The Galway Convention Bureau Privacy Statement

Galway Convention Bureau with the address of 25F Liosbaun Industrial Estate, Tuam Road, Galway, Ireland (also referred to as “we,” “our,” “us”) is the Data Controller when you provide information to us.

 

Galway Convention Bureau is a Company Limited by Guarantee (CLG) and the official events bureau for County Galway.

Galway Convention Bureau based in Galway Ireland promotes Galway abroad and helps bring and support International meeting, incentive, conference and event business to Galway. We can help you find the perfect venue or hotel for your next meeting, conference or event. Choose from an array of unique activities to Galway for the perfect incentive or team building activity.

Galway Convention Bureau is here to support you in bringing your event to Ireland and advice on any financial supports available from our National Tourism Development Authority, Fáilte Ireland. Our professional team of advisers offer their services impartially and free of any charges or commissions. We are not event organisers, but we are happy to recommend an organiser that best matches your needs.

SUMMARY

This Privacy Statement sets out how we collect, use, share, store personal data, our legal basis for doing so, how long we keep your data and outlines your rights.  Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Acts, 1988 to 2018 and other Irish or EU Data Protection legislation as amended or extended from time to time.

LAWFUL BASIS FOR USING YOUR INFORMATION

All businesses must have a lawful reason to use your personal information; if they do not have one, they cannot use your personal data. Several lawful grounds enable data processing. Outlined below are the most relevant grounds to the processing of personal data by us.

WHEN YOU ARE A CONFERENCE AMBASSADOR FOR GALWAY CITY & COUNTY

When you are an Ambassador, we will process the following personal data about you as it is in our Legitimate Interest.

 

  • The contact details that you supply in your e-mail signature (i.e., your first name, surname, address, company name, telephone/mobile number and e-mail address);
  • A record of the information that you provide to us;
  • Conversations you have when you call us;
  • To issue you with invitations to events.

 

WHEN YOU ARE A MEMBER OF GALWAY CONVENTION BUREAU

We collect the following information from our Members. Members are the interested businesses in Galway City & County that are involved in the MICE (Meeting Incentive Conference and Events or Exhibitions) or Business Events. Our members include but are not limited to hotels, venues, bars, restaurants, coaches, activity providers, attractions and smaller stand-alone businesses. Galway Convention Bureau provides opportunities for our members. The lawful basis relied upon is our Legitimate Interest.

  • You can choose to advertise your business on our website. The information that is shared is the contact name for the business (first and surname), the business postal address, telephone number, e-mail address and google map location.
  • We collect your e-mail address so that we can e-mail you about industry updates and also and specific business opportunities or to let you know about proposals.
  • As a member, you will receive ad-hoc eZines on industry news and upcoming events you have the option to ‘Unsubscribe’ at any time.

WHEN YOU ARE A CLIENT OF GALWAY CONVENTION BUREAU

We collect information about our clients, our clients are event planners and Professional Conference Organisers (PCOs). The lawful basis we rely upon is our Legitimate Interest.

 

  • The contact details that you supply in your e-mail signature (i.e., your first name, surname, address, company name, telephone/mobile number and e-mail address);

 

WHEN YOU SIGN UP TO ATTEND A FAMILIARISATION (FAM) TRIP

When you sign-up to attend a Fam trip, we will process the following information about you:

  • e collect the details of your Next-of-Kin (in case anything should happen you while attending a programme). The lawful basis we rely upon is Vital Interest.

 

Where you provide information to us about other people you need to make sure you have their permission to do so.

 

There may be situations where we need to use your information to comply with legal obligations. We are required by law to keep your information on file to comply with the Revenue Commissioners, Health and Safety legislation and also for Professional and/or Public Indemnity Insurance purposes.

 

We process the following data because we have a legitimate interest:

  • Provide you with the services or information that you have asked for;
  • Keep a record of your relationship with us;
  • Send you correspondence and communicate with you;
  • Meet our legal obligations;
  • Respond to or fulfill any requests, complaints or queries that you may have; and
  • Understand how we can improve our services or information;
  • Keeping your data in our system to keep it secure;
  • The date on which you started using our services;
  • The date on which you ceased to use our services;
  • A record of any complaints or compliments made by you and the action taken in respect of any such complaint or compliments;
  • When you unsubscribe, we retain your e-mail in a suppression list so that we do not e-mail you again by accident;
  • We may receive your business contact information directly from you, as a Conference Ambassador, as a Member, Client or from business cards, or we may get your information from third party sources, such as your website or professional network profile;
  • The IP address and the MAC address when you visit our website enables us to keep our website secure.

 

We process the following data because we have your Consent:

 

  • Subscribing to our eZines.
  • When you fill in your personal details into our website form.
  • To invite you to participate in surveys about our services (participation is always voluntary).
  • When you agree and ‘Consent’ to stand in for a group photograph which we will use on our social media accounts & our website and or ambassador videos; and

 

Telephone/Mobile Phone: We have both a telephone and mobile phone voice messaging system in the office to record any messages from people who ring when the office is unattended. You may or may not wish to leave a message. Messages are deleted once a staff member of Galway Convention Bureau has listened to it and followed up on any information left on the system.

