Data Processing Addendum

 

  1. Zoom:

 

  • Purpose: conduct online meetings and events.
  • Technical, organisational and security measures:

Privacy Policy

 

  1. Dropbox:

 

  • Purpose: legacy system used prior to Microsoft Office 365.
  • Technical, organisational and security measures: to supplement their GDPR compliance efforts, Dropbox has chosen to adhere to the Cloud Security Alliance (CSA) Code of Conduct for GDPR Compliance.

Privacy and Data Protection

Dropbox’s GDPR Compliance Journey

Shared Responsibility Guide

 

LIFT Ireland reviews data systems and processes as and when required, but at least annually in December of every year.

 

13. Changes to this Privacy Notice

We will update this privacy policy from time to time on our website at www.liftireland.ie. Any material changes to this privacy policy, where appropriate, will be notified to you by any communication channel we deem appropriate.

 

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Save