Privacy Notice

 

The Institute of Clerks of Works and Building Inspectors in Ireland

1. Introduction

The purpose of this Privacy Notice is to inform you in a clear, simple and intelligible manner, which avoids unnecessary legalese, of personal data processing in relation to the operation of the website (“the Site”) specifically and our business generally. At the centre of the GDPR and the Data Protection Act 2018 is the requirement for organisations to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. Our promise is to always abide by the ‘spirit and letter’ of these laws. At the very core of our relationship with you (‘the data subject’) is complete transparency about what we do with any personal data that you and others may provide to us. No matter how or where the personal data are processed, the foremost commitment of the Institute of Clerks of Works and Building Inspectors in Ireland (‘the Institute’) is to protect your personal data and your privacy. That means keeping your personal data safe and secure while strictly adhering to all data protection law, most notably the General Data Protection Regulation, Data Protection Act 2018 and the ePrivacy Regulations 2011.  After all, your personal data belongs to you. Here at the Institute this is recognised and respected.

This Privacy Notice describes how the Institute collects, uses, stores, secures, or discloses any of your personal data when you interact , particularly through this website. All visitors to this website may be assured that The Institute understands how important their privacy is to them.

2. Who we are and what we do

The Institute of Clerks of Works and Building Inspectors in Ireland (‘the Institute’) is a not-for-profit member-based organisation established in Ireland since 1957. It has been established in its current format since March 23rd, 2003. A primary aim is to foster a better understanding of the profession amongst the general public and other construction professionals. Ultimately the goal is to create and maintain an increased awareness of the valuable work of clerks of works and building inspectors, thereby bolstering and reinforcing the important role they play  in the construction industry sector. Another focus of the Institute is on keeping  members up to date with developments in the industry and supporting them in their work challenges by providing relevant information and opportunities for continuing professional development. It will be necessary for The Institute to process some personal data so that it may effectively operate this website and its business generally.

3. What are Personal Data?

The General Data Protection Regulation (GDPR) 2018 defines personal data as “ any information relating to an identified or identifiable natural person ( ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular  by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;” ( Art.4(1) GDPR).  Some personal data in isolation may not be sufficient to identify a person but when combined with other information may make a person identifiable.

4. What is Processing?

‘Processing’:  For the purposes of the GDPR, the focal  term ‘processing’ has a much wider meaning than that  expected in normal parlance:  ‘processing’ means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.” (Art.4(2) GDPR). It is clear from the definition quoted that the scope of the  personal data processing captured by the GDPR is very broad.

5. The General Data Protection Regulation

This Regulation applies to any organisation that determines the purposes and means of the processing of personal data (a Data Controller) and also any other organisation processing data on behalf of the Data Controller (a Data Processor). Those having obligations and responsibilities under this Regulation include council members and employees of The Institute, contractors, consultants, agents and third parties who have access to data either directly or indirectly.

At the centre of the GDPR and the Data Protection Act 2018 is the requirement for organisations to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. This organisation fully embraces the ultimate goals of transparency and accountability. The GDPR is also underpinned by some key principles: lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability (Article 5 of the GDPR).

6. Why and how the Institute collects personal data

Personal data are collected through the website (and our associated application form) in order to initiate a relationship, share information and provide you with some of the services available through The Institute. The most usual way by which  visitors to the website give their personal data is by downloading and completing the membership application form. Such information will include name, postal and email addresses, and a contact phone number. Our application form will also ask for information on other parties so that assessment and verification of  work history and qualifications can be carried out. Applicants must sign the application form and consent to the processing of their personal data so that the application can go to final assessment. If deemed suitable for membership an applicant member must provide debit/credit card details to process membership payment.

7. Sharing Personal Data

There will be circumstances where your personal data will be shared with others.

Service Providers:

Amongst these are carefully selected companies that provide services for or on behalf of us, such as companies that help us with IT support and website security. These providers are also committed to protecting your information and a Data Processing Agreement (DPA) will be in place where service providers process personal data on our behalf. The Institute will soon be using Stripe as a Payment Service Provider and a DPA will be in place to safeguard all member personal data.

Other Parties When Required by Law or as Necessary to Protect Our Services:

For example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security. We will challenge any such requests that are not valid.

Other Parties with Your Consent or at Your Direction:

In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing. Current or past employers fall into this category. If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data are treated just as safely and securely as personal data are within the EEA and under all applicable data protection legislation.

8. Lawful Bases

The GDPR and the DPA 2018 mandate that any processing of personal data must have at least one lawful basis for each purpose for which the processing is to be carried out. The lawful bases used by The Institute will, depending on the category of personal data,  include either  your consent, contract necessity, legal obligation or the  legitimate interests of the Institute. Your consent is given to us at the membership application stage and later other data may be processed by virtue of the membership agreement. We are also under obligations pursuant to the Companies Acts to process data as part of business record keeping and to maintain a members register. No processing will ever take place without at least one lawful basis. No matter the lawful basis , it will always be communicated to you.

9. Your Rights

GDPR introduced enhanced rights for the data subjects and these rights extend to numerous separate individual rights for data subjects. More detailed information on your rights is available here.

The exercise of many of the new rights is dependent upon knowledge that the data are being processed in the first place. Therefore, the importance of the Right to Information cannot be understated.  Where the personal data are being collected directly from you, we will in accordance with Art. 13 (1) and Art.13 (2) provide information as below.

10. For Your Information

10.1 Identity of Data Controller

The Institute of Clerks of Works and Building Inspectors

Email: icowireland@gmail.com

10.2 Purposes of processing and legal bases

The  purposes and legal bases must be communicated to the data subject at the time the personal data are collected. Both are detailed above at Sections 6 and Section 8, respectively.

