Visit Cork, with the address of 3, Elizabeth Fort, Barrack Street, Cork T12 V2D7 (also referred to as “we,” “our,” “us” “Cork Convention Bureau” “CCB”) is the Data Controller when you provide information to us.
Visit Cork is a public-private partnership and the official events bureau for Ireland’s Cork Region.
Our professional team of advisers offer their services impartially and free of any charges or commissions. We provide impartial guidance to ensure a memorable event that exceeds your expectations – all in a region that makes an excellent destination for meetings, conferences, exhibitions, incentive travel, elite athlete training and sporting events. We are not event organisers, but we are happy to recommend an organiser that best matches your needs.
This Privacy Statement defines how we collect, use, share, store, our legal basis, how long we keep your data and outlines your rights. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act, 2018 and other Irish or EU Data Protection legislation.
LEGAL BASIS FOR USING YOUR INFORMATION
All businesses must have a legal reason to use your personal information; if they do not have one, they cannot use your personal data. Several legal grounds enable data processing. Outlined below are the most relevant grounds you should be aware of.
WHEN YOU ARE A CORK CONVENTION BUREAU AMBASSADOR, SIGN-UP FOR OUR NEWSLETTERS AND/OR ATTEND AN EVENT.
When you are an Ambassador or potential Ambassador, we will process the following personal data about you:
- Your first name, surname, address, company name, telephone/mobile number and e-mail address;
- A record of the information that you provide to us;
- Conversations you have when you call us;
- When you book to attend and pay for a training course; and
- Home and work address if applicable (to contact you and send your certificate to).
- Next-of-kin (in case anything should happen you while attending a programme).
- When you agree to stand in for a group photograph which we will use on our social media accounts;
- Marketing profiles, including what events and communications we think you might be interested in.
- When you complete a feedback form, either manually or online;
- Assessment evidence, verification reports, external authenticators reports and results.
- To personalise the way our content is presented to you and to ensure that content from our Website is presented in the most effective manner for you and for your computer e.g. if you specify that you are interested in horse-riding breaks, we will prioritise horse-riding breaks in the information we show you when you are logged on.
- To manage and administer our relationship with you or with an entity (for example, Fáilte Ireland) with which you are associated in a manner relevant to our legitimate interests (for example, the administration of grant funding).
- To issue invitations to events and publications.
Where you provide information to us about other people coming on or to an event you need to make sure you have their permission to do so.
Lawful basis relied upon: The processing is necessary for the performance of a contract, consent or legitimate interest.
Performance of a contract is where we either have a contract with you or you wish to enter into a contract with us. For example, organising a conference, to administer & record bookings, attendance and other event-specific details.
There may be situations where we need to use your information to comply with legal obligations. We are required by law to keep your information on file to comply with the Revenue Commissioner, Health and Safety legislation and also for Professional and/or Public Indemnity Insurance purposes.
We process the following data because we have a legitimate interest.
- Keeping your data in our system to keep it secure;
- The date on which you started using our services;
- The date on which you ceased to use our services;
- A record of any complaints or compliments made by you and the action taken in respect of any such complaint or compliments;
- Your email and telephone number in a suppression list so that we do not email or telephone you again by accident;
- We may receive your business contact information directly from you, as a Regional Conference Ambassador, as a client, as an attendee at an event or from business cards, or we may get your information from third party sources, such as your website or professional network profile;
- The IP address and the MAC address when you visit our website enables us to keep our website secure.
We process the following data because we have your consent:
- Subscribing to our newsletters and social media accounts.
- When you fill in your personal details into our website form.
- To invite you to participate in surveys about our services (participation is always voluntary).
Telephone: We have a telephone voice messaging system in the office to record any messages from people who ring when the office is unattended. You may or may not wish to leave a message. Messages are deleted once a member of Visit Cork has listened to it and followed up on any information left on the system.
In the course of providing our services, we may process specific sensitive data for instance, in the unfortunate event that you experience an accident or incident we will record your personal data and any health implications. We rely on exceptions contained in Article 9 of the GDPR and the Data Protection Act 2018 to process this information.
WHY DO WE NEED YOUR DATA?
