Data Protection Notice
EFFECTIVE 25 MAY 2018
IOB takes privacy and the protection of our member, student and designate data very seriously. In this notice, we explain how we collect your personal information, how we use it and how you can interact with us about it.
Who are we?
When we talk about the “Institute”, or “us” or “we” in this notice, we are talking about IOB.
Data Protection Officer
Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You may contact our Data Protection Officer at [email protected] or by writing to: Data Protection Officer, IOB, 1 North Wall Quay, Dublin 1.
How we collect information about you
We collect personal information from you, for example when you become a member; register to an educational programme; apply for information on our products and services; apply for a designation/CPD scheme or express an interest in one of our programmes or a programme offered in association with one of our educational partners. We also collect
information through our websites, social media and our CCTV footage. We will sometimes record phone conversations and we will always let you know when we do this. Our websites use ‘cookie’ technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or applications. They help us make the
sites work better for you. When you apply to us for products and services and during the time you avail of these, we may verify your identity. We may do this by sending and receiving information about you, to and from third parties including your employer.
How we keep your information safe
We use technical and organisational measures to protect your personal information from unauthorised access, to maintain data accuracy and to help ensure the appropriate use of your personal information. These security measures include encryption of your personal information, firewalls, intrusion detection systems, 24/7 physical protection of facilities where your personal information is stored, background checks for personnel that access physical facilities, and strong security procedures across all service operations. We use strong encryption algorithms for the transmission and storage of your information. When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.
How long we keep your information for
How long we hold your information depends on the nature of the information and the purposes for which it is processed. We determine appropriate retention periods which meet our academic, legal and regulatory obligations. We hold your information while you are a member, student or designate and for a period of time after that. We do not hold it for longer than necessary. If the purpose for which the information was obtained has ceased and the personal information is no longer required, the personal data will be deleted or anonymised (i.e. all identifying characteristics are removed).
Meeting our academic, legal and regulatory obligations
To meet our academic, regulatory and legal obligations, we collect some of your personal information, verify it, keep it up-to-date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us keep it up-to-date, we may not be able to provide you with our products and services.
To use your information lawfully, we rely on one or more of the following legal bases:
performance of a contract;
legal obligation (e.g. "Minimum Competency Code","Fitness & Probity", Universities Act 1997);
protecting the vital interests of you or others;
public interest; and
our legitimate interests or the legitimate interests of a third party (e.g. your employer).
Sometimes we need your explicit consent to use your personal information. When we use sensitive personal information about you, such as health data, for example when you request a maternity leave pro-rata adjustment, we ask for your consent. Before you give your consent, we tell you what information we collect and what we use it for. You can withdraw your consent at any time by contacting us.
We would like to make you aware of products and services which may be of interest to you. We may do this by phone, post, email, text or through other digital media. You can decide
how much direct marketing you want to accept when you apply for new products and services. You can make changes to your marketing preferences at any time via "My Details" section on the "MyInstitute" website at www.iob.ie or by contacting us directly at:
Phone: + 353 1 6116500
Email: [email protected]
How we use your information
We use information about you to:
process and administer your membership, programme registrations and designations/CPD;
organise events, conferences and webinars;
give you access to on-going learning and networking opportunities including career support;
ensure we provide you with the best service possible;
collect your fees;
provide other operational supports;
provide and promote information on our membership, education, designation and continuing professional development services;
safeguard and promote the welfare of members;
carry out surveys and statistical analysis;
respond to your enquiries or complaints;
provide reference requests subject to your consent;
tailor communications to make them relevant to any preferences that you have demonstrated;
prevent unauthorised access to your information;
meet our legal and regulatory obligations;
establishing, exercising or defending legal claims; and
identify ways we can improve our products and services to you.
To provide our products and services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services.
Your information and third parties
Sometimes we share your information with trusted third parties. For example with:
service providers (e.g. printers, auditors, legal advisors and other professional advisors);
educational partners (e.g. UCD, Higher Education Authority (HEA));
other legal and regulatory bodies (e.g. The Central Bank of Ireland);
Information and Communications Technology (ICT) and information security providers. We may also share information with third parties to meet any applicable law, regulation or lawful request, including with law enforcement agencies, which may be either in or outside Ireland or to deal with any claim or dispute that may arise. We expect these third parties to have the same levels of information protection that we have.
Your personal information rights
When your personal information is handled by IOB in relation to a product or service, you are entitled to rely on a number of rights. These rights allow you to exercise control over the way in which your personal information is processed. For example, we may help you in:
Accessing your personal information: You can ask us for a copy of the personal information we hold about you.
Correcting and Updating your personal information: If you believe that any personal information we hold about you is inaccurate or out of date, you can look for the information to be corrected at any time.
Withdrawing consent: You can change your mind wherever you give us your consent, such as for direct marketing, or using your sensitive information, such as medical or biometric data.
Restricting and objecting: You may have the right to restrict or object to us using your personal information or using automated decision making.
Deleting your information (your right to be forgotten): You may ask us to delete your personal information. Moving your information in electronic form (your right to Portability). You may request (in certain cases) that your personal information is transferred to you or another organisation in digital form.
How to exercise your rights
You may execute any of these rights free of charge. You may do so by contacting us:
Phone: + 353 1 6116500
Email: [email protected]
When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information. Once we are satisfied that we have effectively verified your identity, we will respond to the majority of requests without undue delay and within a one month period (i.e. 30 calendar days) of receipt of the request. IOB will action your request to have your personal information corrected within 10 calendar days. These periods may be extended in exceptional circumstances and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension.
International transfers of data
We sometimes need to share your information with organisations which are located or who undertake processing outside the European Economic Area (EEA) to help us provide you with our products and services. Some educational programmes/partners, for example, are provided/located outside the EEA. This may mean that some personal information may be processed in countries such as India, Singapore or the United States. We expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected and will only transfer personal information to a country or territory outside of the EEA if that country provides an adequate level of protection for personal information as set down by the European Commission or where the transfer is made under a legally binding agreement which covers the EU requirements for the transfer of personal information to data processors outside of the EEA such as the model contractual clauses approved by the European Commission, the EU-US Privacy Shield Framework or such other approved mechanism or model approved by the European Commission. For more information about the European Commission’s decisions on the adequacy of the protection of personal information in countries outside the EEA, please visit: https://ec.europa.eu/info/law/lawtopic/data-protection_en
Making a complaint
If you have a complaint about the use of your personal information, please let a member of staff know, giving them the opportunity to correct things as quickly as possible. If you wish to make a complaint you may do so in writing and by email [email protected]. Please be assured that all complaints received will be fully investigated. We ask that you supply as much information as possible to help our staff resolve your complaint quickly.
You may also contact the Data Protection Commission in Ireland to lodge a complaint (details below).
Data Protection Commission
Phone: + 353 57 868 4800 / + 353 761 104 800
Fax: + 353 57 868 4757
Email: [email protected]
Updates to this notice
We keep this notice under regular review and will make changes from time-to-time, particularly when we change how we use your information, and change our technology and products or services. We will inform you of material changes to the contents of this Data Protection Notice, through a notification posted on our website or through other communication channels.