Privacy - Part A

Privacy – Part 1 – INTRODUCTION

 

1.1  The Broadcasting Authority of Ireland is the regulator of broadcasting in Ireland and isestablished under the Broadcasting Act 2009 and references to the “BAI” or “us” or “we” shall be interpreted as references to the Broadcasting Authority of Ireland. About this Privacy Statement.

 

1.2  This Privacy Statement aims to give you information on how the BAI collects and processes your personal data through your use of this website, including any data you may provide through this website or through any other form of communications with us, including when you browse this website, submit a complaint, submit a freedom of information request, sign up to one of our mailings lists, submit to a consultation, submit a licensing application or provide personal data to the BAI in a manner that we cannot control or anticipate. Full details of the personal data which BAI processes can be viewed in our Records of Processing Activities and is available on request from the contact details below. The record sets out what personal data we collect and process about you; where we obtain the data from; what we do with that data; how we comply with the data protection rules, who we transfer data to and how we deal withindividuals’ rights in relation to their personal data. Links to this information may be accessed by clicking on the titles in the table of contents. Any personal data is collected and processed in accordance with Irish and EU data protection laws.

 

1.3  All our employees and contractors (which includes, for the avoidance of doubt, agency staff) are required to comply with this privacy statement when they process personal data on our behalf.

 

1.4  Please note that we may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU laws on data protection.

 

1.5  This website is not intended for children and we do not knowingly collect data relating to children. The GDPR (as defined below) defines a child as anyone under the age of 16 years old, although this may be lowered to 13 by Member State law. Where the data controller relies on consent as the legal basis for processing under Article 6 (1) (a) of the GDPR, the processing of personal data of a child in relation to information society services is only lawful if authorised by the holder of parental responsibility over the child. The data controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child.

 

1.6  Please carefully review this Privacy Statement before giving your consent to sign up to our mailing lists or cookies, or other functions that we carry out pursuant to the granting of your consent.Contact Details

 

1.7  The Broadcasting Authority of Ireland contact details in relation to Data Protection matters are as follows:

  • Telephone: 016441200
  • Email: dpo@bai.ie
  • Post: 2-5 Warrington Place, Dublin, D02 XP29

 

Privacy – Part 2 – DATA CONTROLLER

 

2.1  Data protection provides rights to individuals with regard to the use of their personal information (personal data) by organisations, including the BAI. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of personal data.

 

2.2  Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.

 

2.3  The data protection rules that apply to us are currently contained in the Data Protection Act 2018, in the ePrivacy Regulations 2011 and in related legislation (together the“DPAs”) and the EU General Data Protection Regulation (EU Regulation 679/2016) (the“GDPR”) and in related Irish data protection legislation which gives effect to the GDPR.

 

2.4  “Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.

 

2.5  For the purposes of the GDPR, the BAI is the data controller with regard to the personal data described in this Privacy Statement.

 

2.6  Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.

 

2.7  The data protection rules that apply to us are currently contained in the Data Protection Act 2018, in the ePrivacy Regulations 2011 and in related legislation (together the“DPAs”) and the EU General Data Protection Regulation (EU Regulation 679/2016) (the“GDPR”) and in related Irish data protection legislation which gives effect to the GDPR.

 

2.8  “Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.

 

2.9  For the purposes of the GDPR, the BAI is the data controller with regard to the personal data described in this Privacy Statement.

 

Privacy – Part 3 – WHAT PERSONAL DATA DOES THE BAI COLLECT AND WHY?

 

3.1  “Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.

 

3.2  We may collect, use, store and transfer different kinds of personal data about you when you use our website and when we carry out tasks pursuant to the submission of your personal data:

3.2.1  Identity Data, which includes first name, maiden name, last name, username or similar identifier, marital status, title, and gender.

3.2.2  Contact Data, which includes billing address, delivery address, email address and telephone numbers.

3.2.3  Financial Data, which includes bank account and payment details.

3.2.4  Transaction Data, which includes details about payments to and from you.

3.2.5  Technical Data, which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

3.2.6 Profile Data, which includes information such as your username and password.

3.2.7 Usage Data, which includes information about how you use our website and services.

 

3.3  We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

3.3.1 Where we need to perform the contract we are about to enter into or have entered into with you;

3.3.2 Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority;

3.3.3 Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than for our mailing lists and cookies policy.

