Website Privacy Statement

Introduction

This website www.ccpc.ie (the “Website”) is operated by the Competition and Consumer Protection Commission (the “CCPC”). This Privacy Statement provides guidance and information to users/visitors of our Website regarding the processing of personal data by the CCPC. Personal data means information that identifies you or could identify you. It does not include data where the identity has been removed (i.e. anonymous data).

The CCPC (“us“, “we” or “our“) is committed to protecting and respecting your privacy. This Privacy Statement together with the Terms and Conditions of use of the Website, Cookie Policy and the documents referred to in them sets out the basis on which any personal data we collect from you or that you provide to us (“Data”) in connection with the Website will be processed by us.

Please read this Privacy Statement and our Cookie Policy carefully to understand our treatment and use of Data.

In this Privacy Statement, references to “you” means the person whose Data we collect, use and process.

We will use your Data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your Data is in compliance with the Data Protection Acts 1988 to 2018 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679 (known as the General Data Protection Regulation or GDPR) and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

Quickly find what your looking for by clicking the links below :
IDENTITY OF THE DATA CONTROLLER

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

WHEN DOES THIS PRIVACY STATEMENT APPLY

ACCEPTANCE OF THIS PRIVACY STATEMENT

INFORMATION WE MAY COLLECT FROM YOU

WHAT WILL THE CCPC USE MY DATA FOR?

DISCLOSURE OF YOUR DATA

TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

HOW IS MY DATA SECURED

STORAGE OF DATA

LINKS TO OTHER WEBSITES

YOUR RIGHTS

YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

CHANGES TO OUR PRIVACY STATEMEMT

CONTACT US

Identity of the data controller

For the purposes of Data Protection Legislation, the Data Controller is the CCPC, an independent statutory body with a dual mandate to enforce competition and consumer protection law in Ireland which has its address at Bloom House, Railway Street, Dublin 1, D01 C576.

Contact details of the data protection officer

The contact details of the CCPC’s Data Protection Officer are as follows:

Email Address: dataprotection@ccpc.ieAddress: Bloom House, Railway Street, Dublin 1, D01 C576.

When does the privacy statement apply

This Privacy Statement applies to Data that we collect, use and otherwise process about you in connection with your use of our Website. The Data we process will depend on how you use our Website.

Acceptance of this privacy statement

By using this Website and by disclosing your Data to us, you understand that your Data will be processed by us as described in this Privacy Statement.

In the event you have any concerns about this Privacy Statement, please contact us by email addressed to dataprotection@ccpc.ie and/or by post to Data Protection Officer, Competition and Consumer Protection Commission, Bloom House, Railway Street, Dublin 1, D01 C576.

Information we may collect from you

The Data we process about you broadly falls into five main categories: Contact Information;

Information provided voluntarily by using the subscription form on our Website to subscribe to our consumer newsletter;

Information provided voluntarily by signing up to receive email alerts about CCPC news and the latest information about mergers;

Information provided voluntarily by completing a contact form on our Website; and

Information collected by the cookies used on our Website. When you first visit our sites using a new browser, or if you visit in private browsing mode, we will provide you with a cookies permission banner seeking your consent to the use of certain cookies as required by law. If you give us consent to use cookies, that consent will last for 6 months from the date you last provided your consent to us.  From this banner you will be able to access our cookies management tool. By selecting your cookie preference, we will start to manage your visit using the cookies selected.

We collect your Data from limited sources. The table below sets out the different types of Data that we collect and the sources we collect it from. Please note that if you do not provide us with your contact information we will not be able to provide you with any information you request.

The Data we collect from you or through our Website helps us to manage our relationship with you, but also to comply with our legal obligations or for the conduct of our statutory functions. The Data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties, (see “Sharing of Data” section below).

For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

Category Type of Data Purpose of processing Basis of processing
Contact Information Name, email address and telephone number (if you have provided this information to us), the time, date and details of your visit to our Website, service usage data, device number, source and destination of IP addresses, location based data and the resources you access on our website and any other information that you may provide by filling in forms on our website. Calls to our consumer helpline are recorded for training purposes. This information is processed to enable the CCPC to: (i) deal with and respond to your request, query or complaint, (ii) ensure compliance with the CCPC’s legal obligations and corporate governance requirements, and (iii) perform its statutory functions and activities. Consent, where the personal data relates to the person supplying it to the CCPC and has been supplied to the CCPC voluntarily.

