- Enterprise Ireland Head Office – The Plaza, Eastpoint Business Park, Dublin 3 D03 E5R6
- Enterprise Ireland Regional Offices
- Enterprise Ireland International Offices listed here
- “Applicants” refers to any entities or individuals applying for grants or investment funding, or other support services administered by Enterprise Ireland
- “Beneficiaries” who are beneficiaries of grants/investment funding, other supports services administered by Enterprise Ireland
- “Associated Contacts” of Applicants or Beneficiaries for example employees/management teams/shareholders etc.
- the Personal Data is often provided as part of, or in the course of the grant and investment administration process;
- the Personal Data may be collected from public sources like LinkedIn;
- the Personal Data may be collected through our website;
- the Personal Data may be collected indirectly from a website or from a third party.
- to process grant and investment applications;
- to review projects seeking Enterprise Ireland grant and investment support;
- to assess eligibility for grants and investments against required criteria;
- to communicate with Applicants and Associated Contacts;
- to keep up to date information about Applicants and their requirements, in order to assess suitability for funding;
- to create a record on our internal systems and to associate notes and tracking throughout the grant and investment application process;
- to develop relationships;
- to tailor our grants and investments to requirements;
- The exercise of Official Authority
- Legal Obligation
- to communicate with Beneficiaries in relation to the onboarding process;
- to create and maintain profiles on our internal systems;
- to enter into a contractual relationship in relation to the provision of a grant and investment.
- Contract
- The exercise of Official Authority
- Legal Obligation
- to issue grant funding;
- to transfer funds;
- to maintain a record of payments made;
- to process repayment of any grant funds issued to Beneficiaries, where applicable.
- Contract
- Contract
- Exercise of Official Authority
- to administer approved funding;
- to deliver industrial development supports or advice;
- to make introductions with buyer and other contacts;
- to meet third party requirements and to share that data with third parties such as the European Commission or other EU funded agencies where the data is collected in connection with and for the purposes of a project or programme run or funded in whole or in part by the third party such as the EU or European Commission
- Contract
- The exercise of Official Authority
- Legal Obligation
- Contract
- The exercise of Official Authority
- Legal Obligation
- Contract
- The exercise of Official Authority
- to include you on our communications database
- to provide you, or permit selected third parties to provide you, with information about events hosted or co-sponsored by us or about events we feel may interest you
- to send you email alerts and newsletters that you have opted-in to receive by filling in our online forms or contacting us by email or by other means
- to send you surveys to complete
- to contact you with business opportunities
- to contact you regarding the services provided by us
- Contract
- Consent
- The exercise of Official Authority
- The exercise of Official Authority
- to comply with our regulatory and professional requirements;
- to prevent and detect fraud, money laundering or other offences;
- to exercise our right to defend, respond or conduct legal proceedings;
- to ensure compliance with government regulation on grant approval to companies, for example when grant support packages required Cabinet approval
- to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation;
- to comply with the law in certain jurisdictions;
- to check any conflicts of interest;
- Legal Obligation
- to client companies, business partners and subcontractors for the performance of any contract relating to our services, including email, Communications/Events Platforms, Customer Relationship Management system, web developers, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
- to other organisations, companies, auditors, Government Departments, Schools and Educational Institutes, recruiters, local authorities and public bodies;
- to analytics and search engine providers that assist us in the improvement and optimisation of our services;
- to Local Enterprise Offices to enable the provision of services and supports. Further information is available on Enterprise Ireland’s Corporate Website www.enterprise-ireland.com;
- to International Enterprise Ireland offices, where relevant, to enable services and supports to be provided in the relevant global location;
- if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
- to protect our rights, property, or safety, or that of our clients, business contacts or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection or credit risk reduction. When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
- the length of time we have an ongoing relationship and/or provide our services;
- the type of support services that you are receiving, i.e. EU funding/Irish Government funding
- whether there is a legal requirement to which we are subject; and
- whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
- your Personal Data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your Personal Data
- deleting the Personal Data is a legal requirement
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
- it is necessary for legal claims.
- you have identified inaccurate Personal Data, and have told us of it
- where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether
Data Protection Statement for EI Funding, Investment & Support Services
1. About Us
We are Enterprise Ireland. You can find us at: The Plaza, East Point Business Park, Dublin 3 D03 E5R6
Email: gdpronline@enterprise-ireland.com
Telephone: +353 (0)1 727 2000
Our website is: www.enterprise-ireland.com
This Data Protection Statement applies to the following Enterprise Ireland offices:
References to “we”, “us” and “Enterprise Ireland” shall apply to any office in the organisation that is processing your Personal Data.
We are the trade and innovation agency of the Irish Government and one of the world’s largest seed capital investors.
We invest in and support the development of Irish-owned companies on their journey to achieving greater scale and to become global leaders in their field. This provides a platform for strong economic growth and creating and sustaining jobs in communities around the country. Our teams in Ireland and across our network of 39 international offices help Irish companies to develop high-growth strategies and to enter new markets with innovative and sustainable solutions.
We need to process Personal Data to provide our services. We are committed to protecting the Personal Data rights of individuals in accordance with global data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).
2. Contact Details
We have appointed a Data Protection Officer. If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact:
Data Protection Officer
Data Protection and Freedom of Information Office
Enterprise Ireland
The Plaza
Eastpoint Business Park
Dublin 3
D03 E5R6
Email: gdpronline@enterprise-ireland.com
Telephone: +353 1 727 2000
3. The Purpose of this Data Protection Statement
This Data Protection Statement applies to Personal Data. The definition of Personal Data is as follows:
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Data Protection Statement describes our approach to data protection and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.