 

3.4  Our Records of Processing Activities (Hyperlink) describe in further detail, among other things, the personal data that we collect in connection with the performance of our functions, why we are collecting this data, our legal basis for processing this data and the length of time for which we retain your data. An up to date digital copy of our Records of Processing Activities can be accessed at the hyperlink at the beginning of this clause or a physical copy can be provided on request by emailing dpo@bai.ie.

 

3.5  We process the personal data for the purposes set out in our Records of Processing Activities and for any other purposes specifically permitted by the DPAs (or when applicable, the GDPR) or as required by law.

 

3.6  We collect this information from you through:

3.6.1  website submission forms; for example if you are submitting a response to one of our consultations;

3.6.2  technical measures designed to improve the functionality of our website, for example cookies;

3.6.3  email;

3.6.4  records generated pursuant to telephone conversations;

3.6.5  traditional post;

3.6.6  social media interactions

although it may be the case that you submit personal data to us in a manner which is beyond our control or in a way that cannot reasonably be anticipated.

 

Privacy – Part 4 – CONSENT

 

4.1 By consenting to our processing your personal data in line with this Privacy Statement you are giving us permission to process your personal data specifically for the purposes identified.

 

4.2  You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of personal data relating to you. If you have any queriesrelating to withdrawing your consent please contact the Data Protection Officer (“DPO”)whose details are set out below. You may withdraw your consent by contacting us through email at dpo@bai.ie.

 

4.3  Withdrawal of consent shall be without prejudice to the lawfulness of processing based on consent before its withdrawal.

 

Privacy – Part 5 – WHAT ARE THE DATA PROTECTION PRINCIPLES?

 

5.1  We must process personal data fairly, lawfully and transparently. This means that we must have a valid legal basis for our processing of personal data as set out under the DPAs or (when applicable) the GDPR. It also means that we must be transparent with individuals about our processing of their personal data (“lawfulness, fairness and transparency”);

 

5.2  We can only collect personal data for specified, identified and legitimate purposes. We can only then process the personal data that we have collected for the purposes which we have identified or for purposes that are compatible with the purposes that we have identified (“purpose limitation”);

 

5.3  The personal data that we collect and process must be adequate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimisation”);

 

5.4  The personal data that we collect and process must be accurate and (where necessary) kept up to-date (“accuracy”);

 

5.5  We must not keep personal data any longer than is necessary, bearing in mind the purpose for which we collected it. This means that we should keep personal data in a form which permits identification of the data subject for no longer than is necessary(“storage limitation”); and

 

5.6  We must process personal data in a manner that ensures appropriate security of the personal data, including protection against unlawful or unauthorised processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).

Privacy – Part 6 – SECURITY OF YOUR PERSONAL DATA

 

6.1  We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

 

6.2  We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves. In addition, we have appropriate written agreements in place with all of our data processors.

 

6.3  We maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:

6.3.1  Confidentiality means that only people who are authorised to use the data can access it.

6.3.2  Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.

6.3.3  Availability means that authorised users should be able to access the data if they need it for authorised purposes.

 

6.4 We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected in accordance with the security measures outlined in the BAI’s PersonalData Protection Policy (at link).

Back to top

Privacy - Part B

Privacy – Part 7 – HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

 

7.1 We have set out in the Processing Description the length of time for which we will keep your information. After this time your personal information is permanently deleted from our records.

 

Privacy – Part 8 – WILL WE SHARE YOUR PERSONAL DATA WITH ANYONE ELSE?

 

8.1  Your personal data may also be shared with the following third parties:

8.1.1  Organisations or individuals for which the sharing of the personal data is necessary for the BAI to exercise its statutory functions or to comply with legal obligations, including, but not limited to recipients in the context of a freedom of information request, recipients of broadcasting related circulars, to satisfy governance obligations and to law enforcement bodies.

8.1.2  As may be required, professional service providers, including, but not limited to legal advisors, banks, accountants, professional advisors, consultants, investment advisors and successful tender applicants;

8.1.3  BAI contract holders and broadcasters, including television and radio broadcasters and holders of content provision contracts;

8.1.4  BAI service providers, including, for example, temporary staff or contracted workers;

8.1.5  Third parties other than those described above for which they BAI may have interactions with in its day to day affairs and for which disclosure may be necessary (but which will only be disclosed where reasonably necessary, having regard to the data minimisation principle).

