This policy explains how Dublin City Council Culture Company collects, stores and handles your personal data.
We are committed to respecting and protecting your privacy. We know that there’s a lot of information here, but we want you to be fully informed about your rights. If you still have questions after reading it, please do get in touch.
What is Dublin City Council Culture Company?
Established in March 2018, Dublin City Council Culture Company (formerly Dublin’s Culture Connects) runs cultural initiatives and buildings across the city with, and for, the people of Dublin.
Dublin City Council Culture Company collaborates with people, communities, cultural organisations, businesses, and Dublin City Council to embed cultural experiences and increase cultural participation throughout Dublin.
Dublin City Council Culture Company is the data controller when you engage with buildings and programmes that we operate including 14 Henrietta Street, Cruinniú na nÓg 2018, the Cultural Map/Culture Near You and any of our other activities and facilities. In future, we may become responsible for managing other Dublin City Council cultural projects and facilities.
For simplicity, when we say ‘we’ and ‘us’, we mean the Culture Company and all its projects and facilities.
Why do we collect and process your data?
The law on data protection only allows us to process your data for specific reasons. This is what we do and the legal basis for doing it:
In specific situations, we can collect and process your data with your consent, for example when you tick a box to receive email newsletters. When we collect your personal data, we’ll always tell you which data we need for which particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations, for example if you buy a ticket for an event, we’ll collect contact details through our ticketing system so we can deliver your ticket and get in touch with you if bad weather, say, means we have to cancel or move the event.
Legal obligations may mean we have to collect and process your data, for example, we can pass on details of people involved in criminal activity affecting us to law enforcement.
In certain situations we may need your personal data for our own legitimate interest. We will only do this in a way which you might reasonably expect as part of running the Culture Company and which does not impact on your rights. For example, we will use the data you have given us to suggest cultural projects and experiences we think might suit you. We will also use it to organise any activity you get involved with, for example arranging where and when to meet.
When do we collect your data?
- When you participate in a project, event or activity;
- When you buy a ticket;
- When you sign up to get our newsletter or opt-in to other information services we offer When you attend an event or book an appointment with us;
- When you ask you to send you information about any of our projects, events, activities or facilities;
- When you contact us with queries, complaints etc., however you get in touch;
- When you engage with us on social media;
- When you download or install one of our apps;
- When you enter competitions;
- When you choose to complete any of our surveys;
- When you give us feedback on our events or activities;
- When you use our facilities that have CCTV systems which may record your image;
- When you’ve given a third party permission to share with us the information they hold about you;
- We also collect data from publicly-available sources such as community directories and websites.
What sort of personal data do we collect?
When you participate in a project/event or activity
We will collect your name, contact details and your access requirements, if any. If you are participating as part of a school, group or organisation, we will also collect its name and your role within it, if relevant. If you are under 18, we will collect the name of your parent or guardian and their permission for you to participate unless your school or group has already done this. We will keep details of what you have participated in.
When you book a ticket for an event, tour or class.
When you buy a ticket or book a tour, class or event, we will collect your name, email address, phone number and postcode, and, if you pay by card, your postal address and payment card details. We will also collect details of what tickets you buy and any access requirements you may have.
When you sign up to receive information
We will collect your name and the contact details relevant to the type of communication you have asked for, for example your email address to get enewsletters or your mobile phone number for SMS messages.
When you complete any of our online surveys
In certain circumstances, our online survey system may log your IP address so that we can see who has not responded and send a reminder. We will delete your IP address once the survey has closed.
When you visit our website
Our system will log your IP address along with other information provided by your browser. This may include the name and version of the browser you are using, your operating system and any website address that referred you to our website.
Our system will only record personal information if you:
- Provide information by filling in a form on our site;
- Subscribe to or register for services that require personal information to be given;
- Report a problem and give your contact details for us to respond;
- Complete surveys that we use for research purposes.
When you visit our website pages, a small text file called a ‘cookie’, is downloaded onto your computer. This is called a session cookie. This will only remain on your computer until you close your browser.