Visit Cork need to process personal data about our visitors to provide effective and high-quality service and to fulfil our legal obligations. We will process your data to:
- Provide you with the services or information that you have asked for;
- Keep a record of your relationship with us;
- Send you correspondence and communicate with you;
- Meet our legal obligations;
- Respond to or fulfil any requests, complaints or queries that you may have; and
- Understand how we can improve our services or information;
WHEN AND HOW WE COLLECT YOUR INFORMATION
We may collect information you provide to us directly and indirectly when interacting with our services. This may include such interactions as:
- Make an initial approach to us by e-mail or on the phone; and
- Interact with us by e-mail, text, or on social media;
- From third-parties such as state-funded bodies (i.e., Fáilte Ireland, etc.)
Visit Cork is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not aim our services at children, and we do not knowingly collect any personal data from any person under 16 years of age.
YOUR BUSINESS FINANCE INFORMATION
Processing is necessary for compliance with a legal obligation such as Taxation laws. We collect financial data required to comply with Irish Tax law such as V.A.T. numbers, account details to pay and sending invoices.
USE OF OUR WEBSITE
We process the following data because we have a legitimate interest:
We have a legitimate interest in understanding how our clients and potential clients use our website. This assists us in providing more relevant services and communicating value to our clients.
See the Cookie Notice on our website for more details.
We collect personal information relating to you when you contact us through the contact forms on this website. This information may include your name, email and your phone number. We will only use this information to respond to your request. We will never use this information to market to you unless you have specifically requested us to reach out to you through the contact form.
We use a third-party provider, MailChimp to deliver our newsletter. As a part of MailChimp’s services, it collects statistics around e-mail opening and clicks using industry-standard technologies. If you no longer wish to receive marketing emails or newsletters from us, you have the right to ask us to stop processing your data for direct marketing purposes. Please send an e-mail to firstname.lastname@example.org with ‘UNSUBSCRIBE’ in the subject line or click the ‘Unsubscribe’ link in the newsletter email you received from us.
There are some activities where we process personal information with your permission, which you can withdraw at any time, although if you do, we may not be able to provide the product or service you have requested. An example is where we want to use your photograph to promote our business. We would ask your permission first and you can withdraw your consent at any time. We will indicate in this Privacy Statement where we rely on consent.
Where we may rely on consent to use your information, you have the right to revoke that consent for that processing activity at any time. However, we may have the right to rely on an alternative legal basis for the processing activity and will inform you of that.
A withdrawal of consent may still allow the processing of your data if:
- Processing is necessary for the performance of a contract with you.
- Processing is necessary for compliance with a legal obligation.
- Processing is necessary to protect your vital interest or that of another person.
- Processing is necessary for the performance of a task carried out in the public interest.
- Processing is necessary for the legitimate interests pursued by the controller or a third party; except where such interests are overridden by your interests or fundamental rights and freedoms.
We want to send you information about our services, training and events from time-to-time which may be of interest to you. If you have consented to receive such marketing information, you may opt-out later. You have a right at any time to ask us not to contact you for marketing purposes.
In addition to sending you information about the services you use, and where we have your permission, we may send you direct marketing communications about our services, events and offers.
Direct marketing communications may be sent by post, e-mail, telephone, social media (such as Facebook, LinkedIn, Instagram and Twitter), messages including push notifications to your mobile devices, and via other electronic means such as when you visit our website.
We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our services.
You will be able to opt-out of direct marketing by following the instructions in the communications you receive or changing your device settings.
LINKED SERVICES, THIRD-PARTY SITES AND CONTENT
In some of our articles, eLearning platform, and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. The Cork Convention Bureau does not accept any responsibility or liability for other sites’ Privacy Notices/Statements or Privacy Policies. If you access other websites using the links provided, please read their policies before submitting any personal information.
Our website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from the Cork Convention Bureau website through these services, you should review the ‘Privacy Statement/Notice’ of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.
HOW WE PROTECT YOUR DATA
Access to our online databases is password protected and all our computers are also password protected. We restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. All our documentation and records are securely stored on site.
Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website, or to our office via e-mail, and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your personal data arising from such risks. Please also note that our website contains hyperlinks to websites owned and operated by third parties, and use of these is at your own risk (see ‘Third Party Websites’)
In instances where our business is subject to a re-organisation, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of the Cork Convention Bureau.
DISCLOSURES REQUIRED BY LAW
Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.
