Dublin BIC Privacy Statement 

About this statement and how to read it

The purpose of this document is to provide information to you about the use of your personal data by Dublin Business Innovation Centre (“Dublin BIC” or “we”). At Dublin BIC we respect your right to privacy and we handle your personal data in accordance with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Data Protection Act 2018 (“the Act”) (together “Data Protection Law”).

This document outlines what personal data we, as data controller, collect and process in our dealings with you, how and why we process those personal data and what your rights are in respect of your personal data.

The statement has been written to provide you with clear and transparent information in an easy to understand format. To help with this, the statement is split into three sections:

  • (i) PART A “SPECIFIC INFORMATION”: This contains different sections for each type of individual whose personal data we process, with each section providing information on how we process personal data specifically belonging to that type of individual. So to understand how we process your personal data, go to the section(s) that relates to you.
  • (ii) PART B “GENERAL INFORMATION”: This contains information about processing that is relevant to ALL individuals.
  • (iii) PART C “YOUR RIGHTS”: This contains information about your rights under Data Protection Legislation. 
Contact

If you have any questions about our privacy statement, your rights, or how we use your information, please do not hesitate to contact us here at Dublin BIC:

Post: Data Privacy, Dublin BIC, 1st Floor, The Tower, Trinity Technology & Enterprise Centre, Grand Canal Quay, Pearse Street, Dublin 2, Ireland

Tel: 01 671 3111

Email: startup@dublinbic.ie 

Changes to this statement

We will update this Privacy Statement from time to time. Any changes will be made available on our website and, where appropriate, notified to you by written notice or e-mail.

Part A: Specific Processing Information

Please see below

1. Job Applicants

Where you have applied for a job with Dublin BIC, this section relates to you.

1.1. How we collect your personal data

Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies or online job websites such as Jobbio or LinkedIn. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.

1.2. The personal data we use

Dublin BIC will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
• IDENTITY DATA, including your
  o first name, surname, salutation;
  o date of birth (if included on your CV);
  o photographic identification, where your photograph is included on your CV;
• CONTACT DATA, including your email address, home address, telephone number(s);
• PREFERENCES, in respect of the job you are applying for with us;
• OCCUPATIONAL, including
  o the name of your employer, your job title and department;
  o your employment and education history and any other information contained in a CV provided to us as part of a job application;
• STATEMENTS ABOUT YOU, including
  o references we obtain from your nominated referees as part of a job application;
  o notes we make in relation to your suitability;
  o statements made as part of the interview and evaluation process when you apply for a job with us;

1.3. The purpose and legal basis for processing your personal data

We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):

• Identifying you and processing your job application;

• Verifying the information you provided and assessing your suitability for the role;

• Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application; We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.

1.4. Who we share your personal data with

Your personal data will be shared to relevant staff within Dublin BIC but also to a limited number of third parties where it is necessary to do so, including:


(i) To your nominated referees;
(ii) To third party companies or individuals who are providing recruitment services to us;
(iii) To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers, IT support providers and financial statement auditors;
(iv) To statutory, regulatory, government or law enforcement bodies as required by law;

Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

1.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to consider a job application from you and failure to provide this information may result in us not being able to consider you for the position or role.

1.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. For example, for Companies who are clients of the IRP, we retain the information for 7 years after the date upon which the relationship ceased.

2. Website Visitors
Cookies

Cookies are small text files that can be used by websites to make a user's experience more efficient. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. Please see our Cookies Policy for more information.

Inbound Communications

You may also choose to provide personal data directly to us by way of contacting us via our “Contact Form” on our website. This Contact Form is formatted as an application form for one of our programs – please see the relevant section below on how we handle all personal data of program applicants.

The communications via the Contact Form are kept private by being sent directly to our email, which we then use to manage and respond accordingly. The personal data is only shared with the third parties who supply software to enable us to receive, manage and respond to these communications. This inbound communication management is in line with our legitimate interests to run our business.

Newsletter Subscriptions

Please see section “Mailing List” below.
Our website is secured by SSL technology, which encrypts all information submitted through our website.

3. Mailing List

Where you have subscribed to our newsletter or been added to our mailing list, this section relates to you.

