Under Data Protection legislation, individuals have a number of rights in relation to the personal data an organisation holds about them. The purpose of this notice is to inform you of the personal data processed through this website, how this data is handled and what your rights are.
Who we are and how to contact us?
At the financial centre level, SIF Ireland works to support responsible and sustainable investment best practice across all asset classes in Ireland. Sustainable Nation Ireland acts as SIF Ireland’s Convenor and Secretariat.
Our contact details are:
SIF Ireland, C/O Sustainable Nation Ireland, Talent Garden, Claremont Avenue, Glasnevin, Dublin 11
Tel: 01 5250290; Email: firstname.lastname@example.org
Our DPO is Stephen Nolan and all Data Protection related queries should be directed to him at email@example.com.
What personal data do we process through our website?
- Newsletter and Event Notifications: Individuals may sign-up to receive our newsletter via email. Subscribers are asked to submit their name, email address, role. We process this data on the basis of consent and you may withdraw your consent at any time.
- Event Registration: Individuals may register to attend SIF Ireland events via our website. They are asked to provide details such as name, email address, organisation, and role. They submit these details on the basis of consent and can choose whether or not their details can be retained for the purposes of similar communications on future SIF Ireland events.
What other personal data do we hold and process?
SIF Ireland issues direct invitations to events to specific industry, policy, and academic stakeholders via email. SIF Ireland maintains databases of professional/business contacts on the basis of legitimate business interests. Contacts may opt out of receiving direct email invitations by replying to the email invitation or contacting SIF Ireland directly at firstname.lastname@example.org.
Do we share personal data with any third parties?
SIF Ireland does not disclose your personal data to any third parties without your prior consent.
What is the legal basis for processing the data?
Under data protection law, there are six available lawful bases under which an organisation may process personal data. They are consent, contractual purposes, legal obligations, vital interests, public task, and legitimate interests.
The legal bases for which we process each category of personal data are as follows:
Consent via application
Newsletter, Event and Publication Notifications
Consent via subscription
Direct Event Invitations
Consent via online registration
Legitimate interest means we have a legitimate business interest. When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Data for activities where privacy impact may override legitimate business interests (unless we have your consent or are otherwise required or permitted by law). Consent means that an individual has given us clear, explicit consent to process their personal data for a specific purpose. Consent may be withdrawn at any time.
How long will the data be stored for?
For data processed on a consent basis, it is retained as long as the individual wishes us to retain it for. Consent may be withdrawn at any time. For data processed on a legitimate interest basis, it will be retained for as long as there is a purpose associated with the legitimate interest. An individual may object to their data being processed on this basis. For data processed on the basis of a legal obligation, it will be retained in accordance with the requirements of the associated statute or regulation.
What rights do you as the data subject have?
Data protection legislation confers the following rights on individuals:
1. The right to be informed
An individual has a right to know whether an organisation processes personal information relating to them and certain additional information in relation to the processing, such as its purposes, the categories of data, the recipients of the data, and the existence of additional rights such as the rights to erasure and objection (where applicable).
2. The right of access
Individuals have the right to access their personal data, be aware of and verify the lawful basis on which it is processed.
3. The right to rectification
Individuals have a right to have inaccurate personal data rectified, or completed if it is incomplete.
4. The right to erasure
Individuals have a right to have their personal data erased in certain circumstances. This right applies where personal data is processed on the basis of consent or when the personal data is no longer necessary for the purpose which it was originally collected or processed it for; it doesn’t apply where personal data is being processed or retained in order for the organisation to comply with a legal obligation.
5. The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, an organisation may store the personal data, but not use it. This right applies where
- an individual contests the accuracy of their personal data and this is being verified
- the data has been unlawfully processed (i.e. in breach of the lawfulness basis on which it is processed) and the individual opposes erasure and requests restriction instead
- an organisation no longer needs the personal data but the individual needs it to be kept in order to establish, exercise or defend a legal claim
- the individual has objected to the processing of their data where it is being processed on the basis of public interest task or legitimate interests and the organisation is considering whether their legitimate grounds override those of the individual.