 

8.2  Please note that the above list may be amended from time to time and this Privacy Statement will be amended to reflect these changes.

 

8.3  We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU laws on data protection. Any such company or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.

 

8.4  Specifically, we need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with theprocessor’s data security. The agreements also need to contain specific clauses thatdeal with data protection.

 

8.5  We may pass your details to another agency but only if it is required by law, pursuant to our statutory functions, or if that agency is relevant to your enquiry.

 

8.6  We may pass on your details if we are under a duty to disclose or share a data subject’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the Gardaí and responding to any requirements from the Gardaí to provide information and/or personal data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.

 

8.7  We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the data protection rules, and that we have in fact complied with the rules. We do this, among other ways, by our written policies and procedures, by building data protection compliance into our systems and business rules, by internally monitoring our data protection compliance and keeping it under review, and by taking action if our employees or contractors fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing. These record-keeping obligations are under the responsibility of our DPO.

 

Privacy – Part 9 – TECHNICAL INFORMATION WE COLLECT WHEN YOU VISIT THE SITE

 

9.1  Our website uses cookies to enable us to improve our service to you and to provide certain features that you may find useful. For more information on cookies and how we use them, please see our Cookie’s Policy.

 

9.2  Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. A cookie allows us to identify your computer when you use our site. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. The cookies we use do not detect any information stored on your computers.

 

9.3  For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org.

 

9.4  Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting our site, for example:

  • The date and time of every visit to an individual page
  • Each page visited in the site on such a visit
  • Your IP/network address
  • The type of web browser used by the website visitor
  • The device used by the website visitor

 

Privacy – Part 10 – HOW WE MAY USE THIS TECHNICAL INFORMATION

 

10.1  This information is used to allow us improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes.

 

10.2  Some of the above information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.

 

10.3  We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. It is our policy never to disclose such technical information about individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with anyidentifiable individual, are not “personal data” within the meaning of the GDPR.

 

Privacy – Part 11 – YOUR DATA PROTECTION RIGHTS

 

11.1 Under certain circumstances, by law you have the right to:

11.1.1  Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.

11.1.2  Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

11.1.3  Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

11.1.4  Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

11.1.5  Object to processing of your personal information. You also have the right to object where we are processing your personal information for direct marketing purposes.

11.1.6  Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.

11.1.7  Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

11.1.8  Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “dataportability”). This enables you to take your data from us in an electronicallyuseable format and to be able to transfer your data to another party in an electronically useable format.

 

Privacy – Part 12 – REQUESTS BY DATA SUBJECTS TO EXERCISE THEIR RIGHTS

 

12.1  We have appointed a DPO to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the DPO.

 

12.2  Data subjects must make a formal request for personal data we hold about them or otherwise to exercise their data protections rights whether to make an access request or otherwise by contacting our Data Protection Officer.

 

12.3  Our DPO can be contacted as follows:-

  • Telephone: +6441200
  • Email: dpo@bai.ie
  • Post: Data Protection Officer, 2-5 Warrington Place, Dublin, D02 XP29

 

12.4 Note also that data subjects have the right to complain at any time to a data protection supervisory authority in relation to any issues related to our processing of their personal data. As our organisation is located in Ireland and we conduct our data processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner. You can also contact the Data Protection Commissioner as follows:

  • Go to their website www.dataprotection.ie
  • Phone on +353 57 8684800 or +353 (0)761 104 800
  • Email info@dataprotection.ie
  • Address: Data Protection Office – Canal House, Station Road, Portarlington, Co.Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland.

 

Privacy – Part 13 – CHANGES TO THE PRIVACY STATEMENT

 

13.1 Our Privacy Statement may change from time to time and any changes to the statement will be posted on this page.

 

Back to top

Disclaimer

The information contained in this website is provided by the Broadcasting Authority of Ireland (“BAI”).  We endeavour to keep the information up-to-date and correct.  If errors are brought to our attention, we will try to correct them as quickly as possible.

In no event with the BAI be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of the BAI.  We have no control over the nature, content and availability of those sites.

Back to top

Copyright

The information, content, graphics, text, images, trade marks, trade names and logos (the “Materials”) contained on this website are protected by copyright, trade mark, database right, sui generis right and other intellectual property laws under national laws and international treaties.

Extracts from BAI publications may be used provided the source is acknowledged, save where otherwise stated.

Back to top