Foireann Database Research Project
Data Protection Notice
The Gaelic Athletic Association (GAA), Ladies Gaelic Football Association (LGFA) and Camogie Association have entered into Agreements to conduct games-based research based on our membership records on our Games Management System “Foireann”. Dublin City University (DCU) are carrying out the research on our behalf and the research project aims to provide invaluable insights to the GAA, LGFA and Camogie Association regarding the opportunities we provide to our members.
What is the purpose of the research?
The proposed research intends to produce insightful information on training and games frequency for GAA, LGFA and Camogie members in order to provide the GAA, LGFA and Camogie Association with sufficient information to determine whether such frequency is appropriate based on age-range which will be an invaluable resource to both the Associations and their members. It is also envisaged that the research will produce information on the data entry and technical set-up of Foireann.
What is the legal basis for carrying out this research?
The processing of personal data within this research project is pursuant to the membership relationship between you and the GAA/LGFA/Camogie Association as outlined in the respective Official Guides.
This is in line with Recital 50 of the GDPR which states “The processing of personal data for purposes other than those for which the personal data were initially collected should be allowed only where the processing is compatible with the purposes for which the personal data were initially collected. In such a case, no legal basis separate from that which allowed the collection of the personal data is required......Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be considered to be compatible lawful processing operations”
Will my personal data be used?
All GAA, LGFA and Camogie members’ membership records will be transferred to DCU’s Insight team to conduct this research. All sensitive personal data including any health records will be removed prior to this transfer taking place and will not be included in the research. This transfer is subject to stringent legal Agreements between the parties, and a Data Protection Impact Assessment has been carried out to ensure your personal data is processed safely, securely, and in line with the General Data Protection Regulation (GDPR) and the Data Protection Acts.
What safeguards are in place relating to my personal data?
• All members of the DCU Insights team involved in this research project are subject to strict confidentiality.
• Your personal data will be transferred to DCU via end-to-end encryption.
• Strict digital and physical security measures are in place.
• A pseudo-anonymised copy of the data will be created by DCU, and no identifiable information will be included on the working copy.
• All results and insights from the research project will include non-identifiable data only. No individual will be identifiable within the reports produced.
• All identifiable data including all backup copies will be permanently deleted within 12 months of project completion.
Who can I contact with questions relating to this project?
The parties have designated a lead point of contact for communication with data subjects relating to this research project. The lead point of contact is the applicable Association’s Data Protection Officer and they can be contacted by emailing email@example.com, firstname.lastname@example.org or email@example.com.
What rights do I have relating to this research project?
• The Right to be Informed - This Data Protection Notice aims to inform you of this research project and your rights relating to it.
• The Right to Rectification - If your personal data is inaccurate, you have the right to have the data rectified without undue delay.
• The Right of Access - You have the right to request a copy of your personal data. This will be provided to you within one month and can be requested via the above email addresses.
• The Right to Erasure - In certain circumstances, such as where you object to your personal data being processed, you have the right to have your data erased without undue delay.
• The Right to Data Portability - In some circumstances, you have the right to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context, and to transmit this data to another data controller of your choosing without hindrance.
• The Right to Object to Processing - You may also object to processing of your personal data for research purposes, unless the processing is necessary for the performance of a task carried out in the public interest. In order to object to processing, you must contact the data controller and state the grounds for your objection. These grounds must relate to your particular situation
Further information on your rights is available on the website of the Data Protection Commission at www.dataprotection.ie.
Where can I make a complaint or report a breach?
If you would like to make a complaint or report a breach, you can do so via the appropriate webforms on the website of the Data Protection Commission accessible at www.dataprotection.ie.