This Privacy Notice has been developed by the Bernal Institute, University of Limerick, to provide information to members, researchers, students and wider stakeholders about how the Bernal Institute collects and handles their Personal Data and to meet its obligations under the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (the “Legislation”).
Under the Legislation, Personal Data means information that identifies you as an individual or is capable of doing so (“Personal Data”). To the extent that we act as a ‘data controller’, we must comply with the data protection principles set down in the Legislation. “Data subject” means an individual who is the subject of personal data.
This Notice applies to all Personal Data collected, processed and stored by the Bernal Institute in the course of its activities.
Why the Bernal Institute Holds Your Personal Data
The Bernal Institute, must process the personal data of its members, staff, students and research partners (i.e. from industry and academia) in order to carry out its functions and manage its operations effectively.
- Educational activities
- Promotional activities
The Bernal Institute collects personal data of Research Partners for the purpose of publishing details of research interests on our website , www.bernalinstitute.com, and to promote research activities on social, digital and press media.
What Personal Information does the Bernal Institute hold?
Bernal Institute only hold Personal Data that is directly relevant to its dealings with a given data subject. The types of information that the Bernal Institute may be required to process are:
- contact details
- research information
Lawful Basis for the Bernal Processing Personal Data
Data Protection law requires that the Bernal Institute must have a valid lawful basis in order to process personal data. The Bernal Institute relies on a number of such bases as follows: Consent – under certain circumstances, the Bernal Institute will only process your personal data with your consent, for example, contacting you in relation to public relations activities.
The performance of a public task – the Bernal Institute may process your personal data where necessary to perform a task in the public interest.
Protecting Your Personal Data
Your personal data may be shared between members of staff within the Bernal Institute in order for the Bernal Institute to fulfil its functions and objects.
In addition to the foregoing principle, the Bernal Institute will employ reasonable and appropriate administrative, technical, personnel, procedural and physical measures to safeguard your information against loss, theft and unauthorised users’ access, uses or modifications.
Bernal Institute shall employ reasonable means to keep Personal Data information accurate, complete and up to date in accordance with the purposes for which it was collected. The Data subject is required to inform the Bernal Institute Communications Officer/General Manager of any changes in their personal details.
Only people who are authorised to use the data will be authorised to access it. Staff are required to maintain the confidentiality of any of your data to which they have access.
Sharing Your Personal Data with Third Parties
The University may disclose certain personal data to third parties. The University will only share your personal data with external third parties where we are required to do so under a statutory or legal obligation, or we are required to do so under a contractual obligation or we have your consent, or we are otherwise permitted to do so in accordance with data protection legislation.
Transfer of personal data to other countries
We will only share your personal data outside the EEA where there are adequate safeguards in place and where:
- the European Commission has determined that the country has an adequate level of data protection;
- you have provided us with explicit consent for the transfer or
- the transfer is necessary for important reasons of public interest.
Retention of personal data
Data is retained for as long as is necessary only, as specified in UL Records Management & Retention Policy (www.ul.ie/recordsmanagement).
You have a number of rights under Data Protection legislation. These rights are as follows:
- to be informed (via this privacy notice and other communications).
- your right to request access to Personal Data held by the Bernal Institute, and to have any inaccurate Persona Data rectified;
- your right to the restriction of processing concerning you or to object to processing, in certain circumstances;
- your right to have Personal Data erased (where appropriate); and
- your right to data portability regarding certain automated Personal Data
with regard to rights within the Legislation relating to “automated decision-making”, the University does not use such processes and they do not arise.
Vindication of your rights shall not affect any rights which we may have under the Legislation. If you want to exercise any right, you can do so by making your specific request in writing to the University’s Data Protection Officer, Office of the Corporate Secretary, University of Limerick, Limerick. Your request will be processed within 30 days of receipt. If the information held about you is inaccurate, you are requested to advise the University promptly so that the necessary amendments can be made and same can be confirmed as being made within 30 days of receipt of your request. Staff also have the right to lodge a complaint with the Office of the Data Protection Commission.
Queries, Contacts, Right of Complaint
Further information on Data Protection at the University of Limerick may be viewed at www.ul.ie/dataprotection. You can contact the University’s Data Protection Officer at email@example.com or by writing to Data Protection Officer, Room BM022, University of Limerick.
You have a right to lodge a complaint with the Office of the Data Protection Commission (Supervisory Authority). While we recommend that you raise any concerns or queries with us first, you may contact that Office at firstname.lastname@example.org or by writing to the Data Protection Commissioner, 21 Fitzwilliam Square, Saint Peter’s Dublin 2, D02 RD28.
This Privacy Notice will be reviewed and updated from time to time to take into account changes in the law and the experience gained from the Notice in practice.