Privacy Policy

Introduction

Bord Iascaigh Mhara (BIM), Crofton Road, Dun Laoghaire, County Dublin, as the Data Controller has created this notice to outline the manner in which personal data will be handled and processed in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

This Privacy Policy provides you with information about the processing of personal data by BIM. For BIM to effectively deliver and administer the public services entrusted to us, it is necessary to process personal data. Personal data is information capable of identifying you as an individual, for instance, your address or telephone number.

Purpose of Processing and Basis

BIM processes your data for the purpose of providing the services we offer. These services include funding, training, industry projects, advisory services and sustainability and certification across the fisheries, aquaculture and seafood processing sectors. The fisheries department also provides a fisheries management chart and a species directory. The seafood processing department includes a seafood innovation hub.

Much of the information we hold will have been provided by you, but some may come from other sources, such as images captured by external CCTV should you visit our premises.

• Performance of a task carried out in the exercise of official authority vested in Bord Iascaigh Mhara: BIM as a State Agency, is required to collect, process, and transfer personal data to comply with our obligations as set out in various Irish and EU fisheries and marine legislation. Data provided in application forms will be used for purposes including the issuing of licenses and certifications, conducting of surveys and performing services for those working in the marine sector, training, education, and ice services and by the Department of Agriculture Food and Marine and EU institutions for audit and verification purposes. BIM also provides development and innovation services, seafood technical services and economic and strategic services.

• Processing necessary for the performance of a contract: in acting as a Data Controller, BIM needs to keep and process information about you to carry out our obligations arising from any contracts entered into between you and For example, the administration of grants, supplier account opening, employment or when you undertake a course of study, upskilling or development programme with us, or facilitated by us.

• Processing necessary for compliance with a legal obligation: Information including PPSNs and other tax numbers used in the processing of each grant application will also be included in BIM’s end of year returns and disclosed to Revenue as set out in the Code of Practice for the Governance of State Bodies (Department of Public Expenditure and Reform 2016).

• Processing necessary for the establishment, exercise, or defence of legal claims: For example, where BIM may need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal

• Processing necessary for the purposes of preventive or occupational medicine, for the assessment of working capacity: we may gather and store special category personal data relating to your health where it is required as part of a training programme or in order to issue certain certifications and/or licenses.

Where you have consented, we may contact you in relation to relevant events or initiatives, you can unsubscribe from such communications at any time.

• We may sometimes need to process your data to pursue our legitimate. The nature of our legitimate interests are as follows:
  • to provide for the safety and security of all employees, contractors and visitors to our properties;
  • to protect any BIM infrastructure, resources or properties;
  • to limit or deal with fraud and misconduct and allow for whistle-blower reports and related investigations; and
  • to conduct investigations into alleged misconduct or inappropriate

You have a right to object to our use of your personal data, and we will respect that right should you exercise it; however, you should be aware that we may not be able to provide services to you.

The personal data which we process is generally about individuals who are involved in the Irish and international seafood and fisheries industries. We also process personal data concerning employees, candidates, participants in educational programmes, governmental stakeholders and members of the public.

If in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any additional relevant information.

Disclosure of your information

Your personal data that BIM holds may be shared with government departments, national or EU agencies with responsibility for the marine, online application administration, grant administration, training awards or accreditation where it is necessary and relevant, for example, the Department of Agriculture, Food and the Marine (DAFM). Details of projects may be shared with the Managing Authority for the European Maritime and Fisheries Fund (EMFF), and details of any supports provided will be published online as required by Article 119(2) of the EMFF Regulation 508/2014.

We will only permit our service providers to process your personal data for specified purposes and in accordance with our instructions. Only the minimum personal data necessary will be shared.

Do we transfer your information outside of EEA?

In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards including standard contractual clauses to ensure the security of your data.

Cookies

Cookies are a form of technology used in the delivery and analysis of a website. When you visit a website, small text files are placed on your device temporarily. Some cookies are functional and necessary. Other cookies are used for marketing and analysis purposes. You may submit your consent preferences by using the banner, which will be visible when you visit our websites. To update your consent preferences, you can also visit our consent preference page. For more information on what cookies are used on this website, please visit our Cookies Policy.

Your rights as an individual

Your rights as an individual

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA2018) you have a number of rights with regard to your personal data:

The right to know what personal data we process about you and how we use this personal data; The right to access your personal data;

If your personal data is inaccurate or incomplete, you have the right to have the data rectified without undue delay;

The erasure of your personal data or the right to be forgotten – the right to be forgotten is not an absolute right will not apply where processing is necessary for:

• Compliance with a legal obligation
• Archiving purposes in the public interest, scientific or historical research purposes or statistical
• Establishment, exercise or defence of legal claims.

The right to restrict processing, object to the processing as well as the right to data portability in certain circumstances.

If you have provided consent for the processing of your personal data, you have the right (in certain circumstances) to withdraw consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

If you believe that we have not complied with the requirements of the GDPR or DPA 18, you have the right to lodge a complaint with the Irish Data Protection Supervisory Authority info@dataprotection.ie or by post 21 Fitzwilliams Square, Dublin 2, D02 RD28.

If you wish to exercise any of your rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Any request to access personal data will be dealt with free of charge unless it is considered excessive in which case, we may charge a reasonable fee.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about;
• Kept securely; and
• Processed in accordance with the principle of accountability.

Automated decision making

We do not engage in fully automated decision making which has significant or legal effects on you in the provision of our services.

Data Protection Officer

If you have any queries you can write to us at dataprotection@bim.ie or Data Protection Officer, Bord Iascaigh Mhara, Crofton Road, Dún Laoghaire, Co. Dublin, A96 E5A0.

Data Retention

We retain your information in accordance with our Data Retention Policy. Subject to your rights, we will ordinarily process your personal data throughout the course of your relationship with us and will then retain it for a period after that. The precise length of time will depend on the type of data, our legitimate interests and other legal or regulatory rules that may require us to retain it for certain minimum periods.

In determining the appropriate retention period for different types of personal data, the amount, nature, and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means are considered.

Data security and storage of personal data

We use a range of physical, electronic, and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a need to know basis, technological security measures, including firewalls, encryption, and anti-virus software; and physical security measures, such as staff security passes to access our premises.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Change to this Privacy Policy

We may update this notice from time to time. If we make any changes, we will post those changes here and update the ‘Last Updated’ date at the bottom of this Privacy Policy.

Last Updated: 28/01/2022