3.1. How we collect your personal data

Information about you, including your personal data, is gathered directly from you when you subscribe to the newsletter via our website or when you are added to our mailing list through your relationship with us as a client, event attendee or otherwise.

3.2. The personal data we use

We process and use all personal data included in the IRP application process and related correspondence, plus any additional information collected during the IRP. This includes:
• IDENTITY DATA, including your first name and surname;
• CONTACT DATA, being your email address;

3.3. The purpose and legal basis for processing your personal data

We only process your personal data where it is lawful and necessary to do so. Your personal data are processed:

• Your consent where you have subscribed to the mailing list;

• Our legitimate interests to provide relevant marketing material to you where you have been added to the mailing list by us (unless you have objected to us using your personal data for this purpose);

• To enable us to comply with our legal, statutory and regulatory obligations;

You can unsubscribe at any time by clicking here, by clicking the “unsubscribe” button within our emails, or by emailing us at startup@dublinbic.ie.

3.4. Who we share your personal data with

Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:
(i) To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers (mailing list software), IT support providers and financial statement auditors
(ii) To statutory, regulatory, government or law enforcement bodies as required by law;
Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

3.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, please note that without your email address, we will be unable to add you to our mailing list.

3.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. You will remain on our mailing list until such time when you unsubscribe. You can unsubscribe at any time by clicking here, by clicking the “unsubscribe” button within our emails, or by emailing us at startup@dublinbic.ie.

4. Investor Ready Programme Applicants & Clients

Where you, as a representative of your own or a third party company (the “Company”), have applied to and/or entered into the Dublin BIC Investor Ready Program (“IRP”), this section relates to you.

4.1. How we collect your personal data

Information about you, including your personal data, is gathered:


(i) Directly from you. Examples include when you:
a. Interact directly with us via telephone, email, post, fax and/or in person;
b. Submitted a program application via our website or email;
c. Provided information as part of an IRP application form, agreement or feedback document;

(ii) From third parties, such as introducers or common business associates who may pass on your details to us (such as the Dublin BIC consultants).

4.2. The personal data we use

We process and use all personal data included in the IRP application process and related correspondence, plus any additional information collected during the IRP. This includes:
• IDENTITY DATA, including your first name, surname, salutation, business name, photograph, gender, nationality, signature;
• CONTACT DATA, including your email address, home address, business address, telephone number(s);
• OCCUPATIONAL, being all of the business information you provide to us when applying for the IRP and as part of the ongoing IRP interactions, including:
  o Your business concept, idea, rationale, stage, milestones, business plan, pitch, overview, previous programme and support details.
  o your employment and education history and any other information contained in documentation provided;
• FINANCIAL DATA, including any financial information submitted such as shareholding, investment and salary/other income details;
• STATEMENTS ABOUT YOU, including notes we make in relation to your eligibility for the AIB SCF program and decisions made about AIB SCF investment;
• PREFERENCES, including the assistance required from Dublin BIC and your marketing preferences;
• LOCATION, being where you and/or the Company are located.

4.3. The purpose and legal basis for processing your personal data

We only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
• Where we receive your personal data as part of an IRP inquiry or referral from a third party, we process your personal data in accordance with our legitimate interests to find suitable Companies for the IRP.

• Where we have collected your personal data as part of an IRP application or where the Company is a client of the IRP, we process your personal data for the purposes of entering into and performing an IRP agreement, including

  o Establishing the Company’s eligibility;

  o Processing the application and related forms;

  o Conducting due diligence and reviews;

  o Contacting you on matters relating to the application and agreement;

  o Performing the terms of the IRP agreement.

• To enable us to comply with our legal, statutory and regulatory obligations;

• To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

• Our legitimate interests to provide relevant marketing material to you or refer you to one of our connected third parties (e.g. Enterprise Ireland) where we believe you are suitable for one of their programs (unless you have objected to us using your personal data for these purposes)

• Where you have provided us with consent to use your personal data for marketing.

4.4. Who we share your personal data with

Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:


(i) To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers, IT support providers and financial statement auditors.
(ii) To connected third party organisations (e.g. Enterprise Ireland) where we believe that the Company may be suitable for another program run by such third parties and we have informed you about the referral;
(iii) To our clients and prospective clients where you have provided us with consent to do so;
(iv) To statutory, regulatory, government or law enforcement bodies as required by law;

Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

4.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to accept the Company on to the IRP and failure to provide this information may result in us not being able to establish the Company’s eligibility for the IRP and therefore not being able to enter such an agreement.

