Part -Time Evening Professional Programmes Starting from October  2018
Limited Places  . Apply by Monday August 27th 5.00 pm 

Privacy Policy GDPR

Everything you need to know about our Privacy Policy and GDPR compliance
t&c

7.0 Privacy Policy GDPR Compliance

Who we are

Communications & Management Institute also referred to as 'CMI' is a limited company incorporated in Ireland with company registration number 9574264S. Our registered office address is Unit 14A Cashel Business Centre, Cashel road, Dublin 12, Ireland.

Privacy Statement

This is a statement of the practices of CMI (the "Institute") in connection with the capture of personal data on this website (that is all web pages within the domain name) and the steps taken by the institute to respect your privacy. 

Definitions

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”)

“Controller” is the individual or the legal person (organisation) who controls and is responsible for the keeping and use of personal information

The ''data controller'' decides: what personal information is gathered and going to be kept; and - the use to which the information will be put. 

“Processor” is the individual or organisation that holds, or collects and holds, personal data, for another individual or organisation that decides and is responsible for what happens to the data. 

“Sub-Processor” is the contractual partner of the Processor, engaged to carry out specific processing activities on behalf of the Controller

Obligations of the Controller
The Controller is responsible for any Personal Data shared and for safeguarding the rights of Data Subjects, including ensuring that the necessary legal requirements are met (e.g. clear and unambiguous consent) . Awarding organisations such as QQI, Athe CIPS and BSC are data controllers.

Obligations of the Processor
The Processor shall process Personal Data only to the extent and in the appropriate way necessary in order to provide its Services to the Controller. Processor should provide the agreed Services in a way that does not violate any legal regulation. The Processor will process the Personal Data entered into the Processors systems as per the documented instructions of the Controller. 

CMI is a data processor in respect of the data that we collect from learners on behalf of awarding bodies such as QQI, Athe, BSC, CIPS. This data is essential for the purpose of certifying learners who undertake programmes leading to specific awards from these awarding organisations.

The obligations on CMI as a processor covers the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the data controller. Signed data processing agreements are in place with data controllers such as QQI. In some cases, CMI is also a data controller in regards to personal data which we obtain and retain for our own purposes. 

One of the new core principles of data protection is that there must be a legal basis for processing. One such basis is consent from the data subject (the learner). Consent must be freely given, specific, informed and unambiguous. CMI obtains and processes data fairly; Keep for specified, explicit and lawful purpose; Keep it safe and secure; Keep it adequate, relevant and not excessive; Do not retain it for longer than necessary for its purpose. 

In advance of presenting a learner for certification, CMI requests your consent to retain your personal data at application time, so that we can forward to the relevant awarding body as required.

GDPR compliance

GDPR covers the processing of personal data in the context of certain electronic communications (including, amongst other things, unsolicited electronic communications made by phone, e-mail, and SMS). Depending on your relationship with CMI, we will be what’s known under the General Data Protection Regulation (EU) (the “GDPR”) as either the “controller” and/or “processor” of the personal data provided by you to CMI. To be compliant, Cmi maintains a record of all categories of processing activities. These records are available to awarding bodies on request.

Where you interact directly with our website, CMI is both the controller and the processor of your data within the meaning of the GDPR. The General Data Protection Regulations 2018 introduced on 25th May 2018, is one single set of data protection rules that applies throughout the EU. It provides you, the ''data subject'', better protection over your personal data. CMI is a data processor and data controller for the most part, except on linked websites which are required to have GDPR compliance in place.

Your personal data can include basic information you provide on CMI's website/or over the phone such as Personal details like email and phone number.

Your personal data can also include more detailed information you provide on CMI's website/or over the phone on the course Apply page , such as; Full Name and address, date of birth, PPS number, past qualifications and experience etc.

7.1 Opt-in - Consent

To make an enquiry or application, you (the data subject) must complete data fields such as personal name, email and contact number.

You are asked to explicitly agree to CMI's Privacy Policy. You are also asked to consent or not to receiving future marketing communications from CMI.  

You opt-in to consent to receiving news and course updates in the future. The Opt-in consent is recorded on all relevant data collection points; CMI's Outlook email, Mailchimp, Sendmode and aGora CRM.

