Privacy Policy


Information about our Website          

Last updated on 24th May 2018

This is the website of Ireland China Business Association. We are located in the Republic of Ireland and our Head Office is situated at:

Ireland China Business Association

Fitzwilliam Hall

Fitzwilliam Place

Dublin 2


We have created this Privacy Policy in order to demonstrate our firm commitment to privacy. This privacy policy sets out our practices in handling information, which you may disclose to us through your use of this website. 

  1. Introduction
    • This is the Privacy Policy of the Ireland China Business Association, referred to as the “ICBA”, “us” or “we” throughout this Privacy Policy. The ICBA is a not-for profit organisation, established in 2000 to explore opportunities and identify keys areas of potential cooperation between Irish and Chinese companies in the emerging Chinese market. This Privacy Policy provides details of the way in which we Process Personal Data in line with our obligations under Data Protection Law.
    • Capitalised terms used in this Privacy Policy are defined in the Glossary in Annex I.
  2. Background and Purpose
    • The purpose of this Privacy Policy is to explain what Personal Data we Process and how and why we Process it. In addition, this Privacy Policy outlines our duties and responsibilities regarding the protection of such Personal Data. The manner in which we Process data will evolve over time and we will update this Policy from time to time to reflect changing practices.
    • In addition, in order to meet our transparency obligations under Data Protection Law, we will incorporate this Privacy Policy by reference into various points of data capture used by us (e.g. application forms etc.).
  3. The ICBA as a Data Controller
    • The Association will act as a Data Controller in respect of Personal Data provided to us by various individuals in connection with the operation and administration of The Association. Such individuals will generally include the following:
      • members;
      • employees;
      • website visitors;
      • contacts and associates; and
      • non-members and invited guests who register for ICBA events
    • Personal Data is processed by The Association for the following purposes:


Purpose of Processing

Lawful Basis under GDPR

Membership services delivery, management and improvement e.g. to identify the services, such as networking events and forums, which are most popular among the ICBA’s members and to promote such to the ICBA’s members in a customised manner.

Such processing is necessary for the legitimate interests pursued by the ICBA pursuant to Article 6(1)(f) of the GDPR.

Communicating with and maintaining contact details of members.

Such processing is necessary for the legitimate interests pursued by the ICBA pursuant to Article 6(1)(f) of the GDPR in particular to maintain communications with the ICBA membership.

General correspondence with members of the public (by post or the ICBA email addresses) for example where an individual sends correspondence to inquire about the ICBA or for other miscellaneous reasons.

For the particular purpose for which the correspondence is sent to the ICBA. Depending on the particular context of such correspondence the relevant lawful basis will likely be either the individual’s consent or performance of the ICBA’s legitimate interests pursued by the ICBA pursuant to Article 6(1)(f) of the GDPR.

To evaluate members’ interests and to promote tailored offerings that reflect member interests.

The ICBA has a legitimate interest in providing personalised offerings, including for example, a particular type of discussion forum. We balance our legitimate interests against the rights of the individual users through the use of measures described in this Policy.

Service administration e.g. providing individual users with membership fees reminders or providing notifications of a change in membership services.

Such processing is necessary for the provision of membership services to which the member has signed up and to support the ICBA’s legitimate interest in managing the delivery of its services.

To assist ICBA in developing existing business leads and new opportunities through publicly available information and through members’ professional contacts and connections.


Such processing is necessary for the provision of membership services to which the member has signed up and to support the ICBA’s legitimate interest in managing the delivery of its services and in promoting the ICBA.

To operate the ICBA website, including the use use of cookies to as further set out in Annex IV.


Such processing is necessary for the provision of membership services to which the member has signed up and to support the ICBA’s legitimate interest in managing the delivery of its services pursuant to Article 6(1)(f) of the GDPR.


  1. The Association and Data Processors
    • The Association willl engage certain service providers to perform certain services on its behalf which may involve the Processing of Personal Data. To the extent that such Processing is undertaken based on the instructions of The Association and gives rise to a Data Controller and Data Processor relationship, The Association will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by Data Protection Law.
  2. Record Keeping
    • As part of our record keeping obligations under Art. 30 GDPR, The Association retains a record of the Processing activities under its responsibility. This comprises the following:


Art. 30 GDPR Requirement

The Association’s Record

Name and contact details of the Controller


Ireland China Business Association

Fitzwilliam Hall

Fitzwilliam Place

Dublin 2


Contact name: Louise Wilson

Tel: +353 1 669 4683


The purposes of the processing


See Section 3 of this Privacy Policy.

Description of the categories of data subjects and of the categories of personal data.


See Annex II of this Privacy Policy.

The categories of recipients to whom the Personal Data have been or will be disclosed.


See Section 9 of this Privacy Policy.

