Grants Data Protection Notice

Data protection is a fundamental right. As set out in Article 8 of the EU Charter of Fundamental Rights:

  1. Everyone has the right to the protection of personal data concerning him or her.
  2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
  3. Compliance with these rules shall be subject to control by an independent authority.

The General Data Protection Regulation (GDPR) is designed to give individuals more control over their personal data. Enterprise Ireland became subject to the GDPR on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

The purpose of this notice is to inform grant applicants of what personal data the Local Enterprise Office holds in relation to them, and, as may be appropriate, their employees, and related persons, and how the Local Enterprise Office uses that personal data as controller.

PERSONAL DATA PROTECTION NOTICE relating to the Local Enterprise Office Grant Administration Process

The Local Enterprise Office (‘we’, ‘our’, ‘us’) takes data privacy seriously. In order to perform our public functions and to provide our services, we collect and process a certain amount of personal data. This Data Protection Notice relates to personal data collected by us in respect to the grant administration process and is intended to ensure that data subjects (who may be connected to client companies and third level institutions, or be entrepreneurs applying for grant funding) are aware of what personal data we hold in relation to them, and how we use that personal data as controller.

Please read the following carefully to understand our use of personal data.

1.             What is Personal Data?

 

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The Local Enterprise Office holds personal data received from a number of sources in connection with the performance of our public functions and the delivery of our various services to our clients. In some instances, personal data is provided directly to us by the data subject concerned (e.g. a business owner or sole trader). We may also receive personal data about a data subject indirectly. For example, an employer may provide employee personal data in connection with the grant or a representative of a number of data subjects may provide personal data in relation to one or more data subjects. By describing our activities below, we are able to identify where we may hold some or all of the following types of personal data:

 

Category

Types of personal data collected

EI Activity

Individual details

Name

Address

Email

Fax number

Phone number

Nationality

Date of birth

Photos / video

Directorships and shareholdings

Biographical

Social media accounts

Grants and investment services   administration required to support companies start, scale, internationalise   and innovative, such as project review, due diligence activities and grant   inspection.

 

 

 

 

 

 

Employment details

Employer,

Employee number

Salary

Job Position / Job title

Hours worked

 

 

Grants and investment services   administration required to support companies start, scale, internationalise   and innovative. This includes the Local Enterprise Office’s grant inspection   activity which is required for grant drawdown.

Identification details

PPS number, passport details

Grants administration for an   entrepreneur where there is no CRO number available.

 2.             Purpose and Legal Basis for Processing

 We will hold, process and may disclose personal data for the following purposes:

 

  •   To   process grant applications;
  •   To   review projects seeking Local Enterprise Office financial / grant support;
  •   To   administer approved grant funding to a company / entrepreneur including grant   inspection activities required for grant drawdown;
  •   To   support the auditing activities related to the expenditure of public and   European funding;
  •   To   provide training for personal and management development;
  •   To   meet third party requirements and to share that data with third parties such   as the European Commission or other EU funded agencies where the data is   collected in connection with and for the purposes of a project or programme   run or funded in whole or in part by the third party such as the EU or   European Commission;
  •   To   deliver industrial development supports or advice to the data subject,   his/her employer or his/her company where the data subject is a director.
  •   This   use of the personal data is necessary for the performance of a task carried   out in the public interest or in the   exercise of an official authority vested in us.
  •   To   comply with our regulatory and professional requirements;
  •   To   prevent and detect fraud, money laundering or other offences; and
  •   To   exercise our right to defend, respond or conduct legal proceedings.
  •   This   use of the personal data is   necessary in order for us to comply   with anylegal or regulatory   obligations.
  •   To   carry out direct marketing in relation to our supports and events
  •   Where the   data subject has given consent to   the processing of their personal data for direct marketing – which they may   withdraw at any time.
  •   Where   consent is not required and the data subject has not objected, the use of the   data is necessary for our legitimate   interest in managing our business including legal, personnel,   administrative and management purposes provided our interests are not   overridden by your interests.

3.             Special Categories of Personal Data

 

Certain categories of personal data are regarded as 'special'. We have provided the following list of what personal data are identified in the General Data Protection Regulation (GDPR) as special data for information purposes only. Special data includes information relating to an individual's:

  • Physical      or mental health;
  • Religious,      philosophical or political beliefs;
  • Trade      union membership
  • Ethnic      or racial origin;
  • Biometric      or genetic data; and
  • Sexual      orientation.

This list should not be read or understood as an indication of any policy of the Local Enterprise Office to actively collect/process such data.

As part of the Local Enterprise Office due diligence on a grant inspection in relation to employment grants, on occasion, though we have not requested them, we may receive salary certificates with Trade Union membership details. This processing is necessary for reasons of substantial public interest on the basis of law.

4.             Where the data subject does not provide their Personal Data

If we cannot collect or process certain personal data, we may not be able to provide employers with a grant or an equity investment or other support or service. If you have any queries in respect of the consequences of not providing information or withdrawing your consent, please contact us.

