- Contract - We will process Personal Data where necessary to perform our obligations relating to, or in accordance with, any contract that we may have with you or to take steps prior to entering that contract. When you apply for a job some of our processing activities will be carried out in order to take steps necessary to enter into a contract of employment with you.
- Consent - For certain processing activities we may rely on your consent. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at GDPRonline@enterprise-ireland.com - Legitimate Interest - At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and recruitment portals or to maintain their security and protect intellectual property rights.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests. You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at GDPRonline@enterprise-ireland.com and we will review our processing activities. - Legal Obligation - If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.
- third level institutions source candidates for internships with Enterprise Ireland;
- the Applicant contacts us through publicly accessible platforms such as LinkedIn;
- the Applicants may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites; and
- third parties who undertake psychometric testing and pre-employment medical assessments on behalf of Enterprise Ireland
- the Applicant’s nominated referees or other individuals who may provide us with Personal Data relating to the Applicants.
- to receive and review job applications
- to create a record/file for the Applicant on our system and to associate all notes and tracking throughout the interview, and onboarding process
- to keep up to date information about Applicants in relation to their requirements, in order to assess their suitability for current or future vacancies
- to maintain our database
- screening and identification of Applicants for available positions
- to communicate with Applicants about positions that might be of interest to them
- to receive and review Applicants applications
- to understand notice period, availability and current salary/salary scale details where applicable (i.e. when transferring from an existing public/civil service position)
- to undertake screening for the purposes of semi-automated or manual decision making about Applicants.
- responding to Applicants queries
- receiving and reviewing applications received from Applicants directly
- communications with Applicants re application
- setting up interviews with the Applicant
- to arrange and undertake interview
- recording notes of interview
- to communicate with the Applicants following interview
- psychometric testing
- to identify if the Applicant is fit to work
- to assess the Applicant working capacity
- to ensure starting salary is calculated correctly (i.e. minimum point of the scale unless the successful candidate is a current public or civil servant in which case the terms of Circular 08-2019 apply)
- to remunerate Applicant for interview / travel expenses
- back-up and storage of Applicant data
- to make improvements and efficiencies in the recruitment process
- to respond to web forms completed by applicants;
- to administer the Website;
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
- to ensure the safety and security of our website and our services.
- to respond to any requests from Applicants
- to send newsletters and other information that may be of interest
- to participate in recruitment conferences, seminars, events
- to personalise marketing information
- to segment and distribute targeted marketing
- to our recruitment agency framework partners for the purposes of applicant sourcing and screening
- to third level institutions who may be involved in internship recruitment programmes for Enterprise Ireland
- to our sub-contractors for the performance of any contract relating to our recruitment activities including email, chat, ticketing, ATS (applicant tracking system), hosting service providers;
- for the purposes of third-party screening and verification, including doctors or testing companies (for example, psychometric testing, criminal record checks / pre-employment screening services and medical assessments)
- to the Department of Enterprise, Trade & Employment to ensure contracts of employment are issued are in line with agreed guidelines of recruitment
- to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have;
- to official authorities to protect our rights, property, or safety, or those of other persons (including you);
- to providers of services to Enterprise Ireland including IT consultants and hosting companies, marketing, legal and finance;
- to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
- to Enterprise Ireland’s insurance brokers and providers where required for administering claims;
- your Personal Data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your Personal Data
- deleting the Personal Data is a legal requirement
- we are required by law to have it
- it is used for freedom of expression
- it is used for public health purposes
- it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
- it is necessary for legal claims.
- you have identified inaccurate Personal Data, and have told us of it
- where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether
Enterprise Ireland Recruitment Data Protection Statement
When we refer to “Personal Data” in this Recruitment Data Protection Statement we mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
OUR RECRUITMENT DATA PROTECTION STATEMENT
Under the General Data Protection Regulation (the “GDPR”), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.
We must also explain your rights under the GDPR and related data protection laws in relation to our processing of your Personal Data. Our general Data Protection Statement is available on our website Personal Data Protection Notice - Enterprise Ireland (enterprise-ireland.com)
This recruitment data protection statement sets out specific information relating to applicants applying for positions in our organisation (“Applicants”).
We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).
ABOUT US
We are | Enterprise Ireland. |
You can find us at | East Point Business Park, The Plaza, Dublin 3, D03 E5R6 |
Telephone | |
Our website is |
This Recruitment Data Protection Statement applies to Enterprise Ireland.
References to “We”, “Us” the “Organisation” and “Enterprise Ireland” shall apply to the office in the group that is processing your Personal Data.
Enterprise Ireland is the government organisation responsible for the development and growth of Irish enterprises in world markets. We invest in and support the development of Irish-owned companies on their journey to achieving greater scale and to become global leaders in their field. This provides a platform for strong economic growth, and creating and sustaining jobs in communities around the country. Our teams in Ireland and across our network of 39 international offices help Irish companies to develop high-growth strategies and to enter new markets with innovative and sustainable solutions.
This Recruitment Data Protection Statement describes how we process Personal Data in order to recruit prospective employees and temporary workers to open positions in our organisation. It includes detailed information about the types of Personal Data that we process and how we use, manage and protect that Personal Data.
CONTACT DETAILS
If you have any questions about this Recruitment Data Protection Statement or the way in which your Personal Data is being used by us, please contact our Data Protection Officer:
Email: eidataprotectionoffice@enterprise-ireland.com
WHO THIS RECRUITMENT DATA PROTECTION STATEMENT APPLIES TO
This Recruitment Data Protection Statement applies to the Personal Data we process about Applicants applying for positions as employees in our organisation.
LAWFULNESS OF PROCESSING
We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.
When Enterprise Ireland processes Personal Data about Applicants, any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Recruitment Data Protection Statement.
