Privacy & Cookies Policy

NDRC is committed to protecting and respecting your privacy. This statement sets out how we collect personal data, what data we hold, what we do with this information, how it is secured and for how long it is retained. It also sets out how such information may be accessed, amended or removed at your request and who to contact in the event of any problem arising.

Personal data we may hold on you

Personal data means any information about an individual from which a person can be identified. It does not include data where the identity has been removed (anonymous data) and on which we report in aggregate.

In the course of the services NDRC provides, we may collect the following personal data:

  • On enquiry about or application for a NDRC venture investment or enterprise support, we may gather your name, email address, telephone number, company name and any other data that you deem relevant to your enquiry or application to NDRC. We usually gather this data directly from you, but in some cases, data may be passed on to us from a third party, such as a partner on one of our venture investment or enterprise support activities.
  • On completion of the Contact Us form on, we collect your name, email address, telephone number and other information including company name that you deem relevant to your query.
  • On contacting us in relation to potentially investing in one of our portfolio companies, we may gather your name, email address, phone number, company name and any other data that you deem relevant to your enquiry.
  • At events and for marketing, you may provide us with your name, place of work and contact details when you sign up for an NDRC event. We may also take photos or videos at such events.
  • On submission of a CV or quote to NDRC, you may provide us with your CV, a cover letter, your name, address, email address and phone numbers. CVs may include information about your education and employment If you become an employee of NDRC, join its Board or one of its Board Subcommittees, supply services or goods to us or otherwise enter into a contract with us, we will also collect personal data from you. Depending upon the relationship, this may include your home and email addresses, your phone numbers, PPSN, bank details, next of kin details, and other information appropriate to the relationship between us.

If you do not provide us with your personal data, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website or other collection methods (e.g. online forms).

If we get personal data about you from any third party, we will inform you of this fact, the data provided, the purpose for which we have been given it and how long we will retain it, within one month of our having received it.

Legal basis for holding your personal data

NDRC collects and uses your personal data for several purposes, specifically:

  • To consider, assess and/or enter into an NDRC venture investment, enterprise support, employment, or another contract with you
  • For the normal operations of any of the NDRC venture investment and enterprise support activities
  • To process an application received from you, to invite you to present your business idea as part of the NDRC venture investment and enterprise support activities and to provide feedback to you
  • Further to your express consent when you have given it (e.g. our company newsletter)
  • If necessary, to comply with our legal obligations, a court order or to exercise and defend legal claims
  • Where necessary, for our legitimate interests, such as communications and provision of services within cohorts, marketing, security and operations

How your personal data is used

The personal data gathered and held by NDRC from its employees is needed for payroll, Revenue, pension and Health Insurance purposes. It may be used to calculate pay and other benefits and the proper payment of PRSI, USC, tax and any other Revenue or State charges.

The personal data gathered and held by NDRC on its directors, Committee, suppliers of services is needed for corporate governance and company law compliance and for payment purposes in the case of suppliers.

Prior to an offer of NDRC venture investment or enterprise support, your personal data may be used to evaluate and provide feedback on your application to NDRC.

Personal data may be used by NDRC in the normal operations of our venture investment and enterprise support activities to keep you informed of related programme schedules and events and so that you may engage fully with NDRC staff, mentors, other companies participating in NDRC’s venture investment and enterprise support activities, and with the wider NDRC portfolio companies. It may be used to assist us in improving the quality of our operations and activities, to develop new approaches, initiatives and activities, and to seek or provide you with feedback.

With your consent for marketing purposes. You can decide how much marketing you would like to receive when you first apply to or contact NDRC. You may withdraw this consent at any time.

Apart from for the purposes just described, personal data about you will not be disclosed to anyone other than you, for any purpose, unless required by law or with your express consent.

Retention of your personal data

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will store your personal data only for as long as necessary or permitted. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and/or provide our services to you
  • The duration of our investment in your company
  • Consent given by you
  • The duration of your employment with NDRC
  • Where retention is required or advisable for legal purposes.

Please see our Data Retention Policy for further details.

At the end of the appropriate period, personal data will be removed from NDRC’s physical files and in so far as it is possible, from all computer records, held by NDRC. Any third parties that may have your data (e.g. for payroll processing purposes) will be asked to confirm that they have removed your personal data at the termination of your relationship with NDRC.

All personal data will be reviewed by NDRC periodically to ensure that it remains accurate, relevant and not excessive. Following such review, the personal data may be amended, updated or deleted, as appropriate.


