Learnovate Privacy Statement
Introduction
This is a statement of the practices of the Trinity College Dublin Learnovate Technology Centre (“the Service”) in connection with the processing of personal data for the purposes of the Service and the steps taken by Trinity College Dublin, the University of Dublin (“Trinity College” / “the University”) as a data controller to safeguard individuals’ rights under data protection legislation, specifically the EU General Data Protection Regulation (“GDPR”) and Data Protection Acts 1988-2018.
Trinity College fully respects your right to privacy and actively seeks to preserve the privacy rights of data subjects who share personal data with the University. Any personal information which you volunteer to the Service will be treated with the highest standards of security and confidentiality, in accordance with data protection legislation.
This Privacy Statement explains the following
- How the Service collects your personal data;
- The purpose and legal basis for processing your personal data;
- How we securely store your personal data;
- Details of third parties with whom we share personal data; and
- Your rights under data protection legislation.
How we collect your personal data
We collect personal data to provide our services to you. This data may be collected directly from you by our staff or from other systems under the control of Trinity College.
Purpose and legal basis for processing personal data
The personal data we collect from you will only be processed by the Service for the specific and lawful purposes as outlined in this Privacy Statement. Trinity College will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection as set out under Article 5 GDPR.
Specifically, your personal data may be processed for any or all of the following purposes:
Process | Purpose | Legal basis for processing under GDPR |
---|---|---|
Membership | Payments Information on events and research | Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract t |
Contact request | Request for information | Article 6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
Job applications | Vetting and review of candidates for advertised roles within the Centre
Successful candidate will be required to provide additional personal data | Article 6(1)(c) processing is necessary for compliance with a legal obligation to which the controller is subject
Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Business Development Management | To enable the successful commercialisation of research | Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Blended Events | Research dissemination, promotion
Payment Sign-up for Learnovate online, blended or physical events. You will only be added to our contact data base where you have indicated you wish to be | Article 6: Exercise of official authority particularly Universities Act Section 12 g and I
Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Article 6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
Covid related forms | Public Health | Article 9: 2 (i) Reasons of Public interest in the area of Public health |
Marketing/Events/Website Users. Promotion of services. | Promotion of services | Article 6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
EdTech Accelerator Programme. | Programme supporting EdTech startups with training and mentoring. | Article 6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes |
For further information on personal data processing at Trinity College Dublin please see https://www.tcd.ie/privacy
The Service has compiled processing records, in accordance with Article 30 GDPR requirements. If you require further details, please contact info@learnovatecentre.org
How we securely store your personal data
Personal data will be stored confidentially and securely as required by the Trinity College Information Systems Security Policy and Data Protection Policy. The University is committed to ensuring that the processing of your data is safeguarded by appropriate technical and organisational security measures relevant to the processing in accordance with Article 32 GDPR requirements.
When we store your personal data on our systems the data will be stored either on University premises or on secure IT platforms within the European Economic Area (“EEA”) or external of the EEA which are subject to Chapter V GDPR requirements.
Details of third parties with whom we share personal data
The Service will only share your data with third parties where necessary for the purposes of processing outlined in this Privacy Statement. In accordance with Article 28 GDPR, when we share your data with third parties the Service will ensure that the data is processed according to specific instructions and that the same standards of confidentiality and security are maintained.
The following table details the third parties with whom your personal data is shared together with the purposes for the sharing:
Active Campaign | Customer Relationship Management system (CRM) holding our consent data for outreach and events |
Stripe | Payment processing systems for events |
HopIn | Online events hosting platform |
Google Drive | Administration and communication |
How long we retain your data
In keeping with the data protection principle of storage limitation we will only retain your data for as long as is necessary. For the purposes described in this Privacy Statement we will store your data for the duration of your contract of employment or duration of membership in accordance with the Trinity College Records Management Policy
Your rights under data protection law
You have the following rights over the way we process your personal data. For further information please see the Trinity College Data Subject Rights Requests Procedure.
Right of Access
You have the right to request a copy of the personal data which is processed by the Service and to exercise that right easily and at reasonable intervals.
Consent
You may withdraw your consent to the Service processing your personal data at any time, when consent is the legal basis for the processing. To withdraw your consent, we require you to advise the Service in writing.
Rectification
You have the right to have inaccuracies in personal data that we hold about you rectified.
Erasure
You have the right to have your personal data deleted where we no longer have any justification for retaining it, subject to exemptions such as the use of pseudonymised or anonymised data for scientific research purposes.
Object
You have the right to object to processing your personal data if:
- We have processed your data based on a legitimate interest or for the exercise of the public tasks of the University if you believe the processing to be disproportionate or unfair to you.
- The personal data was processed for the purposes of direct marketing or profiling related to direct marketing.
- We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Restriction
You have the right to restrict the processing of your personal data if:
- You are contesting the accuracy of the personal data.
- The personal data was processed unlawfully.
- You need to prevent the erasure of the personal data in order to comply with legal obligations.
- You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.
Portability
Where it is technically feasible you have the right to have a readily accessible machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.
Cookies
We use information gathered from cookies to help improve your experience of our website. Some cookies are essential so you can move around the website and use its features. Our website also contains third party cookies which are listed in our Cookie Register. You can refuse or consent to third party cookies when you first visit our website or by following the guidelines in our Cookie Policy.
Further information
If you have any queries relating to the processing of your personal data for the purposes outlined above or you wish to make a request in relation to your rights you can contact any member of the Service staff at: info@learnovatecentre.org
If you wish to make a complaint or escalate an issue relating to your rights you can contact the Trinity College Data Protection Officer:
Email: dataprotection@tcd.ie
Post:
Data Protection Officer
Secretary’s Office,
Trinity College Dublin,
Dublin 2,
Ireland.
Oifigeach Cosanta Sonraí
Oifig an Rúnaí,
Coláiste na Tríonóide, Baile Átha Cliath,
Baile Átha Cliath 2,
Éire.
If you are not satisfied with the information we have provided to you in relation to the processing of your personal data or you are dissatisfied with how Trinity College is processing your data you can make a complaint to the Data Protection Commissioner at: https://forms.dataprotection.ie/contact.
Definitions
Personal data
Any information relating to an identified or identifiable natural person (‘data subject’).
Special Categories of Personal Data (Sensitive personal data)
- Data concerning health
- Personal data revealing racial origin, ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade-union membership
- The processing of genetic data for the purpose of uniquely identifying a natural person
- The processing of biometric data for the purpose of uniquely identifying a natural person
- Data concerning a natural person’s sex life or sexual orientation
Processing
Any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations.
Data subject
Someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data controller
An organisation, such as Trinity College, which determines the purposes and means of the processing of personal data.
Data processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, traditionally under contract. This does not include Service staff who are processing personal data on behalf of the University as part of their employment duties.
Date: 15/07/2021