SOURCES OF APPLICANT DATA
We receive Personal Data about Applicants from a variety of sources both directly and indirectly. Generally, an Applicant may provide us with certain information directly, for example, when the Applicant applies for a position advertised by Enterprise Ireland, or interacts with our communications (e.g., websites and advertisements). Applicants may also provide us information indirectly through our panel of recruitment agencies in response to advertised positions.
We may also receive Personal Data about an Applicant when:
CATEGORIES OF APPLICANTS PERSONAL DATA
The table below sets out the general categories of Personal Data that we collect in relation to Job Applicants.
Personal Data Category | Description |
|---|---|
Contact Data | may include a person’s email address, phone number, postal address, other communication details (e.g. Skype) |
Identification Data | may include a person’s name, date of birth, driver’s license, national tax identification number and passport information |
Professional Data | may include profession, company, department, employment history, skills/ experience, membership of professional bodies |
Education Data | may include degrees, certificates and diplomas awarded, languages, educational history, qualifications |
Application Data | includes personal data provided as part of an application for a permanent or contract position. may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies |
Financial Data | includes payment and bank details, tax information, social security and current salary/salary scale details where applicable (i.e. when transferring from an existing public/civil service position |
Test Data | includes test answers and results for any job application, including psychometric testing |
Health Data | includes health information including information about any disability or illness. |
CV Data | may include Contact Data, Identification Data, Professional Data, Education Data, Application Data, Financial Data, Health Data |
Communications Data | may include personal data included in communications with us over email, text, phone or letter. |
Media Data | includes video data and recordings from any interview with the Applicants including, Contact Data, Professional Data, Education Data, Health Data, Application Data and Communications Data. |
Legal Data | includes criminal record and credit checks undertaken where required as part of the application process. |
Position Data | includes information on salary/rate of pay, working hours and job description. |
Emergency Contact Data | may include the name and contact details provided by an Applicants in case of an emergency. |
Marketing Data | may include your Contact Data and any preferences in receiving marketing from us and your communication preferences. |
Web Data | may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you are using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. |
OUR PROCESSING ACTIVITIES
We can only collect your Personal Data if we have a lawful basis for doing so.
We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
Purpose/Activity | Type of Personal Data | Lawful basis for processing |
|---|---|---|
Applicants Sourcing | ||
CV Data Communications Data Marketing Data | Legitimate interest of Enterprise Ireland to effectively manage sourcing, recruitment and communicate with Applicants effectively.
Consent
| |
Job Applications | ||
CV Data Communications Data
| Consent Legitimate interest of Enterprise Ireland to effectively manage sourcing, recruitment and communicate with Applicants effectively. | |
Job Interview | ||
CV Data Communications Data Media Data
| Consent Legitimate interest of Enterprise Ireland to effectively manage sourcing, recruitment and communicate with Applicants effectively. | |
Applicants Screening | ||
| CV Data Test Data Health Data
| Legitimate Interest of Enterprise Ireland to establish applicants’ suitability for roles.
Contract
Art 9(2)(h) of the GDPR for the assessment of the working capacity of the applicant [1]
|
Applicants Finance Activities | ||
Contact Data Position Data Financial Data | Legitimate interest of Enterprise Ireland to effectively manage sourcing, recruitment and communicate with Applicants effectively.
Contract
| |
Applicants IT Activities | ||
Contact Data Identification Data Professional Data Education Data Communications Data Marketing Data | Legitimate interest of Enterprise Ireland to effectively manage sourcing, recruitment and communicate with Applicants effectively.
| |
Website Delivery | ||
Contact Data Web Data
| Legitimate Interest of Enterprise Ireland to manage the website and ensure website security
| |
Marketing activities | ||
Marketing Data Contact Data Web Data | Consent
Legitimate Interest of Enterprise Ireland to promote the organisation & attract prospective employees.
| |
RETENTION OF APPLICANTS PERSONAL DATA
We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.
Our retention policy is as follows:
Purpose of Processing | Retention Period |
Job Applications | Duration of campaign +18 months |
Applicant Interview | Duration of campaign +18 months |
Applicant Expense Reimbursement | Duration of campaign +7 years |
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims. We may also delete Personal Data earlier than the specified Retention Period where the Personal Data is no longer required for the purpose.
DISCLOSURE OF PERSONAL DATA
Personal Data is shared in certain circumstances as follows:
SECURITY
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Recruitment Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.
We monitor for, and do everything we can to prevent, security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.
We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
TRANSFERS OUTSIDE THE EEA
The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing personal data. Due to the global nature of our business, certain personal data may be disclosed to staff members of Enterprise Ireland working outside the EEA: To view a list of Enterprise Ireland overseas office, click here. To the limited extent that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 or adequacy decision under Article 45. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
USE OF THIRD-PARTY WEBSITES
Recruitment websites that you access via a link on the Enterprise Ireland website are outside our control and are not covered by this Recruitment Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.
YOUR RIGHTS
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold on you
You have the right to ask for all the Personal Data we hold about you. When we receive a request from you in writing, we must give you access to everything we have recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we cannot delete your Personal Data where:
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
When Personal Data is restricted, it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
QUESTIONS OR COMPLAINTS
Thank you for reading our Recruitment Data Protection Statement. Please Contact Us if you have any questions.
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached. The contact details for the supervisory authority in Ireland are:
Online Form: Data Protection Commission 'Contact Us' Form
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 1 7650100 or +353 1800 437 737
AMENDMENTS TO THIS RECRUITMENT DATA PROTECTION STATEMENT
We will post any changes to this Recruitment Data Protection Statement on the Website and on our job ads in recruitment portals and when doing so will change the effective date at the top of this Recruitment Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Recruitment Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
[1] processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;[Art9(3) GDPR]
Last Updated: 12th June 2024