The information you provided will be securely stored on a server/computer and will not be sold to any third party. The data collected may be used to contact you for future promotions or offers on academic programmes. In the event of a completed course application, our data will be used exclusively for processing your application, holding results and registration with the appropriate awarding body.  After your programme is completed, your data will be retained indefinitely, unless you request to have your data deleted. See section 7.5.

Opt-out

Data subjects who opt-out of either email or SMS communication will not receive any further marketing communication. An opt-out is non-reversable. Email opt-out is controlled by Mailchimp. SMS opt-out is controlled by sendmode .

The Sendmode website stoptxt.net allows data subjects to freely delete their mobile phone number from the opt-out list. Data subjects can also email optout@stoptxt.net . Another option is ''Freetext STOP to 50015 to opt-out'' of SMS texts from Sendmode.

7.2 External Services used by CMI

CMI uses external services which are GDPR compliant within the EU.  CMI is not responsible for the content or privacy practices of other websites which may be accessed through the CMI website or linked to the CMI website. It is institute policy to identify clearly, links to external websites and it is your responsibility to satisfy yourself as to the adequacy of the privacy practices of linked sites.

MailChimp is our marketing automation platform. At all times, any marketing communication from CMI through this secure platform will allow you the option to unsubscribe. We acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

Sendmode is our webtext automation platform. At all times, any communication from CMI through this secure platform will allow you the option to unsubscribe. The Opt-out facility explicitly records consent. We acknowledge that the information you provide will be transferred to Sendmode for processing in accordance with their Privacy policy and Terms.

Zendesk is our secure online chat automation platform. Zendesk ensures transparent communication with data subjects regarding the processing of their personal data and ensures data subjects are notified of their rights under the GDPR. Zendesk Chat customers can delete profile information for Chat Agents. We acknowledge that the information you provide will be transferred to Zendesk for processing in accordance with their Master Subscription AgreementPrivacy Policy, and supporting policies . Their registered office address in Ireland is Dartmouth House,1 Grand Parade, Dublin 6, D06 R9X8.


Global Payments
formerly ''Realex Payments'' is our secure online payment platform. Their registered office address is The Observatory 7/11 Sir John Rogerson Quay Dublin 2. We acknowledge that the information you provide will be transferred to Global /Realex Payments for processing in accordance with their Privacy Policy and terms.

Moodle Learning Management System is our secure online learning platform that will store your email and usernameWe acknowledge that the information you provide will be transferred to Moodle to use the platform via a secure server and hosted by Ennovation solutions. See their Privacy policy.
 
aGora erp
our cloud based CRM stores your data in a safe and secure server. aGora maintains the server, which is hosted on a last generation Data Center, which guarantees the maximum reliability and safety to your data. Their registered office address is aGora, Avda Espronceda, 6A Entlo Castellón, Spain. We acknowledge that the information you provide will be held on the aGora CRM secure server in accordance with their Privacy Policy and terms.

External awarding bodies accredit many course programmes offered by CMI. Award bodies are also referred to as 'data controllers'. CMI partner with Awarding bodies such as QQI Quality & Qualifications Ireland, CIPS, Athe, and BSC who require your personal data to process your registration, assessment mark(s) and issue of your final award qualification. We acknowledge that the information you provide to CMI as data processor will be transferred to the relevant awarding body and held on a secure server in accordance with their Privacy Policy and terms.

Google is an online search engine and state they are GDPR compliant. CMI's google account
collects information about views and interactions with ads so that Google can provide aggregated reports to an advertiser like CMI. Their search engine collects unique identifiers, browser type and settings, device type and settings, operating system, mobile information, IP address, system activity, and the date, time and referral URL's . See the Google privacy policy stating compliance.

Facebook is a social media platform. CMI's Facebook advertising account  provides CMI with insight relating to their website visitors. They collect information about views and interactions with ads so that Facebook can provide aggregated reports to an advertiser like CMI. See Facebook privacy policy.

Reviews on my website
The collection of personal reviews and ratings are stored on CMI's website review page. Reviews on my website collects your review and collates on CMI's dedicated review page. See their privacy policy.

