The Convention Centre Dublin (“The CCD”) values your privacy and cares about the way in which your personal information is treated.
“The CCD” (referred to as “we”, “us”, “our” or “The CCD” in this policy) in this notice primarily refers to Spencer Dock Convention Centre Dublin (No.2) DAC, the company contracted to operate The Convention Centre Dublin, and, where appropriate, to other companies in the Convention Centre Dublin group. Spencer Dock Convention Centre Dublin (No.2) DAC is registered in Ireland with registration number 419130 with its registered office at Spencer Dock, North Wall Quay, Dublin 1.
Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We may collect personal information from you in the course of our business, including but not limited to, through your use of our website and / or App and other websites accessible through our website and / or App, participation in a survey or competition, when you contact us or request information from us, when you hold or attend an event at The CCD, when you engage our services or as a result of your relationship with us, or one or more of our staff, subcontractors and clients.
The personal information that we may collect and process includes:
We collect information from you as part of our business acceptance processes and about you and others as necessary in the course of providing our services;
The CCD collects and processes personal information about you in a number of ways. We use that information:
We use the personal information we collect from you for a range of different business purposes and according to different legal bases of processing. We may use your personal information to fulfil a contract with you or your conference organiser and to provide you with our services, to comply with our legal and regulatory obligations, to protect your vital interest, or as may be required for the public good. We may also use personal data for the purposes of health and safety of persons and safety and security of property, to prevent, detect, mitigate, and investigate any incidents, including but not limited to theft, fraud, security breaches or other potentially prohibited or illegal activities. We also use your personal information to pursue our legitimate business interests, so that we can continue to keep you informed, maintain business relationships and update you on matters that continue to be of interest to you. We may also use your data for customer services, to manage our relationship with you as our customer and to improve our services and enhance your experience with us.
Your personal information will be retained in accordance with our data retention policy. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and The CCD’s business purposes. We must also consider periods for which we might need to retain personal data in order to meet our legal obligations (e.g. in relation to claims) or to deal with complaints, queries and to protect our legal rights in the event of a claim being made. After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner according to our data retention and deletion policies.
We may share your personal information with certain trusted third parties, including:
We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control. As effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot ensure that all of your personally identifiable information provided (ie via our website) will never be accessed. However, we will use industry standard security measures to ensure that such information is kept as secure as possible.
In order to provide our services we may need to transfer your personal information to locations outside the European Economic Area (the “EEA”). The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement reasonably appropriate measures to ensure that your personal information remains protected and secure, in accordance with applicable data protection laws. We utilise standard means under EU law to legitimise data transfers outside the EEA.
The GDPR and other applicable data protection laws provide certain rights for data subjects. You are entitled to request details of the information we hold about you and how we process it. You may also have a right to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You also have the right to object where we are processing your personal information for direct marketing purposes. A right you have is the right of data portability, including the transfer to you of personal data. You may also have the right to lodge a complaint in relation to The CCD’s processing of your personal information.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. We may also retain some information to record that you have withdrawn your consent or do not consent.
Our Chief Data Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled.
If you wish to access the information we hold about you, please contact our Chief Data Officer in writing. For more information on how to make an access request, please see our separate document on our Access Request Policy on our website.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us.
As almost all websites do, this website uses ‘cookie’ technology to help us provide you with the best experience we can.
What are cookies?
Cookies are small text files that are placed on your computer, tablet or mobile phone when you browse websites.
You can learn more about all the cookies we use below.
|Performance Cookies||These cookies are used to collect information and compile reports about how visitors use our site. These reports (or analytics) are used to help us assess our website’s functionality and make improvements. This information is collected in an anonymous form, and gives us valuable information such as data on the number of visitors to the website, where the visitors have come to the website from, and what pages they visited.|
|Session Cookies||These cookies help you to navigate through our website, and ensure that any routes you take through the website are remembered. Without these cookies, every page you visit would treat you as a completely new visitor. They do not identify you personally and are deleted after you close your browser.|
|Persistent Cookies||Persistent cookies are saved to your computer so that we know when you revisit our website. These cookies help websites to remember your information and settings when you revisit them, resulting in a faster and more convenient user experience.|
|Targeting Cookies||Targeting cookies remember individual websites you have visited. We use these to help us present relevant and targeted online advertising messages to you when you visit subsequent websites.|
|LinkedIn Insights Tag||The LinkedIn insights tag is a piece of code that we have added to our website to help us unlock valuable insights about our website visitors. We use this information to build targeted advertising campaigns on LinkedIn.|
More information on cookies is available here.
