Postd Privacy Notice
Introduction
This is a statement of the practices of the Trinity College Dublin [Postd] (“the Service”) in connection with the processing of personal data for the purposes of the Service and the steps taken by Trinity College Dublin, the University of Dublin (“Trinity College” / “the University”) as a data controller to safeguard individuals’ rights under data protection legislation, specifically the EU General Data Protection Regulation (“GDPR”) and Data Protection Acts 1988-2018. Trinity College fully respects your right to privacy and actively seeks to preserve the privacy rights of data subjects who share personal data with the University. Any personal information which you volunteer to the Service will be treated with the highest standards of security and confidentiality, in accordance with data protection legislation.
This Privacy Statement explains the following
- How Postd collects your personal data;
- The purpose and legal basis for processing your personal data;
- How we securely store your personal data;
- Details of third parties with whom we share personal data; and
- Your rights under data protection legislation.
Definitions
The following terms have the meanings specified below for the purposes of this Privacy Policy:
- “Service” - refers to Postd, a web application created for the purposes of Trinity College Dublin's Interactive Digital Media Masters Program (hereinafter – “We”, “Us”, or “Our”).
- “Web App” - means all Content and links of the page that provides Services to Users and provides information regarding the Services (also referred to as “Postd”).
- “User” - Web app visitor who uses Postd for personal purposes (also referred to as “You”, “Your”).
- “Content” - the information, the Service provides via Web App. Also, the Content includes but is not limited to: whole or elements of icons, illustrations, graphics, pictures, logo, etc., which is solely owned by the Service.
- “Intellectual property rights” - all rights in, to, or arising out of: (i) any work, intangible work, copyrights, copyright registrations, creations, design, illustrations, symbols, marks, pictures, icons, trademarks, logo, and/or image that is used in commercial / personal purposes; (ii) any U.S., Ireland or foreign patent or any software therefore and any all reissues, divisions, continuations, renewals, extensions, and continuation-in-part thereof; (iii) moral rights, rights of publicity, right of personality, privacy, and likeness, whether arising by operation of law, contract, license or otherwise, goodwill, trade secret, and other intellectual property rights as may now exist or hereafter come into existence, and all applications therefore and registrations, renewals, and extensions thereof, under the laws of any state, country or other applicable jurisdiction.
- “Third-Party” - a legal person, public authority, agency, or body that is not the Data Subject, Controller, or Processor, as well as individuals who are authorized to process Personal Data and/or Usage Data under the direct authority of the Controller or Processor.
- “Automatically-collected information” - the information collected automatically through the Web App (or Third-party services used by this Web App) is referred to as “Usage Data”.
- “Cookies” - means small text files that a Website saves on Your computer or mobile device when You visit it.
- “Data Controller”, “Owner” - The Body that determines the purposes and means of Personal Data Processing (referred to as the “Controller”). Email address for contact: dataprotection@tcd.ie .
- “Data Processor” - means a natural person or legal entity that processes Personal Data on behalf of the Controller (as defined in this Privacy Policy) (referred to as the “Processor”).
- “European Union”, “EU” - all references to the European Union within this document shall include all current European Union Member States and the European Economic Area, unless otherwise specified.
- “Personal Data”, “Personal Information” - any information that permits the identification or identification of a natural person directly, indirectly or in connection with other information. A name, an email, a password, etc., for example (also called the “Data”).
- “Processing” - any operation or sequence of operations performed on Personal Data or sets of Personal Data.
- “IP address” - the unique network address of a node in an IP-based computer network.
How We Collect Your Personal Data
We collect personal data to provide our services to you. This data may be collected directly from you by our staff or from other systems under the control of Trinity College.
Purpose and legal basis for processing personal data
The personal data we collect from you will only be processed by the Service for the specific and lawful purposes as outlined in this Privacy Statement. Trinity College will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection as set out under Article 5 GDPR.
