Effective as of 09/12/2022
Who we are
“Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
For the purposes of the GDPR ADMA TranS4MErs is the data controller with regard to the Personal Data described in this Privacy Policy. ADMA TranS4MErs’ mission is to support manufacturing SMEs in their transformation journey by providing advice and training in advanced manufacturing and digitalisation processes.
Our Data Protection Officer can be contacted directly here: TranS4MErs@imr.ie
Purpose and Scope of this Policy
The purpose of this Privacy Policy is to provide you, as our data subject, with a statement regarding the Data Protection and Privacy practices and obligations of ADMA TranS4MErs and an explanation of your rights as a data subject.
This Data Protection and Privacy Policy and Notice applies to our business practices, and our website, which is accessible from https://trans4mers.eu/.
As ADMA TranS4MErs is established in Ireland this document is written in the vein of the GDPR and Irish Data Protection Law, and ADMA TranS4MErs falls under the jurisdiction of the Data Protection Commission Ireland. This Privacy Policy sets out what Personal Data we collect and process about you in connection with the services and functions of ADMA TranS4MErs. We are not responsible for the content or the privacy notices for any websites to which we may provide external links.
Laws that apply to us:
• General Data Protection Regulation (EU Regulation 679/2016)
• Regulations flowing from Data Protection Act 2018
• ePrivacy Regulations 2011 implementing EU Privacy and Electronic
Communications Directive 2002/58/EC on Privacy and Electronic Communications,
otherwise known as ePrivacy Directive (ePD)
Why and how do we ensure compliance?
Data protection and privacy laws provide rights to individuals with regard to the use of their Personal Data by organisations, including our organisation. EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.
We must comply with data protection and privacy laws because the law requires us to, but we also would like you to have confidence in dealing with us, and compliance with data protection law helps us to maintain a positive reputation in relation to how we handle Personal Data.
We are required to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable data protection and privacy laws, and that we have in fact complied with the laws.
We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules.
We also have certain obligations in relation to keeping records about our data processing.
Who must comply?
All our representatives, which include employees and contractors, are required to comply with our Data Protection Policies and Procedures which inform this Privacy Policy when they process Personal Data on our behalf.
What are the data protection principles and rules?
We aim to comply with the following principles found in Data Protection Law:
- Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.
- Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
- Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.
- Retention – Personal data should be kept in an identifiable format for no longer than is necessary.
- Integrity and confidentiality – Personal data should be kept secure.
- Accountability – Under the GDPR, we must not only comply with the above six general principles, but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.
What is personal data?
Personal data is any data that identifies you, or could be used to identify you, which is submitted and/or collected by ADMA TranS4MErs. It does not include anonymised data where your identity has been removed.
ADMA TranS4MErs may process your personal data for a number of reasons, from dealing with public requests for information, service level agreements and service delivery. Personal data is required in order to provide the services you request, such as registration for participation in xChange events organised by ADMA TranS4MErs and receiving services.
Any personal data that you share with us is treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).
What personal data do we process?
When you use our website, xChange platform or our social media channels, we process:
- Identity information you provide us with, such as your first name, last name job title, company name, and company VAT number;
- Contact details you provide us with, such as your e-mail address, LinkedIn, Facebook and Twitter links, postal address, country and (mobile) telephone number;
- Technical information regarding your visit;
- For TranS4MErs, information such as a short biography, educational background, relevant experience, and languages spoken can be shared on the xChange platform;
- Any other personal data you provide us with.
When you contact ADMA Trans4MErs via e-mail, telephone, or social media channels, we process:
- Identity information you provide us with, such as your first name and last name;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Content of the communication, such as a question or complaint;
- Technical information of the communication, such as with whom you communicate at our end, and date and time of the communication;
- Any other personal data you provide us with.
When you register for and participate in our xChange events, we process:
- Identity information you provide us with, such as your first name, last name job title, and company name;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Business card details, if you provide us with your business card before, during or after the event;
- Any other personal data you provide us with;
- Photos may be taken during our events. If you do not wish to be featured in photographs, contact the event organiser, prior to the event. Your photo may then be distributed via our website or other channels for the promotion of the event in question, and ADMA TranS4MErs. You may withdraw your consent at any time, including in the case of photos in which you may appear incidentally, by contacting our Data Protection Officer: TranS4MErs@imr.ie
When you use the TranS4MErs xChange platform, we process:
- Identity information you provide us with, such as your first name and last name;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number, company name, and company VAT number;
- Any other personal data you provide us with, this is detailed in the Privacy Statement
- Information provided about you from other platform users such as information added by advisors about the SME, or a review of an advisor provided by an SME.
