Apply by Tuesday July 23rd 6.00 pm
October 2024 Live Online Classes . Now Enrolling . Places Limited !

Privacy Policy GDPR

Who we are

Communications & Management Institute also referred to as ‘CMI’ is a limited company incorporated in Ireland with company registration number 9574264S. Our registered office address is Unit 14A Cashel Business Centre, Cashel road, Dublin 12, Ireland.

Privacy Statement

This is a statement of the practices of CMI (the “Institute”) in connection with the capture of personal data on this website (that is all web pages within the domain name) and the steps taken by the institute to respect your privacy.


“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”)

“Controller” is the individual or the legal person (organisation) who controls and is responsible for the keeping and use of personal information

The ”data controller” decides: what personal information is gathered and going to be kept; and – the use to which the information will be put.

“Processor” is the individual or organisation that holds, or collects and holds, personal data, for another individual or organisation that decides and is responsible for what happens to the data.

“Sub-Processor” is the contractual partner of the Processor, engaged to carry out specific processing activities on behalf of the Controller

Obligations of the Controller
The Controller is responsible for any Personal Data shared and for safeguarding the rights of Data Subjects, including ensuring that the necessary legal requirements are met (e.g. clear and unambiguous consent) . Awarding organisations such as QQI, Athe CIPS and BSC are data controllers.

Obligations of the Processor
The Processor shall process Personal Data only to the extent and in the appropriate way necessary in order to provide its Services to the Controller. Processor should provide the agreed Services in a way that does not violate any legal regulation. The Processor will process the Personal Data entered into the Processors systems as per the documented instructions of the Controller.

CMI is a data processor in respect of the data that we collect from learners on behalf of awarding bodies such as QQI, OTHM, PMI, CIPS, ATHE. This data is essential for the purpose of certifying learners who undertake programmes leading to specific awards from these awarding organisations.

The obligations on CMI as a processor covers the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the data controller. Signed data processing agreements are in place with data controllers such as QQI. In some cases, CMI is also a data controller in regards to personal data which we obtain and retain for our own purposes.


One of the new core principles of data protection is that there must be a legal basis for processing. One such basis is consent from the data subject (the learner). Consent must be freely given, specific, informed and unambiguous. CMI obtains and processes data fairly; Keep for specified, explicit and lawful purpose; Keep it safe and secure; Keep it adequate, relevant and not excessive; Do not retain it for longer than necessary for its purpose.

In advance of presenting a learner for certification, CMI requests your consent to retain your personal data at application time, so that we can forward to the relevant awarding body as required.


GDPR compliance

GDPR covers the processing of personal data in the context of certain electronic communications (including, amongst other things, unsolicited electronic communications made by phone, e-mail, and SMS). Depending on your relationship with CMI, we will be what’s known under the General Data Protection Regulation (EU) (the “GDPR”) as either the “controller” and/or “processor” of the personal data provided by you to CMI. To be compliant, Cmi maintains a record of all categories of processing activities. These records are available to awarding bodies on request.

Where you interact directly with our website, CMI is both the controller and the processor of your data within the meaning of the GDPR. The General Data Protection Regulations 2018 introduced on 25th May 2018, is one single set of data protection rules that applies throughout the EU. It provides you, the ”data subject”, better protection over your personal data. CMI is a data processor and data controller for the most part, except on linked websites which are required to have GDPR compliance in place.

Your personal data can include basic information you provide on CMI’s website/or over the phone such as Personal details like email and phone number.

Your personal data can also include more detailed information you provide on CMI’s website/or over the phone on the course Apply page , such as; Full Name and address, date of birth, PPS number, past qualifications and experience etc.

7.1 Opt-in – Consent


To make an enquiry or application, you (the data subject) must complete data fields such as personal name, email and contact number.

You are asked to explicitly agree to CMI’s Privacy Policy. You are also asked to consent or not to receiving future marketing communications from CMI.

You opt-in to consent to receiving news and course updates in the future. The Opt-in consent is recorded on all relevant data collection points; CMI’s Outlook email, Mailchimp, Sendmode and Method CRM.

The information you provided will be securely stored on a server/computer and will not be sold to any third party. The data collected may be used to contact you for future promotions or offers on academic programmes. In the event of a completed course application, our data will be used exclusively for processing your application, holding results and registration with the appropriate awarding body.  After your programme is completed, your data will be retained indefinitely, unless you request to have your data deleted. See section 7.5.