RETAINING YOUR DATA
We shall keep your information for as long as necessary for the uses set out in this Privacy Statement or while there is a legitimate business reason for doing so.
We hold your data:
- For enquires – 6 months, just in case you have forgotten something and come back to us.
- For marketing – until you withdraw consent or until we see that you are no longer opening the emails. We review our consents every year.
- Accident/incident Reports – kept for 10 years
- After ceasing to be a client – 7 years.
- Soft copies of the attendance sheets are retained for 7 years.
- Events provided via Grant Aid Funding – 7 Years from when the event finished.
- Unsuccessful candidates (Interview Score Sheets, C.V and Cover Letters, Application Forms, Job Specification and Job Description) – 1 year from
- the date that the position is filled.
- All other data is held as per our Retention Schedule; please feel free to contact us for more information at email@example.com
Where you ask for your account to be closed, we will do this as soon as possible subject to any terms and conditions relating to the account. Your information will be retained to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.
YOUR RIGHTS UNDER THE GDPR & THE DATA PROTECTION ACT, 2018
You have rights in respect of our processing of your personal data which are:
- To access your personal data and information about our handling of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- We no longer need it;
- If we are processing your personal data by consent and you withdraw that consent;
- If we no longer have a legitimate ground to process your personal data; or
- We are processing your personal data unlawfully
- To object to our processing if it is by a legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us at firstname.lastname@example.org
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact us (see ‘Complaints, Questions & Assistance’ below). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.
WHO DO WE SHARE YOUR INFORMATION WITH?
In the course of providing our Services, we share information with various third parties.
In particular, we may share your personal data with Fáilte Ireland and this is subject to our Data Sharing Agreement with them. Fáilte Ireland is an Official Authority under the National Tourism Development Authority Act, 2003 (NTDA Act, 2003) and Fáilte Ireland’s statutory purpose is to promote and publicise Ireland for marketing purposes.
The categories of Personal Data that may be shared between us and Fáilte Ireland during the may include but is not limited to:
- Names, addresses, telephone numbers and email addresses of our clients,
- Details of client enquiries and interactions,
- Details of events planned by us including but not limited to relevant contacts in hotels, the number of event attendees and contact details of our suppliers;
Any personal data that we share with Fáilte Ireland is for the purposes of:
- Business development and the fulfilment of Fáilte Ireland’s statutory functions in relation to the provision of practical and financial support to meeting planners. Please note that where Fáilte Ireland provide state funding towards an event, Fáilte Ireland has a legal obligation to be satisfied (i.e. verify) that the event has taken place.
- In order to ensure the appropriate support is afforded to our respective clients;
- Fáilte Ireland may use data provided by us to report to the Department of Tourism on anonymised statistics that does not require the disclosure of your personal data.
- Where personal data is shared with Fáilte Ireland, we ensure that we have a valid legal basis to process the personal data pursuant to Data Protection Legislation.
- When we share your personal data with Fáilte Ireland, we will, as separate Independent Data Controllers, retain the Shared Data for no longer than it is required for the purposes for which it was shared. We will, as independent Data Controllers, securely and safely delete and destroy personal data in our possession when it is no longer required.
DATA TRANSFERS OUTSIDE OF THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
When we transfer your personal data out of the European Economic Area (EEA), we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
CHANGES TO OUR PRIVACY STATEMENT
We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review. This policy was last updated in January 2019.
COMPLAINTS, QUESTIONS AND ASSISTANCE
If you have any comments, concerns or complaints about our uses of your information, we would ask that you contact us first, so that we can try and resolve the matter.
You are encouraged to raise any issues with Mr Seamus Heaney, Head of Visit Cork
Post: 3, Elizabeth Fort, Barrack Street, Cork T12 V2D7, Ireland.
Telephone: +353 (0) 21 4318036
COMPLAINING TO THE DATA PROTECTION COMMISSION (DPC)
Where we are unable to help, you can complain to the Data Protection Commission (DPC) in Ireland or the Statutory Authority in your country of residence, who will be able to liaise with the Data Protection Commission.
The Data Protection Commission (DPC) can be contacted at:
Post: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, Ireland, R32 AP23.
Telephone: +353 (0) 57 8684800
Telephone: +353 (0)761 104 800
Lo-Call Number: 1890 252 231