4.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. For example, for Companies who are clients of the IRP, we retain the information for 7 years after the date upon which the relationship ceased.

5. Other Dublin BIC Promoted Programmes

Where you, as a representative of your own or a third party company (the “Company”), have applied to and/or entered into any of the following Dublin BIC promoted programs, please note that the Dublin BIC is not the data controller in respect of your personal data. The information about the processing of your personal data for these programs is available through the respective data controller and through the links outlined in the table.

Please note that Dublin BIC is only obliged to provide you with information about the personal data it processes as a data controller and accepts no responsibility for the accuracy of the information supplied below.

Programme(s): Animation Skillnet, Screen Skillnet, Bridge Programme

Data Controller: Skillnet Ireland

Linkhttps://www.skillnetireland.ie/data-protection/

...................................................................................................

Programme(s): Enterprise Start 2, Sprint, Innovate, Competative Start Fund application days

Data Controller: Enterprise Ireland

Linkhttps://enterprise-ireland.com/en/Legal/GDPR/

...................................................................................................

Programme(s): Campus Smart Start

Data Controller: Trinity College Dublin

Linkhttps://www.tcd.ie/privacy/

...................................................................................................

Programme(s): HBAN

Data Contoller: Halo Business Angel Network

Linkhttps://www.hban.org/privacy-policy

...................................................................................................

Programme(s): Dublin BIC Venture Funding

Data Controller: DBIC Ventures

Linkhttps://dbicventures.ie/

...................................................................................................

Programme(s): Guinness Enterprise Centre

Data Controller: Guinness Enterprise Centre

Linkhttps://gec.ie/privacy-policy/

...................................................................................................

6. Event Attendees

Where you register to attend or exhibit at one of Dublin BIC’s events, this section relates to you.

6.1. How we collect your personal data

We collect your personal data:


(i) Directly from you. Examples include when you:
a. Interact directly with us via telephone, email, social media and/or in person;
b. Submit inquiries and information via our website, email or social media;
c. Provide information as part of an event registration or ticket purchase;


(ii) From third parties, such as:
a. Our event registration, ticketing, payment processing and event mobile application software providers;
b. Our photographer/videographer imagery of the event.

6.2. The personal data we use

The personal data processed is limited to those necessary to establish a relationship with you and facilitate your attendance at one of our events, including:
• IDENTITY DATA, including your first name, surname, business name (sole trader), photo and/or video imagery;
• CONTACT DATA, including your email address, billing address;
• OCCUPATIONAL, including the name and sector of the company you represent and any occupational information available in your email signature (e.g. job title);
• PREFERENCES, including the sectors of interest to you and your marketing preferences;
• FINANCIAL, including debit/credit card details used for ticket purchase;
• ONLINE DATA, including IP address (incl. location), device type, operating system, browser and cookies used by our third party event registration and ticketing software;

6.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:

• For the purposes of entering into and performing an event attendance agreement, including:

  o Processing the registration and, where applicable, corresponding ticket purchase;

  o Managing your attendance at the event.

• To enable us to comply with our legal, statutory and regulatory obligations. For example, the preparation and audit of financial statements in compliance with company law or reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise where required to do so;
• Our legitimate interests to (i) share your details with our event networking mobile application provider and (ii) use general event imagery and video footage for marketing purposes (unless you have objected to us using your personal data for this purpose);

• To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

• Our legitimate interests to provide relevant marketing material to you (unless you have objected to us using your personal data for this purpose).

6.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:


(i) To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, our software providers (e.g. email and file storage, ticketing, payment processing, event networking mobile application provider), our event photographer(s)/videographer(s), our delegate badge printers, our IT support providers and our financial statement auditors.
(ii) To the general public via our website, social media or other marketing mediums where you are visible in our event photography and/or video footage (unless you have objected to us using your personal data in this way.
(iii) To statutory, regulatory, government or law enforcement bodies as required by law.

6.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to facilitate your attendance at one of our events (e.g. debit/credit card details to complete a ticket purchase) and failure to provide this information may result in us not being able to facilitate such attendance.