Data subjects who opt-out of either email or SMS communication will not receive any further marketing communication. An opt-out is non-reversable. Email opt-out is controlled by Mailchimp. SMS opt-out is controlled by sendmode .

The Sendmode website allows data subjects to freely delete their mobile phone number from the opt-out list. Data subjects can also email . Another option is ”Freetext STOP to 50015 to opt-out” of SMS texts from Sendmode.

7.1.1 Cookies consent

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website. See our Cookies Policy for more information

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

You consent to our cookies if you continue to use our website and/or click the cookie consent pop up box and applies to the following domains:

Types of cookies

We use Cookiebot by Usercentrics to provide us the code to give you allow cookies options when you arrive at our website for the first time.

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Script tags – online chat –
Script tags on Enquiry / Contact boxes – Method-Crm
Script tags on page –

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Script tags – Google Analytics, Facebook, You tube,

Preference cookies
 enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously

You have the option to OPT OUT of Preferences, Statistics and Marketing cookies on our site.


7.2 External Services used by CMI

CMI uses external services which are GDPR compliant within the EU.  CMI is not responsible for the content or privacy practices of other websites which may be accessed through the CMI website or linked to the CMI website. It is institute policy to identify clearly, links to external websites and it is your responsibility to satisfy yourself as to the adequacy of the privacy practices of linked sites.

MailChimp is our marketing automation platform. At all times, any marketing communication from CMI through this secure platform will allow you the option to unsubscribe. We acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

Sendmode is our webtext automation platform. At all times, any communication from CMI through this secure platform will allow you the option to unsubscribe. The Opt-out facility explicitly records consent. We acknowledge that the information you provide will be transferred to Sendmode for processing in accordance with their Privacy policy and Terms.

Zendesk is our secure online chat automation platform. Zendesk ensures transparent communication with data subjects regarding the processing of their personal data and ensures data subjects are notified of their rights under the GDPR. Zendesk Chat customers can delete profile information for Chat Agents. We acknowledge that the information you provide will be transferred to Zendesk for processing in accordance with their Master Subscription AgreementPrivacy Policy, and supporting policies . Their registered office address in Ireland is Dartmouth House,1 Grand Parade, Dublin 6, D06 R9X8.

Global Payments 
formerly ”Realex Payments” is our secure online payment platform. Their registered office address is The Observatory 7/11 Sir John Rogerson Quay Dublin 2. We acknowledge that the information you provide will be transferred to Global /Realex Payments for processing in accordance with their Privacy Policy and terms.

Moodle Learning Management System is our secure online learning platform that will store your email and usernameWe acknowledge that the information you provide will be transferred to Moodle to use the platform via a secure server and hosted by Ennovation solutions. See their Privacy policy.

Method CRM is a 
cloud based CRM which stores your data in a safe and secure server. Method CRM maintains the server, which is hosted on a last generation Data Center, which guarantees the maximum reliability and safety to your data. The registered office address of Method Integration
Incorporated, is a corporation, located at 410 Adelaide St W, 3rd Floor, Toronto, Ontario,
M5V 1S8, Canada,. We acknowledge that the information you provide will be held on the Method CRM secure server in accordance with their Privacy Policy and terms.

External awarding bodies accredit many course programmes offered by CMI. Award bodies are also referred to as ‘data controllers’. CMI partner with Awarding bodies such as QQI Quality & Qualifications Ireland, CIPS, Athe, and BSC who require your personal data to process your registration, assessment mark(s) and issue of your final award qualification. We acknowledge that the information you provide to CMI as data processor will be transferred to the relevant awarding body and held on a secure server in accordance with their Privacy Policy and terms.

Google is an online search engine and state they are GDPR compliant. CMI’s google account
collects information about views and interactions with ads so that Google can provide aggregated reports to an advertiser like CMI. Their search engine collects unique identifiers, browser type and settings, device type and settings, operating system, mobile information, IP address, system activity, and the date, time and referral URL’s . See the Google privacy policy stating compliance.

Facebook is a social media platform. CMI’s Facebook advertising account  provides CMI with insight relating to their website visitors. They collect information about views and interactions with ads so that Facebook can provide aggregated reports to an advertiser like CMI. See Facebook privacy policy.

