Privacy & Cookie Policy

The Convention Centre Dublin (“The CCD”) values your privacy and cares about the way in which your personal information is treated.

Purpose of our privacy policy

This privacy policy notice explains how we, The CCD, collect, use, disclose, retain and protect your personal information. Your privacy is important to us and this privacy policy notice sets out how we protect your personal information and your rights regarding your personal information, in accordance with the new standards introduced by the European data protection law, known as the General Data Protection Regulation (GDPR).

“The CCD” (referred to as “we”, “us”, “our” or “The CCD” in this policy) in this notice primarily refers to Spencer Dock Convention Centre Dublin (No2) DAC, the company contracted to operate the Convention Centre Dublin, and, where appropriate, to other companies in the Convention Centre Dublin group. Spencer Dock Convention Centre Dublin (No2) DAC is registered in Ireland with registration number 419130 with its registered office at Spencer Dock, North Wall Quay, Dublin 1.


What is personal data?

Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Collection of personal data

We may collect personal information from you in the course of our business, including but not limited to through your use of our website and / or App and other websites accessible through our website and / or App, participate in a survey or competition, when you contact us or request information from us, when you hold or attend an event at The CCD, when you engage our services or as a result of your relationship with one or more of our staff and clients.


What information do we collect about you?

The personal information that we may collect and process includes:

  • Basic information, such as your name (including name prefix or title), the company you work for, your title or position;
  • Contact information, such as your postal address, email address and phone number(s);
  • Financial information, such as payment-related information;
  • Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically;
  • Information you provide to us for the purposes of or while attending, speaking or participating in meetings and events at The Convention Centre Dublin;
  • Identification and background information provided by you or collected as part of our business acceptance processes;
  • Images captured on CCTV;
  • Personal information provided to us by you or by our clients or their delegates or exhibitors or generated by us in the course or providing services, which may include special categories of data, including access and dietary requirements;
  • Any other information relating to you which you may provide to us, including on our service desk.


How do we obtain your personal data?

We collect information from you as part of our business acceptance processes and about you and others as necessary in the course of providing our services;

  • We collect your personal information while monitoring our technology tools and services, including our websites and email communications sent to and from The CCD;
  • We collect data on our service desk, which may at times include personal data;
  • We collect personal information in the course of monitoring the health and safety of persons and property at The Convention Centre Dublin, through CCTV cameras throughout the building;
  • We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff, sending us your CV, contacting us directly via letters, emails, calls and social media or registering on one of our digital platforms or applications;
  • We collect computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history and your web log information;
  • We may collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources.


How do we use your personal data?

The CCD collects and processes personal information about you in a number of ways, including through your use of our website and in the provision of services by us. We use that information:

  • To provide and improve our website, including auditing and monitoring its use;
  • To provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients;
  • To provide information or services requested by you;
  • For the purposes of recruitment;
  • To ensure the health and safety of persons and property at The Convention Centre Dublin;
  • To promote our services, including sending updates, publications and details of events;
  • To manage and administer our relationship with you and our clients;
  • To fulfil our legal, regulatory, management and risk management obligations; 
  • To fulfil our legal and contractual obligations under our public private partnership agreement with the Office of Public Works.


Use of The CCD website

  • A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the ‘Careers’ section of our website and our email query facilities. The purpose of these facilities is apparent at the point that you provide your personal information and we only use that information for those purposes.
  • Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on your device. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous. For more information on how we use cookies, please see our separate document on our Cookie Policy on our website.


Marketing and other emails

  • We use personal information to understand whether you open e-zines and other e-marketing materials, such as e-newsletters and e-invitations, that we may send to you.
  • We also use personal information to understand whether you click on, or share links to, the information that we include in these materials with other people. We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. For more information on how we use cookies, please see our Cookie Policy below.
  • We may also use a relationship management tool, to assess the strength of the relationship between individuals in The CCD and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.
  • If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by emailing us here.


Provision of services

  • We process personal information provided to us by or on behalf of our clients for the purposes of the services we provide for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that.
  • We collect and process personal information about you in relation to your attendance at an event at The CCD. We will only process and use special categories of personal information for example about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with our service providers involved in organising or hosting the relevant event.
  • We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks;

 

On what basis do we use your personal information?

We use the personal information we collect from you for a range of different business purposes and according to different legal bases of processing. We may use your personal information to fulfil a contract with you and to provide you with our services, to comply with our legal and regulatory obligations, to protect your vital interest, or as may be required for the public good. We may also use personal data for the purposes of health and safety, to prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities. We also use your personal information to pursue our legitimate business interests, so that we can continue to keep you informed, maintain business relationships and update you on matters that continue to be of interest to you. We may also use your data for customer services, to manage our relationship with you as our customer and to improve our services and enhance your experience with us.

 

How long do we keep your personal data?

Your personal information will be retained in accordance with our data retention policy. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and The CCD’s business purposes. We must also consider periods for which we might need to retain personal data in order to meet our legal obligations (e.g. in relation to claims) or to deal with complaints, queries and to protect our legal rights in the event of a claim being made. After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner according to our data retention and deletion policies.