We also set Google Analytics cookies to allow us to measure and determine how visitors use the platform. We require your prior consent for the use of these cookies. You can give your consent by clicking the button in the cookie banner. You can withdraw your consent at any time by deleting the cookies stored in your browser. You can find more information on how to do this on the websites of the respective browsers:
- Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari: https://support.applcom/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Microsoft Edge: http://windows.microsoft.com/en-gb/windows-10/edge-privacy-faq
Special Category Data
ADMA TranS4MErs does not collect sensitive data – or ‘Special Category Data’.
Children’s Data
ADMA TranS4MErs’ website and platform are not intended for users under 18 years old and we do not knowingly collect data relating to children.
Criminal Convictions / Offence Data
ADMA TranS4MErs does not collect any information about criminal convictions and offences.
Aggregated Data
As with most websites, we gather statistical data and other analytical information (for example, demographic information, usage data etc.) collected on an aggregated basis of all visitors to our website. This data is not considered personal data in law as it does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
How and why we use your data
- To contact and communicate with you
- To process and deliver our services to you, including providing you with information about our services
- To monitor service delivery
- To track sales
- To receive feedback
- To understand the use of our website
- To administer and protect our website and business (including troubleshooting, data analysis, testing, maintenance, support, reporting and hosting of data)
- For compliance with legislation relevant to ADMA TranS4MErs
- For marketing and promotional purposes in connection with the services
- To meet specific legal obligations to maintain audit documentation in the case of audits
- For the management and administration of ADMA TranS4MErs (now and in the future).
Legal Bases for using your data
- Where necessary to perform our contract with you
- Where you have consented to the processing
- Where necessary for statutory obligations
- Where necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims
How long do we keep your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have a Retention Policy and Retention Schedule in place, and we ensure data is destroyed confidentially when it is required to do so.
In some circumstances you can ask us to delete your data: see below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
In some cases, by law, we have to keep basic information about our customers (including Contact, Identity, and Transaction Data) for six years after they cease being customers for tax purposes.
As ADMA TranS4MErs is an EU funded project there is a requirement to retain data for 5 years after the end of the project (end date - 30th September 2024), and possibly longer if audits are required by the European Commission.
If you have any queries about our retention periods you can contact us on TranS4MErs@imr.ie.
Third Parties and Disclosures of your Personal Data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below.
ADMA TranS4MErs has contracts in place and carry out due diligence in regards to our suppliers and relevant third parties.
We will not send your personal data in an identifiable manner to any other third party than the ones mentioned below without your explicit consent to do so. However, we may send anonymised data to other organisations that may use those data for improving our activities or services.
Third Parties we may disclose your data to
- The European Commission
- Competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies who we may be legally obliged to share your personal data with.
- Service providers acting as processors based in Ireland, Europe and worldwide who provide development, IT, and system administration services.
- Technical providers who are other entities that interact with us in connection with the services we provide.
- Professional advisers acting as processors, controllers or joint controllers including lawyers, bankers, auditors and insurers based in Ireland and EU who provide consultancy, banking, legal, insurance and accounting services.
- Regulators and other authorities as processors, controllers or joint controllers based in Ireland and EU who require reporting of processing activities in certain circumstances.
International Transfers
ADMA TranS4MErs may transfer your personal data to third parties who process data on our behalf outside the European Economic Area (EEA).
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Security features/data location
If ADMA TranS4MErs have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
ADMA TranS4MErs utilises encryption, access controls and other features to ensure the security of your data.
ADMA TranS4MErs data is stored in the EU. Should ADMA TranS4MErs engage a data processor or controller outside of the UK or EU (subject to adequacy findings) standard contractual clauses and a transfer impact assessment would be carried out.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
ADMA TranS4MErs limits access to your personal data to those employees, contractors and other third parties on a need-to-know basis and under contract. We will only process your personal data for the purposes for which it was collected, and third parties are only permitted to process your data on our instructions.
Information on Consent
By consenting, where this is the appropriate and identified lawful basis for processing, to our processing your Personal Data in line with this Data Protection and Privacy Policy and Notice you are giving us permission to process your Personal Data specifically for the purposes identified.
You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of Personal Data relating to you. If you have any queries relating to withdrawing your consent, please contact our Data Protection Officer using the contact details set out below.
Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
Your Rights
Under certain circumstances, and dependent on legal basis under which your personal data is processed, by law you have the right to:
- Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
- Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
ADMA TranS4MErs may restrict certain subject rights under specific circumstances outlined in Article 25 of the GDPR when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society.
How do you exercise your rights?
We have appointed a Data Protection Officer to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Protection Officer.
