Privacy Policy

About this Privacy Policy Statement

This Privacy Policy Statement explains what information we collect, when we collect it, why we collect it, how this information will be used and, when applicable, what are the conditions under which we may disclose it to others.

This Privacy Statement applies to our sales, marketing and customer care activities, as well as all membership and student services activities. It was last updated and published on January 9th, 2020.

This privacy policy explains the following:

1. Our Identity
2. Personal Data Collection
3. Sharing Personal Data with Third Parties
4. How we Store and Secure your Data
5. User Website Visits
6. Your Rights Under the GDPR
7. Data Protection Commissioner
8. Changes to our Privacy Policy Statement

Our Identity

The Institute of Project Management (“the Institute”) promotes project management training education, certification and related member services. The Institute develops and delivers classroom-based training courses at various locations throughout Ireland, and also on-demand corporate training courses located at the client’s premises.

The Institute’s headquarters registered address is the following:
Institute of Project Management
25 Upper Mount Stree
Dublin 2
D02 E302

The Institute is a data controller and, as such, we fully respect your right to privacy and actively seek to preserve the privacy rights of those who share information with us. The Institute will treat any personal information with the highest of standards of security and confidentiality, in accordance with the General Dara Protection Regulation (EU) 2016/679 and the Data Protection Act 2018.

Personal Data Collection

Why and How we collect personal data

The Institute collects personal data in order to respond to your needs for information. We need your contact information to inform you about our products and services. You may cancel your permission from these communications at any time. We are committed to protecting your privacy.

We may collect your personal data in a variety of ways during our service-related communication and activities. This can include, but it is not limited to, emails, phone calls, in-person contact, physical letters, documents, website visits, when you register on our website, place an order, subscribe to the newsletter, respond to a survey, fill out a form, submit documentation, and in connection with other activities, services, features or resources we make available on our website. You may be asked for, as circumstances dictate, name, email address, postal address, phone number, professional and educational background, company’s name and contact information.

The Institute will collect personal data information only if voluntarily provided or submitted. Users can always refuse to supply personal information, except that it may prevent them from engaging in certain website-related activities or services.

Personal Data Retention

We retain your personal data for as long as we find it necessary to fulfil the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible issues, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, your data will be anonymous.

The following details the information we collect, why we collect it, the basis for processing and how long we retain it.

Legal Basis to collect and process personal data

• Contractual Performance We process your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Legitimate Interest We may use your personal data if it is considered to be of a legitimate interest of the Institute in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. We do not knowingly process children’s data.
• Consents We process your personal data where you have given consent to the processing of your data for one or more purposes. Individual consents will be stored and documented in our systems.

Sharing Personal Data with Third Parties

Personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your permission.

The Institute may share your data with third parties only where necessary for the purposes of fulfilling our offering and services, and where there is a legal basis to do so. These are:

• State or regulatory bodies, as applicable.
• Particular services providers who are providing specific functionality e.g. web hosting services.
• Firms that provide professional services to the Institute, such as legal firms and auditors.
• Firms that provide disposal of confidential waste.
• We may share your personal data with your employer or sponsor with we have a contract relating to your programme of study. This may include attendance and exam results.
• We may use Demographical and statistical information about user behaviour to analyse the popularity and effectiveness of the Institute’s website. Any disclosure of this information will be in aggregate form and will not identify individual users.
• We may disclose your personal data to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of the Institute, its employees or others.

Personal Data and Awarding Bodies (QQI, TU Dublin and IPMA®)

For specific offerings and services, the Institute will collect, store and process special categories of personal data, such as Public Personal Social Numbers (PPSN) and sensitive personal data in the form of dates of birth, gender and home addresses. This information is required to be collected by us for any students being submitted by us for certification to Quality and Qualifications Ireland (QQI), TU Dublin – Tallaght Campus and International Project Management Association (IPMA), as delegated. We only submit this information to QQI and IPMA, as applicable, on your behalf and all data is securely deleted by us once submitted. Internal access to this data is restricted to only those individuals involved in collecting, storing and submitting the information to QQI and IPMA.

How we Store and Secure Your Data

The information which you provide to us will ordinarily be stored on our secure servers. However, we do work with third party contractors, some of whom host and operate certain features of the website and our systems. We and our service providers take appropriate technical and organisational measures to ensure that your data is treated securely and in accordance with this Privacy Statement.

User Website Visits

We may use Cookies and Beacons (Website Navigational Information) on our website to collect information during your visits.

Beacons include standard information from your web browser, such as browser type and language, IP address, and the actions taken by a user on the company’s website (such as views and clicks). A Cookie is a small file of letters and numbers that we place on your computer or mobile device if you agree.

The information collected allows us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website, allows us to improve our website and detect and prevent security threats and abuse.

Your Rights under the GDPR

1. Your right of access You have the right to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process. You exercise this right by requesting for a copy of the data, which is commonly known as making a ‘Subject Access Request’.
2. Personal Data Collection You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Any such requests should state clearly what you believe is inaccurate or incomplete and explaining how it should be corrected.
3. Your right to erasure You have the right to ask us to erase your personal information in certain circumstances. This is sometimes called the ‘right to be forgotten’. Such requests should state clearly why the data should be erased.
4. Your right to restriction of processing You have the right to ask us to restrict the processing of your information in certain circumstances. Requests should indicate why the processing is to be restricted.
5. Your right to object to processing You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
6. Your right to data portability This applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into, a contract and the processing is automated.

Please submit requests under this section or if you have any other queries or concerns or requests about privacy on this website as follows.

Any queries, concerns or requests should be sent by email
to dataprotection@projectmanagement.ie

or by post to:

Data Protection Team,
Institute of Project Management Ireland,
25 Upper Mount Street,
Dublin 2,
Ireland

Requests should provide sufficient details to ensure we can identify the appropriate personal data. We may also require additional proof of identification to ensure we are delivering the correct response to the correct person.

We will respond to any requests under this section without delay and within one month. If your request results in complex processing we may require an extension to the one month response time and if so we will inform you as early as possible and within the initial month.

Data Protection Commissioner

You have the right to make a complaint at any time to the Data Protection Commissioner, www.dataprotection.ie, however we would appreciate the opportunity to deal with your concerns, so please contact us in the first instance.

Changes to our Privacy Statement

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. This statement should not be construed as a contractual undertaking. The Institute reserves the right to review and amend this statement at any time without notice and you should therefore re-visit this webpage from time to time.