What is the General Data Protection Regulation (GDPR)
GDPR strives for greater data protection harmonisation throughout the EU, marking an end to fragmented data protection rules and enhancing freer movement of data within the EU. Having a single uniform law that’s fit for purpose will assist the EU meet the demands of the digital era.
GDPR imposes additional obligations on businesses and strengthens your rights regarding your data.
Due to the changes in these regulations IBAT wishes to keep you informed on:
- The types of data we hold on you.
- The purpose it is used for; and
- Your rights in relation to how it’s processed.
We collect information about you in order to operate our business. What follows is information about what we collect, how this data is processed and shared. It also explains your rights under data protection law in relation to how we process your data.
How we communicate with you.
- We only communicate directly with you. We require written consent from you to discuss your details with a third party.
- This is particularly sensitive when the communication is of a sensitive nature, e.g. medical;
If you are enrolling as a student, we also may also collect other personal data (such as information regarding your health (so that, as necessary, we can make appropriate accommodation for you)
What personal data is collected?
We use the information to process your requests, review and confirm your qualifications, provide you with our courses, programmes, services, materials and products and otherwise to contact you. We also may provide you with promotional materials about our services and products. The College may also contact you in relation to Open Events and other related information/programmes that may be of interest to you via the email address and/or contact number provided.
The following are the types of personal data we process in relation to you in order to conduct our business.
- Personal Details – name, assumed names, address, phone number, e-mail, gender, next of kin / emergency contact details, date of birth, PPS. You represent to us that you have obtained consent from your emergency contacts to provide us their information for this purpose.
- Online Services – When you interact with us by computer, phone or through your tablet you may be providing us with personal data. This will require your consent. This data will inform us on a number of things, how you are interacting, when you are interacting, and the type of device you are using to interact with us. More details are available in our cookies policy that accompanies the service you have chosen.
- Payment data –
- For EFT payments received / payments made (e.g., wages, refunds) we collect the IBAN, BIC, name of bank.
- Credit cards – We process payments but never retain the card details. This is even the case for students on payment plans that require monthly transactions to occur.
- We do not operate a direct debit system for payments.
- Interactions with us - we record details of interactions on our Learner Management System, by-email and hard copy correspondence.
Where do we collect the data from?
In most cases the data is offered voluntarily by you the student / staff member through enquiries, application forms, contracts and other forms of interaction. There are certain times when information is provided to us by third parties on your behalf, for example;
- Agents / Educational Consultants – Many students avail of these services to apply for our programmes. They will provide us with details such as your name, address, gender, date of birth, contact details, previous academic and work experience. This information is provided electronically.
- Other education institutions – We may receive your personal data from other education institutions verifying your previous education details.
- Employers - We may receive your personal data from current / previous employers regarding payments, providing references and/or verifying work related details. If you have enrolled in our courses through your employer, we will share your data and course attendance and test results with your employer.
Why we process your data?
We need to process data to provide you with our service and to enable us to operate the College. We also require data to fulfil our role as an employer. In all cases there must be an appropriate legal basis for the processing of such data. Article 6.1 of the GDPR outlines the six legal bases for processing data. IBAT processes your data on the following bases;
- Contract – to meet our requirements to perform the contract we have with you. This may require us to seek specific information to enable us to even enter into a contract with you. If this is the case we will indicate on relevant forms the mandatory fields that are required in order to be able to enter into the contract with you. If you do not provide this information we will not be able to proceed and provide you the service you require.
- Consent – where we have your explicit consent to process your data. For example, we will seek your consent to engage in direct marketing, complete surveys. You can withdraw consent at any time. Please note that if you withdraw your consent we may not be able to continue providing you with the information and service to which the consent related.
- Legitimate Interests – so we can pursue our legitimate interests e.g. testing our computer system in advance of a change being rolled out to ensure our systems operate properly, are safe and secure. For example, we may copy some data from our live system and run tests on it. This copied data may contain personal data.
- Legal obligations – to meet our requirements under applicable legislation.
Who do we share your data with?
- Regulators – IBAT are obliged under certain circumstances to provide information to a regulator (e,g. investigation of a complaint). Where a student requires a visa to study in Ireland, we are obliged to share their personal details with GNIB.
- Awarding bodies – to facilitate the proper and complete record of your student profile on the awarding bodies systems, e.g. conferring of an award and its classification.
- Other education institutions / current & former employers – with your consent we may verify your details to support an application to a programme / job application.
- Specified third parties – with your consent we can liaise with specified third parties to share your data e.g. student recruitment agents
If we provide information to any third party we require them to;
- maintain the security and confidentiality of the information.
- use the data for the agreed purpose only and prevent it being used for any other purpose
- return the data to us at the conclusion of any contract term and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations.
In addition, we will restrict the information disclosed to them. The information that is disclosed is enough only to facilitate our service.
Please note we do not store credit card details or payment information with any 3rd parties.
Where does your data go – Transfer to other countries?
We may need to process and store your information in countries outside the EU (which are not subject to EU Data Protection laws), including without limitation, your country of residence, the country in which you plan to study or other countries where we have offices or service providers (including the United States). By providing your information to us, you consent to transfer of your information to these other countries.
Retention of data
Data is retained in accordance with the College Data Retention Schedule (Associated Policy 1.10) available upon request. Data is retained to meet statutory and regulatory obligations, to manage our business, and to defend any potential legal action.
What are your rights?Under the law you have various rights with some exemptions in how data can be processed. They are rights to;
- Access data– You can request a copy of the personal data we hold on you and information about how this data is processed.
- Rectification – If data is inaccurate you have the right for it to be rectified. If data is incomplete you can request for it to be updated so it becomes complete.
- Erasure /right to be forgotten – You may request to have your personal details deleted. This may not be granted if it affects our legitimate interests or legal obligations. Certain information may need to remain such as your student number, award conferred and award classification.
- Restrict processing or object to processing – request that your personal data is restricted or object to it being used for particular purposes (e.g. direct marketing)
- Data portability – only applies to automated processing of data. It requires a data controller to provide you or a third party with a copy of your data in a structured, commonly used machine readable format. The aim is to facilitate ease of movement between service providers and increases the ease of price comparison. The College has templates (letters) that provide details of your data to facilitate different purposes.
You have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC). Further details about data protection, your rights and how to lodge a complaint can be found on the ODPC website, www.dataprotection.ie
No personally identifiable information is collected about you on this website, apart from information which you volunteer (for example by emailing us, using our online forms or by making an inquiry about content or services).
What are Cookies and how we use them?
Cookies are small pieces of information, stored in simple text files, placed on your computer by a website. Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can ‘remember’ you on your return visit.
Statistical and analytical information from cookies provides us with general and not individually specific information about the number of people who visit this website; the number of people who return to this site; the pages that they visit; where they were before they came to this site and the page in the site at which they exited. This information helps us monitor traffic on our website so that we can manage the site's capacity and efficiency. It also helps us to understand which parts of this site are most popular.
Accurate statistics enable us to continue to provide a top quality service to you. Analytics cookies: Every time a user visits our website, web analytics software provided by a third party generates an anonymous analytics cookie. These cookies can tell us whether or not you have visited the site before. Your browser will tell us if you have these cookies, and if you don't, we generate new ones. This allows us to track how many individual unique users we have, and how often they visit the site. Unless you are signed in to an IBAT College Dublin site, these cookies cannot be used to identify individuals; they are used for statistical purposes only. If you are logged in, we will also know the details you gave to us for this, such as username and email address.