5.             Recipients of Personal Data

In order to provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:

  • with our agents and third parties who provide services to us to help us administer and audit our services;
  • with regulatory bodies and law enforcement bodies, including an Garda Síochána (where we are required to do so to comply with a relevant legal and regulatory obligation);
  • relevant Government departments and agencies and relevant European Union agencies.

6.             Transfer of Personal Data outside the EEA

The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing personal data. Due to the global nature of business, certain personal data may be disclosed to staff members of Enterprise Ireland working outside the EEA: click here to view Enterprise Ireland’s overseas network . To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards.

7.             Data Retention

We will store personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods.

8.             Data Rights

You have several rights in relation to your personal data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.

If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.

Your Right

What this means

Right to withdraw consent

If we are   processing your personal data on the legal basis of consent, you are entitled   to withdraw your consent at any time. However, the withdrawal of your consent   will not invalidate any processing we carried out prior to your withdrawal   and based on your consent.

Right of Access

You can   request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request that we correct any   inaccuracies in the personal data we hold about you and complete any personal   data where this is incomplete.

Right to Erasure (‘Right to be Forgotten’)

You have the right to request that your personal data   be deleted in certain circumstances including:

  •   The personal data are no longer   needed for the purpose for which they were collected;
  •   You withdraw your consent   (where the processing was based on consent);
  •   You object to the processing   and there are no overriding legitimate grounds justifying us processing the   personal data (see Right to Object below);
  •   The personal data have been   unlawfully processed; or
  •   To comply with a legal   obligation.

 

However, this right does not apply where, for   example, the processing is necessary:

  •   To comply with a legal   obligation; or
  •   For the establishment, exercise   or defence of legal claims.

Right to Restriction of Processing

You can ask that we restrict your personal data   (i.e., keep but not use) where:

  •   The accuracy of the personal   data is contested;
  •   The processing is unlawful but   you do not want it erased;
  •   We no longer need the personal   data but you require it for the establishment, exercise or defence of legal   claims; or
  •   You have objected to the   processing and verification as to our overriding legitimate grounds is   pending.

 

We can continue to use your personal data:

  •   Where we have your consent to   do so;
  •   For the establishment, exercise   or defence of legal claims;
  •   To protect the rights of   another; or
  •   For reasons of important public   interest.

Right to Data Portability

Where you have provided personal data to us, you   have a right to receive such personal data back in a structured,   commonly-used and machine-readable format, and to have those data transmitted   to a third-party data controller without hindrance but in each case only   where:

  •   The processing is carried out   by automated means; and
  •   The processing is based on your   consent or on the performance of a contract with you.

Right to Object

You have a right to object to the processing of your   personal data in those cases where we are processing your personal data in   reliance on our legitimate interests, for the performance of a task carried   out in the public interest or in the exercise of our official authority. In   such a case we will stop processing your personal data unless we can   demonstrate compelling legitimate grounds which override your interests and   you have a right to request information on the balancing test we have carried   out. You also have the right to object where we are processing your personal   data for direct marketing purposes.

Automated Decision-Making

You have a right not to be subjected to decisions   based solely on automated processing, including profiling, which produce   legal effects concerning you or similarly significantly affects you other   than where the decision is:

  •   Necessary for entering into a   contract, or for performing a contract with you;
  •   Based on your explicit consent   – which you may withdraw at any time; or
  •   Is authorized by EU or Member   State law.

 

Where we base a decision solely on automated decision-making, you will   always be entitled to have a person review the decision so that you can   contest it and put your point of view and circumstances forward.

Right to Complain

You have the right to lodge a complaint with the   Data Protection Authority, in particular in the Member State of your   residence, place of work or place of an alleged infringement, if you consider   that the processing of your personal data infringes the GDPR

Please see the   below contract details for the Irish Data Protection Authority:

 

Data Protection   Commissioner                                       Phone: +353 (0)761 104 800.

Canal House                                                                 E-Mail:   info@dataprotection.ie

Station Road                                                                 Website:   www.dataprotection.ie

Portarlington

County Laois

R32 AP23

 

9.             Changeof Purpose

We will only use personal data for the purposes for which we collected it outlined in Section 2 above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain information as to how the processing for the new purpose is compatible with our original purpose, please contact us (see Contact Us below).

 

If we need to use your personal data for an unrelated purpose, we will notify you and provide an explanation of the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is permitted by applicable data protection laws.

10.          Contact Us

Questions, comments, requests and complaints regarding this Data Protection Notice and the personal data we hold are welcome and should be addressed to the Data Protection Officer.

dataprotection@waterfordcouncil.ie or Data Protection Officer, Waterford City & County Council, City Hall, The Mall, Waterford, X91 PK17. Tel: 0761 102020 

 

Last Updated: 17th of May, 2018