Who we are
IoD Ireland’s registered office is at Europa House, Harcourt Street, Dublin 2, D02 WR20, and we are a company registered in Ireland under company number 197643. We are a membership organisation for directors and business leaders in Ireland and our focus is on the personal and professional development of our members with online resources, workshops, specialist courses and events.
We act as the data controller when directly processing your data and you have the right to obtain information about the data that we hold on you. Should you need to contact us please email us at firstname.lastname@example.org; call us on +353 1 411 0010; or post to Institute of Directors in Ireland, Europa House, Harcourt Street, Dublin 2, D02 WR20.
Information that we collect
It is important that you read this privacy notice together with fair processing notices which we provide in specific cases when we are collecting or processing personal data about you (e.g. membership application, expression of interest, event booking, use of photographs) so that you are fully aware of how and why we are using your data.
IoD Ireland primarily processes your personal information to meet our contractual obligations and to provide you with our services as an IoD member or non-member. We may also rely upon our legitimate interests or your consent where appropriate. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect the following personal information which we have grouped together as follows:
- Identity Data (First name, last name, data of birth (in the case of members), gender, company, professional title, professional qualifications, career history (in some cases))
- Contact Data (Postal address, email address, telephone number)
- Financial Data (Credit / Debit card details)
- Technical Data (IP address (masked), login data, open rate / click rate data).
Cookies and Online Trackers:
Further to the above, we may also (with your express consent) avail of tracking pixels within our emails. Said pixels are used to monitor click rate and your engagement with our correspondence. This allows use to more readily tailor content for our Marketing Campaigns and review Member engagement more accurately.
We collect information in the following ways:
- Online forms
- Paper / pdf forms
- Publicly available sources (e.g. online / media)
- Cookies and online trackers
How we use your personal data
We take your privacy seriously and will only use your personal data when the law allows us to. As an IoD member or participant / attendee on our training programmes / events, your personal data is processed on the basis of contractual necessity. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending non-members information and updates on our services and such non-members have the right to withdraw consent at any time by unsubscribing from our mailing list.
We will not, without your consent, supply your data to any third party except where such a transfer is a necessary part of the activities that we undertake. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice.
The purposes and reasons for processing your personal data are detailed below:
- We collect your personal information where we need to perform the contract we are about to enter into or have entered into with you
- We collect your personal data for the purposes of administering our relationship with you as an IoD member / potential member, applicant and/or participant of the Chartered Director Programme, IoD event / workshop attendee, registration with the Boardroom Centre, board evaluation client, submitted a query via online Contact Us form, or joined our mailing list
- We collect your personal data for the purposes of sharing information with you about our services and activities (in the case of IoD members, this includes information about all of our services and activities without distinction)
- We collect and store your personal data as part of our legal obligations
- We will send you information about our services that is beneficial to you as an IoD member and in our interests. Such information will be non-intrusive and is processed on the grounds of contractual necessity
You have the right to access any personal information that we process about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You have the right to request that we delete your personal data in certain circumstances, e.g. where the data is no longer necessary for the purposes for which it was initially required. We undertake to adhere to your Right to be Forgotten subject to where the data is required to be retained for contractual, or to meet legal or regulatory requirements.
Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise the above rights, we will ask you to verify your identity to a varying degree based upon the information sought, before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and disclosing your personal information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice, in fair processing notices, or where there is a legal requirement. We use third-parties to provide certain services and we have data processor/sharing agreements in place with all third-parties. All processors acting on our behalf only process your data in accordance with instructions from us and comply with this privacy notice, data protection laws and any other appropriate confidentiality and security measures.
We share data with third parties such as:
- Database provider
- Email marketing provider
- Web provider
- Finance / payment processing provider
- Mailing house provider
- Training programme providers
- Market research providers
- Event partners, but only in the circumstance whereby you register to attend a specific partnership event. The partner will then only use this data for the purposes of the said event, and for no other reason.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and we have put in place appropriate security measures.
In order to protect the privacy of your personal information, we:
- Take all due care to protect your personal data from any loss, unauthorised access, modification, use, disclosure or destruction
- Limit access to your personal data to those employees, agents, suppliers and other third parties who have a business need to know and who will only process your data under our strict instructions
- Provide data protection training to all employees in relation to their responsibilities in the processing and safeguarding of personal information
- Put security measures in place on our online systems including SSL, encryptions and restricted access
- Put in place procedures to deal with a data breach and will notify you and the Data Protection Commissioner of a data breach where we are legally required to do so
Transfers outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data.
We utilise some products or services (or parts of them) that may be hosted/stored in the United States which means that we may transfer information which is submitted by you outside the European Economic Area ("EEA") for the purposes of database management, email services and research surveys (e.g. Constant Contact, Survey Monkey).
Where we transfer personal information for the above reasons, we utilise the below safeguarding measures and mechanisms to ensure that your personal data is always safe and secure:
- We use Standard Contractual Clauses approved by the European Commission. Such clauses impose strict obligations on our trusted third parties to handle your personal data in accordance with European standards.
Links to Other Websites
Consequences of not providing your data
As an IoD member, we require your personal information to perform our contractual relationship with you. This information is required for us to provide you with our services and we will not be able to offer our services without it.
How long we keep your data
We only ever retain personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and in accordance with our data retention policy.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process your data and our relationship with you, whether we can achieve the purpose through other means, the potential risk from unauthorised use or disclosure of your personal data, our legal obligations and circumstances whereby you instruct us to delete your data.
Where you have consented to us using your details by joining our mailing list, we will keep such data until you notify us otherwise and/or withdraw your consent.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Special categories data
Owing to the services that we offer, we sometimes need to process sensitive personal information (known as special category data). Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.
Lodging a complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority via the contact details below.
Changes to this Policy
We reserve the right to change this policy at any time by notifying users of the existence of a revised policy. By continuing to use this Website, you agree to be bound by the amended policy. We will inform you via a notice on the website when a policy is updated. Please refer any questions in relation to this Policy, or to IoD’s processing of your personal data, via the contact details below.
Institute of Directors in Ireland
Dublin 2, D02 WR20
Call: +353 1 411 0010
Data Protection Commissioner
Data Protection Commission
Lo Call: 1890 252 231
You may also lodge a complaint with the Office of the Data Protection Commissioner via their online form.