ISPAI Privacy Notice
The Internet Service Providers Association of Ireland (ISPAI / “we”, “us”, “our”) are committed to keep data collected or provided to us private and in accordance with applicable data protection laws and keep up-to-date with legislation changes such as the introduction of the GDPR.
This notice sets out the basis for processing personal data we collect from you, or that you provide to us for example through submission of an ISPAI Membership Application Form. The terms “you”, “your” and “user” shall refer to an individual and/or entity.
Who we are and how we use your information
ISPAI is a non-for-profit trade association for the providers of Internet services registered under Company Number 285632. As a trade association membership is voluntary but the companies who choose to become members of ISPAI agree to abide by the ISPAI Code of Practice and Ethics and support the Hotline.ie service.
To carry out our core business and ancillary activities we collect personal information from: (a) prospective, current and past members of the association, including registration information; (b) supplier contracts to support our services; (c) prospective, current and past directors, board, working group members, employees, consultants, temporary workers.
We use your personal information for the purpose of:
- allowing us to perform our functions and objectives and deliver our services to you
- to review and update the membership contact details
- to display your company information in the membership directory
- to provide you with information that you request from us or which may be of interest to you or where you have consented to be contacted for such purpose
- to carry out our obligations arising from any contracts entered into between you and us
- for compliance with ISPAI Code of Practice and Ethics, MOU(s)
- to ensure that content from our website is presented to you effectively and enhance the user experience
Information you provide to us or we collect about you
Information about you that you provide to us by filling in the ISPAI Membership Application Form or by corresponding with us, such as information you provide when you register to join the association, use our website, attend our meetings and events. This may include your name, email address, postal address, phone numbers, financial information and compliance documentation, links to your website and social media channels available in the public domain.
Recruitment and employees
If you choose to apply for a role with ISPAI your will be asked to complete a standardised application form in addition to your CV. Within the said application form you will be asked for your name and contact details. We will also ask for your prior employment experience, education, referees and we’ll ask that you answer specific questions regarding the role you’re applying for.
All the information you provide during the process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.
The information will be accessible to our recruitment team and will not be made available to anyone outside of our recruitment team.
Our recruitment team will be in touch with shortlisted applicants to make arrangements for any interviews and to discuss the format that these may take. We do not collect more information than we need to fulfil our stated purpose and will not retain it for longer than necessary.
Successful candidates will be requested to provide the necessary information for payroll processing and payment purpose along with emergency contact details, so we know who to contact in case you have an emergency at work.
We retain data with respect to our current employees to allow us to fulfil our requirements of their employment contract and relevant legal obligations.
We retain data with respect to former employees for a period of six years following the end of their contract in case of reference requests. This information will subsequently be appropriately and securely disposed of, unless otherwise required for example details retained for pension purpose.
Personal information from unsuccessful candidates will be retained for a maximum of six months following closure of the job posting in case of queries after which time it will be appropriately and securely disposed of.
When you visit the ISPAI website
When you visit the ISPAI website we also collect non-personal data (information that cannot be used to identify or contact you), such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website. We do so by using Google Analytics for the purpose of interpreting our website’s traffic to ensure it is working in the best way possible and to allow us to improve the user experience.
Any information gather for this purpose is for internal use only and contains no personal information. The IP address of the computer or other device you may use to access the website is used to gather anonymised statistical data and it is not retained with a view to identifying you personally by either ourselves or Google Analytics.
We have a legitimate interest in monitoring the use of our website which is for the purpose of continual improvement. You do, however, have the option to prevent Google Analytics from using your data; for more information on this please visit https://tools.google.com/dlpage/gaoptout. Additionally for more information on how Google uses your data please visit https://policies.google.com/technologies/partner-sites
Please note ISPAI will not sell, rent, distribute or otherwise make your data commercially available to any third party without your prior and explicit permission.
A cookie is a snippet of text that is sent from a website's servers and stored on a web browser. A cookie typically contains the name of the website from which it has come, the lifespan of the cookie and a value. The value is usually a unique code that will only make sense to the website that has issued it. Cookies can also be used to measure how people use websites and what kind of browsers or devices they're using.
When you first visit the ISPAI website, you will see a message informing you about Cookies. If you click the ‘Hide this message” button, a cookie will be set that records your preference.
You can set your web browser to accept or reject cookies, or tell you when a cookie is being sent. You can also delete cookies from your computer. For further information on cookies visit http://www.allaboutcookies.org/
We are therefore relying on your consent as our lawful basis for using Cookies.
Links to other websites
We do our utmost to protect your privacy through the appropriate use of security technology: we ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes, the service provider has appropriate security measures.
Our legitimate business interest
ISPAI is a non-for-profit trade association representing the interests of its members. We provide a number of core services for our members that require the holding of personal information: registration of members and listing details on our website, compliance with ISPAI Code of Practice and other Memorandums of Understanding, maintenance of mailing lists to provide communication on issues of interest to members, hosting working group meeting, events, and the provision of networking opportunities. To deliver and maintain these services we request a minimal amount of personal data from our members and provide regular updates and opportunities to take part in ISPAI work/business.
Subject to Section 60 of the Data Protection Act, 2018 and any associated Regulations, the GDPR specifies the following rights for data subjects:
- right to be informed
- right of access
- right of rectification
- right of erasure
- right to restrict data processing
- right to data portability
- right to object to processing
- right in relation to automated decision making and profiling [we do not undertake automated decision making or profiling]
Where feasible, ISPAI will make every possible effort to ensure the data we hold relating to you is kept up to date and accurate. We may do this by periodically contacting you via email, with requests that the data is verified and confirmed by you.
Please note that GDPR requires us to minimise the data we keep unless it’s required for the provision of a service or for existing legal requirements (such as Revenue purposes), therefore we endeavour to keep your data only for as long as it’s needed for the original purpose we collected it.
Should you wish to exercise any of these rights please contact us at email@example.com If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations and respond in the first instance within one month of receipt.
No administration fee will be charged for considering and / or complying with such a request unless the request is deemed to be excessive in nature. If a complex request is received, we may need to extend the period to a further two months in order to respond appropriately. We will inform you of the reasoning behind any extension.
Upon successful verification of your identity you are entitled to obtain the following information about your own personal information:
- the purposes of the processing
- the source(s) of the personal information, if it was not obtained from you
- the categories of personal data stored about you
- the recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients
- the envisaged period of storage for your personal data or the criteria for determining the storage period
- the use of any automated decision-making and/or profiling
You have the right to lodge a complaint with the Data Protection Commission if you believe your data has not been processed by ISPAI in the stated way or in accordance with GDPR. You can contact the Data Protection Commission:
For more details on how to contact the Data Protection Commission please visit https://www.dataprotection.ie/en/contact/how-contact-us
Personal data breaches
The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
We take any suspicion of a personal data breach seriously and will fully investigate. In accordance with GDPR, the Data Protection Commission will be notified without undue delay where a breach is likely to result in a risk to the rights and freedoms of the data subject(s) involved. Where a high risk is identified those who may be impacted will be notified also.
Changes to this Privacy Notice
We reserve the right to make changes to this Privacy Notice. Therefore, you may wish to check for amendments any section that is important to you each time you visit our website. This Notice was last updated in January 2019.
Should you have any questions regarding this Privacy Notice you are welcomed to email us at firstname.lastname@example.org