DATA PROTECTION AND PRIVACY NOTICE
WHO ARE WE?
The Irish ProShare Association (IPSA) represents organisations which are employee owned or transitioning to employee ownership across Ireland. We are a not-for-profit, independent, voluntary organisation that works in close partnership with its members to champion, promote and provide insight into the business case for employee ownership. IPSA delivers value to its members by providing networking opportunities, learning and development resources and by lobbying Government in the interests of members.
PURPOSE AND SCOPE OF THIS NOTICE
The purpose of our Data Protection and Privacy Notice is to explain how personal information relating to you (“Personal Data“) will be handled by IPSA and sets out how and why your Personal Data will be collected and processed by the IPSA and/or on its behalf by its third party service providers in the context of your engagement with us. We shall also set out how you can contact us should you have any queries in relation to this notice.
For the purposes of this notice, the controller of your Personal Data is IPSA, 6-9 Trinity Street, Dublin 2, D02 EY47 (“IPSA“, “we“, “our” and “us“).
APPLICATION OF THIS NOTICE
IMPORTANT: Please note that this notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time.
When engaging with IPSA, we will collect Personal Data:
- from you: for example through the information you provide to us in applying to become a IPSA member, the Personal Data you supply via our website, email, telephone or through your engagement with us at IPSA events.
- from third party sources: including contact details from employers, software platforms we use for business processes, information from statutory and regulatory authorities and occasionally some additional sources.
WHAT PERSONAL DATA DO WE PROCESS?
IPSA will collect and process Personal Data including, where applicable:
- your name;
- your employer, your job title and/or position;
- your contact details, including your address and phone number;
- financial information, including information necessary to make or receive payments to and from you and for the purposes of fraud prevention;
- details of your attendance at our events, photos and your social media profile and posts;
- details of your visits/meetings with IPSA and your correspondence, communications and connections with our staff;
- publicly available information;
any information which is provided to us by you or on your behalf;
- information about your visits to our website(s) such as the domain and host from which you access the Internet, the Internet protocol (IP) address of the computer you are using; the browser software you use; your operating system and the date and time you access the website;
- your business activities and your areas of interest; and
- information relating to your subscription to, receipt of or interest in any of our mailing lists or newsletters.
HOW AND WHY DO WE PROCESS PERSONAL DATA?
The following table details the legal basis for (the “Legal Basis“) and the reasons why (“Purposes“) we process your Personal Data:
NECESSARY FOR ENTERING INTO OR PERFORMANCE OF A CONTRACT – Legal Basis
Your Membership of IPSA:
- to determine, perform and execute the terms on which you will engage with us;
- to ensure the smooth running of your membership (including all of the activities that need to be undertaken before, during and after your IPSA membership);
- to add you and your contact details to our Membership Directory as part of your IPSA membership;
- to arrange, administer and send you information about IPSA Council elections;
- to process payment of membership fees; and
- to administer requests or procedures requested by you throughout your IPSA membership (e.g. event bookings).
IPSA Membership Directory:
- to update your contact details on the Membership Directory as necessary;
- to provide you access to our Membership Directory both online and in hardcopy;
- to assist in facilitating meetings and introductions through the Membership Directory; and
- to process your queries in respect of the Membership Directory.
- to inform you of our events programme;
- to monitor your attendance at IPSA events;
- to add you to our attendee lists for IPSA events;
- to notify other IPSA members of your proposed attendance at events;
to book an event;
- to process your payment for featured events e.g. Employee Share Ownership Day (ESOD), IPSA Annual Awards Dinner; and
- to confirm your event booking and send you information regarding the event.
You are obliged to provide us with your Personal Data as it is necessary to enter into a contract with us as an IPSA Member. In the event that you do not wish to provide us with your Personal Data for the above purposes, you will not be able to become an IPSA Member.
LEGITIMATE INTERESTS – Legal Basis
IPSA Membership Development:
- to grow membership numbers;
- to improve member engagement and facilitate business opportunities between members;
- to share contact information and arrange introductions between members;
- to share information regarding your business and business interests with other members;
- to provide and process member satisfaction surveys, policy surveys and referral forms;
- to process and communicate with you regarding renewing your IPSA membership; and
- to process and communicate with you when you end your IPSA membership.
Marketing, News & Events Communications:
- to provide you with information in relation to our events programme, general news from IPSA
and other communications from IPSA deemed to be of probable interest (please note that you may opt-out of receiving such marketing information by contacting us at email@example.com, or please write to Membership Team, IPSA, 6-9 Trinity Street, Dublin 2, D02 EY47.)
Facilitate IPSA Events:
- to add you to our attendee lists for IPSA events;
- to notify other IPSA Members of your attendance at IPSA events; and
- to obtain information about your dietary requirements for IPSA events.
