MBAAI Privacy Notice
This notice applies to all personal information activities carried out by the MBA Association of Ireland (MBAAI). It provides information about the way in which the MBAAI collects and uses personal data about data subjects which is known as ‘personal data’ under the General Data Protection Regulation (GDPR).
You should read it fully to understand the basis upon which your personal data is collected by the MBAAI, how it is used, where it is stored and to whom it is disclosed.
The MBAAI is committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation.
The MBAAI is a registered company (CRO number 362300) and charity (Registered Charity Number 200443308 and CHY Number 13695) with the objective of:
- Promoting and protecting the interests of its Members
- To promote high standards of professionalism by facilitating and supporting the professional development of its Members through the development of a national network of MBA professionals
It does this through:
- Organising events which keep MBAs abreast of the latest management thought
- Facilitating business and social networking with fellow MBAs
- Enhancing the public profile of the MBA qualification
The MBAAI has an address at Unit 59, Guinness Enterprise Centre, Taylors Lane, Dublin 8, D08X5K3.
Legal Basis for Collecting, Storing and Processing Personal Data
The law on data protection sets out a number of different reasons for which the MBAAI may collect and process your personal data including:
- Consent: You have provided your consent to us using your personal data in a specific way, for example, where you provide us with consent to send you communications about our events
- Legitimate interest: Its use is in accordance with our legitimate interests outlined in this notice
- Contract: Its use is necessary in relation to a service we provide to you as a member
- Comply with a legal or regulatory obligation: Its use is to comply with a relevant legal or regulatory obligation that we have
- Vital Interests: In exceptional circumstances we may use and /or disclose information (including special categories of data) we hold about you to identify, locate or protect you for example if it comes to our attention that you are in imminent physical danger and this information is requested by An Garda Siochana or by your relatives
- Where the processing of special categories of data is necessary for the establishment, exercise or defence of legal claims
How your information is collected
Your information is collected as follows:
- Information you give to us
- Information that we learn about you through our relationship with you
- Information that we gather from publically available sources
- When you engage with us on social media
Usage and sharing of personal data
We will only use and share your information where it is necessary for us to carry out our lawful business activities. The purposes for which your information may be used is described below:
To provide our services to you, and to fulfil our contract with you, we will process your personal data for the performance of a contract which you have entered into with us, or to take steps at your request prior to entering into a contract. Your personal information will be used to:
- Assess and process applications for membership
- Register you as a new member
- Manage and administer your membership
- Communicate with you in relation to your membership, or the products and services you receive from us
- Manage and respond to correspondence, concerns, queries or complaints
- Carry out our obligations arising from the contract we have entered with you or with the organisation you are representing
- Send you service-related information by email and or/mail and/or any other communication means (e.g. your event booking information)
- Provide you with the information, products and services that you request from us
- Where it is necessary, involve a third-party service provider for the performance of a service the MBAAI has entered into. For example, when a sponsor hosts an event, we will provide them with your name and company only. We will never disclose your email or contact details.
- Possible establishment, exercise or defence of legal claims
To manage our business for our legitimate interests
There are times when we will rely on legitimate interests to process your personal data, particularly when it is not practical to obtain consent. We will always consider what is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.
The following processing activities are carried out for the purposes of a legitimate interest pursued by the MBAAI:
- Attendees and Presenters: If you register for or purchase tickets for a MBAAI event and you are a member, we will access the information in your member account to provide you with information and services associated with the event. If you are not a member and you register for one of our events, we will collect your name and contact information which we will store in our database and use to provide you with information and services associated with the event.
If you are a presenter at one of our events, we will collect information about you, including your name, employer and contact information and we may also collect information provided by event attendees who evaluated your performance as a presenter.
- Videography and photography: when you attend one of our events, you may be photographed and/or filmed/recorded due to your presence at the event. The purpose of that photography or filming/recording is the legitimate interest of the MBAAI in using audio-visuals to publicise and promote the MBAAI and to assist the MBAAI in the provision of its charitable aims.
Appropriate data may also be shared publically for communications purposes on digital platforms (including social platforms) and through publications, media (including newspapers, television and radio) and advertisements.
When we intend to record or photograph an event, we will inform you of this fact via the public announcement at the start of the event.
- Provision of Services: we may compile and process your information to help us understand trends in customer behaviour and to understand risks better, including for providing management information, operational and data risk management.
- Marketing: we may use your identity, contact, transactional history, profile data and communications data to form a view on what we think you may like, or what may be of interest to you, and to send you details of products and offers which may be relevant for you.
- Reporting criminal acts and compliance with law enforcement agencies
- Complying with court orders arising in civil or criminal proceedings
- Performing a task carried out in the public interest
- Internal and external audit for financial or regulatory compliance purposes
- Statutory reporting
- Physical and network security
- Financial management and control
- General administration
To comply with our legal and regulatory obligations
We need to use your information to comply with legal and regulatory obligations including preparing returns to regulators and relevant authorities, preparing income tax, capital gains tax, capital acquisition tax and other revenue returns
Where you have given us permission
There are situations when we will ask for your consent to process personal data. Examples of such situations are processing of payment transaction data for marketing purposes, or for some processing of special categories of data. The consent will contain information on that specific processing activity. If you have given consent to a processing of your personal data, you can always withdraw the consent:
- Corresponding with the MBAAI: if you correspond with us by email, post or other forms of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry, to notify you of MBAAI events or to keep a record of the complaint.