Referal websites
CMI uses referral websites which list our course programmes and allow you to insert your contact details. These sites collect your information and send your enquiry details to CMI. It is your responsibility to satisfy yourself as to the adequacy of the privacy practices of these linked sites.

Survey Monkey
CMI uses a survey website to collect surveys from learners during and post their time of study. Survey monkey collects your review data and all of this information is anonymous unless you decide to share your name only. See their privacy policy.

Lead
forensics is a B2B marketing tool which provides CMI with insight relating to their website visitors and visitors on specific course pages. A small IP tracking code is placed on CMI's individual website pages which identifies the business IP addresses of website visitors. Lead Forensics collects Business related data which provides web traffic trends to CMI and this is not applicable under GDPR. Their system however offers an additional optional contact data feature, which provides personal data, which is limited to first name, last name, LinkedIN profile URL, and email address. This is leveraged under the lawful basis of ‘Legitimate Interests’. 

Should you wish to withdraw from Lead Forensics processing your personal data for use by the Lead Forensics software, please email: data-compliance@leadforensics.com
Or by writing to: Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, UK.

All requests are processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by the Lead Forensics software in future. Please note that this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR. For further information, see their Software data compliance terms


GDPR requirements

The following table summarises the rules that apply from the Data Protection Commission in Ireland. 

 

Postal Marketing

Text/Email Marketing

Phone Marketing to Landlines

Phone Marketing to Mobile Phones

Individual Customer

Opt-Out**

Opt-0ut** (provided similar product or service)

Opt-Out**

Opt-Out**

Individual Non-Customer

Opt-Out**

Opt-In*

Opt-In* if on NDD,
Opt-Out** otherwise

Opt-In*

Business Contacts (Customer & Non-Customer)

Opt-Out**

Opt-Out**

Opt-In* if on NDD,
Opt-Out** otherwise

Opt-In*

 

 

 

 

 

 

 

 

 

 

   *Opt-in means CMI will only market an individual where you have given explicit consent to do so. 

**Opt-out means that CMI can market an individual provided you have previously given them the option not to receive such marketing and they have not availed of this option.

The NDD Rules

NDD -  is the National Directory Database. The NDD Opt-Out Register gives added responsibilities to telemarketers and rights to telephone subscribers. All subscribers now have the right to get their preference not to receive marketing calls recorded in the NDD.

It is an offence for a marketer to call you on your mobile phone for marketing purposes unless you have consented to the receipt of such calls on your mobile phone. Telemarketers are obliged to check the NDD before making such calls.

Existing customers
If CMI has obtained phone details from a customer and that customer has not informed CMI that he/she does not want to receive marketing calls, then CMI is not in contravention of Regulation 13 of SI 336 of 2011. CMI can contact existing customers irrespective of any preference recorded in the NDD. Similarly, if a competition promoted a particular product/brand/service, it may be possible to contact entrants about that product/brand/service without having to consult the NDD. For all Electronic Marketing Communications, an option to unsubscribe is included.In general, telephone contact details obtained in the course of an ongoing commercial relationship with CMI can be used in the context of that relationship irrespective of any preference recorded in the NDD.

7.3 General statement

CMI fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the institute. CMI will not collect any personal information about you on this website without your permission, except as may be required or permitted by law. Any personal information which you volunteer to the institute will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulations, May 2018.

7.4  Collection and use of personal information
Data collected from CMI website enquiry boxes, call back and application forms, is only valid for 12 months from the original date of consent. This period can be continually extended and consent to be marketed can be assumed based on enquirers and customers not choosing the unsubscription /opt-out. This is only assumed for as long as there is an unsubscription option.

Any information which you provide in enrollment is not made available to any third parties, and is used by CMI only in accordance with the purpose for which you provided the information and will only be retained for as long as required for the stated purpose. If you have any specific queries about the purpose for which your information is to be used, you should contact CMI before submitting the information. 

Once you apply online for a course your data is processed and as a student you are now subject to CMI data privacy rules. The institute retains and holds your personal data aswell as results, awards issued indefinitely. This information maybe requested at a later date by you (the data subject), in which case the relevant data can be sent to you.