NDRC will use appropriate physical and technical security measures to ensure that personal data will always be kept safe and protected from unauthorised access to, or alteration, disclosure or accidental loss or destruction.

Access to personal data, whether hard or soft copy, will be restricted in a secure location to a limited number of properly trained staff, solely for the purposes set out above, with appropriate password protection and backup procedures. Staff training and awareness will be reviewed and updated regularly.

The Right of Access/Removal/Portability

You have the right to request copies of the personal data relating to you, information about how that data was processed and any parties to whom any part of that data may be disclosed.

If you want to request any of this information, please do so in writing, which includes email. The personal data requested, if held, will be provided as soon as possible and in any event, no later than 1 month of receipt of the request. If any additional information is needed in order to properly address the request, it will be sought from you immediately, along with any identification needed. If there is likely to be any delay in providing you with access, due to the complexity of the request or otherwise or if access is being refused, you will be notified within 1 month and given a reason for the delay or refusal. In the event of refusal, you will be entitled to complain to the Data Protection Commissioner about it.

You are also entitled to have your data given back to you or provided to a third party in a structured, commonly used and machine-readable form where processing is done automatically and is based on your consent or a contract with you. Please submit such request in writing to NDRC.

In addition, you have the right to request NDRC to remove personal data relating to you from its files and records. Such request must be in writing. NDRC will be entitled to retain personal data if there are legitimate grounds or a legal obligation to do so.

Transfer of Personal data abroad

NDRC does not transfer your data outside of the Republic of Ireland, save for a specific activity and with your express prior consent.

Data Breaches

NDRC will report any personal data breach, that presents a risk to the data subject, to the Data Protection Commissioner, without undue delay within 72 hours of having become aware of the breach.

In the event that harm, such as identity theft or breach of confidentiality, may be caused to anyone by reason of the breach, that person will also be notified of it.

Complaints/Contact Us

If you have a complaint about the use of your personal data, please contact Irene Dehaene, our privacy officer, at so that we can put matters rights as quickly as possible.

If you wish to make a complaint, you may do so by telephone, in writing and by email. Our postal address is NDRC, Digital Exchange, Crane St, Dublin 8, DO8 HKR9, Telephone: + 353 1 480 6252 Email:

All complaints will be fully investigated. Please give as much detail as possible to help us resolve the matter promptly.

You can also contact the Data Protection Commissioner at Canal House, Station Road, Portarlington, Co Laois, R32 AP23. Phone 076 1104 800 or Lo Call Number 1890 252 231. Email

NDRC uses cookies to help our users navigate as quickly as possible. Here is information on how we use cookies:

What is a cookie?

Cookies allow websites and users to navigate speedily, with the information stored telling sites when a user has returned. Cookie information is in the form of a text file. It is generated by a web page server. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.

How we use cookies?

First Party Cookies

CraftSessionID helps with user navigation efficiency throughout the NDRC domain, and expires at the end of a session.

Third Party Cookies

NDRC uses Google Analytics to assist us in the functioning of this website. This service helps us to provide relevant information in an easily accessible format. We use IP Anonymization in Google Analytics. Through this, a number of cookies are incorporated.

  • _gid is used for user distinction. Duration: 24 hours
  • _ga is also used for user distinction. Duration: 2 years
  • _gat is used to throttle requests. Duration: 60 seconds
  • _gcl_au is used by Google Analytics to understand user interaction with the website.Duration: 2 months

Cookies can also be utilised for advertising purposes. On, the only cookie in this area is:

  • test_cookie. This cookie is set by The purpose of the cookie is to determine if the users' browser supports cookies. Duration: 15 minutes

Some form applications on NDRC are processed through Wufoo.

  • ep201 set by a load balancer, user tracking for abuse and troubleshooting problems. Duration: 1 hour.
  • ep202 measures form completion. Duration: 1 hour.
  • JSessionID is used to track and monitor system health. Duration: Session.

A cookie is also used for the cookie message panel that is shown at the bottom of the site.

  • cookieconsent_status is used to determine if the cookie message panel is shown on the site. When the ‘Accept’ button has been clicked, this panel is hidden. Duration: 1 year

If your browser allows, you may be able to set it so that it declines cookies and notifies you when a cookie is being sent. You can also delete cookie files from your computer as you wish, however if you do so it may affect how easily you interact with our website.

Read more about cookies and find out how to manage or disable them