Cyber Ireland PRIVACY NOTICE

This Privacy Notice sets out how Cyber Ireland (referred to as “we”, “us” or “our” in this privacy notice), collect, store and use

information about you when you use or interact with our site, https://www.cyberireland.ie (our website) and where we
otherwise obtain or collect information about you. This Privacy Notice is effective from 18 January 2021.


Identity of the Data Controller and Contact Details

We are committed to the highest degree of respect for the privacy of our members, visitors to our websites and attendees of
our events. A data controller dictates how and why the data is going to be used by the organisation. Under GDPR, Cyber
Ireland is the data controller with regard to the Personal Data described in this Privacy Notice For any queries regarding
data protection we can be contacted by sending an email to Eoin Byrne.

Our full details are:
Full name of legal entity: Cyber Ireland at Munster Technological University
Email address: Eoin.Byrne@CyberIreland.ie
Postal address: Cyber Ireland, Munster Technological University, Rossa Ave, Bishopstown, Cork, T12 P928

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your
personal information changes by emailing us at Eoin.Byrne@CyberIreland.ie


HOW DO WE COLLECT YOUR INFORMATION?

We collect Your Data in the following basic ways:

  • You give it to us when you register as a Cluster Member
  • If a Member or a Visitor registers for an event, signs up for our newsletter or makes a comment on a blog or social media;
  • You give it to us in email enquiries or in your public comments;
  • We automatically collect Technical Information when you visit our Sites; and
  • We obtain legally available information from outside sources, including commercially available geographic and demographic information along with other publicly available information, such as public posts to social networking sites.
 

WHAT INFORMATION DO WE COLLECT?

On our website, we request certain Personal Data, for purposes such as registering to become a Member, renewing your
membership, participating in working groups, submitting enquiries and comments, signing up to our mailing list, or
registering for a webinar or our conferences or events. This may include name, title, company/organisation name, postal
address, email address, work, home and mobile phone numbers.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary.

Technical Data that includes data about your use of our website and online services such as your IP address, your login
data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the
number of times you use our website, time zone settings and other technology on the devices you use to access our
website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our
website and other online services, to administer and protect our business and website, to deliver relevant website content
and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is
our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow
our business and to decide our marketing strategy.

Marketing Data. We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing.
Where appropriate, you will be asked whether you wish to receive any marketing communications from us.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our
legitimate interests (namely to grow our organisation).

By joining Cyber Ireland, Members may opt-in to the inclusion of their email contact information in our Member email
communication and Member newsletter lists. Members can manage their email preferences including opting in and out of
working groups, committees and special interest group communications by choosing the unsubscribing option at the bottom
of an email or replying to the email with instructions to unsubscribe from further communications.

Members may receive periodic email or postal mailings from us with information about us, upcoming events, or issues
related to Cybersecurity including but not limited to news, public policy and emerging best practices and standards. We offer
you the opportunity to select which, if any, of these communications you would like to receive.

Sensitive Data. We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about
your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union
membership, information about your health and genetic and biometric data. We do not collect any information about criminal
convictions and offences.

We do not carry out automated decision making or any type of automated profiling.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

CREDIT CARD INFORMATION
Credit card transactions are made using the Munster Technological University’s payment gateway
(https://events.cit.ie/index.cfm?page=events&eventId=556) and is entered directly into a third-party processor’s systems and
is not transmitted through or stored by us. The card processor provides us with an authorisation code which is securely
stored with the payment record.

HOW DO WE USE YOUR DATA?

We may use your Personal Data to provide you with important information about your Cyber Ireland membership.

In addition, we will use your Personal Data to:

  • Provide information or a service requested or consented to by you.
  • Assist in the performance of our activities and public interest functions.
  • Comply with relevant contractual obligations with you and other third parties.
  • Improve website performance and content, including trouble shooting and diagnostics.
  • Improve your engagement and interaction with other Members of our community.
  • Improve our engagement and interaction with you.
  • Facilitate your attendance at and participation in our online and off-line events, communities or blogs.
  • Confirm your identity.
  • Process a request or payment / donation submitted to us.
  • Comply with legal requests.
 

Who do you share my personal information with?

We’ll never sell your personal information. We may however share it with trusted service providers who could be considered
data processors, sub-processors or third parties. We require all third parties to have appropriate technical and operational
security measures in place to protect your Personal Data, and to uphold the same standards of data protection we do.
We use the following categories of service providers including data processors in the course of our business:

Cloud Web and App Hosting Services

  • Cloud Data Sources
  • One or More Contract Developers
  • Professional Service Providers such as Lawyers, Solicitors and Accountants
  • Financial Transaction Providers
  • Telecoms Service and Carrier Providers
  • Cloud platforms providing marketing and webinar solutions

This list may be updated from time to time and a full list of third party providers is available on request.
We might also share your information if we have to by law, or when we need to protect you or other people from harm.

INTERNATIONAL TRANSFERS

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal
data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of
your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by
ensuring at least one of the following safeguards is in place:
We will only transfer your personal data to countries that the European Commission have approved as providing an
adequate level of protection for personal data by; or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms
approved by the European Commission which give personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the
right to withdraw this consent at any time.

HOW LONG WILL YOU KEEP MY PERSONAL INFORMATION FOR?

We only hold your information for as long as we do the activities we told you about or have a valid reason to keep it. We
think about what type of information it is, the amount collected, how sensitive it might be and any legal requirements. We
design our services so that we don’t hold your information any longer than we have to.

DATA SECURITY

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed,
or accessed without authorisation. We also allow access to your personal data only to those employees and partners (such
as Cyber Women Ireland) who have a business need to know such data. They will only process your personal data on our
instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable
regulator of a breach if we are legally required to.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those
connections may allow third parties to collect or share data about you. We do not control these third-party websites and are
not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of
every website you visit.

COOKIES

Cookies are data files which are sent from a website to a browser to record information about users for various purposes.
We use cookies on our website, including essential, functional, and analytical cookies.

You can reject some or all of the cookies we use on or via our website https://www.cookiebot.com/ or by changing your
browser settings. Doing so may impair your ability to use our website or some or all of its features. For further information
about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.

WHAT RIGHTS DO YOU HAVE?

Under certain circumstances, by law you have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
  • Request access to your personal information (commonly known as a “Data Subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or removen your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

How do you exercise your rights?

If you have any questions about this policy or about our data protection compliance, please contact us via email at
eoin.byrne@cyberireland.ie

If you wish to exercise your rights please contact us and we will respond to the request within 30 days.

Your Right to Lodge a Complaint

You as the Data Subject have the right to complain at any time to a data protection supervisory authority in relation to any
issues related to our processing of your Personal Data. As our organisation is located in Ireland and we conduct our data
processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner.

You can contact the Data Protection Commissioner as follows:

Website: www.dataprotection.ie
Phone: +353 57 8684800 or +353 (0)761 104 800
Email: info@dataprotection.ie
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square
Dublin 2. D02 RD28 Ireland

UPDATES AND CHANGES TO THIS POLICY

We update this policy sometimes. If we make important changes, like how we use your personal information, we’ll let you
know by email or on our website. If you don’t agree to the changes, then you can always stop using our services, request we
delete your data and stop giving us any more personal information.

Last updated
09/03/2021