- Sensitive information: we may also obtain sensitive information if you voluntarily provide it to us (for example, if you require wheelchair assistance or if you have dietary requirements)
- Marketing: we may also send you marketing communications if you have registered for an event and have not opted out of receiving marketing (in accordance with your preferences, as explained below)
- By email if you have signed up for email newsletters
- If you provided us with your details when you have entered a competition and you have consented to receiving such marketing (in accordance with your preferences as below)
We will ask for our preferences in relation to receiving marketing communications by email only.
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us at any time, you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email.
- MBAAI website: this notice applies to the MBAAI website www.mbaassociation.ie
On the website, personal data (such as your name, address, telephone numbers, or email address) is collected when you voluntarily submit it though a website form, such as during a request to enter or attend an event, or when you sign up to receive our newsletters or other publications.
Other information that may also constitute personal data, such as your browser type, operating system, IP address, domain name, number of times you visited the website, dates you visited the website, and the amount of time your spend viewing the websites may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate information (such as how many times visitors log on to the website) may also be collected.
Sharing Data with Third Parties
We have set out below a list of third parties with whom we share your data and the reasons for such sharing.
- Contractors: your personal data may be transferred or accessed by third party service providers. We have retained these service providers to help manage our business and deliver our events and services as described in this notice. Such service providers are required under their contract with us, to handle your personal data in accordance with applicable laws and principles related to privacy and data protection. Our service providers are given the information they need to perform their designated function, and are not authorised to use or disclose personal data for their own marketing or other purposes. Our website is hosted by WPEngine.com.
- Card payment providers: for credit card payments we employ a third party to process these payments on our behalf. This third party will only have access to the personal data which you provide directly to them when you make a credit card payment. They are required under their contract with us to process this personal data securely and in accordance with all relevant data protection laws. We will not collect or store any credit card details; this third party being the sole data controller of that data. When you pay for any goods, you will be taken to a link to this third party’s website in order to conclude the sale. The data you provide to this third party will be proceeded in accordance with their privacy notice and the terms and conditions on their website, the MBAAI has no control over how this third party uses your information and is therefore not responsible and is not liable for the way in which they process your personal data. Ensure that you have read and understood their terms of service before providing your personal data. This third party is Stripe.
- IT Backup Providers: to hold information, for our legitimate business purposes. The company is iPlanet and WPEngine
- IT Service Providers: to store data, for IT security and service issues and for our legitimate business purposes. iPlanet and WPEngine/
- Email service providers: to help us run our business effectively and for our legitimate business purposes. Google mail.
- An Garda Siochana, Irish Revenue, and other Irish Statutory bodies: to comply with our legal obligations, we will share your information with law enforcement agencies, judicial bodies, government entities, tax authorities and/or regulatory bodies.
- Event partners and sponsors: some MBAAI events are sponsored/co-sponsored or provided in connection with other organisations not associated with the MBAAI. Where these events exist, we will disclose the name of our sponsor, co-sponsor or provider and will disclose any information collection and use practices which may differ form those practices set forth in this notice. We will provide sponsors and co-sponsors with your name and company only. We will not disclose your contact details. When signing up or registering for any such event where the MBAAI is not the sole sponsor and provider, you should be aware of any differing privacy practices of our Event Partners and read all disclosures available to you. Though the MBAAI makes reasonable efforts to only work with reputable partners, we cannot control their privacy practices in every instance regarding the personal data you voluntarily provide to them.
Retention of your personal data
We will retain your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances, we may retain your personal data for longer periods of time so that we can have an accurate record of your dealings with us in the event of complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
Where we have obtained your personal data in order to provide you with marketing information for our products and services, your personal data will be stored by us only as long as you do not change your mind about receiving such materials from us. We maintain a data retention schedule which we apply to records in our care. We will hold your information for 3 years. Where your personal data is no longer required, we will ensure it is securely deleted.
Data subject rights
By law you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the supervisory authority, the Office of the Data Protection Commissioner (www.dataprotection.ie)
Security of your information
We take all appropriate technical and organisational measures to protect your confidentiality and security of your personal information. We have implemented an information security programme that contains administrative, technical and physical controls that are reasonably designed to safeguard your personal information. We use a private cloud storage system provide by WPEngine.
Links and Third Party Websites
We will retain your personal information for the period necessary to fulfil the purposes outlined in this privacy notice unless a longer period is required or permitted by law.
Subject access requests
It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up to date. You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and sending it to us at [email protected]ciation.ie
The MBAAI will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for is to process your request in the manner which you have requested.
Changes and Updates and Notifications of Changes
We recommend that you check this notice every time you visit our website or provide us with your personal data offline as we may update this notice from time to time by posting the amended notices on our website.
Any changes will be effective when posted and your continued use of our website or not objecting to the use of your personal data will indicate your acknowledgement of any changes.
Any changes we may make to our privacy notice in the future will be posted on our website. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this privacy notice from time to time to stay updated on any changes.
If you have any questions, concerns or complaints regarding our compliance with this notice, and the data protection law or if you wish to exercise your rights of access, choice, rectification or deletion we encourage you to first contact us.
In the event that you are not satisfied with our handling of your complaint, you have the right to lodge a complaint directly with the supervisory authority and the MBAAI’s data protection representative.
The details for these contacts are:
Supervisory authority contact details:
Office of the Data Protection Commissioner
Co. Laois or
21 Fitzwilliam Square