Data protection is a fundamental right. As set out in Article 8 of the EU Charter of Fundamental Rights:
The General Data Protection Regulation (GDPR) is designed to give individuals more control over their personal data. Enterprise Ireland became subject to the GDPR on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
The purpose of this notice is to inform grant applicants of what personal data the Local Enterprise Office holds in relation to them, and, as may be appropriate, their employees, and related persons, and how the Local Enterprise Office uses that personal data as controller.
PERSONAL DATA PROTECTION NOTICE relating to the Local Enterprise Office Grant Administration Process
The Local Enterprise Office (‘we’, ‘our’, ‘us’) takes data privacy seriously. In order to perform our public functions and to provide our services, we collect and process a certain amount of personal data. This Data Protection Notice relates to personal data collected by us in respect to the grant administration process and is intended to ensure that data subjects (who may be connected to client companies and third level institutions, or be entrepreneurs applying for grant funding) are aware of what personal data we hold in relation to them, and how we use that personal data as controller.
Please read the following carefully to understand our use of personal data.
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The Local Enterprise Office holds personal data received from a number of sources in connection with the performance of our public functions and the delivery of our various services to our clients. In some instances, personal data is provided directly to us by the data subject concerned (e.g. a business owner or sole trader). We may also receive personal data about a data subject indirectly. For example, an employer may provide employee personal data in connection with the grant or a representative of a number of data subjects may provide personal data in relation to one or more data subjects. By describing our activities below, we are able to identify where we may hold some or all of the following types of personal data:
|Category||Types of personal data collected||EI Activity|
Date of birth
Photos / video
Directorships and shareholdings
Social media accounts
|Grants and investment services administration required to support companies start, scale, internationalise and innovative, such as project review, due diligence activities and grant inspection.
Job Position / Job title
|Grants and investment services administration required to support companies start, scale, internationalise and innovative. This includes the Local Enterprise Office’s grant inspection activity which is required for grant drawdown.|
|Identification details||PPS number, passport details||Grants administration for an entrepreneur where there is no CRO number available.|
We will hold, process and may disclose personal data for the following purposes:
Certain categories of personal data are regarded as ‘special’. We have provided the following list of what personal data are identified in the General Data Protection Regulation (GDPR) as special data for information purposes only. Special data includes information relating to an individual’s:
This list should not be read or understood as an indication of any policy of the Local Enterprise Office to actively collect/process such data.
As part of the Local Enterprise Office due diligence on a grant inspection in relation to employment grants, on occasion, though we have not requested them, we may receive salary certificates with Trade Union membership details. This processing is necessary for reasons of substantial public interest on the basis of law.
If we cannot collect or process certain personal data, we may not be able to provide employers with a grant or an equity investment or other support or service. If you have any queries in respect of the consequences of not providing information or withdrawing your consent, please contact us.
In order to provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:
The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing personal data. Due to the global nature of business, certain personal data may be disclosed to staff members of Enterprise Ireland working outside the EEA: click here to view Enterprise Ireland’s overseas network . To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards.
We will store personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods.
You have several rights in relation to your personal data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.
|Your Right||What this means|
|Right to withdraw consent||If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.|
|Right of Access||You can request a copy of the personal data we hold about you.|
|Right to Rectification||You have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.|
|Right to Erasure (‘Right to be Forgotten’)||
However, this right does not apply where, for example, the processing is necessary:
|Right to Restriction of Processing||You can ask that we restrict your personal data (i.e., keep but not use) where:
We can continue to use your personal data:
|Right to Data Portability||Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
|Right to Object||You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests, for the performance of a task carried out in the public interest or in the exercise of our official authority. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.|
|Automated Decision-Making||You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.
|Right to Complain||You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR
Please see the below contract details for the Irish Data Protection Authority:
Data Protection Commissioner Phone: +353 (0)761 104 800.
We will only use personal data for the purposes for which we collected it outlined in Section 2 above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain information as to how the processing for the new purpose is compatible with our original purpose, please contact us (see Contact Us below).
If we need to use your personal data for an unrelated purpose, we will notify you and provide an explanation of the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is permitted by applicable data protection laws.
Questions, comments, requests and complaints regarding this Data Protection Notice and the personal data we hold are welcome and should be addressed to the Data Protection Officer.
Paula Maguire, Data Protection Officer
Data Protection and Freedom of Information Office
Eastpoint Business Park
Telephone: +353 1 7272478