In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised website statistics to third party applications like Google Analytics to collect aggregated website statistics that allow us to understand how visitors use our site.
A persistent cookie will be downloaded when you first visit the site. These remain in your browsers cookie store between sessions. This type of cookie will allow us to identify repeat visitors to the site. You may opt to view the site without cookies by adjusting your browser’s settings. If you do disable cookies some functions of the site may no longer work correctly. For more information on cookies see the All About Cookies website.
We use other third-party tools on our websites for our main advertising partners – Facebook, Instagram, Google and Twitter – to be able to create custom audiences of people who have expressed an interest in a particular event or service based on their behaviour on our sites. They can enhance that custom audience with a ‘lookalike’ audience where they use their own data to identify other people with similar characteristics or behaviours to the people identified from our site. This is all done without us having any access or control of that data – the third-party is the Data Controller in these situations.
When you engage with us on social media
If you engage with us on social media, we will collect your username to help us respond to your feedback or questions.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
We do not share your data with bodies outside of the European Economic Area.
How do we use your data?
Our job is to connect Dubliners to their city through making and taking part in cultural activities. One way to achieve that is to tell you about opportunities to get involved that you will find interesting and relevant. We combine the data we have about you to make sure the information we send you is as relevant as possible. The data privacy law allows this as part of our legitimate interest in understanding our participants and partners to provide the highest levels of service.
We also use your data to organise any activity you get involved with, for example arranging where and when to meet.
What if you don’t give us necessary data?
If you want to change how we use your data, you’ll find details in the ‘What are your rights?’ section below. If you ask us not to contact you, we might not be able to provide some services you’ve asked for. For example, if you have asked us to tell you about the next Culture Club meeting, we won’t be able to do that if you have withdrawn consent for us to contact you.
How do we protect your data?
We will ensure that all personal data you give us is held securely, in a way that complies with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003). Access to your personal data is password-protected, and sensitive data like payment card information is secured and tokenised to ensure it is protected.
How long will we keep your data?
We will only keep your personal data for as long as is necessary for the purpose for which it was collected. For example, we will keep data collected when you participate in a project, event or activity for three years after the end of the project so we can comply with our legal obligations if any questions arise.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and planning.
Who do we share your data with?
We often work with other cultural organisations to deliver activities and events. If you get involved in a project, we will share with the relevant partner organisations the bits of your personal data necessary to run that specific project, for example to allow you special access to a cultural building or save you a seat at an event. They may then ask you if you want to get information about their own activities.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, if they make a valid request.
We do not share your data with bodies outside of the European Economic Area.
What are your rights?
You have these rights in relation to the personal data we hold on you:
- The right to be informed about the data we hold on you and what we do with it;
- The right of access to the data we hold on you;
- The right for any inaccuracies in the data we hold on you to be corrected;
- The right to have data deleted in certain circumstances;
- The right to restrict the processing of the data;
- The right to transfer the data we hold on you to another party;
- The right to object to the inclusion of any information;
- The right to regulate any automated decision-making and profiling of personal data.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. You can do this by:
- Clicking the ‘unsubscribe’ link in any email we send you;
- Texting STOP in response to an SMS communication;
- Emailing firstname.lastname@example.org.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Getting a copy of the personal data we hold about you
To get a copy of the personal data we hold about you, write to our officer responsible for data protection at email@example.com
This is known as a Subject Access Request and will be processed within 30 days.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Making a complaint to the regulator
If you think your data rights have been breached, you are able to raise a complaint with the Office of the Data Protection Commissioner.
You can contact the ODPC at:
Data Protection Commissioner
Canal House, Station Road, Portarlington, R32 AP23, Co. Laois
By telephone on +353 57 8684800 or +353 (0)761 104 800 or Lo Call 1890 252 231
By email to firstname.lastname@example.org
Any questions remaining
We hope this information has been helpful. If you still have any questions, please contact our officer responsible for data protection at email@example.com
Last reviewed: 22 July 2020