1. What is personal data?

Personal data is any information relating to an identified or identifiable living person. We collect information, including personal information on our members & prospective members. In this capacity, we are the controller responsible for your personal data.

2. How we collect personal information

We collect personal information directly from you when you register for membership, contact us, use our website and online services, engage with our social media channels, make payments for services or goods and/or make enquiries or complaints.

3. What personal information do we collect from you?

The personal details we collect from you include the following:

• Name, address, email address, phone number(s)
• Title
• Date of Birth
• Occupation/Business Description
• Any other information pertinent to arranging a quotation for IOMST membership/insurance and any insurance we may arrange via a third party provider.

Members are obliged to provide this information to us for the purposes of the membership contract. If you do not provide us with this information we cannot perform the contract with you.

We may also collect information through the use of cookies on our website and other technology which collects (non personal) analytical information relating to visitors to the website as set out in more detail in the Cookies Notice (available) on our website. We use this information to monitor traffic and to improve your experience of the website.

4. How do we use your information?

We may use your personal information in the following ways:

• To manage and administer your membership with IOMST
• To maintain personal contact details.
• To provide industry news and updates
• To respond to your queries, complaints and provide service support
• To provide member bonuses e.g. discounts on goods or services
• To fulfil our disciplinary and regulatory functions
• For marketing purposes to include surveys and statistical analysis
• To enhance and improve our services
• To collect fees

5. Lawful basis for collecting and your personal data

We use the personal data where necessary for the following lawful purposes:

1. To enter into and perform our contract with you e.g. to register you for membership
2. Where we have a legitimate interest or it is in the legitimate interests of a third party e.g. in

order to run our business.

3. Where there is a legal or regulatory requirement to do so.
4. Where you have consented to the use of your data
5. To protect the vital interests of you or others (e.g. in emergency situations) or
6. It is in the public interest

Marketing  Communications
IOMST may direct information relating to topics, goods or services to you which we feel will be of interest to you. You have options as to what marketing emails to receive or not to receive and you can manage these at any time by contacting us.

6. Your information and third parties

We sometimes share your information with third parties. For example we share your information with:

• our service providers (e.g. insurers, brokers) including technology providers (e.g. cloud based services & payment processors)
• Any public authorities, local authorities, companies, firms, private individuals or other   parties (e.g. market operators/event organisers) for the purposes of verifying current insurance cover.
• law enforcement or other authorities if required by applicable law.
• in the event of a merger or proposed merger

We never sell your information to a third party.

7. How long your personal information will be kept for

Information will be retained for no longer than is necessary for the purpose for which is was obtained by us or as required by legal and regulatory purposes and for legitimate business purposes.

Where your membership has lapsed for a significant period we will delete the majority of your personal data we hold, but will maintain a minimum amount of basic personal data to ensure that we do not inadvertently create a new record in the system.

8. Keeping your personal information secure

We have appropriate technical and organisational security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. These measures include IT security (encryption, firewalls), staff training and awareness, office and building security and limiting of access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Although we take all appropriate steps to safeguard your data, no website, device, wifi connection or system can ever be completely secure.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

9. What is personal data?

Personal data may be transferred outside of the European Economic Area (EEA) in limited circumstances (e.g cloud service providers) and/or as required or permitted by law. Where we transfer your Personal Information outside the EEA to other countries, we will ensure that appropriate transfer agreements and mechanisms (such as the EU Model Clauses) are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws.

10. Your rights

Under Data Protection law you have a number of important rights. In summary, those rights include the right to:

1. Access your data – you can request details of the personal information which we hold about you and receive copies
2. Request rectification – you can have any mistakes in your information which we hold corrected
3. Be forgotten – you can have the personal information concerning you deleted in certain
4. Data Portability – i.e obtain a transferable copy of your information we hold to transfer to another provider
5. Withdraw Consent – where we are relying on your consent to process your data, you have the right to change your mind and withdraw consent by contacting us
6. Object to processing – you have the right to object to specific types of processing of your personal data (e.g direct marketing)
7. Object to decisions being taken solely by automated means
8. Restrict Processing – you have the right in certain specified situations to require us to stop processing your information and only store it.

If you would like to exercise any of these rights, free of charge, please contact us in writing as set out below. We will respond without undue delay and no later than one month from receipt of any such request. If we are unable to deal with your request within a calendar month (due to complexity or number of requests) we may extend this period by a further two calendar months and will explain the reason why.

Please note that we may request proof of your identity and address (e.g. a copy of your driving licence or passport) to protect the security of your data.

11. How to complain

If you have a complaint about the use of your personal information, please let us know. We will try to resolve any query or concern you raise with us.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in Ireland is the Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23. Phone: (057) 8684800. Email:info@dataprotection.ie

12. How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you. If you wish to contact us please send an email to info@iomst.ie or write to IOMST Ltd, Bushfield House, Bushfield Square, Philipsburgh Avenue, Fairview, Dublin 3 .

Updates to this privacy notice

This privacy notice is effective from 25 May 2018. We may change this privacy notice from time to time. If there are material changes we will notify you either by posting on the website or by other communications.