10.3 Legitimate interests

If we, or a third party, are to use ‘legitimate interests’ as a legal basis for processing, we will inform you of those ‘legitimate interests’.  For example, it is in the legitimate interest of our business to process information for administration and accounting requirements. We will only use ‘legitimate interests’ as a solitary basis for processing  when  under a legal obligation to do so.  Processing on the basis of ‘legitimate interests’ means the processing must be ‘necessary’ for the purposes of the ‘legitimate interests’ pursued by this organisation or a third party.   Being useful or convenient does not mean processing is ‘necessary’.  These ‘legitimate interests’ may be overridden by your rights and interests, but not in all cases. However, in all cases, ‘legitimate interests’ as a lawful basis has to be balanced against all your other rights, not just your data protection rights.

10.4 Recipients or categories of recipients of Personal Data

There are occasions when engaged in processing we are required to disclose data to third parties who are neither data processors acting on our behalf, nor data controllers on whose behalf we are working. Such recipients of data include the Revenue Commissioners and law enforcement authorities, where needed for the investigation, detection, prosecution or prevention of criminal offences. We may also disclose personal data in connection with our lawful purposes to third parties who provide services to us in connection with the website, such as IT service providers and analytic service providers. Your personal data may also be shared with some service providers such as, book keepers, accountants, insurance companies etc.

10.5  Intended transfers to non-EU member state or international organisation and details of adequacy decisions and safeguards.

We may from time to time make use of third party service providers to deliver our services which may necessitate the transfer of personal data outside the EU/EEA. Cloud storage service providers are common examples. Where data does have to be transferred outside the EU/EEA we will choose providers who process on the basis of an Adequacy Decision or Model Contract Clause. Appropriate safeguards will be in place to protect the rights of all  data subjects. Transfers to the UK are covered by an Adequacy Agreement agreed post Brexit.

10.6 Retention periods

The underlying guide for any retention period for your personal data will be the commitment to the principle of storage limitation under Art. 5(1)(e) GDPR.  “Personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed.”  There will be instances where personal data are retained only because it is necessary to comply with a legal obligation to which the organisation is subject. These legal obligations will include mandatory data retention in line with, for example, Revenue and Company Law in particular.

10.7 The existence of other rights

At the time that personal data is collected from you, you must be made aware of the following rights:

Right of Access: you have the right to have confirmation if any of your personal data are being processed and  the right to request a copy of any such data;

Right to Rectification; you have the right to have any inaccurate data corrected and any incomplete data made complete;

Right to Erasure: You have the right to request us to delete any personal data we hold about you;

Right to Restriction: You have the right to request that we no longer process your data for particular reasons;

Right to Object: You have the right to object to the processing of your data for particular purposes;

Right to Data Portability: You have the right to request us to provide you, or a third party, with a copy of your personal data, in a structured, commonly used and machine-readable format.

If you wish to exercise any of these rights, please contact us as below.

Email:  icowireland@gmail.com

Address: P.O.Box 34, Longford P.O., Co. Longford. N39 RR02.

A Data Subject Access Request form is also available by contacting us at the above email address.

 

10.8 Information re Consent

Where processing is based on consent you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on that consent before the withdrawal. Silence, pre-ticked boxes or inactivity cannot constitute consent. On this website any request for consent will be clearly distinguishable from other matters contained on the website. As referred to above, this may entail the physical ticking of a box on a website page on the application form that affirms and records your consent.

10.9 Right to lodge a complaint with Supervisory Authority

You have the right to lodge a complaint to the Office of the Data Protection Commission here.

Data Protection Commission,

21, Fitzwilliam Square South,

Dublin2, DO2RD28.

Phone: (01) 761 104800 and (057) 868 4800

10.10 The nature of the provision of Personal Data

What we are referring to here is whether the provision of the data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. This will be specifically made known to you so that  you are fully informed concerning the processing of your personal data. Where processing activities are based on either statutory or contractual requirement, you may ask for your data not to be processed for that purpose. However, in some cases, our statutory obligations may outweigh your right. You are not obliged to provide the personal data, but no relationship can commence, no membership agreement can be validated or no service delivered without your personal data being made available to us.

10.11 The existence of automated decision making, including profiling

We do not use your data in relation to any automated decision-making. Neither do we use any form of profiling.

11. Website Tracking

We do not use any form of tracking of visitors to the website. Should this change, data subjects will be informed  and asked for consent through this Privacy Notice and a Cookie Notice.

12. Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies are regulated by the ePrivacy Regulations. No cookies have been placed on this website. Should this change, you will be informed and your consent will be sought to the use of cookies.

13. Links to other websites

Our website may sometimes contain links that expand on a topic and enable you to visit other websites of interest easily. We only provide links to websites we have adjudged to be reputable. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.  Accordingly, such sites will not be governed by this privacy statement.  You should exercise caution and look at the privacy statement applicable to the website in question.

14. Changes to our Privacy Notice

Our services and our service providers  may change from time to time. More importantly, the legal and regulatory landscape may alter.  As a result, at times it may be necessary for us to make changes to this Privacy Notice. We reserve the right to update or modify this Privacy Notice at any time, and from time to time, without prior notice. Please review this privacy notice periodically, and especially before you provide any personal data.  This Privacy Notice was last updated on the date indicated below.  Your continued use of the services after any changes or revisions to this Privacy Notice shall indicate your agreement with the terms of such revised Privacy Notice.

Last updated on 15 September 2023.

15. Disclaimer

All information on these pages is provided by the Institute of Clerks of Works and Building Inspectors in Ireland and is believed to be correct as at the time of issue. The Institute will not accept any liability for any inaccuracies or any loss or damage arising from the use or reliance on information obtained from the website.