Privacy Statement
INTRODUCTION
About this statement and how to read it
The purpose of this document is to provide information to you about the use of your personal data by Horizon Nua Innovation (“Horizon Nua” or “we”). At Horizon Nua we respect your right to privacy and we handle your personal data in accordance with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Data Protection Act 2018 (“the Act”) (together “Data Protection Law”).
This document outlines what personal data we, as data controllers, collect and process in our dealings with you, how and why we process those personal data and what your rights are in respect of your personal data.
The statement has been written to provide you with clear and transparent information in an easy to understand format. To help with this, the statement is split into three sections:
PART A “SPECIFIC INFORMATION”: This contains different sections for each type of individual whose personal data we process, with each section providing information on how we process personal data specifically belonging to that type of individual. So to understand how we process your personal data, go to the section(s) that relates to you.
PART B “GENERAL INFORMATION”: This contains information about processing that is relevant to ALL individuals.
PART C “YOUR RIGHTS”: This contains information about your rights under Data Protection Legislation.
Contact
If you have any questions about our privacy statement, your rights, or how we use your information, please do not hesitate to contact us here at Horizon Nua:
Post: Data Privacy, Horizon Nua, Marley Grange, Rathfarnham, Dublin 16, Ireland
Email: info@horizonnua.eu
Changes to this statement
We will update this Privacy Statement from time to time. Any changes will be made available on our website and, where appropriate, notified to you by written notice or e-mail.
PART A: SPECIFIC PROCESSING INFORMATION
JOB APPLICANTS
Where you have applied for a job with Horizon Nua, this section relates to you.
How we collect your personal data
Information about you, including your personal data, is gathered when you apply for a job with us either directly , via the contact form or indirectly via an employment agency or via an online professional platform website such as LinkedIn. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.
The personal data we use
Horizon Nua will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
IDENTITY DATA, including your
first name, surname, salutation;
date of birth (if included on your CV);
photographic identification, where your photograph is included on your CV;
CONTACT DATA, including your email address, home address, telephone number(s);
PREFERENCES, in respect of the job you are applying for with us;
OCCUPATIONAL, including
the name of your employer, your job title and department;
your employment and education history and any other information contained in a CV provided to us as part of a job application;
STATEMENTS ABOUT YOU, including
references we obtain from your nominated referees as part of a job application;
notes we make in relation to your suitability;
statements made as part of the interview and evaluation process when you apply for a job with us;
The purpose and legal basis for processing your personal data
We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):
Identifying you and processing your job application;
Verifying the information you provided and assessing your suitability for the role;
Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application;
We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.
Who we share your personal data with
Your personal data will be shared to relevant staff within Horizon Nua but also to a limited number of third parties where it is necessary to do so, including:
To your nominated referees;
To third party companies or individuals who may be providing recruitment services to us;
To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers, IT support providers and financial statement auditors;
In case we will enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.
Consequences of not giving your data to us
You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to consider a job application from you and failure to provide this information may result in us not being able to consider you for the position or role.
WEBSITE VISITORS
If you visit any of the websites run by Horizon Nua, namely horizonnua.eu, connectingnature.eu and naturebasedenterprise.eu, then this section applies to you.
Cookies
Cookies are small text files that can be used by websites to make a user's experience more efficient. Our websites use a mixture of necessary and optional cookies. Please see the information in our cookies consent and transparency centres on our websites for more information.
Inbound Communications
You may also choose to provide personal data directly to us by way of contacting us via our “Contact Form” on our websites. The communications via the Contact Form are kept private by being sent directly to our email, which we then use to manage and respond accordingly. The personal data is only shared with the third parties who supply software to enable us to receive, manage and respond to these communications. This inbound communication management is in line with our legitimate interests to run our business.
Our websites are secured by SSL technology, which encrypts all information submitted through our website.
MAILING LIST
When you have subscribed to our newsletter or been added to our mailing list, this section relates to you.
How we collect your personal data
Information about you, including your personal data, is gathered directly from you if you register for a program, sign up to our newsletters or make contact us via our online contact forms You may receive newsletters for events, launches, conferences, meetings, training in the area of social innovation. We organize these events both in-house, with and for other social innovators, research organisations and external agencies.
The personal data we use
We process and use all personal data included in the IRP application process and related correspondence, plus any additional information collected during the IRP. This includes:
IDENTITY DATA, including your first name and surname; organisation and role in organisation
LOCALIZATION DATA: country
CONTACT DATA, being your email address;
The purpose and legal basis for processing your personal data
We only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
Your consent where you have subscribed to the mailing list;
Our legitimate interests to provide relevant communication materials on research and innovation projects we are involved in , to you where you have been added to the mailing list by us (unless you have objected to us using your personal data for this purpose);
To enable us to comply with our legal, statutory and regulatory obligations;
Who we share your personal data with
Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:
To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers (mailing list software), IT support providers and financial statement auditors
Third Parties who partner with us such as: other social innovators, research organizations and external agencies, research institutes, policy makers and implementers to devise innovative solutions.