In relation to other personal data (e.g. personal data relating to a third party and/or personal data which is supplied as a result of the exercise of the CCPC’s statutory powers), processing is necessary for the performance of a task carried out by the CCPC in the public interest or in the exercise of official authority vested in the CCPC and/or to comply with legal obligations and our statutory functions, our contract with you, or to take steps for entering into our contract with you.

Subscribing to the consumer newsletter Email address This information is processed to provide individuals with our consumer newsletter, to monitor the performance of our newsletter and to ascertain whether the information that we provide in our newsletter is relevant and useful for consumers.
Subscribing to receive email alerts about CCPC news and the latest information about mergers Email address This information is processed to provide individuals with CCPC news and merger information.
Information provided voluntarily by completing a contact form on our Website Responding to your enquiries.
Cookie ID A cookie ID is the identifier that is included within most cookies when set on a user’s browser. It is a unique ID that allows our website to remember the individual user and your preferences and settings, when you return to our website. In the case of cookies used to store your preferences on the CCPC domain for the duration of the session or for a reasonably short period after, this information is processed as it is necessary for the website to function and/or in response to a request by you for services.

In the case of cookies used where you have consented to that process information, that information is processed to provide the service you have consented to, in accordance with the CCPC Cookie policy.

The basis for the processing are: i)  under the strictly necessary basis where the cookies are necessary for the website to function and cannot be switched off in our systems.; and ii)  your consent for all other cookies. We use a cookie management tool to obtain and record consent.

Please note that if you subscribe to the CCPC consumer newsletter or to receive email alerts about CCPC news or mergers, your email address will be automatically added to the subscriber database on Campaign Monitor, an online email marketing company based in the United States of America which provides services to the CCPC regarding the newsletter and alerts. Campaign Monitor stores personal data in the United States of America and we have a Data Protection Agreement, with the European Union Standard Contractual Clauses in place. If you unsubscribe from our newsletter, your email address will be retained by Campaign Monitor for a maximum period of three months solely in order to ensure you are not contacted again and will be permanently removed from Campaign Monitor’s database after this period.

What will the CCPC use my data for?

We collect and process information about you for the purposes of complying with our legal duties and for other legitimate purposes. We may use your Data to:

  • Send our consumer newsletter (if you have subscribed to receive the newsletter)
  • Issue email alerts about CCPC news and the latest information about mergers (if you have signed up to receive these alerts)
  • Ensure that content from our website is presented in the most effective, responsive and compatible manner for you and for your computer or device;
  • Respond to your requests for information and other communication or correspondence you may submit to us;
  • Improve the services that we provide to you;
  • Provide you with the information or services that you request from us;
  • Carry out statistical analysis;
  • Allow you to participate in interactive features of our website, when you choose to do so;
  • Carry out activities necessary to the running of the CCPC, including systems testing, network monitoring, staff training and quality control;
  • Notify you about changes to our website, services or policies; and
  • Fulfilling our statutory functions and legal obligations.

For more information on our use of cookies, please see our Cookies Policy.

Disclosure for your data

Service Providers

We use third party service providers who work for us in the provision of our services. For example, the CCPC uses a Customer Relationship Management tool licensed to the CCPC by Microsoft to track and record all consumer contacts and certain other public contacts with the CCPC. In providing the services, your Data will, where applicable, be processed by the service provider on our behalf.

We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your Data. We will have written contracts with them which provide assurances regarding the protections that they will give to your Data and their compliance with our data security standards and international transfer restrictions.

Disclosures to Third Parties

In certain circumstances, we may share and/or are obliged to share your Data with third parties for the purposes described above and in accordance with Data Protection Legislation.

These third parties include:

  • regulatory authorities;
  • financial institutions;
  • auditors;
  • external professional advisors;
  • others, where it is permitted by law, or where we have your consent; and
  • any other bodies as set out in section 24(1) of the Competition and Consumer Protection Act 2014.

These organisations will also use your Data as a “Data Controller” – they will have their own privacy notices, and they have their own responsibilities to comply with applicable Data Protection Legislation.

We will not disclose your Data without consent unless it is necessary for the performance of our statutory functions or the fulfilment of a legal obligation. For example, when we investigate a complaint we may need to share Data with the other concerned parties. We may also access and/or disclose your Data if such action is necessary to: (a) conform with the law or comply with legal process served on us; (b) protect and defend our rights or property including, without limitation, the security and integrity of our network and systems; or (c) act under exigent circumstances to protect the personal safety of users of our services or members of the public. The CCPC understands the need for maintaining confidentiality and will, where possible, take appropriate action to protect your Data including your identity.

We may also disclose your Data to complete or answer a request or query that you have submitted to the CCPC.

