ICDL PRIVACY NOTICE
Last revised 12 January 2024
ICDL Foundation, incorporated and registered in Ireland with company number 259212 with its registered address at Level 1, The Chase, Arkle Road, Sandyford, Dublin, D18 Y3X2, Ireland (“ICDL”, “we”, “our” or “us”) is responsible for the ICDL learning and certification programmes (our “ICDL Programmes”).
ICDL operates the ICDL Programmes directly in Ireland and regionally from wholly owned subsidiaries – ICDL Africa (based in Rwanda), ICDL Asia (based in Singapore) and ICDL Europe (based in Brussels), details of which are in section 12 below.
This Privacy Notice (“this Notice”) applies to all users of the ICDL website. When this Notice refers to “you” or “your” we mean you as a user of the website.
This Notice details how ICDL will collect, use and safeguard Personal Data it receives via the website or directly from you.
In this Notice, “Personal Data” means information relating to a living individual who is or can be identified either from that data or from that data in conjunction with other information that is in, or is likely to come into, our possession, and includes Personal Data as described in Data Protection Laws (as referred to below). Any Personal Data that is collected is referred to as “Your Personal Data” in this Notice.
Where we ask you for Personal Data, we will only do this where we require that information for specific purposes, for example registration for our newsletter. Any Personal Data you provide and from which you can be identified is stored securely and confidentially and is processed fairly and lawfully in accordance with this Notice.
The collection, storage, sharing and use of Your Personal Data is governed by laws, such as the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, the Irish Data Protection Acts 1988 to 2018, the Rwandan Data Protection Law 058/2021, the Personal Data Protection Act of Singapore and any other applicable law or regulation (including updates) relating to the processing of Personal Data, (the “Data Protection Laws”).
- INFORMATION WE GATHER VIA WEBSITE
Technical details are logged for statistical and other administrative purposes. No information that could be used to identify website visitors is collected or retained.
The technical information collected by ICDL from the website is confined to:
- the visitors IP address;
- the top-level domain name used (for example .ie, .com, .org, .net);
- the address of the website that sent the visitor to our website, possibly including search terms used to find our website;
- data that shows how users have moved around this website (for example, pages accessed, the order in which they were accessed, or documents downloaded); and
- information about the type of computer that the website visitor used (for example, the operating system, web browser, or type of mobile device used)
ICDL makes no attempt to identify individuals, or to associate the technical details listed above with any individual.
Information collected will primarily be used to provide users with a personalised internet experience that delivers information, resources, and services that are most relevant and professionally helpful. ICDL will not share information you provide us without your consent, unless we say so in this Notice, or when we believe in good faith that the law requires it.
By accessing the website and interacting with the information and various pages on the website, you are deemed to understand and accept this Notice.
- THE COLLECTION AND USE OF PERSONAL DATA
We may obtain Personal Data directly from individuals through our website when users (i) fill out a contact form and/or (ii) sign up to our mailing list or newsletter. For example, where you have opted-in to receive our marketing information you have voluntarily submitted your information and will be asked for consent, we may then use your information to send you news and newsletters, special offers, and promotions, or to otherwise contact you about our services, or provide you with information you have specifically requested.
We do not collect or process special categories of personal data (these include information about your health, genetic and biometric data, your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, or trade union membership). We also do not collect any information about criminal convictions and offences. We may however process information necessary to provide ‘reasonable accommodation’ (if requested by you) in accordance with (for example) the Irish Equality Acts or accessibility acts or guidelines.
- THE LEGAL BASIS FOR USING YOUR PERSONAL DATA
We will use Your Personal Data, and share that data, for any one or more of the following legal bases (reasons):
- if we have a good reason to use Your Personal Data (this is also known as our “legitimate interests”), this could include activities related to new ICDL modules or programmes, events and webinars, special interest groups, in addition to everyday business operations, administrative tasks, such as troubleshooting, data analysis, and data security. In this case, we will carefully consider and balance any potential impact (either positive or negative) on your rights before we process your Personal Data for our legitimate interests. We do not use Your Personal Data for activities where our interests are overridden by the impact on you;
- where we have an agreement with you or on your behalf to do so, to provide you with access to services and to manage our relationship with you while we do so;
- in limited circumstances, where you have given your express consent or your parent or guardian has done so where you are under the age of 16 (for example you opted-in to receive our newsletter or marketing information); and/or
- where we must comply with a legal obligation.
We may process Your Personal Data for more than one of the legal bases above, depending on the specific purpose for which we are using Your Personal Data.