6.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. Generally, we retain personal data relating to an event attendance agreement for 7 years after the date upon which the relationship with the attendee cease.

7. Event Featured Guests (Speakers, Presenters, Panel Guests)

Where you (“Featured Guest”) are involved in speaking, presenting or being part of a discussion panel at one of Dublin BIC’s events, this section relates to you.

7.1. How we collect your personal data

We collect your personal data:


(iii) Directly from you. Examples include when you:
a. Interact directly with us via telephone, email, social media and/or in person;
b. Submit inquiries and information via our website, email or social media;
c. Provide information as part of an event registration or ticket purchase;


(iv) From third parties, such as:
a. Via referral from our consultants or business partners;
b. Our event registration, ticketing and event mobile application software providers;
c. Our photographer/videographer imagery of the event.

7.2. The personal data we use

The personal data processed is limited to those necessary to establish a relationship with you and facilitate your attendance at one of our events, including:
• IDENTITY DATA, including your first name, surname, business name (sole trader), photo and/or video imagery;
• CONTACT DATA, including your email address, billing address;
• OCCUPATIONAL, including the name of the company you represent, your role, your work and educational biographical information and any other occupational that may be used in the promotion of you as a Featured Guest;
• PREFERENCES, including the sectors of interest to you and your marketing preferences;
• ONLINE DATA, including IP address, device type, operating system, browser and cookies used by our third party event registration and ticketing software;

7.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:

• In accordance with our legitimate interests to

  o identify, approach, respond to inquiries from and develop relationships with prospective Featured Guests;

  o Processing your attendance registration and, where applicable, corresponding ticket purchase;

  o Managing your attendance at the event and your involvement as a Featured Guest;

  o Use your personal data to promote and market the event;

• To enable us to comply with our legal, statutory and regulatory obligations where required to do so;

• To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

7.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:


(i) To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, our software providers (e.g. email and file storage, ticketing, payment processing), our event photographer(s)/videographer(s), our delegate badge printers, our IT support providers and our financial statement auditors.
(ii) To the general public via our website, social media or other marketing mediums where you are visible in our event photography and/or video footage (unless you have objected to us using your personal data in this way);
(iii) To statutory, regulatory, government or law enforcement bodies as required by law;

7.5. Consequences of not giving your data to us

You are not under any legal or contractual obligation to provide your personal data to us. However, please note that without some basic personal data (e.g. name and company name), we may be unable to involve you as a Featured Guest at one of our events.

7.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary.

8. Space Co-Working Users (Individuals and Sole Traders)

This section relates to individuals who engage with Dublin BIC about potential licence or short-term pass or proceed to obtain a licence or pass to the Space co-working facilities, which is a Dublin BIC owned and managed scheme.

8.1. How we collect your personal data

We gather your personal data from both direct and indirect sources:


(i) Directly from you. Examples include when you:
a. Interact directly with us via telephone, email, social media and/or in person;
b. Submit inquiries and information via our website, email or social media;
c. Provide information as part of a rental inquiry or viewing with us;
d. You enter into an agreement or licence with us;


(ii) From third parties, namely by way of referral from our consultants or partners Guinness Enterprise Centre.

8.2. The personal data we use

When you are interested in letting a property managed by us, we will collect and process the following personal data:
• IDENTITY DATA, including your
  o first name, surname, salutation, business name;
  o SPACE swipe and key numbers (licensees only);
• CONTACT DATA, including your email, telephone numbers and (licencee only) home address;
• ONLINE IDENTIFIERS, including your business website and social media URL;
• OCCUPATIONAL, including meeting bookings (licencees only);
• FINANCIAL DATA, including bank details for the purpose of deposit refund (licencees only);
• VISIT DETAILS, where you may inform Dublin BIC of the purpose of your visit and/or the individual or property you are visiting;
• PREFERENCES, namely your direct marketing preferences;

8.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including

• Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you;

• For the purpose of taking steps to enter into and perform an agreement or licence;

• To enable us to comply with our legal, statutory and regulatory obligations;

• Our legitimate interests to provide relevant marketing material to you (unless you have objected to us using your personal data for this purpose);

• Where you have provided us with consent to use your personal data for marketing or referral purposes;

• To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.

