NDRC is committed to protecting and respecting your privacy. This statement sets out how we collect personal data, what data we hold, what we do with this information, how it is secured and for how long it is retained. It also sets out how such information may be accessed, amended or removed at your request and who to contact in the event of any problem arising.
Personal data we may hold on you
Personal data means any information about an individual from which a person can be identified. It does not include data where the identity has been removed (anonymous data) and on which we report in aggregate.
In the course of the services NDRC provides, we may collect the following personal data:
- On application to an NDRC programme or pre-acceleration activity, we may gather your name, email address, telephone number, company name and any other data that you deem relevant to your application to NDRC. We usually gather this data directly from you, but in some cases data may be passed on to us from a third party, such as a partner on one of our programmes
- On completion of the Contact Us form on ndrc.ie, we collect your name, email address, telephone number and other information including company name that you deem relevant to your query. (This data is processed through our cloud-based CRM system.)
- At events and for marketing, you may provide us with your name, place of work and contact details when you sign up for an NDRC event
- On submission of a CV or quote to NDRC, you may provide us with data that you deem relevant so that we can consider you for role in or relationship with NDRC
If you do not provide us with your personal data, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website or other collection methods (e.g. online forms).
Legal basis for holding your personal data
NDRC collects and uses your personal data for a number of purposes, specifically:
- By agreement with you on signing an NDRC investment, employment, or other contract
- For the normal operations of any of the NDRC accelerator programmes or pre-acceleration bootcamps
- To process an application received from you, to invite you to present your business idea as part of the NDRC qualification process, and to provide you feedback
- Further to your express consent when you have given it (e.g. our newsletter)
- Where necessary, for the purpose of our or others’ legitimate interests
- If necessary, to comply with a legal obligation, a court order or to exercise and defend legal claims
How your personal data is used
The personal data gathered and held by NDRC from its employees is needed for payroll, Revenue, pension and Health Insurance purposes. It may be used to calculate salary and other benefits and the proper payment of PRSI, USC, tax and any other Revenue or State charges.
Prior to commencing an NDRC programme, your personal data may be used in order to evaluate and provide feedback on your application to NDRC.
Personal data may be used by NDRC in the normal operations of our programmes to keep you informed of the programme schedule and events and so that you may engage fully with NDRC staff, mentors, the other companies on the programme and with the wider NDRC portfolio companies. It may be used to assist us in improving the quality of our programmes and to develop new ones and to seek or provide you with feedback.
With your consent, for marketing purposes. You can decide how much marketing you would like to receive when you first apply to or contact NDRC. You may withdraw this consent at any time.
Apart from for the purposes just described, personal data about you will not be disclosed to anyone other than you, for any purpose, unless required by law or with your express consent.
Retention of your personal data
We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
- The duration of your employment with NDRC
- The length of time we have an ongoing relationship with you and/or provide our services to you
- If we have invested in your company, we retain your data for the lifetime of the fund for portfolio management and reporting requirements
- Where retention is required or advisable for legal purposes
Please contact us if you wish to obtain further information concerning our retention periods (see section 10 below).
At the end of the appropriate period, the personal data will be removed from the NDRC physical files and in so far as it is possible, from all computer records, held by NDRC. Any third parties that may have your data (e.g. for payroll processing purposes) will be asked to confirm that they have removed your personal data at the termination of your relationship with NDRC.
All personal data will be reviewed by NDRC periodically to ensure that it remains accurate, relevant and not excessive. Following such review, the personal data may be amended, updated or deleted, as appropriate.
NDRC will use appropriate physical and technical security measures to ensure that personal data will be kept safe at all times and protected from unauthorised access to, or alteration, disclosure or accidental loss or destruction.
Access to personal data, whether hard or soft copy, will be restricted in a secure location to a limited number of properly trained staff, solely for the purposes set out above, with appropriate password protection and backup procedures. Staff training and awareness will be reviewed and updated regularly.
The Right of Access/Removal/Portability
You have the right to request copies of the personal data relating to you, information about how that data was processed and any parties to whom any part of that data may be disclosed.
If you want to request any of this information, please do so in writing, which includes email. The personal data requested, if held, will be provided as soon as possible and in any event, no later than one month of receipt of the request. If access is being refused, you will be notified within one month and given a reason for the refusal. In the event of refusal, you will be entitled to complain to the Data Protection Commissioner about it.
You are also entitled to have your data given back to you or provided to a third party in a structured, commonly used and machine-readable form where processing is done automatically and is based on your consent or a contract with you. Please submit such request in writing to NDRC.
In addition, you have the right to request NDRC to remove personal data relating to you from its files and records. Such request must be in writing. NDRC will be entitled to retain personal data if there are legitimate grounds or a legal obligation to do so.
Transfer of Personal data abroad
NDRC does not transfer your data outside of the Republic of Ireland, save for a specific activity and with your express prior consent.
NDRC will report any personal data breach, that presents a risk to the data subject, to the Data Protection Commissioner, without undue delay and where feasible within 72 hours of having become aware of the breach.
In the event that harm, such as identity theft or breach of confidentiality, may be caused to anyone by reason of the breach, that person will also be notified of it.
If you have a complaint about the use of your personal data, please contact the Privacy Officer, Irene Dehaene, at 01 690 8045 or by email so that we can put matters right as quickly as possible.
If you wish to make a complaint, you may do so by telephone, in writing and by email. Our address is NDRC, Digital Exchange, Crane St, Dublin 8, DO8 HKR9, Telephone: + 353 1 480 6252 Email: firstname.lastname@example.org.
All complaints will be fully investigated. Please give as much detail as possible to help us resolve the matter promptly.
You can also contact the Data Protection Commissioner at Canal House, Station Road, Portarlington, Co Laois, R32 AP23. Phone 076 1104 800 or Lo Call Number 1890 252 231. Email email@example.com
What is a cookie?
Cookies allow websites and users to navigate speedily, with the information stored telling sites when a user has returned. Cookie information is in the form of a text file. It is generated by a web page server. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.
First Party Cookies
CraftSessionID helps with user navigation efficiency throughout the NDRC domain, and expires at the end of a session.
Third Party Cookies
NDRC uses Google Analytics to assist us in the functioning of this website. This service helps us to provide relevant information in an easily accessible format. We use IP Anonymization in Google Analytics. Through this, a number of cookies are incorporated.
- _gid is used for user distinction. Duration: 24 hours
- _ga is also used for user distinction. Duration: 2 years
- _gat is used to throttle requests. Duration: 60 seconds.
Some form applications on NDRC are processed through Wufoo.
- ep201 set by a load balancer, user tracking for abuse and troubleshooting problems. Duration: 1 hour.
- ep202 measures form completion. Duration: 1 hour.
- JSessionID is used to track and monitor system health. Duration: Session.
If your browser allows, you may be able to set it so that it declines cookies and notifies you when a cookie is being sent. You can also delete cookie files from your computer as you wish, however if you do so it may affect how easily you interact with our website.
Read more about cookies and find out how to manage or disable them at www.aboutcookies.org