Data Protection Notice & Privacy Policy

You can read our Data Protection Notice here

Copyright © 2018 Irish Deer Commission

Our Data Protection Notice is changing under the General Data Protection Regulation (GDPR).

We have also made changes to some terms and conditions so that they are aligned with the principles of the GDPR. You can find more information on these changes here.

Overview of Data Protection.

What is GDPR?

GDPR is the General Data Protection Regulation. It comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardize data protection laws for all EU citizens. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.

What does this mean for the Irish Deer Commission?

We have always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to

  • develop on our strong risk culture by acting responsibly and putting your security at the front of our priorities;
  • manage our controls, processes and systems to improve our level of member service while providing you with the assurance that your information is safe and secure; and
  • conduct our Association in a fair and transparent way and ensure we minimise the risk of unfair outcomes for our members or impact on their data rights and freedoms.

Our Data Protection Notice and website explains how we collect personal information about you, how we use it and how you can interact with us about it.

Who we are?

When we talk about “Irish Deer Commission”, or “us” or “we” “Association” on our Data Protection Notice and this website, we are talking about the Irish Deer Commission, affiliates and their respective parent and subsidiary companies.

We share your information within Irish Deer Commission to help us provide our services, comply with regulatory and legal requirements, and improve our products.

Data Protection Officer

Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer membership@irishdeercommission.ie or by writing to at Data Protection Officer, Irish Deer Commission, Ashleigh, Delligabaun, Ballacolla, Co Laois. R32 Y406

How we collect information about you

We collect personal information from you with your consent, for example when you:

  • apply for membership;
  • contact us for advice.
  • Register for an event
  • Ask to join our group policy

We always ask for your explicit consent to do this.

What information do we collect about you?

This is some of the information we collect and hold about you when applying for and using our products and services:

  • Personal Descriptors
  • Full name/Signature
  • Home/Business address
  • Email address
  • Phone number
  • Gender
  • Date of birth
  • Profession/Job
  • Confirmation of relevant insurance cover
  • Confirmation of relevant licensing
  • Confirmation of relevant previous convictions, fines, probation act applied
  • Relevant insurance details and requirements
Special categories of data

Under GDPR, there are special categories that require additional safeguards for processing. In some instances, we will require this information for processing or it may be volunteered by you. These data types and the reason we collect them are:

  • Special categories of data – Does the Irish Deer Commission process this information?
  • Health data – No – We do not request you to provide details of your health status or history
  • Racial or ethnic origin – No – We do not request you to provide details of racial or ethnic origin to provide our products and services.
  • Political opinions – No – We do not request you to provide political opinions to provide our products and services.
  • Religious or philosophical beliefs – No – We do not request you to provide religious or philosophical beliefs to provide our products and services.
  • Trade union membership – No – We do not request you to provide trade union membership to provide our products and services.
  • Genetic data – No – We do not request you to provide genetic data to provide our products and services.
  • Sexual orientation – No – We do not request you to provide sexual orientation to provide our products and services.
How we use your information

We use information about you to:

  • provide information on events and related news;
  • To communicate with you
  • To process an application for membership
  • To process an application for events
  • To allow you join our group insurance policy

To provide our products and services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services.

We analyse the information that we collect on you through your use of our products and services and on our social media, and website. This helps us understand your preferences, how we interact with you and our position in relevant sectors. Examples of how we use this information include offering you events and news and personalising your experience.

All of our processing must be supported by a lawful basis, as discussed in our Meeting our legal and regulatory obligations section.

Lawful basis for processing

To use your information lawfully, we rely on one or more of the following legal bases:

  • legal obligation;
  • our legitimate interests;
  • your consent;
  • protecting the vital interests of you or others; and
  • public interest.

To help you better understand where these lawful bases may apply, these are some examples for each lawful basis. In some cases, the same information is processed under more than one lawful basis:

Lawful basis
Examples of what we use your information for
Legal obligation – We must process this information comply with our legal obligations.
Identify and authenticate our members We process your personal information to identify and authenticate our members legal provisions We may share your information with third parties when providing you with events and services
Our legitimate interests –Legitimate interest means the interests of the Irish Deer Commission in conducting and managing our Association when providing events and services. The core legitimate interests of the Irish Deer Commission are to provide the best service and advice, to our members, supporters and the general public. We will always assess whether the legitimate interest of the Irish Deer Commission will adversely impact the rights and freedoms of the data subject prior to processing. We implement safeguards to ensure that the processing remains fair and balanced. Our risk assessments help us understand what information we need, our requirements, the impact on our members and supporters, alternative options for processing and how long we hold the information for.
We produce internal information and models to understand risk across the Association, ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards. Manage our relationship with you We keep our records up to date to contact you when required and provide the best member experience. We want to continually improve and better understand our members. By collecting and analysing data from multiple sources, we can better understand the requirements of our members and how we can improve events and service offerings. This analysis also helps us run our Association more efficiently and effectively. Identify ways we can improve our events and services We are always working to develop new events and innovative ways of bringing these to you.
Your consent – We require your consent for processing certain information. We ensure your consent is obtained under the following principles: Positive Action – Clear affirmative action is required. We will no longer use pre-ticked boxes, imply or assume consent in the event of no positive action from you. Free will – Your consent must be freely given and not influenced by external factors. Specific – We will be clear on what exactly we are asking your consent for. Recorded – We will keep a record of your consent and how we got it. Can be withdrawn at any time – We will stop data processing that requires your consent at any time you make a valid request. You can withdraw your consent at any time. Special Categories of Personal Data is information relating to:

a) Racial or ethical origin, political opinions or religious or philosophical beliefs

b) Trade union membership

c) Biometric data (we may collect voice, facial or fingerprint information to identify data subjects)

d) Genetic data

e) Physical or mental health

f) Sexual life/orientation

g) Commission or alleged commission of any offence by the data subject or

h) Any proceedings for any offence committed or alleged

Directly contact you about new events, services and relevant news or relevant developments we believe you should be aware of. With your consent, we will let you know what events or services you might like. We require your consent when processing special category data, such as facial and voice recognition to identify you.
Meeting our legal and regulatory obligations

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations.

Your data will also be linked to the data of your family members, any family membership or group applicants.

If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our events, services or process a membership applicaiton.

Consent

Sometimes we need your consent to use your personal information. For example, when we use sensitive personal information (known as special category information under GDPR) about you, such as medical or biometric data, we ask for your explicit consent.

We have controls to ensure that you are informed when making your decision and that you are aware that you can remove your consent at any time by contacting us. Our consent requests are built on the following principles:

  • Positive Action – Clear affirmative action is required. We will no longer use pre-ticked boxes, imply or assume consent in the event of no positive action from you.
  • Free will – Your consent must be freely given and not influenced by external factors.
  • Specific – We will be clear on what exactly we are asking your consent for.
  • Recorded – We will keep a record of your consent and how it was obtained.
  • Can be withdrawn at any time – We will stop data processing requiring your consent at any time you make valid request.
Direct Marketing

For direct marketing, we need your consent to make you aware of events and services which may be of interest to you. We may do this by phone, post, email, text or through other digital media.

You can decide how much direct marketing you want to accept when you apply for new membership and services.

As part of our direct marketing, we analyse the information that we collect on you through your use of our events and services and on our social media, apps and websites. This helps us understand your preferences, how we interact with you and our position in a market place. This enables us to personalise your experience and provide you with the most suitable events and services.

If we ever contact you to get your feedback on ways to improve our events and services, you have the choice to opt out.

How we keep your information safe

We protect your information with security measures under the laws that apply and we meet international standards. We keep our computers, files and buildings secure.

Please visit www.irishdeercommission.ie/aboutus where you can read more information on how we protect your privacy and your personal data.

In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implemented processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meetings our obligation.

When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information.

How long we keep your personal information for

To meet our legal and regulatory obligations, we hold your information while you are a member and for a period of time after that. To help you understand how long we hold some of your data for, we have summarised our internal retention schedules below. We hold all data while you are an active member with us or have provided an explicit consent.

Please note that these retention periods are our policy but are also subject to legal, regulatory and Association requirements, which may require us to hold the information for a longer period.

We continuously assess and delete data to ensure it not held for longer than necessary.

Document Type
Example Document
Retention Period
Membership application
New Membership application completed online
2 years after membership ceases
Communications, queries
Written letter, email, social media
2 years after communication
Consent to contact
Paper consent, online consent, third party consent
1 year
Your information and third parties

Sometimes we share your information with third parties.

For example to:

  • provide events, services and information;
  • analyse information;
  • research your experiences dealing with us;
Third parties we share information with can include:

Regulatory bodies including the Data Protection Commissioner.

Companies or individuals we have a joint venture or agreement to work with

Government bodies

Businesses that introduce you to us or we introduce you to

Market research companies

Legal, Accountancy, Compliance and other Professional Services

Group insurance providers

Any entity you request your data to be shared with

 

We require that these third parties provided sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.

We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside Ireland.

International transfers of data

We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. We expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.

Your personal information rights

You can exercise your rights by contacting us on membership@irishdeercommission.ie, using our social media channels

Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people without consent.

We generally do not charge you when you contact us to ask about your information. Per regulation, if requests are deemed excessive or manifestly unfounded, we may charge a reasonable fee to cover the additional administrative costs or choose to refuse the requests.

The following section details your information rights and how we can help ensure that you are aware of these rights, how you can exercise these rights and how we intend to deliver on your requests.

Accessing your personal information

You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information. You can request the following information:

the purposes of the processing;

  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Updating and correcting your personal details

If you want to update or correct any of your personal details, please contact us at membership@irishdeercommission.ie

Removing consent

You can change your mind wherever you have given us your consent, such as for direct marketing or processing your sensitive information. By contacting us at membership@irishdeercommission.ie, you can request that we no longer process data we require your consent for.

