DBS Privacy Notice
Subject Access Request
We take the management of your data seriously. If you have any questions regarding how we handle your data or if you wish to access your Personal Data (as defined under GDPR) stored at Dublin Business School, you should submit a Subject Access Request form.
Dublin Business School (DBS) is committed to maintaining the privacy and security of your personal data. This Privacy Notice explains how we collect, use, share and protect your personal data.
It is important that you read this Privacy Notice so that you are aware of how and why we are using your personal data.
This Privacy Notice is provided in a layered format so you can click through to the specific areas set out below:
1. Who we are
2. Data Protection Officer
3. What is personal data?
4. Data protection principles
5. How we use your personal data
6. The personal data we collect from you
7. When and how we share your personal data with others
8. Transfer of your personal data to other countries
9. The security of your personal data
10. Our storage and retention of your personal data
11. Your rights as a data subject
12. Changes to this privacy notice
DBS is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. Where we act as a data controller, we are required under data protection legislation to notify anyone who provides personal data to us, either directly or through a third party, of the information contained in this Privacy Notice.
DBS is the trading name for Accountancy & Business College (Ireland) Limited, 13/14 Aungier Street, Dublin 2 which is a company within the Kaplan group. When we mention “DBS”, "we", "us" or "our" in this Privacy Notice, we are referring to this company which is responsible for processing your data.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Name of DPO: Rachael Convery
Email address: firstname.lastname@example.org
Postal address: 2nd Floor, Warwick Building, Kensington Village, Avonmore Road, London W14 8HQ.
You have the right to make a complaint at any time to the Data Protection Commissioner's Office (DPC), the Irish supervisory authority for data protection issues (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
Personal data is any information about an individual from which that individual can be identified. Your name, address, phone number and bank account number are examples of personal data. It does not include data where the identity has been removed (anonymous data).
We will comply with data protection law. This says that the personal information we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform a contract we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data in the following situations, which are likely to be less common:
• Where we need to protect your vital interests (or someone else's interests).
• Where it is needed in the public interest (for example, equal opportunities monitoring) or for official purposes.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
Enquiries and leads
When you request information or make enquiries about any of our services or programmes, we may use the personal data you provide in order to fulfil your request or respond to your enquiry. So that we can provide you with the information, courses, programmes, services, materials or products you have requested, we collect and store certain information about you, including your name, telephone number, e-mail address, postal address and educational background when you ask for information about our courses or study materials. It is in our legitimate interests to use your personal data in this way so that you receive the information you have requested.
Applications and Enrolments
If you are applying or enrolling as a student, we may collect the following personal data about you:
• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
• Date of birth.
• Nationality and country of residence.
• Education history.
• Employment history (if applicable).
• Professional certification number.
• Central Applications Office (CAO) number (if applicable).
• Personal Public Service (PPS) number (if applicable).
• Credit card or other payment information in order to process your payments.
This information will be used by us to perform the contract we have entered into with you.
We may also collect information about your academic experience and progression. This is in order to fulfil our contract with you but it is also in our legitimate interests to use this personal data in order to monitor the provision of our service to you.
We may also collect personal data about your health in order to make appropriate arrangements and reasonable adjustments for you regarding your welfare or attendance. We use this information in order to perform our contract with you and in order to comply with our legal obligations.
We also may collect from you emergency contact information, such as the telephone number or email address for a friend or family member. By submitting such data to us, you represent to us that you have obtained consent from your emergency contacts to provide us their information for this purpose.
Where you have explicitly consented to do so, we may use your personal data to
i. Inform you of new information that we believe may be of interest to you and the programme area(s) you have shown the interest in; and/or
ii. Invite you to Open Events or Information Sessions relevant to your programme(s) of interest.
If you would prefer that we do not send such communications to you, please follow the opt-out links on any marketing message or contact us using the contact details in this Privacy Notice.
Internal business purposes
We also may use your personal data for our internal business purposes. This is in our legitimate interests in order to operate as a business and monitor and improve the services we provide. Where possible we will anonymise this information. Please contact us using the contact details in this Privacy Notice if you would like more information.
Automated technologies or interactions.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We may share your personal data with third parties where required by law, where it is necessary to perform a contract or where we have a legitimate interest in doing so. We will need to use your data to perform our obligations and exercise our rights under agreements made with you and to inform you of feedback and exam results.
Such third parties may include the following:
• Our service providers: We may share your personal data with other companies that perform certain services on our behalf. These services may include legal, financial and accounting advice, processing payments, providing customer service and marketing assistance, performing business and sales analysis and supporting our website and IT functionality. These service providers may be supplied with or have access to your personal data solely for the purpose of providing these services to us or on our behalf. DBS is the data controller and will remain accountable for your personal data.
• Your employer or sponsor: We may share your personal data with your employer or sponsor with whom we have a contract relating to your programme of study. This may include attendance and exam results
• Agents. If you use an agent to arrange your application or study with us, we may share your personal data with them. If you apply to us directly without an agent and are residing in the following countries we will share your personal data with our preferred student recruitment agent in your country to assist and guide you through the application process as we do not accept direct applications from these countries:- Nigeria, Malaysia, Cameroon, Pakistan, Ghana, Bangladesh and India. You can however use an agent of your choice at any time.
The personal data we share with agents is, for administration purposes (such as keeping track of your course records), accepting and recording your payments, providing you with certificates of completion and complying with any regulatory reporting requirements or other reporting requirements agreed with your sponsor.
• Awarding Bodies: We provide certain personal information collected by us, including PPS numbers, to Quality and Qualifications Ireland (QQI) and other Awarding Bodies to allow them to process students’ results through their system
• Department of Justice: We are obliged to provide certain personal information, including attendance records, to the Department of Justice regarding non-EEA visa requiring students.
• Public Health Officials: We are obliged to provide contact information to the Department of Health and/or the Health Service Executive for the purpose of contact tracing in the event that a case of COVID-19 or another infectious disease is reported amongst the DBS community.
• Parents and guardians: If you are under 18, we may share your personal data with your parents or guardians in order to perform our contract, comply with our legal obligations and if it is in your vital interests.
• Other entities in the Kaplan group: We may share your personal data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or for system maintenance support and hosting of data.
• Professional bodies and regulators: We may need to share your personal data if required by a professional body or institute related to your programme or if required by a regulatory body or to otherwise comply with law.
• Others: We may share your personal information with other third parties such as in the context of the possible sale of our business. We may also need to share your personal data in order to permit us to pursue available remedies or limit damages we may sustain.
As we are an international business with employees, entities and service providers all over the world, we may need to transfer the personal data you provide to us to other countries which may be outside the European Economic Area (EEA).
The data protection laws in such countries may not be as comprehensive and provide the same level of protection for your personal data as those within the EEA. In these circumstances, we will take appropriate steps to ensure that your personal data is handled as described in this Privacy Notice. These steps will include appropriate contractual mechanisms. Please contact us using the contact details in this Privacy Notice if you would like more information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, service providers, business partners, agents and other third parties who have a legitimate need to know. They will only process your personal information on our instructions or as otherwise agreed and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Please contact us using the contact details in this Privacy Notice if you would like more information.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the contact details in this Privacy Notice.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your right to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details in this Privacy Notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.