To statutory, regulatory, government or law enforcement bodies as required by law;
When we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.
Consequences of not giving your data to us
You are not under any obligation to provide your personal data to us. However, please note that without your email address, we will be unable to add you to our mailing list.
CONNECTING NATURE ENTERPRISE PLATFORM USERS
The Connecting Nature Enterprise platform is the world’s biggest community of nature-based enterprises: an online marketplace connecting potential buyers with suppliers of nature-based solutions who can help to design, deliver, manage and monitor NBS.
This platform is a stand-alone innovation developed in the Connecting Nature project.
How we collect your personal data
Information about you, including your personal data, is gathered directly from you if you register to use the platform and participate in events and activities .
The personal data we use
We process and use all personal data included in the IRP application process and related correspondence, plus any additional information collected during the IRP. This includes:
IDENTITY DATA: including your first name and surname;
LOCALIZATION DATA: country
CONTACT DATA: being your email address
The purpose and legal basis for processing your personal data
We only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
Your consent when you register in order to use the platform and participate in events and activities.
Our legitimate interests are to provide relevant and intermittent communications from platform moderators and communities in order to support the growth of platform communities of interest, provide updates on latest research and market demand, to connect market demand with the supply of NBS by organisations and enterprises, and to support the nature-positive economy.
Who we share your personal data with
Your personal data will be shared to a limited number of third parties where it is necessary to do so, including:
To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, software providers (mailing list software), IT support providers and financial statement auditors
To statutory, regulatory, government or law enforcement bodies as required by law;
When we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.
Consequences of not giving your data to us
You are not under any obligation to provide your personal data to us. However, please note that without your email address, we will be unable to connect you with the relevant party.
EVENT ATTENDEES and FEATURED GUESTS (SPEAKERS, PRESENTERS, PANEL GUESTS)
Where you register to attend or exhibit at one of Horizon Nua’s events, this section relates to you.
Where you (“Featured Guest”) are involved in speaking, presenting or being part of a discussion panel at one of Horizon Nua’s events, this section relates to you.
How we collect your personal data
We collect your personal data:
Directly from you. Examples include when you:
Interact directly with us via telephone, email or in person;
Submit inquiries and information via our website, email or social media;
Provide information as part of an event registration or ticket purchase;
From third parties, such as:
Via referral from our consultants or business partners;
The personal data we use
The personal data processed is limited to those necessary to establish a relationship with you and facilitate your attendance at one of our events, including:
IDENTITY DATA, including your first name, surname, business name , photo and/or video imagery;
CONTACT DATA, including your email address, billing address;
OCCUPATIONAL, including the name and sector of the company you represent and any occupational information available in your email signature (e.g. job title);
FINANCIAL, including debit/credit card details used for ticket purchase;
The purpose and legal basis for processing your personal data
We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
For the purposes of entering into and performing an event attendance agreement, including:
Processing the registration and, where applicable, corresponding ticket purchase;
Managing your attendance at the event or your involvement as a Featured Guest;
To enable us to comply with our legal, statutory and regulatory obligations. For example, the preparation and audit of financial statements in compliance with company law or reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise where required to do so;
our event photographer(s)/videographer(s), our delegate badge printers, our IT support providers and our financial statement auditors.
Our legitimate interests to (i) use general event imagery and video footage for marketing purposes (unless you have objected to us using your personal data for this purpose);
To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.
If you are a Featured Guest we may use your personal data to promote and market the event;
Our legitimate interests are to provide relevant materials and projects to you (unless you have objected to us using your personal data for this purpose).
Who we share your personal data with
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
To third parties who are providing services to us to enable us to manage the relationship with you, including our consultants, our software providers (e.g. email and file storage, ticketing, payment processing, event networking mobile application provider), our event photographer(s)/videographer(s), our delegate badge printers, our IT support providers and our financial statement auditors.
To the general public via our website, social media or other mediums where you are visible in our event photography and/or video footage (unless you have objected to us using your personal data in this way.
To statutory, regulatory, government or law enforcement bodies as required by law.
Consequences of not giving your data to us
You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to facilitate your attendance at one of our events (e.g. debit/credit card details to complete a ticket purchase) and failure to provide this information may result in us not being able to facilitate such attendance.