- HOW WE USE YOUR PERSONAL DATA
We will only use Your Personal Data for the purposes for which we collect it, unless we believe that we need to use Your Personal Data for another reason that is compatible with the original purpose. If we intend to process Your Personal Data for an unrelated purpose, prior to that processing we will notify you and explain the legal basis which allows us to do so.
Below describes all the ways we use Your Personal Data, and which of the legal bases (described in section 4 above) allows us to do so. We have also identified what our legitimate interests are, where appropriate.
Please contact us if you would like further information on how we process Your Personal Data where more than one ground has been set out above. See ‘How to Contact Us’ below.
Purposes of information we collect and the legal basis for processing and, where necessary, the basis of legitimate interest
- To respond to an enquiry from you, we may use your: Basic Information; Contact Information; and any other Information you provide. This is necessary for our legitimate interests to manage and/or maintain our relationship with you, and provide you with relevant updates. It is also necessary to take steps at your request to provide services to you.
- To meet a specific legal, regulatory or compliance obligation, including in relation to recording and monitoring communications, so as to investigate security incidents and prevent crime. This could include: Basic Information; Contact Information; Technical Information and any other Information required. This will only be necessary to comply with a legal obligation and/or for a security or criminal investigation.
- To send you communications that may be of interest to you (if you have requested such information from us) and have not opted out of receiving such communication. We use Basic Information and Contact Information which is necessary for our legitimate interests (to maintain interest in ICDL)
- We use metrics and monitoring (Engagement Tracking) to better understand how all users engage with our website. We also use Engagement Tracking on email correspondence for Basic Information and Contact Information which is necessary for our legitimate interests to ensure the website remains relevant. Consent for email tracking will be sought (or consent of your parent/guardian where you do not have legal capacity to consent).
- WHO WE SHARE YOUR PERSONAL DATA WITH
We will not disclose Your Personal Data to third parties unless required by law to do so, or as otherwise set out in this Notice.
We may share Your Personal Data within the ICDL group of companies to undertake consolidated group corporate services, reporting services and/or functions and administration and ancillary services on our behalf.
We may also share information with our third-party service providers who provide services to us. Categories of service providers include customer support service providers, data analytics providers, IT professional service providers, data hosting providers and records-storage companies.
Please be aware that despite efforts and measures we have taken to protect personal data, other internet sites that link to the ICDL sites or to an ICDL email may contain online privacy provisions that differ from those of this Notice. To ensure your privacy is protected, we recommend that you review the privacy statements of other internet sites you visit.
- INTERNATIONAL DATA TRANSFERS
The software application that we use is based in the EU along with its servers and hosting providers and Your Personal Data will not transfer outside the EEA if you are located in Europe.
Depending on your location Your Personal Data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (“EEA”) for the purpose of us operating the website. Countries outside the EEA have different laws for protection of Personal Data. Data Protection Laws require us to ensure that any transfers of Your Personal Data are made according to additional protections set out in GDPR and we comply with these requirements where we do such transfers.
If Your Personal Data is transferred to, stored at, or accessed from a third country, we will ensure a suitable level of protection is afforded to it by ensuring at least one of the following safeguards under GDPR is implemented:
- We will only transfer your Personal Data to countries outside the EEA that the European Commission has deemed to provide an adequate level of protection for Personal Data (known as an “adequacy decision”); or
- In the case of countries outside the EEA that do not have an adequacy decision, we have or will put in place appropriate contracts with third parties incorporating standard contractual clauses approved by the European Commission and carry out a risk assessment on the transfer and adopt any supplementary security measures to ensure compliance with Data Protection Laws.
Please contact us if you require further information on the specific safeguard used by us when transferring Your Personal Data.
- HOW LONG WE HOLD (RETAIN) YOUR PERSONAL DATA
We will only retain Your Personal Data for as long as reasonably necessary to fulfil the purposes it was collected for, and to satisfy any legal, regulatory, tax, accounting or reporting requirements. We may retain Your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of further communications or interaction with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Your Personal Data, the purposes for which we process Your Personal Data, whether we can achieve those purposes through other means, and the applicable legal, regulatory or other retention requirements.
You have the right to request deletion of your Personal Data. Please see ‘Your Legal Rights regarding Your Personal Data’ below for further information.
- YOUR LEGAL RIGHTS REGARDING YOUR PERSONAL DATA
You may at any time request a copy of Your Personal Data from us and, if you have any comments, concerns or complaints about our use of Your Personal Data, please contact us (see ‘How to Contact Us’ below).