This document outlines The CCD’s Access Request Policy and Procedures to help ensure that we comply with data access request made under the standards introduced by the European data protection law, known as the General Data Protection Regulation (GDPR), which came into effect under Irish law on 25 May 2018.
“The CCD” (referred to as “we”, “us”, “our” or “The CCD” in this policy) in this notice primarily refers to Spencer Dock Convention Centre Dublin (No2) DAC, the company contracted to operate the Convention Centre Dublin, and, where appropriate, to other companies in the Convention Centre Dublin group. Spencer Dock Convention Centre Dublin (No2) DAC is registered in Ireland with registration number 419130 with its registered office at Spencer Dock, North Wall Quay, Dublin 1.
An individual may make a request from The CCD as follows:
Right to establish existence of personal data
An individual may write to us asking whether personal data relating to that individual have been or are being processed by or on behalf of us and where such data have been or are being so processed, seeking all or any of the following information
Where we hold such personal data on you, we shall respond to your request and provide the information specified above as soon as may be and subject to the section below on Access Request Requirements, not later than one month after the date on which the request is made.
Access request requirements
When making a request, the individual making the request must provide us with such information as we may reasonably require to satisfy us of the identity of the individual concerned and to locate any relevant personal data or information. Where we have reasonable doubts as to the identity of the individual making a request or reasonably require additional information to locate any relevant personal data, we may request such additional information from the individual making the request as may be necessary to confirm his or her identity or to enable us to locate such personal data or information and the period of time from the making of such a request for additional information until the request is complied with shall not be counted in the one month time period.
Extension of the time period for responding to a request
Where taking into account the complexity of a request and the number of such requests received by us, we are of the opinion that we require additional time to consider the request, we may once and within one month of the date of the receipt of the request, extend the time period by such further period not exceeding two months as we may specify in writing. Such notice in writing shall include the reason for which we are of the opinion that we require additional time to consider the request.
Making an access request
You may be entitled to receive a copy of your personal data held by The CCD upon written request to us at: Chief Data Officer, The Convention Centre Dublin, Spencer Dock, North Wall Quay, Dublin 1, D01 T1W6, Ireland stating that you are making an access request. Alternatively, you may make a request by emailing firstname.lastname@example.org.
In order to respond to your access request, we ask you to:
Use of the Access Request Form is not mandatory. However, completing the Access Request Form should enable us to process your access request more efficiently.
Please note that we reserve the right not to process and release data requested where you have not complied with the access requirements, including where:
a) Your request is not made in writing. We do not accept access requests via telephone or text message or social media platform; or
b) You have not provided us with such information as we may reasonably require to satisfy us of the identity of the individual making the request.
You do not have to pay a fee for making an access request. However, we may charge a reasonable fee in respect of a request, having regard to the administrative cost to us of complying with the request.
Responding to your access request
Once we have received your request together with your proof of identity and address, we shall respond to you within the statutory period of one month, subject to the above provisions on Extension of the Time Period for responding to a Request. If you are not satisfied with the outcome of your access request, you are entitled to make a complaint to the Data Protection Commission who may investigate the matter for you.
Restrictions to access request responses
Individuals are only entitled to access personal data about themselves. Data that consists of an expression of opinion about the data subject given in confidence or on the understanding that it would be treated in confidence may not be provided. In other circumstances where relevant exemptions apply under applicable data protection legislation, certain personal data may not be provided under an access request.
We may also refuse a request that is manifestly unfounded or excessive in nature having regard to the number of requests made by the data subject. We may also restrict, wholly or partly a right of access request where we are satisfied that restricting the exercise of a right constitutes a necessary and proportionate measure for the purposes of avoiding obstructing official or legal enquiries, investigations or procedures, avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, protecting public security, protecting national security or protecting the rights and freedoms of other persons.
If we refuse or limit access upon a request, we shall in writing notify the individual making the request as soon as practicable.
Overall responsibility for ensuring compliance with the requests made under the Data Protection Acts rests with The CCD. However, our responsibility varies, depending upon whether we are acting as either a data controller or a data processor.
Chief Data Officer
The Chief Data Officer co-ordinates the provision of support, assistance, advice, and training throughout the company to ensure we are in a position to comply with the legislation.
This Access Request Policy will be reviewed regularly in light of any legislative or other relevant developments. Where there is any conflict between the provisions of applicable Data Protection legislation and this Policy, then, the applicable legislation shall take precedence.