Privacy Policy

1. What is Personal Data?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2.  Who are we?

The Carmelite Institute of Britain and Ireland (CIBI) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

3.  How do we process your data?

CIBI complies with its obligations under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data to:

  • process your programme registrations, manage your fees and administer your assessments;
  • ensure we provide you with the best service possible, including customer support for any technical issues you may experience accessing our websites and to provide other operational supports;
  • carry out surveys and statistical analysis;
  • respond to your enquiries or complaints;
  • provide reference requests subject to your consent.

4. What is the legal basis for processing your data?

We process personal data on the legal basis of legitimate interest to meet our academic, regulatory and legal obligations.

5. Sharing your data

In certain circumstance, we need to share personal data with trusted third parties in pursuit of our legitimate interests e.g. the use of processors to manage communications, surveys or the secure storage of your data, and educational partners e.g. St Patricks Pontifical University, Maynooth. We may also share your data with third parties to meet any applicable law, regulations or lawful requests.

6.  International transfer

All personal data is stored within the European Economic Area or countries whose data protection regimes have been designated as adequate by the European Commission. We will not transfer any data to a third country or international organisation without your explicit consent and without appropriate privacy safeguards in place.

7. How long do we keep your data?

We keep data in accordance with the guidance set out within our records retention policies and do not hold your information beyond what is required to meet our academic, legal and regulatory obligations.

8. Your rights and your personal data

You have the following rights with respect to your personal data:

  • The right to request a copy of your personal data, which [name of organisation] holds about you;
  • The right to request that [name of organisation] correct any personal data if it is found to be inaccurate, incomplete or out-of-date;
  • The right to request your personal data is erased where it is no longer necessary or lawful for [name of organisation] to retain such data;
  • The right to request that [name of organisation] provide you with a copy of your personal data and, in certain circumstances, to transmit that data directly to another data controller;
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data;
  • The right to lodge a complaint with the Data Protection Commission.

9. Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice. The new notice will explain the new use of your personal data prior to commencing the processing. It will set out the relevant purposes and processing conditions.

10. Contact details

To exercise all relevant rights, queries or complaints please in the first instance contact us admin@cibi.ie.

11. Complaints

You have the right to make a complaint to the Data Protection Commission which you can contact by phone: +353-761-104 800; via email info@dataprotection.ie or by writing to:

The Data Protection Commissioner,
Canal House,
Station Road,
Portarlington,
Co. Laois R32 AP23,
Ireland

Version 1.0, 2023