SENSITIVE DATA

In the course of providing our services, we may process specific sensitive data for instance in the unfortunate event that you experience an accident or incident we will record your personal data and any health implications.

 

We ask that you voluntarily disclose any medical conditions, dietary requirements that Galway Convention Bureau and the relevant Suppliers should be aware of.

 

We rely on exceptions contained in Article 9 of the GDPR and the Data Protection Acts, 1988 to 2018 to process this information (such as your explicit consent or to protect your vital interests).

 

 

 

WHEN AND HOW WE COLLECT YOUR INFORMATION

We may collect information you provide to us directly and indirectly when interacting with our services. This may include such interactions as:

  • You make an initial approach to us by e-mail or on the phone or by completing our online contact form;
  • Interact with us by e-mail, text, or on social media;
  • From our Industry Partners such as state-funded bodies (i.e., Fáilte Ireland, Galway County Council, etc.)
  • Business referrals by our trade or industry partners

 

CHILDRENS’ DATA

Galway Convention Bureau is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not aim our services at children, and we do not knowingly collect any personal data from any person under 16 years of age.

 

YOUR BUSINESS FINANCE INFORMATION

Processing is necessary for compliance with a legal obligation such as Taxation laws. We will process your financial information for instance when you submit invoices for the purposes of receiving a proportion of your costs. We collect financial data required to comply with Irish Tax law such as V.A.T. numbers, account details to pay and sending invoices.

 

USE OF OUR WEBSITE

We process the following data because we have a legitimate interest:

 

We have a legitimate interest in understanding how our clients and potential clients use our website. This assists us in providing more relevant services and communicating value to our clients.

 

Galway Convention Bureau website collects specific information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Galway Convention website, including a history of the pages you view. We use this information to help us design our site to suit our users’ needs better. We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Galway Convention Bureau website also uses cookies. See the Cookie Notice on our website for more details. (NOTE – please provide a hyperlink to Cookie Notice)

 

CONTACT FORM

We collect personal information relating to you when you contact us through the contact forms on this website. This information may include your name, e-mail and your phone number. We will only use this information to respond to your request. We will never use this information to market to you unless you have specifically requested us to reach out to you through the contact form.

 

NEWSLETTER

We use a third-party provider, MailChimp to deliver our eZine. As a part of MailChimp services, it collects statistics around e-mail opening and clicks using industry-standard technologies. If you no longer wish to receive marketing eZines from us, you have the right to ask us to stop processing your data for direct marketing purposes. Please send an e-mail to [email protected] with ‘UNSUBSCRIBE’ in the subject line or click the ‘Unsubscribe’ link in the eZine e-mail you received from us.

 

CONSENT

There are some activities where we process personal information with your permission, which you can withdraw at any time, although if you do, we may not be able to provide the product or service you have requested. An example is where we want to use your photograph to promote our Galway City & County. We would ask your permission first and you can withdraw your consent at any time. We will indicate in this Privacy Statement where we rely on consent.

 

WITHDRAWING CONSENT

Where we may rely on consent to use your information, you have the right to revoke that consent for that processing activity at any time. However, we may have the right to rely on an alternative legal basis for the processing activity and will inform you of that.

A withdrawal of consent may still allow the processing of your data if:

  • Processing is necessary for the performance of a contract with you.
  • Processing is necessary for compliance with a legal obligation.
  • Processing is necessary to protect your vital interest or that of another person.
  • Processing is necessary for the performance of a task carried out in the public interest.
  • Processing is necessary for the legitimate interests pursued by Galway Convention Bureau or a third party; except where such interests are overridden by your interests or fundamental rights and freedoms.

 

DIRECT MARKETING

We want to send you information about our services, opportunities and events from time-to-time which may be of interest to you. If you have consented to receive such marketing information, you may opt-out later. You have a right at any time to ask us not to contact you for marketing purposes.

 

In addition to sending you information about the services you use, and where we have your permission, we may send you direct marketing communications about our services, events and offers.

 

Direct marketing communications may be sent by e-mail (eZines) and push notifications to your mobile devices, and via other electronic means such as when you visit our website.

 

We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our services.

 

You will be able to opt-out of direct marketing by following the instructions in the communications you receive or changing your device settings.

 

LINKED SERVICES, THIRD-PARTY SITES AND CONTENT

We may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. Galway Convention Bureau does not accept any responsibility or liability for other sites’ Privacy Notices/Statements or Privacy Policies. If you access other websites using the links provided, please read their policies before submitting any personal information.

Our website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from Galway Convention Bureau website through these services, you should review the ‘Privacy Statement/Notice’ of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

HOW WE PROTECT YOUR DATA

Access to our online databases is password protected and all our computers are also password protected. We restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. All our documentation and records are securely stored on site.

Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website, or to our office via e-mail, and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your personal data arising from such risks. Please also note that our website contains hyperlinks to websites owned and operated by third parties, and use of these is at your own risk (see ‘Third Party Websites’)

BUSINESS RE-ORGANISATION

In instances where our business is subject to a re-organisation, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of Galway Convention Bureau.

