The purpose of this data protection policy is to provide the data subject (the individual registering certain elements of personal information with Copyright Classroom) with the information required under the obligation to inform in the EU’s General Data Protection Regulation (2016/679).
Last updated on 09.10.2024.
1. Data Controller
Irish Copyright Licensing Agency CLG (ICLA)
63 Patrick St., Dún Laoghaire, Co. Dublin
info@icla.ie
Contact person for data protection matters:
The Chief Executive Officer,
Irish Copyright Licensing Agency CLG,
63 Patrick Street, Dún Laoghaire, Co. Dublin
or via email dpo@icla.ie
2. Name of the Register
Copyright Classroom’s user register
3. Registered Individuals
Registered users of Copyright Classroom
4. Purpose of personal data processing and legal basis
The personal data stored in the register are used solely for creating, maintaining, and managing profiles for users of the web material on the Copyright Classroom website copyrightclassroom.ie. The processing of the data subject’s personal data is based on the data subject’s consent and the information provided by the data subject themselves. The data subject can withdraw their consent at any time.
Personal data are not used for direct marketing, sales, market or opinion research, personal data directories, or genealogy.
5. Content of the register
The following personal data of registered individuals are stored:
Name, email address, and educational institution, tests completed and test scores.
6. Retention period of personal data
The user profile and personal data are deleted if the profile has not been used for four years or if the data subject withdraws their consent.
7. Rights of the data subject
The data subject has the right to review the personal data stored about them and request that incorrect or incomplete data be corrected or supplemented.
The data subject has the right to have their personal data deleted. However, this does not apply to personal data necessary for fulfilling the purpose defined by the data controller in this data protection description or data that must be stored by law.
The data subject has the right to object to and restrict the data controller’s processing of their personal data if they believe the processing is done in violation of data protection legislation or without the right to process certain information.
The data subject has the right to receive the data they have provided to the data controller in a structured, commonly used, and machine-readable format. They also have the right to transfer this data to another data controller, provided the processing is based on consent or a contract and the data are processed automatically.
If the data subject believes that the data controller has processed their personal data in violation of applicable data protection legislation, they have the right to lodge a complaint before the Data Protection Commissioner (DPC), the Irish data protection authority.
The data subject can exercise the rights mentioned in this section by sending a signed letter to the contact person mentioned in section 1.
8. Legitimate sources of data
The Copyright Classroom website receives the data subject’s information from the data subject themselves during registration for the Copyright Classroom service.
9. Disclosure of personal data to third parties and data processors
Data from the register is not disclosed to third parties. The data controller has agreements with certain service providers that include the processing of personal data on behalf of ICLA. These agreements cover, among other things, software development, maintenance, server, and IT support services. We have agreements with service providers that cover the processing of personal data on behalf of ICLA in accordance with applicable data protection legislation.
10. Transfer of personal data to countries outside the EU or EEA
Personal data are not transferred to countries outside the EU or the European Economic Area.
11. Automated decision-making and profiling
We do not use personal data for automated decision-making or profiling.
12. Principles for register protection
The data in the register are always processed confidentially and in accordance with applicable data protection legislation.
Digital data in the register are stored in the data controller’s system, which is protected from outsiders by firewalls, access control, and other technical security mechanisms. Only employees and administrators whose tasks require it, have access to the personal data in the register. Using the systems requires at least the entry of a personal username and password. The data controller’s employees are bound by a confidentiality agreement regarding personal data. The systems are located in locked premises within the EU area, to which unauthorized persons do not have access.
Manually processed material is stored in locked, secured premises.
13. Changes to the data protection description
The data controller reserves the right to modify the data protection policy. Information about changes will be posted on ICLA’s website, and the Copyright Classroom website.