• Establish, exercise or defend legal claims;

8.4. Who we share your personal data with

Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:


(i) To third parties who are providing services to Dublin BIC to enable us to manage the relationship with you, including our consultants, software providers, IT support providers and financial statement auditors.
(ii) To the Guinness Enterprise Centre, for whom we provide management services, where we believe that you may be suitable for their services and only where we have informed you of our intention to refer;
(iii) To our clients and prospective clients where you have provided us with consent to do so;
(iv) To statutory, regulatory, government or law enforcement bodies as required by law;
Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

8.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to provide you with a pass or licence and failure to provide this information may result in us not being able to establish your eligibility and therefore not being able to provide same.

8.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. For individuals with a licence or pass, we retain the information for 7 years after the date upon which the relationship ceased.

9. Space Co-Working Users (Representatives of Companies)

This section relates to individuals who engage with Dublin BIC on behalf of their own or a third party company (the “Company”) about potential licence or short-term pass or proceed to obtain a licence or pass to the Space co-working facilities, which is a Dublin BIC owned and managed scheme.

9.1. How we collect your personal data

We gather your personal data from both direct and indirect sources:


(iii) Directly from you. Examples include when you, on behalf of the Company:
a. Interact directly with us via telephone, email, social media and/or in person;
b. Submit inquiries and information via our website, email or social media;
c. Provide information as part of a rental inquiry or viewing with us;
d. The Company enters into an agreement or licence with us;


(iv) From third parties, namely by way of referral from our consultants or partners Guinness Enterprise Centre.

9.2. The personal data we use

When you are interested in letting a property managed by us, we will collect and process the following personal data:
• IDENTITY DATA, including your
  o first name, surname, salutation;
  o SPACE swipe and key numbers (licensees only);
• CONTACT DATA, including your email, telephone numbers and (licencee only) home address;
• ONLINE IDENTIFIERS, including your personal social media URL;
• OCCUPATIONAL, including the Company name, your job title and (licencee only) meeting bookings;
• VISIT DETAILS, where you may inform Dublin BIC of the purpose of your visit and/or the individual or property you are visiting;
• PREFERENCES, namely your direct marketing preferences;

9.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including

• Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and the Company;

• For the purpose of taking steps to enter into and perform an agreement or licence;

• To enable us to comply with our legal, statutory and regulatory obligations;

• Our legitimate interests to provide relevant marketing material to the Company (unless you have objected to us using your personal data for this purpose);

• Where you have provided us with consent to use your personal data for marketing or referral purposes;

• To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.

• Establish, exercise or defend legal claims;

9.4. Who we share your personal data with

Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:


(i) To third parties who are providing services to Dublin BIC to enable us to manage the relationship with you and the Company, including our consultants, software providers, IT support providers and financial statement auditors.
(ii) To our clients and prospective clients where you have provided us with consent to do so;
(iii) To statutory, regulatory, government or law enforcement bodies as required by law;
Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

9.5. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to provide the Company with a pass or licence and failure to provide this information may result in us not being able to establish the Company’s eligibility and therefore not being able to provide same.

9.6. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. For Companies with a licence or pass, we retain the information for 7 years after the date upon which the relationship ceased.

10. Suppliers (Sole Traders)
10.1. How we collect your personal data

As a supplier or service provider to Dublin BIC, we collect your personal data directly when you interact with us via telephone, email, post, fax and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include:


(i) From publicly available information. For example, from company registers, press publications, trade directories and online search engines and related results;
(ii) Introducers or common business associates who may pass on your details to us;
(iii) Third parties who provide services to you (e.g. your representatives, advisors, delivery drivers, etc.);
(iv) Our banking providers, in relation to transactions with you;

10.2. The personal data we use

Our relationship with you as a supplier is a business to business relationship and the personal data processed is limited to those necessary to establish a relationship with you and obtain your services, including:
• IDENTITY DATA, including your first name, surname, salutation, business name;
• CONTACT DATA, including your email address, business address, billing address, telephone number(s), fax number;
• OCCUPATIONAL, including;
  o information about your past/current clients, past/current projects and any other information that may be considered by us when assessing your suitability to provide a service; and
  o relevant insurance and/or health and safety details where required.
• FINANCIAL, including bank account details and VAT or other relevant tax details to facilitate transactions with you, as well as your transactional and account history with Dublin BIC;

10.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to Dublin BIC, including when we:

• Make an inquiry to purchase a product or service from you;

• Avail of the products and/or services from you as a supplier;

• Transact with you and make payments to you pursuant to the contract;

• Establish, exercise or defend legal claims in relation to the contract;

• Correspond with you throughout the relationship.