Reviews on my website
The collection of personal reviews and ratings are stored on CMI’s website review page. Reviews on my website collects your review and collates on CMI’s dedicated review page. See their privacy policy.


Referal websites
CMI uses referral websites which list our course programmes and allow you to insert your contact details. These sites collect your information and send your enquiry details to CMI. It is your responsibility to satisfy yourself as to the adequacy of the privacy practices of these linked sites.


Survey Monkey
CMI uses a survey website to collect surveys from learners during and post their time of study. Survey monkey collects your review data and all of this information is anonymous unless you decide to share your name only. See their privacy policy.

GDPR requirements

The following table summarises the rules that apply from the Data Protection Commission in Ireland.

 Postal MarketingText/Email MarketingPhone Marketing to LandlinesPhone Marketing to Mobile Phones
Individual CustomerOpt-Out**Opt-0ut** (provided similar product or service)Opt-Out**Opt-Out**
Individual Non-CustomerOpt-Out**Opt-In*Opt-In* if on NDD,
Opt-Out** otherwise
Business Contacts (Customer & Non-Customer)Opt-Out**Opt-Out**Opt-In* if on NDD,
Opt-Out** otherwise

*Opt-in means CMI will only market an individual where you have given explicit consent to do so.

**Opt-out means that CMI can market an individual provided you have previously given them the option not to receive such marketing and they have not availed of this option.

The NDD Rules

NDD –  is the National Directory Database. The NDD Opt-Out Register gives added responsibilities to telemarketers and rights to telephone subscribers. All subscribers now have the right to get their preference not to receive marketing calls recorded in the NDD.

It is an offence for a marketer to call you on your mobile phone for marketing purposes unless you have consented to the receipt of such calls on your mobile phone. Telemarketers are obliged to check the NDD before making such calls.

Existing customers
If CMI has obtained phone details from a customer and that customer has not informed CMI that he/she does not want to receive marketing calls, then CMI is not in contravention of Regulation 13 of SI 336 of 2011. CMI can contact existing customers irrespective of any preference recorded in the NDD. Similarly, if a competition promoted a particular product/brand/service, it may be possible to contact entrants about that product/brand/service without having to consult the NDD. For all Electronic Marketing Communications, an option to unsubscribe is included.In general, telephone contact details obtained in the course of an ongoing commercial relationship with CMI can be used in the context of that relationship irrespective of any preference recorded in the NDD.

7.3 General statement

CMI fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the institute. CMI will not collect any personal information about you on this website without your permission, except as may be required or permitted by law. Any personal information which you volunteer to the institute will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulations, May 2018.

7.4  Collection and use of personal information
Data collected from CMI website enquiry boxes, call back and application forms, is only valid for 12 months from the original date of consent. This period can be continually extended and consent to be marketed can be assumed based on enquirers and customers not choosing the unsubscription /opt-out. This is only assumed for as long as there is an unsubscription option.

Any information which you provide in enrollment is not made available to any third parties, and is used by CMI only in accordance with the purpose for which you provided the information and will only be retained for as long as required for the stated purpose. If you have any specific queries about the purpose for which your information is to be used, you should contact CMI before submitting the information.

Once you apply online for a course your data is processed and as a student you are now subject to CMI data privacy rules. The institute retains and holds your personal data aswell as results, awards issued indefinitely. This information maybe requested at a later date by you (the data subject), in which case the relevant data can be sent to you.

Data processed by Quality and Qualifications Ireland (QQI) for the purposes of certification


(a) The following information is the information that shall be processed by Quality and Qualifications Ireland, in the public interest and, in accordance with Section 9, and all relevant sections, of the Qualifications and Quality Assurance (Education and Training) Act 2012, in relation to CMI and our learners.

(i) Data collected in relation to learners to whom Quality and Qualifications Ireland (QQI) makes awards

PPS number
Access ID Number
Date of birth
First name(s)
Family name(s)
Programme name
Programme code
Award name
Award code
Result for award (as appropriate)
Grade for award (as appropriate)
County Eircode
Fee status- Exempt/Not Exempt

The above data collected enables QQI to make awards to learners through CMI who undertake programmes validated by QQI.