For security reasons, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is to ensure that Your Personal Data is not disclosed to any person who does not have a right to receive it.
You have the following rights under Data Protection Laws and we, as controller of Your Personal Data held by ICDL, will comply with those rights which are explained in more detail below. We will respond to any rights that you exercise without undue delay and in any event within one month of receiving your request, unless the request is particularly complex, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond).
Right to be provided with a copy of Your Personal Data
- You have the right to request a copy of Your Personal Data. Requests for Your Personal Data must be made to us (see ‘How to Contact Us’ below) specifying what Personal Data you need access to, and a copy of such request may be kept by us for our legitimate purposes. To help us find Your Personal Data easily, please give us as much information as possible about the type of information you would like to see.
- If, to comply with your request, we would have to disclose Personal Data relating to or identifying another individual, we may need to withhold that Personal Data or edit the information to remove the identity of that individual.
Right to require us to correct any errors in Your Personal Data (also known as the ‘right to rectification’)
- You have the right to request that we amend any inaccurate or incomplete Personal Data that we have about you. If you would like to do this, please (i) email or write to us (see ‘How to Contact Us’ below); (ii) let us have enough information to identify you (e.g. name, email address); and (iii) let us know the information that is incorrect and what it should be replaced with.
- If we are required to update Your Personal Data, we will inform recipients to whom that Personal Data has been disclosed (if any), unless this proves impossible or has a disproportionate effort.
- It is your responsibility (or that of your parent/guardian where you are under 16) that all of the Personal Data provided to us is accurate and complete. If any information you have given us changes, please update these details in your online account or let us know as soon as possible (see ‘How to Contact Us’ below).
Right to object to our use of Your Personal Data:
- You have the right to ask us to stop using Your Personal Data where we do so for our legitimate interests (see ‘How We Use Your Personal Data’ above), and we will comply unless there is a compelling legitimate ground for us to continue using it, which we will explain to you.
- You also have the right to ask us to stop contacting you for direct marketing purposes. If you would like to do this, please (i) click on ‘unsubscribe’ on an email; or (ii) send an email via ‘How to Contact Us’ below.
- We will provide you with information on action taken on a request to stop direct marketing, this may be in the form of a response email confirming that you have ‘opted out / unsubscribed’.
Right to require us to delete your information in certain situations (also known as a ‘right of erasure’ or ‘right to be forgotten’)
- You can ask us to erase Your Personal Data where or if: (i) we do not need Your Personal Data in order to process it for the purposes set out in this Notice; (ii) you had previously given us consent to process Your Personal Data, and you now withdraw that consent and we cannot otherwise legally process Your Personal Data; (iii) you object to our processing and we do not have any legal basis for continuing to process Your Personal Data; (iv) Your Personal Data has been processed unlawfully or has not been erased when it should have been; or (v) the Personal Data must be erased to comply with a legal requirement.
- We may continue to process Your Personal Data in certain circumstances in accordance with Data Protection Laws.
- Where you have requested the erasure of Your Personal Data, we will inform recipients to whom that Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
Right to restrict use of Your Personal Data (also known as ‘right of restriction’)
- You may request that we stop processing Your Personal Data temporarily if: (i) you do not think that Your Personal Data is accurate (but we may start processing again once we have checked and confirmed that it is accurate); (ii) the processing is unlawful but you do not want us to erase Your Personal Data; (iii) we no longer need the Personal Data for our processing; or (iv) you have objected to processing because you believe that your interests should override the basis upon which we process Your Personal Data.
- If you exercise your right to restrict us from processing Your Personal Data, we will continue to process the Personal Data if: (i) you consent to such processing; (ii) the processing is necessary for the exercise or defence of legal claims; (iii) the processing is necessary for the protection of the rights of other individuals or legal persons; or (iv) the processing is necessary for public interest reasons.
Right to data portability
- You may ask for an electronic copy of Your Personal Data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to Personal Data that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where: (i) the processing is based on your consent or for the performance of a contract; and (ii) the processing is carried out by automated means.
Right to withdraw your consent
- Where processing is based on your consent, you have the right to withdraw your consent at any time with future effect by contacting us. However, if you do withdraw your consent we may not be able to continue to deliver updates, communications or verify your profile.
Rights in relation to automated decision making
- You have the right not to be subject to a decision made solely by automated means without human involvement that has legal or significant effects on you. This right does not apply where the decision is (i) authorised or required by law (e.g. to prevent fraud or tax), (ii) necessary for the performance of a contract between you and us, or (iii) based on your explicit consent.
