Bord Bia Privacy Statement
2. Data Controller
3. What personal data does Bord Bia collect and why?
5. What are the data protection principles?
6. Security of your personal data
7. How long will we keep your personal data?
9. Technical information we collect when you visit our website
10. How we may use this technical information
11. Your data protection rights
12. Requests by data subjects to exercise their rights
13. Changes to the Privacy Statement
Schedule 1 – Processing Description
1.1. Bord Bia acts as a link between Irish food and drink suppliers and existing and potential consumers throughout the world. Our objective is to develop markets for Irish suppliers and to bring the taste of Irish food to more tables world-wide.
1.2. Bord Bia has developed Irish Beef as a consumer brand to showcase Irish produce to consumers.
1.3. Individuals accessing the Irish Beef website will be asked if they would like to join the mailing list. Members of Irish Beef database receive up to date information and news, recipes and competitions.
1.4. This Privacy Statement explains the ways in which we collect, store and process your personal data which you may provide to us when you sign up on the Irish Beef website. You are never required to provide us with your personal data but you may choose to provide us with it for example, where you enter a competition.
1.5. Please carefully review this Privacy Statement before giving your consent to our processing of your personal data for the purposes set out below.
1.6. Bord Bia has a network of overseas offices in Amsterdam, Dusseldorf, London, Madrid, Milan, Moscow, New York, Paris, Dubai, Singapore, Shanghai, Stockholm and Warsaw with our headquarters in Dublin which be contacted as follows:
Telephone: +353 1 6685155
Lower Mount St
About this Privacy Statement
1.7. Bord Bia likes to keep you informed about products and services, news, research, competitions, announcements and invitations to events connected with Irish Beef.
1.8. This Privacy Statement relates to our privacy practices and policies in place for the data we collect on the Irish Beef website. It sets out what personal data we collect and process about you in connection with these services; where we obtain the data from; what we do with that data; how we comply with the data protection rules, who we transfer data to and how we deal with individuals’ rights in relation to their personal data. Links to all of this information may be accessed by clicking on the titles in the table of contents. Any personal data is collected and processed in accordance with Irish and EU data protection laws.
1.9. In compliance with GDPR, all our staff and contractors are required to comply with this Privacy Statement when they process personal data on our behalf. Any failure by staff or contractors to comply with the data protection rules (including as they are outlined in this Privacy Statement) may result in disciplinary action or sanction.
1.10. Please note that we may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document and if permission if given by the individual. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU laws on data protection
- Data Controller
2.1. Data protection provides rights to individuals with regard to the use of their personal information (personal data) by organisations, including Bord Bia. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of personal data.
2.2. Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.
2.3. The data protection rules that apply to us are currently contained in the Data Protection Acts 1988 and 2003, in the ePrivacy Regulations 2011 and in related legislation (together the “DPAs”). As and from 25 May 2018, the applicable rules will be contained in the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”) and in related Irish data protection legislation which gives effect to the GDPR.
2.4. “Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.
2.5. For the purposes of the GDPR, Bord Bia is the data controller with regard to the personal data described in this Privacy Statement.
- What personal data does Bord Bia collect and why?
3.1. “Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.
3.2. We set out in the table at Schedule 1 of this Privacy Statement a description of the personal data that we collect in connection with Irish Beef, why we are collecting this data, our legal basis for processing this data and the length of time for which we retain your data. (The table is referred to below as our “Processing Description”.)
3.3. We process the personal data for the purposes set out in our Processing Description and for any other purposes specifically permitted by the DPAs (or when applicable, the GDPR) or as required by law.
3.4. We collect this information from you through: an online form on the Irish Beef website including competitions and surveys where you have opted in for us to collect and process your personal data.
4.1. By consenting to our processing your personal data in line with this Privacy Statement you are giving us permission to process your personal data specifically for the purposes identified.
4.2. You may withdraw consent to any of the separate processing activities set out herein, at any time by emailing email@example.com. If you have any queries relating to withdrawing your consent please contact the Data Protection Officer (“DPO”) whose details are set out below.
4.3. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
- What are the data protection principles?
5.1. The eight data protection principles that apply to our organisation are that:-
A. We must process personal data fairly, lawfully and transparently. This obligation includes that we must have a valid legal basis for our processing of personal data (whether the consent of the person, or that the processing is necessary for our legitimate interests (as long as these interests do not outweigh the rights of data subjects) or some other legal basis set out under the DPAs or (when applicable) the GDPR). It also means that we must be transparent with individuals about our processing of their personal data.
- We can only collect personal data for specified, identified and legitimate purposes.
- We can only then process the personal data that we have collected for the purposes which we have identified or for purposes that are compatible with the purposes that we have identified.
- The personal data that we collect and process must be adequate, relevant and limited to what is necessary for the purposes.
- The personal data that we collect and process must be accurate and (where necessary) kept up to-date.
- We must not keep personal data any longer than is necessary, bearing the purpose for which we collected it. This includes that we should keep personal data in a form which permits identification of the data subject for no longer than is necessary.
- We must keep personal data safe and secure from unauthorised access, deletion, disclosure or other unauthorised uses. This includes not just keeping data safe and secure from persons outside our organisation, but also from people within our organisation who have no need to access or use the personal data. We must also be careful when transferring personal data outside the European Economic Area (“EEA”, being the EU plus Norway, Liechtenstein and Iceland), and make sure that we have a valid legal basis on which to transfer that data. Transfer can include using a cloud server that is located outside the EU or allowing people who are located outside the EEA access to personal data that is stored within the EEA.