Transfers outside the European Economic Area

Your Data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), for example, when one of our service providers is based, or uses employees or equipment based, outside the EEA. For transfers of your Data to third parties outside of the EEA, we take additional steps in line with Data Protection Legislation.

We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, for example in certain instances we will establish an adequate level of protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.

If you would like to see a copy of any relevant provisions, please contact the CCPC’s Data Protection Officer (see “Contact Us” section below).

How is my data secured?

The security and confidentiality of your Data is extremely important to us. The CCPC operate and use appropriate technical and physical security measures to protect your Data.

We have in particular taken appropriate security measures to protect your Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your Data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.

However, please note that, as no data transmission over the Internet can be guaranteed as 100% secure, we cannot ensure or warrant the security of any information that you transmit to us and you transfer your Data at your own risk. We endeavour to use and keep under review appropriate technical, security and organizational measures (including staff training and awareness).

Storage of data

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some Data is held for longer than other information. The criteria we use to determine data retention periods for Data includes the following:

Retention in case of queries and complaints; we will retain it for a reasonable period after the query or complaint has been resolved or, if a formal investigation is opened by the CCPC in respect of the query or complaint, for a reasonable period after the conclusion of such investigation and/or any subsequent related legal proceedings;

Retention in case of investigations; we will retain it for a reasonable period after the conclusion of the investigation and/or any subsequent related legal proceedings;

Retention in case of reviews of mergers and acquisitions; we will retain it for a reasonable period after the CCPC issues its determination in relation to the merger or acquisition or, if the CCPC’s decision is challenged, for a reasonable period after the conclusion of any subsequent related legal proceedings; and

Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after the periods described in 11.1.1 to 11.1.3 above because of a legal or regulatory requirement (e.g. as set out in the National Archives Act 1986, as amended).

If you would like further information about our data retention practices, please contact the CCPC’s Data Protection Officer (see the “Contact Us” section below).

Links to other websites

Our Website may, from time to time, contain links to and from other websites and web platforms. In addition, third parties’ websites may also provide links to our website. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Data to those websites.

We do not accept, and we disclaim, any responsibility for the privacy statements and information protection practices of any third-party website (whether or not such website is linked on or to our website). These links are provided to you for convenience purposes only, and you access them at your own risk. It is your responsibility to check the third-party website’s privacy statement before you submit any Data to their website.

Your rights

You have a number of rights in relation to your Data, which may be subject to certain limitations and restrictions. These rights are to:

Your right What  does it mean? How do I execute this right? Conditions          to exercise?
Right of access Subject to certain conditions and restrictions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”). Requests for such information should be made in writing to dataprotection@ccpc.ie. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not adversely affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other individuals and/or businesses.
Right of data portability Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format. Requests should be made in writing to dataprotection@ccpc.ie. If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations. The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on a contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Therefore, it does not, as a rule, apply to personal data that was created by the CCPC or supplied to the CCPC by any other individual and/or business.
Rights in relation to inaccurate personal or incomplete data You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details.

Requests should be made in writing to dataprotection@ccpc.ie.

This right only applies to your own personal data. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data. Requests should be made in writing to dataprotection@ccpc.ie. This right applies only if the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the CCPC (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can consider whether there are still lawful grounds for us to process your personal data.
Right to have personal data erased Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful. Requests should be made in writing to dataprotection@ccpc.ie. There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of bringing legal proceedings (including any legal proceedings relating to an investigation conducted by the CCPC which are not brought directly by the CCPC) or defending legal proceedings, or (iii) where retention periods apply by law or under the CCPC’s internal data retention policies.
Right to withdrawal You have the right
to withdraw your
consent to any
processing for which
you have previously
given that consent.
Requests should be
made in writing to
dataprotection@ccpc.ie.
If you withdraw your consent, this will not affect the lawfulness of processing based on consent before its withdrawal.

Your right to lodge a complaint with a supervisory authority

If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below.

You also have a right to complain to the Data Protection Commission by post at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, or by using the webform available on the website www.dataprotection.ie.

Changes to our privacy statement

We reserve the right to change this Privacy Statement at any time at our sole discretion. If we make changes, we will post these changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our website after we post any such changes, you accept and agree to this Privacy Statement as modified.

Contact us

Questions, comments and requests regarding this Privacy Statement and the information we hold are welcome and should be addressed to dataprotection@ccpc.ie or alternatively you can write to us at Data Protection Officer, Competition and Consumer Protection Commission, Bloom House, Railway Street, Dublin 1, D01 C576.