Who do we share your personal data with?

We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

  • Our professional advisers and auditors;
  • Our digital marketing agency, which has access to some of our social media platforms;
  • Our web designers and email marketing providers; 
  • Printing and postal fulfilment providers;
  • Service providers to whom we outsource certain support services, such as the operation of our service desk;
  • Subcontractors engaged in the provision of some of the services we provide to clients, such as our cleaning, catering and facilities management sub-contractors;
  • Third parties involved in hosting or organising events or seminars;
  • IT service providers to The CCD;
  • The CCD may use social media sites such as Facebook, LinkedIn and Twitter. If you use these services, you should review their privacy policy for more information on how they deal with your personal information.
  • Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies, including An Garda Siochana. We may be required to disclose your information to comply with legal or regulatory requirements. 
  • We do not sell, rent or otherwise make personal information commercially available to any third party.


How do we protect your personal data?

We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control. As effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot ensure that all of your personally identifiable information provided (ie via our website) will never be accessed. However, we will use industry standard security measures to ensure that such information is kept as secure as possible.


Who may we transfer your personal data to?

In order to provide our services we may need to transfer your personal information to locations outside the European Economic Area (the “EEA”). The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement reasonably appropriate measures to ensure that your personal information remains protected and secure, in accordance with applicable data protection laws. We utilise standard means under EU law to legitimise data transfers outside the EEA.


Your rights regarding your personal data

The GDPR and other applicable data protection laws provide certain rights for data subjects. You are entitled to request details of the information we hold about you and how we process it. You may also have a right to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You also have the right to object where we are processing your personal information for direct marketing purposes. A right you is a right of data portability, including the transfer to you of personal data. You may also have the right to lodge a complaint in relation to The CCD’s processing of your personal information.

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. We may also retain some information to record that you have withdrawn your consent or do not consent.

 

Chief Data Officer

Our Chief Data Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled.

 

Data Access Request

If you wish to access the information we hold about you, please contact our Chief Data Officer in writing. For more information on how to make an access request, please see our separate document on our Access Request Policy on our website.

 

Update of Personal Information

We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us.

 

Changes to our Privacy Statement

We may change this Privacy Policy at any time and from time to time. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. Each time you use this website the then current Privacy Policy Notice will apply. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy.

 

Cookie Policy

As almost all websites do, this website uses ‘cookie’ technology to help us provide you with the best experience we can.

What are cookies?

Cookies are small text files that are placed on your computer, tablet or mobile phone when you browse websites. 

Cookie consent

If the settings on the software (browser) that you are using to view this website are adjusted to accept cookies, we take this, and your continued use of our website, as consent for us to use cookies. You can set your browser to reject or disable cookies at any time. However, this can affect the functionality of our website and impair your experience using it. For more information on how to manage cookies, we recommend you visit www.aboutcookies.org.

How does The CCD use cookies?

The CCD uses cookies to collect information about visitors’ use of our website, such as the number of visitors it has, the pages viewed per session, time and duration of visits. This information  helps make our website work as you would expect, and also helps us to continuously monitor the performance of our website and improveit for you.. The CCD will not attempt to personally identify visitors from their IP addresses, but these may be used to display specific marketing or advertising messages to you using targeting cookies.

You can learn more about all the cookies we use below.

Performance Cookies These cookies are used to collect information and compile reports about how visitors use our site. These reports (or analytics) are used to help us assess our website’s functionality and make improvements. This information is collected in an anonymous form, and gives us valuable information such as data on the number of visitors to the website, where the visitors have come to the website from, and what pages they visited.
Session Cookies These cookies help you to navigate through our website, and ensure that any routes you take through the website are remembered. Without these cookies, every page you visit would treat you as a completely new visitor. They do not identify you personally and are deleted after you close your browser.
Persistent Cookies Persistent cookies are saved to your computer so that we know when you revisit our website. These cookies help websites to remember your information and settings when you revisit them, resulting in a faster and more convenient user experience.
Targeting Cookies Targeting cookies remember individual websites you have visited. We use these to help us present relevant and targeted online advertising messages to you when you visit subsequent websites. 
LinkedIn Insights Tag The LinkedIn insights tag is a piece of code that we have added to our website to help us unlock valuable insights about our website visitors. We use this information to build targeted advertising campaigns on LinkedIn.
Social Media Buttons We use social media buttons to enable you to share or bookmark web pages. These buttons link to third party social media sites which may log information about your activities while on the internet. Please refer to the terms of use and privacy policies of these sites respectively.

More information on cookies is available here.

Please note, this cookie policy does not cover links within this site to other websites. We encourage you to read the privacy statement on any other websites you visit to determine their cookie policies.

If you have any queries or concerns about use of cookies on our site, please email us.

Access Request Policy

Purpose of this policy

This document outlines The CCD’s Access Request Policy and Procedures to help ensure that we comply with data access request made under the standards introduced by the European data protection law, known as the General Data Protection Regulation (GDPR), which came into effect under Irish law on 25 May 2018.