Data processed by Quality and Qualifications Ireland (QQI) for the purposes of certification

(
a) The following information is the information that shall be processed by Quality and Qualifications Ireland, in the public interest and, in accordance with Section 9, and all relevant sections, of the Qualifications and Quality Assurance (Education and Training) Act 2012, in relation to CMI and our learners. 

(i) Data collected in relation to learners to whom Quality and Qualifications Ireland (QQI) makes awards

PPS number
Access ID Number
Gender
Date of birth
First name(s)
Family name(s)
Programme name
Programme code
Award name
Award code
Result for award (as appropriate)
Grade for award (as appropriate)
Address
County Eircode
Certification
Fee status- Exempt/Not Exempt

The above data collected enables QQI to make awards to learners through CMI who undertake programmes validated by QQI.

Bodies with whom QQI may share information
The Department of Education and Skills
The Department of Justice and Equality
The Department of Employment Affairs and Social Protection
The Department of Public Expenditure and Reform
The Higher Education Authority
The Department of Foreign Affairs
SUSI (part of the City of Dublin Education and Training Board)
Education and Training Boards
The Central Statistics Office
SOLAS
Revenue
The Central Applications Office
Irish Council for International Students (ICOS)
Education in Ireland (part of Enterprise Ireland)
Relevant providers and linked providers as defined in the Qualifications and Quality Assurance (Education and Training) Act 2012 

Consent Form for data required by Awarding organisations for the purpose of Certifying Learners

At the time of online enrollment, you are required to consent to the following:

I [Name and surname] am undertaking a programme leading to a XXXX award.

I understand that in order for that award to be made, I am required to submit personal information to CMI for onward submission of that information to the specific awarding body.

I understand that the awarding organisation will maintain and retain this data indefinitely for the purpose of verification and confirmation of my award, for example to employers, to other training providers and to myself. There may be circumstances where I give permission to have this information shared, for example with CAO.

Signed: (Name)
Date:


7.5 Deletion of Personal Data
After your course of study, in the event, you require your data to be deleted from our server, please contact the Information Compliance Officer at CMI, see section 7.8. Your personal account details will be deleted from your account.

7.6 Collection and use of technical information
Information on internet traffic is collected routinely by CMI and also at other points along the route in the internet. It is not used to gather identifiable personal information on individual website visitors, except in so far as this is permitted by law and may be necessary in order to prevent or detect problems or offences in relation to the operation of the website.

7.7 Your Right to Access

Pursuant to Article 15 of the General Data Protection Regulations Act 2018 , you have a right to obtain a copy, of any information relating to you kept on computer with CMI. All you need to do is write to CMI and request, under the GDPR, a copy of the personal data it holds in relation to you.

Your request could read as follows:

Dear 
...
I wish to make an access request under Article 15 of the General Data Protection Regulation (GDPR) for a copy of any information you keep about me, on computer or in manual form in relation to...

(Please be as specific as possible in relation to the personal data you wish to access).

CMI may ask you to provide evidence of your identity. This is to make sure that personal information is not given to the wrong person.

CMI will respond to your access request within 30 days of receiving the request (and may be sooner). In certain limited circumstances, the one month period may be extended by two months (taking into account the complexity of the request and the number of requests). Where CMI extends the period for replying to your request, we will inform you of any extension, and the reason(s) for the delay in responding, within one month of receiving the request.

There is no fee initially payable by you to make an access request . However, where CMI believes a request is manifestly unfounded or excessive (for example where an individual makes repeated unnecessary access requests), CMI may either charge a fee taking into account its administrative costs in dealing with the request(s), or refuse to act on the request(s). 

CMI is exempted from providing the requestor with personal data relating to a third party.

7.8 Data Protection officer

Any queries on CMI's GDPR compliance , please email or write to :

Information Compliance Officer
admin@cmi-ireland.com 

Information Compliance Officer,
Communications & Management Institute
Unit 14A
Cashel Business Centre,
Cashel Road, 
Dublin 12 

T: 01 4927070

7.8 Reporting Data Breaches

Any data breaches, please contact the above mentioned and the DPC Data Protection commissioner within 72 hours of alleged breach.

7.9 Privacy policy updates
This Privacy statement should not be construed as a contractual undertaking. CMI reserves the right to review and amend this statement at any time without notice and you should therefore re-visit this webpage from time to time.

Data Protection Commission