PPSN Number: QQI uses your PPSN as a unique identifier.  It allows all your achievements to be kept within one record on the QQI certification system.   Your name is recorded because it is printed on your certificate.   Your date of birth is used for statistical purposes.  It can also help to trace your records on the certification system,  especially if you were certified by any of QQI’s legacy bodies (HETAC, FETAC, NCVA, NCEA).  PPSNs were not used prior to 2005. QQI needs information from CMI about the course you are on, the award you hope to achieve and the results/grades you have achieved. See further information in relation to QQI GDPR—my-data/

How long does QQI hold information about my award?

As an awarding body, QQI has a national responsibility to keep all records indefinitely.  Many award holders contact QQI for verification of their qualifications, for a variety of reasons e.g.

– commencing new employment
– newly introduced regulations that require specific qualifications e.g. Childcare
– proof of qualification to access a college programme
– qualification evaluation for residency in other countries.

As QQI holds records for its legacy awarding bodies HETAC, FETAC, NCVA and NCEA, this service can be provided to a wide range of award holders, dating back to the 1970s.

How are my records stored?

When you complete a course, in the event of QQI awards only, CMI submits your data to QQI, using their secure certification system. Historical records are held on another of QQI’s secure databases or, on paper files.

Bodies with whom QQI may share information
The Department of Education and Skills
The Department of Justice and Equality
The Department of Employment Affairs and Social Protection
The Department of Public Expenditure and Reform
The Higher Education Authority
The Department of Foreign Affairs
SUSI (part of the City of Dublin Education and Training Board)
Education and Training Boards
The Central Statistics Office
The Central Applications Office
Irish Council for International Students (ICOS)
Education in Ireland (part of Enterprise Ireland)
Relevant providers and linked providers as defined in the Qualifications and Quality Assurance (Education and Training) Act 2012

Consent Form for data required by Awarding organisations for the purpose of Certifying Learners

At the time of online enrolment with CMI, you are required to consent to the following:

I accept CMI’s privacy policy and understand that for an award to be issued, I’m required to submit my personal information to CMI for onward submission of that data to the awarding body. This data will be retained for the purpose of verification of my award, to employers, other colleges or myself. I also understand that my personal address may be forwarded to a courier company where textbooks form part of the qualification*

7.5 Deletion of Personal Data
After your course of study, in the event, you require your data to be deleted from our server, please contact the Information Compliance Officer at CMI, see section 7.8. All of your personal account details will be deleted from your account.

7.6 Collection and use of technical information
Information on internet traffic is collected routinely by CMI and also at other points along the route in the internet. It is not used to gather identifiable personal information on individual website visitors, except in so far as this is permitted by law and may be necessary in order to prevent or detect problems or offences in relation to the operation of the website.

7.7 Your Right to Access

Pursuant to Article 15 of the General Data Protection Regulations Act 2018 , you have a right to obtain a copy, of any information relating to you kept on computer with CMI. All you need to do is write to CMI and request, under the GDPR, a copy of the personal data it holds in relation to you.

Your request could read as follows:


I wish to make an access request under Article 15 of the General Data Protection Regulation (GDPR) for a copy of any information you keep about me, on computer or in manual form in relation to…

(Please be as specific as possible in relation to the personal data you wish to access).


CMI may ask you to provide evidence of your identity. This is to make sure that personal information is not given to the wrong person.


CMI will respond to your access request within 30 days of receiving the request (and may be sooner). In certain limited circumstances, the one month period may be extended by two months (taking into account the complexity of the request and the number of requests). Where CMI extends the period for replying to your request, we will inform you of any extension, and the reason(s) for the delay in responding, within one month of receiving the request.

There is no fee initially payable by you to make an access request . However, where CMI believes a request is manifestly unfounded or excessive (for example where an individual makes repeated unnecessary access requests), CMI may either charge a fee taking into account its administrative costs in dealing with the request(s), or refuse to act on the request(s).

CMI is exempted from providing the requestor with personal data relating to a third party.

7.8 Data Protection officer

Any queries on CMI’s GDPR compliance , please email or write to :

Information Compliance Officer

Information Compliance Officer,
Communications & Management Institute
Unit 14A
Cashel Business Centre,
Cashel Road,
Dublin 12

T: 01 4927070

7.8 Reporting Data Breaches

Any data breaches, please contact the above mentioned and the DPC Data Protection commissioner within 72 hours of alleged breach.

7.9 Privacy policy updates
This Privacy statement should not be construed as a contractual undertaking. CMI reserves the right to review and amend this statement at any time without notice and you should therefore re-visit this webpage from time to time

Find Your Course Today

Get in Touch

Graham Moore