“The CCD” (referred to as “we”, “us”, “our” or “The CCD” in this policy) in this notice primarily refers to Spencer Dock Convention Centre Dublin (No2) DAC, the company contracted to operate the Convention Centre Dublin, and, where appropriate, to other companies in the Convention Centre Dublin group. Spencer Dock Convention Centre Dublin (No2) DAC is registered in Ireland with registration number 419130 with its registered office at Spencer Dock, North Wall Quay, Dublin 1.

 

Procedures

An individual may make a request from The CCD as follows:

Right to establish existence of personal data

An individual may write to us asking whether personal data relating to that individual have been or are being processed by or on behalf of us and where such data have been or are being so processed, seeking all or any of the following information

  1. A description of -
  • The purpose of, and the legal basis for, the processing,
  • The categories of personal data concerned,
  • The recipients or categories of recipients to whom the personal data concerned have been disclosed, and
  • The period for which the personal data concerned will be retained, or where it is not possible to determine the said period at the time of the giving of the information, the criteria used to determine the said period;
  1. Information detailing the right of the data subject to request from us the rectification or erasure of the personal data concerned;
  2. Information detailing the right of the data subject to lodge a complaint with the Commission and the contact details of the Commission;
  3. A communication of the personal data concerned;
  4. Any available information as to the origin of the personal data concerned, unless the communication of that information is contrary to the public interest.

Where we hold such personal data on you, we shall respond to your request and provide the information specified above as soon as may be and subject to the section below on Access Request Requirements, not later than one month after the date on which the request is made.

Access request requirements

When making a request, the individual making the request must provide us with such information as we may reasonably require to satisfy us of the identity of the individual concerned and to locate any relevant personal data or information. Where we have reasonable doubts as to the identity of the individual making a request or reasonably require additional information to locate any relevant personal data, we may request such additional information from the individual making the request as may be necessary to confirm his or her identity or to enable us to locate such personal data or information and the period of time from the making of such a request for additional information until the request is complied with shall not be counted in the one month time period.

Extension of the time period for responding to a request

Where taking into account the complexity of a request and the number of such requests received by us, we are of the opinion that we require additional time to consider the request, we may once and within one month of the date of the receipt of the request, extend the time period by such further period not exceeding two months as we may specify in writing. Such notice in writing shall include the reason for which we are of the opinion that we require additional time to consider the request.

Making an access request

You may be entitled to receive a copy of your personal data held by The CCD upon written request to us at: Chief Data Officer, The Convention Centre Dublin, Spencer Dock, North Wall Quay, Dublin 1, D01 T1W6, Ireland stating that you are making an access request. Alternatively, you may make a request by emailing info@theccd.ie.

In order to respond to your access request, we ask you to:

  • Download the Access Request Form;
  • Please complete, sign and date the Access Request Form and be as specific as possible about the information you wish to access.
  • Attach a photocopy of your proof of identity and address to the Access Request Form; and:
  • Post the Access Request Form or other request to Chief Data Officer, The Convention Centre Dublin, Spencer Dock, North Wall Quay, Dublin 1, D01 T1W6, Ireland or emailing info@theccd.ie.

Use of the Access Request Form is not mandatory. However, completing the Access Request Form should enable us to process your access request more efficiently.

Please note that we reserve the right not to process and release data requested where you have not complied with the access requirements, including where:

a) Your request is not made in writing. We do not accept access requests via telephone or text message or social media platform; or
b) You have not provided us with such information as we may reasonably require to satisfy us of the identity of the individual making the request.

Fee

You do not have to pay a fee for making an access request. However, we may charge a reasonable fee in respect of a request, having regard to the administrative cost to us of complying with the request.

Responding to your access request

Once we have received your request together with your proof of identity and address, we shall respond to you within the statutory period of one month, subject to the above provisions on Extension of the Time Period for responding to a Request. If you are not satisfied with the outcome of your access request, you are entitled to make a complaint to the Data Protection Commission who may investigate the matter for you.

Restrictions to access request responses

Individuals are only entitled to access personal data about themselves. Data that consists of an expression of opinion about the data subject given in confidence or on the understanding that it would be treated in confidence may not be provided. In other circumstances where relevant exemptions apply under applicable data protection legislation, certain personal data may not be provided under an access request.

We may also refuse a request that is manifestly unfounded or excessive in nature having regard to the number of requests made by the data subject. We may also restrict, wholly or partly a right of access request where we are satisfied that restricting the exercise of a right constitutes a necessary and proportionate measure for the purposes of avoiding obstructing official or legal enquiries, investigations or procedures, avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, protecting public security, protecting national security or protecting the rights and freedoms of other persons.

If we refuse or limit access upon a request, we shall in writing notify the individual making the request as soon as practicable.

Responsibility

Overall responsibility for ensuring compliance with the requests made under the Data Protection Acts rests with The CCD. However, our responsibility varies, depending upon whether we are acting as either a data controller or a data processor.

Chief Data Officer

The Chief Data Officer co-ordinates the provision of support, assistance, advice, and training throughout the company to ensure we are in a position to comply with the legislation.

Review

This Access Request Policy will be reviewed regularly in light of any legislative or other relevant developments. Where there is any conflict between the provisions of applicable Data Protection legislation and this Policy, then, the applicable legislation shall take precedence.