Personal Data Protection Notice

LOCAL ENTEPRISE OFFICE PERSONAL DATA PROTECTION NOTICE

The Local Enterprise Office ("we", "us" or "our") is committed to protecting and respecting your privacy. This Data Protection Notice tells you about your privacy rights and sets out how we, as a Controller, collect, use, process and disclose your personal data relating to your interactions with us. This Data Protection Notice should be read in conjunction with our Cookie Policy https://www.localenterprise.ie/Kilkenny/Legal/GDPR/Cookie-Policy/.

For personal data that are collected in connection with grant applications, please see here https://www.localenterprise.ie/Kilkenny/Legal/GDPR/Grant-Data-Protection-Notice/.

  1. Information we may collect from you

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect and process any type of personal data you provide to us in the course of your interactions with us. You may have provided some of your personal data directly to us such as when you visited our website by volunteering personal data when subscribing to email alerts or by using our online feedback or other forms. We may also receive personal data about you from various third parties and public sources such as LinkedIn. Categories of such personal data include names, addresses, contact information and other information that is relevant to the provision of our services.

If you do not provide us with your personal data we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or to comply with our legal obligations.

  1. How we use personal data we collect

We will only use your personal data for the purposes and legal bases set out in the table below.

Purpose(s) for Processing

Legal Basis for Processing

  • To register   you as a new website user;
  • To notify you   about changes to our Data Protection Notice;
  • To ask you   to take a survey.
  • Marketing and Promotional Purposes via email campaigns and newsletters

 

  • The   processing is necessary to perform a contract or enter into a contract with   you
  •  The   processing is necessary to support our legitimate interests in managing our   business (to keep our records updated and to study how website users use our services)   provided such interests are not overridden by your interests and rights
  • This processing is based on consent and to keep up to date with upcoming training, events and supports from LEO Kilkenny

To manage our relationship with you which may   include:

  •   To contact   you in relation to on-line /offline applications for financial assistance.
  •   To   facilitate providing training programs and online training resources;
  •   To   facilitate applications for loans to Micro Finance Ireland.
  •   To   facilitate trade missions, trade events, buyer introductions through the   Enterprise Ireland Irish and overseas office network;
  •   To participate   in EU Funded programs / international standard bodies e.g. ENN, NSAI,   European Commission, participation on programs with Inter trade Ireland;
  •   To   participate on our Student Enterprise programmes;
  •  To share information   with government departments and semi state agencies for jointly run events,   e.g. Enterprise Ireland, IDA etc.;
  •  To act as   advisor on expert panels or mentoring to clients.
  •  The   processing is necessary for the performance of a task carried out in the   public interest or in the exercise of an official authority vested in us
  •  To comply   with our regulatory (for example disclosing tax data to the office of the   revenue commissioners) and professional requirements;
  •  To prevent   and detect fraud, money laundering or other offences; and
  •  To exercise   our right to defend, respond or conduct legal proceedings.
  •   he   processing is necessary for us to comply with legal and regulatory   obligations
  •  To carry out  direct marketing;
  •  To provide   you, or permit selected third parties to provide you, with information about   events hosted or co-sponsored by us or about events we feel may interest you;  
  •  To send you   email alerts and newsletters that you have opted-in to receive by filling in   our online forms or contacting us by email or by other means;
  •  To contact clients   regarding business opportunities.
  •  To contact   you regarding the services provided by us.
  •   Where you   have given consent to the processing of your personal data for direct   marketing – which you may withdraw at any time

 

  •   Where your   consent is not required and you have not objected, the use of the data is   necessary for our legitimate interest in managing our business including   legal, personnel, administrative and management purposes provided our   interests are not overridden by your interests.

To customise your experience on our website, or to   serve you specific content that is relevant to you

  •   The   processing is necessary to support our legitimate interests in managing our   business (to define types of client companies for our services, to keep our website   updated and relevant, to develop our business and to inform our marketing   strategy) provided such interests are not overridden by your interests and   rights
  1. Retention of your personal data

We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods.