If you wish to exercise your rights please contact our Data Protection Officer who will respond to the request within one calendar month.
Our Data Protection Officer can be contacted as follows: TranS4MErs@imr.ie
Your Right to Lodge a Complaint
You as the Data Subject have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue.
As ADMA TranS4MErs is located in Ireland, and since we conduct our data processing here, we are regulated for data protection purposes by the Data Protection Commission.
You can contact the Data Protection Commission:
Website: www.dataprotection.ie
Phone: +353 57 8684800 or +353 (0)761 104 800
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland
Updates
Our practices as described in this Privacy Policy may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis.
You are encouraged to review this Privacy Policy periodically to make sure that you understand how any personal information you provide will be used.
We may also email you in certain circumstances to let you know if and when we update this Privacy Policy to ensure you are informed.
Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your Personal Data in the new manner.
Privacy Statement for the ADMA TranS4MErs xChange Platform
This privacy statement explains the data that we collect, why it is collected, and how you can manage your information on the ADMA TranS4MErs xChange platform.
1. Contact details of the controller
Data is controlled by the ADMA TranS4MErs consortium members, and the project coordinators; Irish Manufacturing Research, Unit A, Aerodrome Business Park, Rathcoole, Co. Dublin. Email: TranS4MErs@imr.ie, phone: +353 (0) 1 5675000
2. Contact details of the data protection officer
The Data Protection Officer can be contacted at TranS4MErs@IMR.ie
3. Data we collect
You provide data to enable you to register on the platform and to create a user profile. To create an account, you provide your name, email address and a password. To complete your profile, you provide information detailed below. The information for your profile enables collaboration between platform users, and delivery of services. Your contact details may be used to send notifications and to allow communication. The cookies we collect are detailed in our Cookies Policy.
If you register as an SME, you provide the company name, VAT number, address, website link, contact details of the person responsible for the application (name, email address, and phone number), company logo, an overview of the company, confirmation that the entity is an enterprise, enterprise type, number of employees, annual ‘turnover’ or ‘balance sheet total’, and you will be asked if the SME acts as a technology adopter and operates in the scope of Advanced Manufacturing. If you take the scan you will answer a number of questions on the seven transformation areas, and will be asked to provide feedback. You will provide information to your TranS4MEr which may be added into your Transformation and Implementation Plan.
If you register as a TranS4MEr, you provide the organisation you work for, address, phone number, collaboration availability (available/unavailable), social media links, headline, bio, relevant experience, spoken languages, education background, consulting experience, other relevant information, indication if you previously were an ADMA advisor and if you are associated to an organisation from a list of organisations in our consortium.
If you register as a Service Provider, you provide the company name, logo, overview, company type, year of establishment, accreditation, address, website link, social media links, year from which training courses have been offered from, total number of trainers, language of training courses, and number of training participants to date. When registering services/tools, you provide the name of the service/tool, logo, overview, link to the service/tool homepage, type of service/tool, whether it is paid for by vouchers or money, application area, format, language of delivery, duration of the service, administration time to deliver the tool/service, delivery effort in hours, charge of the service, whether TranS4MEr assistance is required, the number of services available to SMEs in 2023 and 2024, learner level, expected outcome, accreditation, agenda, and origin of the service/tool.
4. Whom your information may be shared with, if applicable
Your profile will be displayed and searchable within the ADMA TranS4MErs xChange platform. If you request a service, or to connect with a TranS4MEr your information may be shared with the TranS4MEr or service provider. For auditing purposes, your data may be shared with the European Commission.
5. Exercising your data subject rights
Under certain circumstances, and dependent on the legal basis under which your personal data is processed, you can exercise the following rights:
- Right to information
- Right to access information
- Right to rectification of personal data
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right not to be subject to automated decision-making, including profiling
You can review your data on the ADMATranS4MErs xChange platform, or contact us at TranS4MErs@IMR.ie to discuss any concerns.
6. Right to withdraw your consent
In cases where the identified legal basis for processing is consent you will have the right to withdraw consent at any time. You can request that your public profile is removed from the ADMA TranS4MErs xChange platform, although we may retain some data for reporting purposes to the European Commission.
7. How long we keep your data
Data will be retained for 5 years after the end of the project (project end date: 30th September 2024), and possibly longer if audits are required.
8. Technical and organisational measures
ADMATranS4MErs deploys appropriate security measures to safeguard your information against possible misuse or unauthorised access.
Users must create an account to access the ADMA TranS4MErs xChange Platform.
9. Whom to contact if you have queries or complaints.
Please direct any queries and complaints to TranS4MErs@IMR.ie.