Specifically, your personal data may be processed for any or all of the following purposes:
| Process | Purpose | Legal basis for processing under GDPR |
|---|---|---|
|
Administration | Necessary to provide Administrative and Communication services through the Service |
|
Communication | Necessary to carry out the University’s objects and functions under the Universities Act 1997 and Higher Education Authority Act 2022. Legitimate interests of the University. |
|
Automatically-Collected Data | We automatically collect certain information about You (including Personal Data). We collect Usage Data from Users directly while using the Web App. Usage Data assists Us in ensuring the Web App's smooth operation and improving the performance of the Services. |
The School has compiled processing records, in accordance with Article 30 GDPR requirements. If you require further detail please contact dataprotection@tcd.ie .
How We Securely Store Your Personal Data
Personal data will be stored confidentially and securely as required by the Trinity College Information Systems Security Policy and Data Protection Policy. The University is committed to ensuring that the processing of your data safeguarded by appropriate technical and organisational security measures relevant to the processing in accordance with Article 32 GDPR requirements. When we store your personal data on our systems the data will be stored either on University premises or on secure IT platforms within the European External Area (“EEA”) or external of the EEA which are subject to Chapter V GDPR requirements.
Details of third parties with whom we share personal data
The Service will only share your data with third parties where necessary for the purposes of processing outlined in this Privacy Statement. In accordance with Article 28 GDPR, when we share your data with third parties the Service will ensure that the data is processed according to specific instructions and that the same standards of confidentiality and security are maintained.
The following table details the third parties with whom your personal data is shared together with the purposes for the sharing:
| Process | Purpose |
|---|---|
| Firebase | Google | A toolset to build, iterate, and develop apps, such as Postd. Firebase automatically collects data to improve the Web App's experience including, but not limited to analytics, authentication, databases, configuration, file storage, push messaging, ect. |
| MySQL Workbench | An open-source relational database management system formatted as a unified visual tool. |
Your Rights Surrounding Your Data
In keeping with the data protection principle of storage limitation we will only retain your data for as long as is necessary. For the purposes described in this Privacy Statement we will store your data for the duration of your studies plus 1 year in accordance with the Trinity College Records Management Policy.
Right of Access
You have the right to request a copy of the personal data which is processed by the Service and to exercise that right easily and at reasonable intervals.
Consent
You may withdraw your consent to the Service processing your personal data at any time, when consent is the legal basis for the processing. To withdraw your consent, we require you to advise the Service in writing.
Rectification
You have the right to have inaccuracies in personal data that we hold about you rectified.
Erasure
You have the right to have your personal data deleted where we no longer have any justification for retaining it, subject to exemptions such as the use of pseudonymised or anonymised data for scientific research purposes.
Object
You have the right to object to processing your personal data if:
- We have processed your data based on a legitimate interest or for the exercise of the public tasks of the University if you believe the processing to be disproportionate or unfair to you.
- The personal data was processed for the purposes of direct marketing or profiling related to direct marketing.
- We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Restriction
You have the right to restrict the processing of your personal data if:
- You are contesting the accuracy of the personal data.
- The personal data was processed unlawfully.
- You need to prevent the erasure of the personal data in order to comply with legal obligations.
- You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.
Portability
Where it is technically feasible you have the right to have a readily accessible machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.
Cookies
We use information gathered from cookies to help improve your experience of our website. Some cookies are essential so you can move around the website and use its features. Our website also contains third party cookies which are listed in our Cookie Register (situated at the bottom of the www.tcd.ie website page). You can refuse or consent to third party cookies when you first visit our website or by following the guidelines in our Cookie Policy.
Further Information
If you have any queries relating to the processing of your personal data for the purposes outlined above or you wish to make a request in relation to your rights you can contact any member of the Service staff at: [INSERT CONTACT EMAIL ADDRESS]. If you wish to make a complaint or escalate an issue relating to your rights you can contact the Trinity College Data Protection Officer: Email:dataprotection@tcd.ie Post: Data Protection Officer Secretary’s Office, Trinity College Dublin, Dublin 2, Ireland. Oifigeach Cosanta Sonraí Oifig an Rúnaí, Coláiste na Tríonóide, Baile Átha Cliath, Baile Átha Cliath 2, Éire. If you are not satisfied with the information we have provided to you in relation to the processing of your personal data or you are dissatisfied with how Trinity College is processing your data you can make a complaint to the Data Protection Commissioner at: https://forms.dataprotection.ie/contact.