 

  1. Disclosure of your personal data

We may disclose your personal data to third parties who provide a service to us or in the event of changes to the Industrial Development legislative framework (that is, the Industrial Development Act 1986 and the Industrial Development (Enterprise Ireland) Act 1988 (as amended)) which may impact upon the Local Enterprise Office, or in the event of any future mergers/ dissolutions of Local Enterprise Offices and/or other related State agencies, in which case we may disclose your personal data to the applicable successor entity of the Local Enterprise Office or, if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or where necessary for our legitimate business interests to protect the rights, property, or safety of the Local Enterprise Office, our client companies, or others or for the purposes of fraud protection and credit risk reduction. Such disclosure may, as appropriate, include exchanging information with other organisations, companies, auditors, Government Departments, Institutes of Technologies, recruiters, Semi State Agencies, universities and public bodies, where any such body provides a service to Local Enterprise Office and we are satisfied that it complies with the GDPR requirements.

The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing personal data. Due to the global nature of business, certain personal data may be disclosed to staff members of Enterprise Ireland working outside the EEA: click here to view Enterprise Ireland’s overseas network . To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards.

  1. Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

  1. Your rights

You have several rights in relation to your personal data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.

If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.

 

Your Right

What this Means

Right to withdraw consent

If we are   processing your personal data on the legal basis of consent, you are entitled   to withdraw your consent at any time. However, the withdrawal of your consent   will not invalidate any processing we carried out prior to your withdrawal   and based on your consent.

Right of Access

You can   request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request that we correct any   inaccuracies in the personal data we hold about you and complete any personal   data where this is incomplete.

Right to Erasure (‘Right to be Forgotten’)

You have the right to request that your personal data   be deleted in certain circumstances including:

  •   The personal data are no longer   needed for the purpose for which they were collected;
  •   You withdraw your consent   (where the processing was based on consent);
  •   You object to the processing   and there are no overriding legitimate grounds justifying us processing the   personal data (see Right to Object below);
  •   The personal data have been   unlawfully processed; or
  •   To comply with a legal   obligation.

 

However, this right does not apply where, for   example, the processing is necessary:

  •   To comply with a legal   obligation; or
  •   For the establishment, exercise   or defence of legal claims.

Right to Restriction of Processing

You can ask that we restrict your personal data   (i.e., keep but not use) where:

  •   The accuracy of the personal   data is contested;
  •   The processing is unlawful but   you do not want it erased;
  •   We no longer need the personal   data but you require it for the establishment, exercise or defence of legal   claims; or
  •   You have objected to the   processing and verification as to our overriding legitimate grounds is   pending.

 

We can continue to use your personal data:

  •   Where we have your consent to   do so;
  •   For the establishment, exercise   or defence of legal claims;
  •   To protect the rights of   another; or
  •   For reasons of important public   interest.

Right to Data Portability

Where you have provided personal data to us, you   have a right to receive such personal data back in a structured,   commonly-used and machine-readable format, and to have those data transmitted   to a third-party data controller without hindrance but in each case only   where:

  •   The processing is carried out   by automated means; and
  •   The processing is based on your   consent or on the performance of a contract with you.

Right to Object

You have a right to object to the processing of your   personal data in those cases where we are processing your personal data in   reliance on our legitimate interests, for the performance of a task carried   out in the public interest or in the exercise of our official authority. In   such a case we will stop processing your personal data unless we can   demonstrate compelling legitimate grounds which override your interests and   you have a right to request information on the balancing test we have carried   out. You also have the right to object where we are processing your personal   data for direct marketing purposes.

Automated Decision-Making

You have a right not to be subjected to decisions   based solely on automated processing, including profiling, which produce   legal effects concerning you or similarly significantly affects you other   than where the decision is:

  •   Necessary for entering into a   contract, or for performing a contract with you;
  •   Based on your explicit consent   – which you may withdraw at any time; or
  •   Is authorized by EU or Member   State law.

 

Where we base a   decision solely on automated decision-making, you will always be entitled to   have a person review the decision so that you can contest it and put your   point of view and circumstances forward.

Right to Complain

You   have the right to lodge a complaint with the Data Protection Authority, in   particular in the Member State of your residence, place of work or place of   an alleged infringement, if you consider that the processing of your personal   data infringes the GDPR.

7.             Security and where we store your personal data

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.

Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.

  1. Changes to this Data Protection Notice

We reserve the right to change this Data Protection Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Data Protection Notice. However, if we make material changes to this Data Protection Notice we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review the Data Protection Notice whenever you access or use this website.

  1. Contact Us

Questions, comments, requests and complaints regarding this Data Protection Notice and the personal data we hold are welcome and should be addressed to the Data Protection Officer.

Data Protection Officer, Corporate Services,

Kilkenny County Council, County Hall, John Street, Kilkenny

Telephone: 056 7794070

E-Mail: dataprotection@kilkennycoco.ie