- We must comply with data subjects’ rights of information about, and (separately) access to, their personal data and with their other data protection rights, including rights to correct or erase their personal data, rights “to be forgotten”, rights to object to processing (including profiling), rights against automated decision-making and (under the GDPR) rights to data portability.
6. Security of your personal data
6.1. We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
6.2. We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data is only transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves. In addition, we have appropriate written agreements in place with all of our data processors.
6.3. We maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the data if they need it for authorised purposes.
6.4. We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using ISO27001 framework standards which includes Firewalls, encryption, anti-virus software and backup and disaster recovery systems.
6.5. We do not transfer your personal data out of the EEA.
- How long will we keep your personal data?
7.1. We have set out in the Processing Description the length of time for which we will keep your information. After this time your personal information is permanently deleted from our records.
- Will we share your information with anyone else?
8.1. Bord Bia engages an agency to run the Irish Beef website including the marketing, competitions and data compilation. The agency collects and compiles the personal data you provide and also assists us with regard to email marketing in relation to Irish Beef. The agency provides the compiled data to Bord Bia and we will then use it for the purposes of communicating with you in line with your preferences.
8.2. Bord Bia engages professional email and digital marketing service providers in order to carry out Bord Bia’s email marketing service in line with this Privacy Statement. The personal data you provide us, is provided to these third parties for this purpose.
8.3. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU laws on data protection. Any such company or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.
8.4. Specifically, we need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection.
8.5. We may pass your details to another agency but only if it is required by law, pursuant to our statutory functions, or if that agency is relevant to your enquiry.
8.6. We may pass on your details if we are under a duty to disclose or share a data subject’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the Gardaí and responding to any requirements from the Gardaí to provide information and/or personal data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
8.7. We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the data protection rules, and that we have in fact complied with the rules. We do this, among other ways, by our written policies and procedures, by building data protection compliance into our systems and business rules, by internally monitoring our data protection compliance and keeping it under review, and by taking action if our employees or contractors fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing. These record-keeping obligations are under the responsibility of our DPO.
- Technical information we collect when you visit our website
9.2. Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. A cookie contains your contact information and information to enable us to identify your computer when you travel around our site for the purpose of helping you accomplish your task. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. The cookies we use do not detect any information stored on your computers.
9.3. For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org.
9.4. Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting the Irish Beef website:
- The date and time of every visit to an individual page
• Each page visited in the site on such a visit
• Your IP/network address
• The type of web browser used by the website visitor
• The device used by the website visitor
9.4.1. What Cookies are used on the Irish Beef website?
9.4.2. Google Analytics
Cookie: Google Analytics
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
datr, lu, s, locale, c_user, xs
Facebook cookies allow sharing of a page on Facebook
pid, k, guest_id, _twitter_sess, original_referer, external_referer, js,
Twitter cookies allow content from Twitter to be shown on website pages and pages to be shared on Twitter.
- How we may use this technical information
10.1. This information is used to enable us to improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes.
10.2. Some of the above information is used to create summary statistics which enable us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.
10.3. We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. It is our policy never to disclose such technical information about individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “personal data” within the meaning of the GDPR.
- Your data protection rights
11.1. Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Requests by data subjects to exercise their rights
12.1. We have appointed a DPO to monitor compliance with our data protection obligations and with this statement and our related policies. If you have any questions about this statement or about our data protection compliance, please contact the DPO.
12.2. Data subjects must make a formal request for personal data we hold about them or otherwise to exercise their data protections rights whether to make an access request or otherwise by contacting our Data Protection Officer.
12.3. Our DPO can be contacted as follows:-
Telephone 00353 (1) 668 5155
Post Data Protection Officer
Lower Mount St
12.4. Note also that data subjects have the right to complain at any time to a data protection supervisory authority in relation to any issues related to our processing of their personal data. As our organisation is located in Ireland and we conduct our data processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner. You can also contact the Data Protection Commissioner as follows:
- Go to their website www.dataprotection.ie
• Phone on +353 57 8684800 or +353 (0)761 104 800
• Email firstname.lastname@example.org
• Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland.
- Changes to the Privacy Statement
Our Privacy Statement may change from time to time and any changes to the statement will be posted on this page.
What personal data we take
Purposes of processing
Legal basis for processing
First name and email address so that we can contact to you in relation to our services, including newsletters, research updates, competitions, events and programmes, which we consider may be of interest to you.
Consent We will store these details as long as you subscribe to Irish Beef and/or to receive any other email marketing communications from Bord Bia.
So that we can contact you in relation to the services (including newsletters, research updates, events and programmes) that you have consented to receive.
Consent We will store these details as long as you subscribe to Irish Beef and/or to receive any other email marketing communications from Bord Bia. Where you have opted out of email notifications, we retain your email address to record this fact on our email notification system.
You are given the option of providing your mobile number on the competition forms. Where you do we may use your number to contact you in the event that you win. However, your mobile number will not be retained or used in any other way.
Consent We do not retain these. Details on competition forms will be submitted to a database where you have consented to be contacted but mobile numbers will not be submitted. Competition forms are destroyed once the relevant information has been inputted.