Restriction and objection

You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where;

  • The personal data is inaccurate and you request restriction while we verify the accuracy;
  • The processing of your personal data is unlawful;
  • You oppose the erasure of the data, requesting restriction of processing instead;
  • You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing;
  • You disagree with the legitimate interest legal basis and processing is restricted until the legitimate basis is verified.
  • Deleting your information (Right to be forgotten) – New GDPR right introduced from May 25th 2018

You may ask us to delete your personal information or we may delete your personal information under the following conditions:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw your consent where there is no other legal ground for the processing;
  • you withdraw your consent for direct marketing purposes;
  • you withdraw your consent for processing a child’s data;
  • you object to automated decision making;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation.
Moving your information (your right to Portability) – New GDPR right introduced from May 25th 2018

Where possible we can share a digital copy of your information directly with you or another organisation. We will provide this information in a structured, commonly used and machine-readable format. Note, we can only share this information where it has been processed automatically (hard copy documents are excluded for portability) and was processed under your consent or performance of a contract (further details on this are available in our lawful basis section)

We do not share information processed under legal obligation or our legitimate interest for portability, in line with GDPR guidance.

The right to lodge a complaint with a supervisory authority

If you have a complaint about the use of your personal information, please let an Officer of the Association know, giving them the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so in person and by email. We will fully investigate all the complaints we receive. You may complain by phone, by email. We ask that you supply as much information as possible to help us resolve your complaint quickly.

You can also contact the Office of the Data Protection Commissioner in Ireland on the below details:

Visit their website www.dataprotection.ie.

Email info@dataprotection.ie

Phone on +353 (0)57 8684800 or +353 (0)761 104 800

Write to Data Protection Office, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square, Dublin 2, D02 RD28, Ireland.

Updates to this notice

We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and process. You can always find an up-to-date version of this notice on our website at www.irishdeercommission.ie/aboutus, or you can ask us for a copy.

Key Definitions:

Please see explanations below of some of the data protection terms used on this notice.

Biometric Data – means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person.

Consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Controller – is a natural or legal person, public authority, agency or other body who determine the purpose and means of the processing – of personal data, where the purposes and means of such processing are determined by Union or Member State law.  Irish Deer Commission are considered a data controller, as they process personal data on behalf of both their members, their supporters and membership applicants.

Data Processor – in relation to personal data, means any natural or legal person (other than an employee of the data controller), public authority, agency or another body who processes personal data under the direction of, and on behalf of a data controller. Irish Deer Commission is considered a data processor, as they process personal data on behalf of Third Parties. Additionally, Third Parties engaged by Irish Deer Commission to process personal data are considered data processors.

Data Protection Officer – The Data Protection Officer oversees how we collect, use, share and protect information.

Data Protection Law and Regulation – means all legislation, regulation and applicable codes of practice relating to the processing, protection and privacy of personal data. See the section What is GDPR for details.

General Data Protection Regulation (‘GDPR’) – is a regulation intended to strengthen and unify data protection for all individuals within the European Union (‘EU’). Non-compliance of GDPR can result in fines the higher of €20 million or up to 4% of turnover. The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data. It applies to all data controllers and processors established in the EU, as well as those established outside the EU that process the data of EU citizens.

Lawful basis – Processing of data is lawful only if and to the extent that at least one of the following applies:

a) Personal data may be processed on the basis that processing is necessary in order to enter into or perform a contract with a member.

b) Personal data may be processed on the basis that there is a legal obligation for the processing.

c) Personal data may be processed where the Irish Deer Commission has a legitimate interest in processing the data.

d) Personal data maybe processed in order to protect the vital interests of the data subject.

 

Location Data – means any data processed indicating the geographical position of the terminal equipment of a user, including data relating to:

a) The latitude, longitude or altitude of the terminal equipment;

b) The direction of travel of the user; or

c) The time the location information was ‘recorded’

Personal Data – is any data relating to an identified or identifiable natural person (‘data subject’), who may be identified from the data either on its own (directly) or in conjunction with other data (indirectly), in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing – means obtaining, recording or holding the information or data, whether or not by automated means, or carrying out any operation or set of operations on the information including:

a) Collection of data

b) Organisation, adaption or alteration of the information or data

c) Retrieval, consultation or use of the information or data

d) Disclosure of the information, or data by transmission, dissemination or otherwise making available, or

e) Alignment, combination, blocking, erasure or destruction of the information or data

Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Recipient – means a natural or legal person, public authority (such as the Office of the Data Protection Commissioner (‘ODPC’), agency or another body, to which the personal data are disclosed, whether a Third Party or not. The processing of those data shall be in compliance with the applicable data protection rules according to the purposes of the processing.

 

Special Categories of Personal Data – is data which relates to:

a) Racial or ethical origin, political opinions or religious or philosophical beliefs

b) Trade union membership

c) Biometric data

d) Physical or mental health

e) Sexual Life/Orientation

f) Commission or alleged commission of any offence by the data subject or

g) Any proceedings for any offence committed or alleged

Supervisory Authority – means an independent public authority which is established by a Member State. In the Republic of Ireland the Office of the Data Protection Commissioner (‘ODPC’) and in the UK the Information Commissioner’s Office (‘ICO’) are the public authorities established to monitor the application of Data Protection Law.

Irish Deer Commission

membership@irishdeercommission.ie

Irish Deer Commission is an unincorporated Association.

Copyright © 2018 Irish Deer Commission