This policy outlines our approach to data privacy to fulfil our obligations under the General Data Protection Regulation.
1. Who We Are
Throughout this document “we”, “us” and “our” and “ours” refers to LIFT Ireland Foundation Limited. LIFT Ireland Foundation Limited is a company registered in Ireland with registered office at 16 Fitzwilliam Street, Dublin 2. We are the organisation responsible for the control of your personal data, referred to in Data Protection Law as the Data Controller.
2. The Information We Collect About You
There are a number of reasons for gathering personal data about you. For instance, we need to know how to get in touch with you and to register you for events.
The personal data we collect includes:
• Identity and Contact Information: name, contact details, online user identities, such as IP address, cookies identifiers, address, email address, work and personal phone numbers.
• Information from online activities: we collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. For detailed information on cookies we use and the purpose for which we use them, see our cookies policy, which is available on our website.
• Other personal information: photographs at our events, information you provide us when completing surveys.
3. The Purpose and Legal Basis for Processing Your Information
As you use our services, attend our events, make enquiries and engage with us, information is gathered about you. We may also collect information about you from other people and other parties, for example when your employer or school registers you for an event.
4. How We Use Your Information
a) To enter into a contract with you
To provide our services to you and to perform our contract with you.
b) For our legitimate business interest
To manage our business we may use your information to run our business on a day to day basis including accounting, internal reporting, market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud in our legitimate interest. Our legitimate interest in the effective management of our business.
We may use your personal information to update you on our services and to invite you to events that we may feel interest you in our legitimate interest. Our legitimate interest is to promote our services. We may monitor whether any emails have been opened by you.
Where we process your information for our legitimate interest, we ensure there is a balance between our legitimate interest and your fundamental rights and freedoms.
We will, in certain circumstances, rely on your explicit consent to process your personal data. This consent can be withdrawn at any time using the contact details set out above.
5. Consequences of Failing to Provide Information
Where we need to collect personal data by law, or under the terms of contract with you and you fail to provide that data when requested we may not be able to perform the services we have or are trying to enter into with you.
6. Your Information and Third Parties
Third party service providers: we may share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as accountants, IT service providers, printers, debt collection agencies, business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administration services.
Your employer and/or education institution: where you participate in our services through your employer or educational institution, we may share your personal information with your employer and/or educational institution.
Our Facilitators and Roundtable Leaders: we may provide your information to our facilitators and roundtable leaders
7. Storage Periods
We will retain your personal information for the purposes of satisfying any legal, accounting or reporting requirements. How long certain information is stored depends on the nature of the information we hold and the purposes for which it is processed. For example we may hold some personal information for a period of seven years from the date of completion of any contract with you. In other instances we may hold on to your information for longer where it is required under law.
8. Transfer Outside the European Economic Area
We may transfer your personal data outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection and in such circumstances we take specific steps, in accordance with data protection law to protect your personal information. In particular for transfers of personal data outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protections approved by the European Commission.
9. Your Rights
You have several rights under data protection law in relation to how we use your personal information. You have the right free of charge to:
i. Find out if we use your information, to access your information to receive copies of the information we have about you;
ii. To request that inaccurate information is corrected and incomplete information updated;
iii. Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interest or performance of a task in the public interest. However, doing so may have an impact on the services and products we can/are willing to provide;
iv. Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes;
v. Have your data deleted or its use restricted – you have a right to this under certain circumstances for example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or you object to our use of your personal information for our particular legitimate business interest;
vi. Obtain a transferable copy of certain data which can be transferred to another provider known as the right to data portability. This right applies where personal data has been processed based on consent or for performance of a contract and the processing is carried out by automated means. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access. This right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive personal data transferred to us and we will not be responsible for the accuracy of same.
vii. Withdrawal of Consent at any time, where any processing is based on consent. If you withdraw your consent, it will not effective the lawfulness of processing based on your consent before its withdrawal.
Please note the above rights are not absolute and may in certain circumstances be limited by data protection law. We are obliged to respond without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to complexity or number of requests) we may extend this period by a further two calendar months. Should this be necessary, we will explain the reason why. If you make your request electronically we will, where possible provide the relevant information electronically unless you ask otherwise.
You have the right to complain to the Data Protection Commissioner or other supervisory authority. You can contact the Office of the Data Protection Commission at www.dataprotection.ie, telephone number: (057) 868 4800.
You have the right to opt-out of marketing at any time by contacting us at the details set out below or by selecting any of the unsubscribe links in emails that we send you.
11. How to Contact Us
12. Changes to this Privacy Notice