SUPPLIERS
How we collect your personal data
As a supplier or service provider of Horizon Nua, we collect your personal data directly when you interact with us via telephone, email, post, fax and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include
From publicly available information. For example, from company registers, press publications, trade directories and online search engines and related results;
Introducers or common business associates who may pass on your details to us;
Third parties who provide services to you (e.g. your representatives, advisors, delivery drivers, etc.);
Our banking providers, in relation to transactions with you;
The personal data we use
Our relationship with you as a supplier is a business to business relationship and the personal data processed is limited to those necessary to establish a relationship with you and obtain your services, including:
IDENTITY DATA, including your first name, surname, salutation, business name;
CONTACT DATA, including your email address, business address, billing address, telephone number(s), fax number;
OCCUPATIONAL, including;
information about your past/current clients, past/current projects and any other information that may be considered by us when assessing your suitability to provide a service; and
relevant insurance and/or health and safety details where required.
FINANCIAL, including bank account details and VAT or other relevant tax details to facilitate transactions with you, as well as your transactional and account history with Horizon Nua;
The purpose and legal basis for processing your personal data
We will only process your personal data where it is lawful and necessary to do so.
Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to Horizon Nua, including when we:
Make an inquiry to purchase a product or service from you;
Avail of the products and/or services from you as a supplier;
Transact with you and make payments to you pursuant to the contract;
Establish, exercise or defend legal claims in relation to the contract;
Correspond with you throughout the relationship.
Your personal data may also be used:
To enable us to comply with our legal, statutory and regulatory obligations. For example, your personal data may be included in our returns to the Revenue Commissioners in complying with taxation law, as part of the preparation and audit of financial statements in compliance with company law and for compliance with legally binding requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
To manage our everyday business needs in line with our legitimate interests, such as accounting, complaint management, troubleshooting, technical support, protection of our assets and information, and fraud prevention.
To inform potential and/or current Horizon Nua clients that you are a supplier. This will be in limited circumstances and your explicit consent will be sought before it occurs.
Who we share your personal data with
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
To our bank when we are transacting with you;
To statutory, regulatory, government or law enforcement bodies as required by law;
To our clients and prospective clients where you have provided us with consent to do so; and
To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us).
REPRESENTATIVES OF THIRD PARTY LEGAL ENTITIES
How we collect your personal data
In our business to business relationships with third party companies and organisations (e.g. business partners, suppliers or otherwise), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources:
Directly from you. Examples include when you, on behalf of Your Organisation:
Interact directly with us via telephone, email, post, fax and/or in person;
Submit inquiries and information via our website;
Provide information as part of an inquiry about a service to or from us;
Purchase our services or provide us with services and conduct transactions with us;
From third parties. Examples include collection from:
Publicly available information. For example, from press publications, online search engines and related results.
Referees you nominate to us as part of Your Organisation tendering for work with us;
Introducers or common business associates who may pass on your details to us;
Third parties who provide services to Your Organisation (e.g. your representatives, advisors, delivery drivers, etc.).
The personal data we use
As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:
IDENTITY DATA, including your
first name, surname, salutation;
signature on signed documents;
photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purpose;
CONTACT DATA, including your business email address, business telephone number(s);
OCCUPATIONAL, including the name of Your Organisation and your job title,
OPINIONS, where you consent to provide testimonials or references.
The purpose and legal basis for processing your personal data
We will only process your personal data where it is lawful and necessary to do so, including
Our legitimate interests to identify new social innovators, research institutes, policy makers and implementers to devise innovative solutions and develop a business relationship with you and Your Organisation;
For the purpose of taking steps to enter into and perform a contract to obtain or provide services from or to Your Organisation;
To enable us to comply with our legal, statutory and regulatory obligations. For example, Your Organisation may be a government body with whom we need to interact as part of our legal obligations and your personal data will be used to manage this relationship;
Where you have provided us with consent to use your personal data for marketing or referral purposes;
To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.
Establish, exercise or defend legal claims;
Who we share your personal data with
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
To statutory, regulatory, government or law enforcement bodies as required by law;
To our partners you have provided us with consent to do so;
PART B: GENERAL PROCESSING INFORMATION
How long we keep your personal data
Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary.
How we keep your personal data safe
Appropriate security measures are implemented in order to protect your personal data.
Security measures refer to physical security in the office (e.g. securely locked filing cabinets etc.) as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data.
In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
Transfers outside the European Economic Area
In connection with the above purposes we occasionally, and only where necessary, transfer your personal data to third parties outside the European Economic Area (“EEA”). If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include:
to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union;
entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or
in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework.
PART C: YOUR RIGHTS
You have a number of rights in respect to your personal data. These are:
The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for. We will accede to any such valid requests within one month of the receipt of a valid request in writing
The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.
The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to Horizon Nua’s processing the data for its own legitimate interests or where Horizon Nua’s processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
Direct marketing;
Establishing, exercising or defending ourselves or others from legal claims; or
Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.
The right, at any time, to withdraw consent you have provided to us to process your personal data.
The right to lodge a complaint to the Data Protection Commission or another supervisory authority. The Office of the Data Protection Commission can be contacted at:
Email:
info@dataprotection.ie
Telephone:
+353 (0)761 104 800
Postal Address:
Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very seriously in FKM Group and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.