4. Who this Data Protection Statement applies to
This Data Protection Statement provides specific information relating to the following individuals whose Personal Data we process:
5. Sources of Personal Data
We receive Personal Data from a variety of sources, as follows:
6. Our Legal Basis for Processing Personal Data
We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal basis that must be in place before we process Personal Data.
When we process Personal Data it is generally on one of the following legal basis:
Contract
We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
Consent
For certain processing activities we may rely on your consent.
Where we are unable to obtain consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at gdpronline@enterprise-ireland.com.
Public Interest or Official Authority
Given our role as a public authority, we will process Personal Data where necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Enterprise Ireland.
The basis for the processing shall be laid down in EU law or a National law to which Enterprise Ireland is subject.
Legitimate Interest
At times we will need to process your Personal Data to pursue our legitimate interests where the processing does not relate directly to our role as a public authority.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at gdpronline@enterprise-ireland.com and we will review our processing activities.
Legal Obligation
If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.
Defence of Legal Claims
In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights.
7. The Personal Data we have
We only collect the Personal Data that we require in order to provide the best service to you and deliver the services that you expect. We have described here in as much detail as possible the Personal Data that we use in order to provide our services categorising it under various headings.
Depending on the scope of the relationship that we have with you we may collect some or all of the following Personal Data. The Personal Data collected will also depend on the country where the information is being collected and local laws. We have outlined how we use the Personal Data in the next section.
Examples of Personal Data |
Contact Data may include a person’s email address, phone number, postal address, other communication details (e.g. Social Media links) |
CV Data may include information from a CV or application form such as Contact Data, Identification Data, Professional Data, Education Data, Application Data, Financial Data, Health Data, Biographical Data |
Education Data includes details of your education, skills and qualifications |
Financial Data includes payment related information or bank account details, shareholding information and financial data received as part of the grants administration process |
Identification Data includes information used to identify a person and may include, date of birth, national tax identification number, driver’s license and passport information, nationality |
Log Data information logged on systems relating to your use of such systems including the client support hub |
Marketing Data may include Identification Data and Contact Data and any preferences in receiving marketing from us and your communication preferences |
Media Data may include photographs, video data and recordings |
Professional Data may include information about your professional experience, company, department, employment history, skills/experience, membership of professional bodies directorships and shareholdings |
Social Media Data includes social media data including links and contacts for your business social media profile(s) |
Trade Union Data includes trade union membership noted on salary certificates submitted on grant inspection |
Web Data includes information that may be provided when you interact with our website such as forms on our website and, to the extent that it includes Personal Data information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use |
8. How we use Personal Data
We want to ensure that the Personal Data is used for the purposes that you would expect, and our ultimate goal is that there should be no surprises for you in the way that Personal Data is used by Enterprise Ireland. Personal Data is used for the following key activities relating to Enterprise Ireland grants and funding to ensure that we can deliver the best service to you:
Purpose | Legal Basis |
Grant and Investment Applications
In accepting and processing applications for grants and funding, we may use Personal Data for the following purposes:
| |
Onboarding of Beneficiaries
We use Personal Data to onboard Beneficiaries of Enterprise Ireland grants and investments:
|
|
Payment of Grants and Investments We may use and create Personal Data for the purposes of processing grant payments including:
|
|
Grant Inspection Once a grant is approved, we may process Personal Data to ensure that grant criteria is met which includes engaging in inspection activities required for grant drawdown and grant use including desk-based and onsite inspections. The inspection process will require us to engage with Beneficiaries and Associated Contacts.
|
|
Grant and Investment Administration We may use Personal Data about beneficiaries for the purposes of administering grants and investments including:
| |
Audit of Public Expenditure We may use Personal Data to support the auditing activities related to the expenditure of public and European funding.
| |
Training & Mentorship We may use Personal Data to provide training and mentorship programmes |
|
EI Communications We may use Personal Data to facilitate communication with you for the following purposes:
|
|
Business Development We are continuously developing our software and systems to improve our grants and investments processes. We use Personal Data in some cases to facilitate that development including to gain applicant and beneficiary insights to help optimise and develop our services and provide new offerings and improve existing offerings.
|
|
Regulatory and Legal We may need to process certain Personal Data as part of our legal obligations, and to ensure our practices are in line with regulatory requirements. We may use Personal Data for the following purposes:
|
|
9. Disclosure of Personal Data
In certain circumstances, we may disclose Personal Data to third parties as follows:
10. Security Measures
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law, including the GDPR. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process. We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.
Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.
We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
11. International Transfers
The Personal Data that we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing Personal Data. Due to the global nature of our business, certain Personal Data may be disclosed to staff members of Enterprise Ireland working outside the EEA: To view a list of Enterprise Ireland overseas office, click here.
To the limited extent that it is necessary to transfer your Personal Data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including standard contractual clauses under Article 46.2 or adequacy decision under Article 45. Please contact us at gdpronline@enterprise-ireland.com if you wish to obtain information concerning such safeguards.
12. Cookies
Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Some cookies are optional and you do not have to accept them.
Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Policy available here.
13. Third Party Websites
Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.
14. Retention
We will store your Personal Data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
Please contact us at gdpronline@enterprise-ireland.com if you wish to obtain further information concerning our retention periods.
15. Your Rights
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold on you
You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we can’t delete your Personal Data where:
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
When Personal Data is restricted, it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent, or the processing is authorised by law.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
16. Questions or Complaints
Thank you for reading our Data Protection Statement. Please Contact Us if you have any questions.
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Online Form: Data Protection Commission 'Contact Us' Form
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 1 7650100 or +353 1800 437 737
17. Amendments to this Data Protection Statement
We will post any changes to this Data Protection Statement on the Website and on our job ads in recruitment portals and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.