- We do not make any such automated decisions based on Your Personal Data.
Right to complain to the Data Protection Commission
- If you do not think that we have processed Your Personal Data in accordance with this Notice, please contact us in the first instance (see ‘How to Contact Us’ below).
- If you are not satisfied, and you are based in Ireland and/or Europe you can lodge a complaint to the Data Protection Commission or exercise any of your other rights pursuant to Data Protection Laws. Information about how to do this is available on the Data Protection Commission website at https://www.dataprotection.ie.
- If you are not satisfied and are based outside Europe, you should lodge a complaint with the relevant Supervisory Authority which is responsible for the supervision of privacy issues and/or the processing of Your Personal Data in your jurisdiction. Such Supervisory Authority may be any court, regulatory agency or authority which has been appointed by applicable laws and/or regulations (including Data Protection Legislation).
You will not generally have to pay a fee to exercise any of your rights listed above, however, we may charge a reasonable fee where deemed necessary and we may refuse your request where:
- such request is manifestly unfounded or excessive, especially if it is repetitive in nature (in this case, if we decide to provide you with the Personal Data requested, we may charge you a reasonable fee to account for administrative costs of doing so); or
- we are entitled to do so pursuant to Data Protection Laws.
- EMBEDDED CONTENT FROM OTHER SITES
Articles on this platform may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
- FRAUDULENT EMAILS WARNING
ICDL will never contact you to request for your username and password by email or other medium. If you receive any emails purportedly from the ICDL requesting for such information, do not respond to such requests. Instead, please contact us immediately, details under section 12 below.
- HOW TO CONTACT US
If you have any questions about this Notice or our data protection practices please contact us at:
Level 1, The Chase
Dublin, D18 Y3X2
Telephone +353 1 6306000
Level 1, The Chase
Telephone: +353 1 2377797
ICDL Africa Limited
Career Center Building
KG 541 ST
9th Floor, PO Box 3974
Telephone: +250 788 380102
ICDL Asia PTE Ltd
50 Raffles Place
Singapore Land Tower
Telephone: +65 66312809
ICDL Europe SRL
Rue des Colonies 11
- UPDATES TO PRIVACY NOTICE
We may change or update this Notice from time to time and at our sole discretion which will be prominently advised to you on the website. The date of the most recent revisions will appear on the top of this Notice. If you do not agree to such changes, please do not continue to use the platform. If you continue to use the platform you are deemed to understand and accept a revised Privacy Notice.
You should be aware that each time you visit a website, general information about your visit is retained. Statistical and other analytical information is collected on an aggregate and non-individual specific basis of all browsers who visit the site. This statistical and analytical information provides us with general and not individually specific information about the number of people who visit this website; the number of people who return to this site; the pages that they visit; where they were before they came to this site and the page and site at which they exited.
This information helps us monitor traffic on our website, so that we can manage the website’s capacity and efficiency. It also helps us to understand which parts of this website are most popular, and generally to assess user behaviour and characteristics in order to measure interest in and use of the various areas of the website. This type of non-personal information and data can be collected through the standard operation of our Internet servers and logs as well as “cookies”.
We use the following different types of cookies to monitor web activity:
A web beacon operates as a tag that records visitors to a particular web page on our website after clicking through from an ICDL related advertisement on another website or email. Web beacons provide an ability to produce specific profiles of user behaviour by collecting limited non personally identifiable information. For example, beacons are used to count the number of users who visit our website.
It is not possible to refuse the use of web beacons as they are used in conjunction with cookies. However, because they are used in conjunction with cookies, they can be effectively disabled in the browser by changing the settings to restrict or block cookies.
Strictly Necessary Cookies
Strictly Necessary (or Mandatory) cookies enhance your browsing experience and are also required for the effective functioning of our website.
Functionality Based Cookies
Functionality based cookies allow our website to remember choices and preferences that you make and provide more personalised features during browsing. These cookies can also be used to remember customisable changes made by you. This information is usually anonymised and cannot track your browsing activity on other websites.
Performance Based cookies
Performance based cookies collect information about how visitors use our website. Cookies of this nature typically do not collect personally identifiable information. All information these cookies collect are by default aggregated, anonymous and used to improve the way our website(s), services and applications work.
The following cookies are used on our website:
COOKIES AND TRACKING
© 1997 – 2024 ICDL Foundation SRL. All rights reserved.
ICDL Foundation, ICDL Europe, ICDL, ECDL and related logos are registered business names and/or trademarks of ECDL Foundation.