BIM Privacy Statement
Bord Iascaigh Mhara (BIM), Crofton Road, Dun Laoghaire, County Dublin, as the Data Controller has created this notice to outline the manner in which personal data will be handled and processed in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
This Privacy Statement (together with our Terms and any other documents referred to) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Questions, comments, and requests regarding this Privacy Statement are welcomed and should be addressed to the Data Protection Officer online, by email to firstname.lastname@example.org, by phone on 01 2144100 or by post to Data Protection Officer, Bord Iascaigh Mhara, Crofton Road, Dun Laoghaire, Co. Dublin.
Purpose of Data Collection and Lawful Basis
Much of the information we hold will have been provided by you, but some may come from other sources, such images captured by external cctv should you visit our premises.
- Performance of a task carried out in the exercise of official authority vested in Bord Iascaigh Mhara: BIM as a State Agency, is required to collect, process, and transfer personal data to comply with our obligations as set out in various Irish and EU fisheries and marine legislation. Data provided in application forms will be used for purposes including the issuing of licenses and certifications, conducting of surveys and performing services for those working in the marine sector, training, education, and ice services and by the Department of Agriculture Food and Marine and EU institutions for audit and verification purposes.
- Processing necessary for the performance of a contract: in acting as a Data Controller, BIM needs to keep and process information about you to carry out our obligations arising from any contracts entered into between you and us. For example, the administration of grants, supplier account opening, or when you undertake a course of study, upskilling or development programme with us, or facilitated by us.
- Processing necessary for compliance with a legal obligation: Information including PPSNs and other tax numbers used in the processing of each grant application will also be included in BIM’s end of year returns and disclosed to Revenue as set out in the Code of Practice for the Governance of State Bodies (Department of Public Expenditure and Reform 2016).
- Processing necessary for the establishment, exercise, or defence of legal claims: For example, where BIM may need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
- Processing necessary for the purposes of preventive or occupational medicine, for the assessment of working capacity: we may gather and store special category personal data relating to your health where it is required as part of a training programme or in order to issue certain certifications and / or licenses.
- Where you have consented, BIM may contact you in relation to relevant events or initiatives, you can unsubscribe from such communications at any time.
- BIM may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes, or reporting potential crimes. The nature of our legitimate interests are as follows:
- to provide for the safety & security of all employees and contractors of BIM and of all visitors to the Company’s properties.
- to limit or deal with fraud and misconduct and allow for whistle-blower report and related investigations; and
- to conduct investigations into alleged misconduct or inappropriate behaviour.
- monitoring communications which pass through BIM’s Systems or on/from company devices, including emails, instant messages, social media posts, text messages and app- based messages.
BIM will never process your data where these interests are overridden by your own interests. You have a right to object to our use of your personal data, and we will respect that right should you exercise it; however, you should be aware that we may not be able to provide services to you.
If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
Disclosure of your information
Your personal data may be disclosed to third parties, government departments, national or EU agencies with responsibility for the marine, online application administration, grant administration, training awards or accreditation where it is necessary and relevant, for example, the Department of Agriculture, Food and the Marine (DAFM). Details of projects may be shared with the Managing Authority for the European Maritime and Fisheries Fund (EMFF) and details of any supports provided will be published online as required by article 119(2) of the EMFF Regulation 508/2014.
Where BIM engages the services of third parties, such services are covered by an appropriate contract, and any data acquired in the course of such services is processed in compliance with the GDPR.
BIM will only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
Do we transfer your information outside of EEA?
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards including standard contractual clauses to ensure the security of your data.
Your rights as an individual
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA2018) you have a number of rights with regard to your personal data:
1. The right to access your personal data
2. if your personal data is inaccurate or incomplete, you have the right to have the data rectified without undue delay.
3. the erasure of your personal data or the right to be forgotten – the right to be forgotten is not an absolute right will not apply where processing is necessary for:
- Compliance with a legal obligation.
- Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
- Establishment, exercise or defence of legal claims.
4. the right to restrict processing, object to processing as well as the right to data portability in certain circumstances.
5. If you have provided consent for the processing of your personal data, you have the right (in certain circumstances) to withdraw consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
6. If you if you believe that we have not complied with the requirements of the GDPR or DPA 18, you have the right to lodge a complaint with the Irish Data Protection Supervisory Authority.
The Data Protection Commission can be contacted at:
21 Fitzwilliam Square
Telephone: 578 6848 00 / 761 104 800
If you wish to exercise any of your rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Any request to access personal data will be dealt with free of charge unless it is considered excessive in which case, we may charge a reasonable fee.
We retain your information in accordance with our Data Retention Policy. Subject to your rights, we will ordinarily process your personal data throughout the course of your relationship with us and will then retain it for a period after that. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods.
In determining the appropriate retention period for different types of personal data, the amount, nature, and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means are considered.
We use a range of physical, electronic, and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a need to know basis, technological security measures, including fire walls, encryption, and anti-virus software; and physical security measures, such as staff security passes to access our premises.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to and from the websites of government departments, other public bodies or of other relevant organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to this statement
We reserve the right to change this statement at any time by notifying users of the existence of a revised statement.