Data Protection Policy

International House Dublin
Effective Date: January 2025
Review Date: December 2025

INTRODUCTION

The Data Protection Acts provide rules which apply to the collection, use, disclosure and transfer abroad of information about individuals which includes employee and client personal data. The Acts set out the principles that the Company must follow when processing personal data about individuals and also gives individuals certain rights in relation to personal data that is held about them.

The aims of this policy are:
• To assist the Company in meeting its obligations under the Acts
• To regulate the Company’s use of information relating to individuals the company collects personal data from
• To ensure that that individuals the company collects personal data from are aware of both their rights in relation to the personal data that the Company holds about them

DATA PROTECTION PRINCIPLES

The Acts place an obligation on data controllers, such as the Company, to observe the data protection principles. In summary these include that personal data must:
• Be obtained and processed fairly
• Be used and disclosed for specified, explicit and legitimate purposes and not in any manner incompatible with those purposes
• Be adequate, relevant and not excessive
• Be accurate, complete and up-to-date
• Not be kept for longer than is necessary for the purpose(s) for which it was obtained
• Be processed in line with the rights given to individuals under the Acts
• Be kept safe and secure, and
• Not be transferred to countries without adequate levels of data protection

WHAT IS PERSONAL DATA?

Personal data is data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. The data protection principles apply to any sort of personal data, which is either electronically processed (e.g. on a database) or which is held or intended to be in a structured filing system.

Certain personal data is classified as “sensitive personal data”. This is personal data relating to a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, physical or mental health, sexual life or any criminal offence or related proceedings. For example, the Company may, where necessary, collect and process sensitive personal data in respect of health.

THE COMPANY’S OBLIGATIONS

“Processing” includes the obtaining, recording, keeping and disclosing of data. Generally, processing of personal data may only be done with consent. However, such consent is not required in certain circumstances, for example where the processing is necessary for compliance with a legal obligation.

NATURE INFORMATION

The Company holds and processes certain personal information. The records may include address, contact details, educational history, bank details, passport and visa information, health data etc. This sort of information is known as “personal data” under the Acts. Personal data is held on operational databases, staff inboxes and in hard copy where necessary.

Sensitive personal data may include records of sickness absence, medical certificates and medical reports.
The purpose of processing this type of information is generally to manage the attendance process. If sensitive personal data relating to an individual is being processed for reasons otherwise than those set out above or otherwise permitted by law, their explicit consent will be sought.

PURPOSE OF PROCESSING GENERAL INFORMATION

The Company needs to collect and use personal data about individuals for a variety of administration and general business management purposes. These include administration of the booking system, classroom allocation, accommodation placements, processing of payments, handling emergency situations etc.

KEEPING PERSONAL INFORMATION

The Company will take steps to ensure that the personal information it holds is accurate and up-to-date. For example, individuals will be asked to inform the Company of any changes which we need to make to update information (such as a change of email address).
The Company will also take steps to ensure that it does not keep any personal data for longer than is necessary.

TRANSFER OF PERSONAL INFORMATION

The Company may make some information about individuals available to the Company’s advisers and/or data processors such as lawyers, administrators, and to those providing products or services to the Company (such as IT and other outsourcing providers) and to government and/or regulatory authorities. These recipients may be located outside the European Economic Area. In this case, the Company will, as far as is possible, ensure that the recipients of the information, both within and outside the Company, comply with the contents of this policy.

YOUR RIGHTS UNDER THE DATA PROTECTION RULES

The Acts gives the data subject specific rights in relation to the information that is held about them. Some of these rights are summarised below:
• Obtain confirmation that the Company holds personal information, as well as a written description of the information, the purposes for which it is being used, the sources of the information and the details of any recipients
• Obtain access to the personal information, which is held

It is important to note that this is not an absolute right to review all the information that is held, as there are various exceptions to this right contained in the Acts. These include:
(a) where personal data is kept for the purpose of preventing, detecting or investigating offences and related matters; and
(b) where the data is an expression of opinion about the data subject given by another person in confidence.

In certain circumstances, the data subject can ask for the deletion or rectification of information, which the company holds, which is not accurate, or request that the personal information be used for specific purposes

VARIATION

The Company may issue further guidance or make amendments to this Policy from time to time, which will be notified to relevant parties.

CONSENT

By signing the consent form, individuals acknowledge that the Company possesses and will process their personal data in accordance with the provisions set out in this policy.