6. The right to data portability
This right allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies where the lawful basis for processing this information is consent or for the performance of a contract, and the processing is being carried out by automated means.
7. The right to object
An individuals have the right to object to the processing of their personal data where
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling
Automated decision making and profiling is defined as:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
An organisation can only process personal data in this way when it’s:
- necessary for the entry into or performance of a contract; or
- authorised by Union or Member state law applicable to the controller; or
- based on the individual’s explicit consent.
How can I submit a Subject Access Request?
Subject Access Requests can be submitted to Stephen Nolan, SIF Ireland, C/O Sustainable Nation Ireland, Talent Garden, Claremont Avenue, Glasnevin, Dublin 11, or email@example.com.
How will the information be provided?
Where the data subject makes the request by electronic form means, where possible, the information must be provided by electronic means, unless otherwise requested by you. When requested by you, the information may be provided orally, provided that identity is verified.
What are the timeframes for dealing with personal data access requests?
- Within 1 month of receipt of the request
- The 1-month period may be extended by a 2 further months, where necessary, taking into account the complexity and number of requests, where necessary. In this case, we will inform you of any extension within 1 month of receipt of the request and the reasons for the delay. If we do not take action on foot of your request, we will inform you without delay and, at the latest, within 1 month of receipt of your request, of:
- The reasons for not taking action
- The possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
What are the charges?
Requests are dealt with free of charge.
However, where requests from a data subject are considered ‘manifestly unfounded or excessive’ (for example where an individual continues to make unnecessary repeat requests or the problems associated with identifying one individual from a collection of data are too great) the data controller may:
- Charge a reasonable fee, taking into account the administrative costs of providing the information/ taking the action requested; or
- Refuse to act on your request.
Right to lodge a complaint to the Supervisory Authority
Under data protection legislation an individual has a right to lodge a complaint with the Data Protection Commission if they consider that processing of their personal data is contrary to the GDPR.
The contact details of the Commission are
The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois. The Data Protection Commissioner also operates a helpdesk function, which is contactable at 0761 104 800 or LoCall 1890 252231.
Subject Access Request Procedures
Making and submitting a Subject Access Request
If you wish to make a Subject Access Request, please do so in writing to Stephen Nolan, SIF Ireland, C/O Sustainable Nation Ireland, Talent Garden, Claremont Avenue, Glasnevin, Dublin 11 or firstname.lastname@example.org.
In order to facilitate processing of your request and timely retrieval of your personal data, we ask that individuals provide the following details:
- Name of Requester
- Details of the personal data that you are requesting e.g., application form, emails of a specific subject matter, letters etc.
- Data Subject Right you wish to exercise (where applicable) e.g., right to rectification, erasure
- Any other relevant information
- The form you wish data to be provided to you
In order to ensure that personal data is not disclosed to the wrong person, proof of identity will be required with your data access request.
If a request is being made on your behalf by a third party such as a solicitor, authority and verification will be sought.
Data pertaining to your information only
You are entitled to your own data only. If data from additional parties to the request are required by you, it is necessary for each party to consent to the release of their personal data in writing to the Data Protection Officer. Data pertaining to individuals not party to the request will not be released to you.
We will respond to your request without undue delay and your request will be concluded no later than 1 month from when it is received.
The timeline may be extended by up to 2 months taking into account the complexity and whether it is a repeat request.
Your data will be provided to you free of charge.
However, a reasonable fee may apply when a request is manifestly unfounded or excessive.
Right to complain to Data Protection Commissioner
If you are unhappy with the outcome of your request, you may make a complaint to the Data Protection Commissioner (Canal House, Station Road, Portarlington, Co. Laois), who will investigate the matter for you. Further details on your rights under the Data Protection Acts are available on the Data Protection Commissioner’s website: www.dataprotection.ie