Data Protection Policy

LIA adheres to the following data protection principles:

Lawfulness, Fairness, and Transparency

Personal data is processed lawfully, fairly, and transparently. Data subjects are provided with clear and concise information about the processing of their personal data (via this Data Protection Notice and our Website Privacy Notice, both of which can be found at the bottom of the Home Page of www.lia.ie).

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimisation

Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy

LIA takes reasonable steps to ensure that personal data is accurate, kept up-to-date, and rectified without undue delay if inaccurate.

Storage Limitation

Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed.

Integrity and Confidentiality

Appropriate technical and organisational measures are in place to ensure the security, integrity, and confidentiality of personal data.

Accountability

LIA has appropriate records and measures in place to demonstrate compliance with the GDPR.

Lawful Basis

LIA will only process personal data when there is a lawful basis for doing so. This may include the necessity of processing for the performance of a contract, compliance with legal obligations, legitimate interests pursued by LIA, or consent obtained from the data subject.

Data Subjects' Rights

LIA respects the rights of data subjects, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing. Requests relating to these rights will be promptly addressed.

Data Retention

Personal data will be retained for the minimum period necessary to fulfil the purposes for which it was collected unless a longer retention period is required by law.

Data Sharing

Personal data may be shared with third parties, including service providers and regulatory authorities, in compliance with applicable data protection laws. Appropriate safeguards and contractual obligations will be in place to protect the personal data.

Technical and Organisational Measures

LIA implements appropriate technical and organisational measures to ensure the security and confidentiality of personal data. This includes measures to protect against unauthorised access, loss, destruction, or alteration of personal data.

Data Breach Response

LIA has a data breach response plan in place to promptly detect, assess, and mitigate any data breaches. In the event of a breach that poses a risk to individuals' rights and freedoms, affected data subjects and the relevant supervisory authorities will be notified as required by law.

Training and Awareness

LIA provides regular training and awareness programmes to employees to ensure they understand their responsibilities in relation to data protection.

Confidentiality Obligations

Employees are required to maintain the confidentiality and security of personal data they have access to in the course of their work. Unauthorised disclosure or use of personal data is strictly prohibited.

LIA monitors and reviews its data protection policy and practices at least annually to ensure ongoing compliance with applicable laws and regulations. The Policy will be reviewed at least annually and will be updated as necessary to reflect any changes in the organisation's data processing activities or legal requirements.

This Policy is supported by the following additional GDPR policies which LIA has in place (approved by the CEO:

1. Bring Your Own Device Policy
2. Social Media Policy
3. Employee Rights in Relation to your Data
4. Cookie Policy
5. Privacy Policy
6. Subject Access Request Policy
7. Third Party Data Processing policy
8. Data Protection Impact Assessment Policy
9. Data Breach Notification Procedure