Your personal may also be used:

• To enable us to comply with our legal, statutory and regulatory obligations. For example, your personal data may be included in our returns to the Revenue Commissioners in
complying with taxation law, as part of the preparation and audit of financial statements in compliance with company law and for compliance with legally binding requests from regulatory bodies, law enforcement agencies, the courts or otherwise;

• To manage our everyday business needs in line with our legitimate interests, such as accounting, complaint management, troubleshooting, technical support, protection of our assets and information, and fraud prevention.

• To inform potential and/or current Dublin BIC clients that you are a supplier. This will be in limited circumstances and your explicit consent will be sought before it occurs.

10.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

(i) To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
(ii) To our bank when we are transacting with you;
(iii) To statutory, regulatory, government or law enforcement bodies as required by law;
(iv) To our clients and prospective clients where you have provided us with consent to do so; and
(v) To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us).

11. Representatives of Third Party Legal Entities
11.1. How we collect your personal data

In our business to business relationships with third party companies and organisations (e.g. clients, suppliers or otherwise), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources:

(i) Directly from you. Examples include when you, on behalf of Your Organisation:
a. Interact directly with us via telephone, email, post, fax and/or in person;
b. Submit inquiries and information via our website;
c. Provide information as part of an inquiry about a service to or from us;
d. Purchase our services or provide us with services and conduct transactions with us;

(ii) From third parties. Examples include collection from:
a. Publicly available information. For example, from press publications, online search engines and related results.
b. Referees you nominate to us as part of Your Organisation tendering for work with us;
c. Introducers or common business associates who may pass on your details to us;
d. Third parties who provide services to Your Organisation (e.g. your representatives, advisors, delivery drivers, etc.).

11.2. The personal data we use

As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:
• IDENTITY DATA, including your
o first name, surname, salutation;
o signature on signed documents;
o photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purpose;
• CONTACT DATA, including your business email address, business telephone number(s);
• OCCUPATIONAL, including the name of Your Organisation and your job title,
• OPINIONS, where you consent to provide testimonials or references.

11.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including

• Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and Your Organisation;

• For the purpose of taking steps to enter into and perform a contract to obtain or provide services from or to Your Organisation;

• To enable us to comply with our legal, statutory and regulatory obligations. For example, Your Organisation may be a government body with whom we need to interact as part of our legal obligations and your personal data will be used to manage this relationship;

• Where you have provided us with consent to use your personal data for marketing or referral purposes;

• To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.

• Establish, exercise or defend legal claims;

11.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

(i) To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
(ii) To statutory, regulatory, government or law enforcement bodies as required by law;
(iii) To our clients and prospective clients where you have provided us with consent to do so; and
(iv) To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us).

Part B: General Processing Information

Please see below

1. How we keep your personal data safe

Appropriate security measures are implemented in order to protect your personal data.
Security measures refer to physical security in the office (e.g. securely locked filing cabinets etc.) as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data.


In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.

2. Transfers outside the European Economic Area

In connection with the above purposes we occasionally, and only where necessary, transfer your personal data to third parties outside the European Economic Area (“EEA”). If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include:


(i) to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union;
(ii) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or
(iii) in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework.

Part C: Your Rights

You have a number of rights in respect to your personal data. These are:


(i) The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for. We will accede to any such valid requests within one month of the receipt of a valid request in writing


(ii) The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.


(iii) The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to Dublin BIC’s processing the data for its own legitimate interests or where Dublin BIC’s processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.


(iv) The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
a. Direct marketing;
b. Establishing, exercising or defending ourselves or others from legal claims; or
c. Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.


(v) The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.


(vi) The right, at any time, to withdraw consent you have provided to us to process your personal data.


(vii) The right to lodge a complaint to the Data Protection Commission or another supervisory authority. The Office of the Data Protection Commission can be contacted at:

Email: info@dataprotection.ie

Telephone: +353 (0) 761 104 800

Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28

If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very seriously in FKM Group and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.

Newsletter

Join our mailing list

Email