 

DISCLOSURES REQUIRED BY LAW

Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.


RETAINING YOUR DATA

We shall keep your information for as long as necessary for the uses set out in this Privacy Statement or while there is a legitimate business reason for doing so.

We hold your data:

  • For enquiries – 6 months, just in case you have forgotten something and come back to us.
  • For marketing – until you withdraw consent or until we see that you are no longer opening the eZines. We review our consents every year.
  • Accident/incident Reports – kept for 10 years.
  • After ceasing to be a client, member and/or ambassador or attending a FAMs trip – 7 years.
  • Soft copies of the attendance sheets are retained for 7 years.
  • Unsuccessful candidates (Interview Score Sheets, C.V. and Cover Letters, Application Forms, Job Specification and Job Description) – 1 year from the date that the position is filled.
  • All other data is held as per our Retention Schedule; please feel free to contact us for more information at [email protected]

Where you ask for your account to be closed, we will do this as soon as possible subject to any terms and conditions relating to the account. Your information will be retained to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.

 

YOUR RIGHTS UNDER THE GDPR & THE DATA PROTECTION ACTS, 1988 to 2018

 You have rights in respect of our processing of your personal data which are:

 

  • To access your personal data and information about our handling of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
  • We no longer need it;
  • If we are processing your personal data by consent and you withdraw that consent;
  • If we no longer have a legitimate ground to process your personal data; or
  • We are processing your personal data unlawfully
  • To object to our processing if it is by a legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

 

If you want to exercise any of these rights, please contact us at [email protected]

 

These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact us (see ‘Complaints, Questions & Assistance’ below). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.

 

WHO DO WE SHARE YOUR INFORMATION WITH?

In the course of providing our Services, we share information with various third parties, including hotels, venues, and other service providers that you have selected for:

  1. Site Inspection;
  2. Final venue for your event or conference; or
  3. Destination Management Companies (DMC) or PCO who you have selected to run your event.

 

In particular, we may share your personal data with Fáilte Ireland and this is subject to our Data Sharing Agreement with them.  Fáilte Ireland is the National Tourism Development Authority under the National Tourism Development Authority Act, 2003 (NTDA Act, 2003) and Fáilte Ireland’s statutory purpose is inter alia the development of tourist traffic within and to the State and the development and marketing of tourist facilities and services in the State.

The categories of Personal Data that may be shared between us and Fáilte Ireland  may include but is not limited to:

  • Names, addresses, telephone numbers and email addresses of our clients,
  • Details of client enquiries and interactions,
  • Details of events planned by us including but not limited to relevant contacts in hotels, the number of event attendees and contact details of our suppliers;

Any personal data that we share with Fáilte Ireland is for the purposes of:

  • Business development and the fulfilment of Fáilte Ireland’s statutory functions in relation to the provision of practical and financial support to meeting planners. Please note that where Fáilte Ireland provide State funding towards an event, Fáilte Ireland has a legal obligation to be satisfied (i.e., verify) that the event has taken place and as to the number of attendees.
  • In order to ensure the appropriate support is afforded to our respective clients;
  • Fáilte Ireland may use data provided by us to report to the Department of Tourism on anonymised statistics that does not require the disclosure of your personal data.
  • Where personal data is shared with Fáilte Ireland, we ensure that we have a valid legal basis to process the personal data pursuant to Data Protection Legislation.
  • When we share your personal data with Fáilte Ireland, we will as separate Independent Data Controllers, retain the Shared Data for no longer than it is required for the purposes for which it was shared. We will both, as independent Data Controllers, securely and safely delete and destroy personal data in our possession when it is no longer required.

Please take a look at Fáilte Ireland’s Privacy Policy for more details: http://www.failteireland.ie/Footer/Privacy-Policy.aspx

DATA TRANSFERS OUTSIDE OF THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA

When we transfer your personal data out of the European Economic Area (EEA), we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

CHANGES TO OUR PRIVACY STATEMENT

We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review. This policy was last updated in July 2019.

 

COMPLAINTS, QUESTIONS AND ASSISTANCE

If you have any comments, concerns or complaints about our uses of your information, we would ask that you contact us first, so that we can try and resolve the matter.

 

You are encouraged to raise any issues with our Compliance Officer, Rose Finn.

 

Post: Galway Convention Bureau, 20F Liosbaun Industrial Estate, Tuam Road, Galway, Ireland

Telephone: 353 (0) 91 339920

Mobile: 353 (0) 87 7730512

E-mail: [email protected]

 

 

 

COMPLAINING TO THE DATA PROTECTION COMMISSION (DPC)

Where we are unable to help, you can complain to the Data Protection Commission (DPC) in Ireland or the Statutory Authority in your country of residence, who will be able to liaise with the Data Protection Commission (DPC).

 

The Data Protection Commission (DPC) can be contacted at:

Post: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, Ireland, R32 AP23.

Telephone: 353 (0) 57 8684800

Telephone: 353 (0)761 104 800

Lo-Call Number: 1890 252 231

E-mail: [email protected]