- to photograph and video-record members at IPSA events;
- to share photographs and recordings of IPSA events on social media, the IPSA website, the IPSA monthly electronic newsletter; and
- to produce IPSA promotional material.
Responding to Queries:
- to process and respond to any enquiries, requests and complaints you may submit to us via our
website, e-mail or phone.
Improving Website Functionality & Efficiency:
- to provide, improve, test and monitor the effectiveness of the IPSA Website;
- to monitor metrics such as total number of visitors, traffic data and demographic patterns; and
- to ensure the content on the Website is presented in the most effective manner for you and to enhance your use of the Site.
Improving IPSA services:
- to better our services offering through online surveys and focus groups; and
- to survey members in order to gain an insight into business trends and shape our services.
Networking is a cornerstone of IPSA and your personal contact details are found in our Membership Directory, enabling other businesses in membership to connect with you and for you to contact other members.
Before we process your Personal Data to pursue our legitimate interests for the above purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
Please note you have the right to object to the processing of your personal data for direct marketing. You may unsubscribe from IPSA marketing communications (including but not limited to information regarding our events programme and general news from IPSA) by contacting our Membership Team at firstname.lastname@example.org or write to: Membership Team, IPSA, 6-9 Trinity Street, Dublin 2, D02 EY47
WHO IS YOUR DATA SHARED WITH?
As a networking organisation, we may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:
- Other IPSA members;
- Internal teams within IPSA such as IT, Finance, managers, system administrators and support staff;
- IT & website service providers, marketing companies, PR agencies, printers, advertising agencies and other suppliers;
- Other people in your organisation;
- Third parties involved in hosting or organising events;
- Professional advisors such as tax or legal advisors, consultants and accountants;
- Regulatory authorities (e.g. enforcement agencies and public bodies).
TRANSFERS OF YOUR PERSONAL DATA
We may transfer your Personal Data outside the European Economic Area (“EEA”). Certain Recipients (our third party service providers, whose servers are located in Canada) who process your Personal Data on our behalf may transfer your Personal Data outside the EEA to a country that does not provide an adequate level of protection to your Personal Data. Where such transfers occur, it is our policy that: a) they do not occur without our prior written authority; and b) that an appropriate transfer agreement is put in place to protect your Personal Data.
If you would like to find out more about any such transfers, please contact our CEO, Gill Brennan, whose details are set out at the end of this notice.
HOW LONG DO WE RETAIN YOUR DATA?
Your Personal Data will be retained for as long as you remain an IPSA member and thereafter for a period of no more than six years. Once we have determined that we no longer need to hold your Personal Data, we will delete it from our systems.
Please note that in certain circumstances, we may hold your data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your Personal Data.
HOW DO WE SECURE YOUR PERSONAL DATA?
We want to give you the confidence that your Personal Data is secure. IPSA has a series of policies and procedures in place to ensure your Practical Data is safe.
We are committed to taking reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.
WHAT RIGHTS DO YOU HAVE?
Under the GDPR, you have a number of rights such as;
Right of Access: You have the right to ascertain what type of Personal Data IPSA holds about you and to receive a copy of this Personal Data.
Right to Erasure: In certain circumstances you may request that we delete the Personal Data that we hold on you.
Right to Object: Where we rely on our legitimate interests to process your Personal Data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in its continued processing.
Right to Portability: You may request us to provide you with certain Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible.
Right to Rectification: You have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
Right to Restriction: You have the right to request that IPSA stop using your Personal Data in certain circumstances including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing until the issue is resolved.
You can exercise any of these rights by submitting a request to our CEO, Gill Brennan, in writing: email@example.com or post c/o Gill Brennan, IPSA, 6-9 Trinity Street, Dublin 2, D02 EY47.
We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within 1 month of receiving your request. We may extend this up to 2 months if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.
You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.
WHAT RESPONSIBILITIES DO YOU HAVE?
We ask that you make an effort to keep your own contact details, user preferences and personal interests up to date in the Members’ Area of our website, so that new connections can be made and relevant communications can be sent to you.
You are responsible for maintaining the confidentiality of your own password and online account and for any and all activities which may occur when logged into our Members’ Area.
Please notify IPSA immediately if you suspect unauthorised use of your account, access to your password or any other breach of security known to you.
CHANGES TO THIS NOTICE AND QUESTIONS
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes will be effective immediately upon communicating the revised notice to you.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or post, and you will have a choice as to whether or not we use your Personal Data in the new manner.
Should you have questions, requests or comments about the way your Personal Data is being used or processed, please contact our CEO, Gill Brennan, in writing: firstname.lastname@example.org or post c/o Gill Brennan, IPSA, 6-9 Trinity Street, Dublin 2, D02 EY47.