Where applicable, transfers of personal data to a third country outside of the EEA.


See Section 9 of this Privacy Policy.

Where possible, the envisaged time limits for erasure of the different categories of data.

See Section 10 of this Privacy Policy.

Where possible, a general description of the technical and organisational security measures referred to in Article 32(1).

See Annex III of this Privacy Policy.


  1. Special Categories of Data
    • The Association processes Special Categories of Data (“SCD”) in certain rare circumstances, such as the ordinary course of employee administration. The ICBA shall Process such SCD in accordance with Data Protection Law.
  2. Individual Data Subject Rights
    • Data Protection Law provide certain rights in favour of data subjects. The rights in question are as follows (the “Data Subject Rights”):
      • The right of a data subject to receive detailed information on the processing (by virtue of the transparency obligations on the Controller);
      • The right of access to Personal Data;
      • The right to rectify or erase Personal Data (right to be forgotten);
      • The right to restrict Processing;
      • The right of data portability;
      • The right of objection; and
      • The right to object to automated decision making, including profiling, where the ICBA relies on its own or third parties’ legitimate interests Process Personal Data
    • These Data Subject Rights will be exercisable by you subject to limitations as provided for under Data Protection Law. You may make a request to The Association to exercise any of the Data Subject Rights by contacting Your request will be dealt with in accordance with Data Protection Law.
  3. Data Security and Data Breach
    • We have technical and organisational measures in place to protect Personal Data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal Data are held securely using a range of security measures including, as appropriate, physical measures such as locked filing cabinets, IT measures such as encryption, and restricted access through approvals and passwords. For more information on security measures see Annex III.
    • The GDPR obliges Data Controllers to notify the Data Protection Commission and affected data subjects in the case of certain types of personal data security breaches. Any Data Breaches identified in respect of Personal Data controlled by The Association will be dealt with in accordance with Data Protection Law.
  4. Disclosing Personal Data
    • From time to time, we may disclose Personal Data to third parties, or allow third parties to access Personal Data which we Process (for example where a law enforcement agency or regulatory authority submits a valid request for access to Personal Data). In addition, Personal Data may be disclosed to certain of the ICBA’s service providers, such as ICBA photographer and ICBA PR Consultants.
    • We may also disclose Personal Data to: (a) selected third parties including the ICBA’s partners and business contacts and diplomatic and other contacts of the ICBA in connection with the ICBA’s mission.
  5. Data Retention

We will keep Personal Data only for as long as the retention of such Personal Data is deemed necessary for the purposes for which that Personal Data are Processed (as described in this Privacy Policy).

  1. Data Transfers outside the EEA
    • From time to time, the ICBA will transfer Personal Data to countries outside the EEA which may not have the same or equivalent Data Protection Law as Ireland, in particular to China. Where such transfer occur, the ICBA will ensure that such processing of your Personal Data is in compliance with Data Protection Law and, in particular, that appropriate measures are in place (such as for example entering into Model Contractual Clauses as approved by the European Commission from time to time or otherwise in accordance with Data Protection Law. If you require more information on the means of transfer of your data or would like a copy of the relevant safeguards, please contact
  2. Further Information/Complaints Procedure
    • For further information about this Privacy Policy and/or the Processing of your Personal Data by or on behalf of The Association please contact While you may make a complaint in respect of our compliance with Data Protection Law to the Irish Data Protection Commission, we request that you us in the first instance to give us the opportunity to address any concerns that you may have.



In this Privacy Policy, the terms below have the following meaning:

Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

Data Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Data Processor” means the party that Processes Personal Data on behalf of the Data Controller.

Data Protection Law” means the General Data Protection Regulation (No 2016/679) (“GDPR”) and the [Data Protection Act 2018] and any other laws which apply to The Association in relation to the Processing of Personal Data.

European Economic Area” or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein, and Norway.

Personal Data” is any information relating to a living individual which allows the identification of that individual. Personal Data can include:

  • a name, an identification number;
  • details about an individual’s location; or
  • any other information that is specific to that individual.

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “Processing” are interpreted accordingly.

Special Categories of Personal Data” are types of Personal Data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special Categories of Personal Data also include the Processing of genetic data, biometric data (for example, fingerprints or facial images), health data, data concerning sex life or sexual orientation and any Personal Data relating to criminal convictions or offences.


Types of Personal Data

Categories of Data Subject

Type of Personal Data


Name, email, address, phone number, workplace and role. Business interests.

Business contacts and professional connections


Website visitors


Non-members and invited guests who register to attend ICBA events

Name, email, workplace and phone number



IT Security Measures

  1. [Anti-virus
  2. Access control
  3. Physical security measures
  4. Virus and malware protection
  5. Association policies
  6. Regular system maintenance
  7. Intrusion detection system
  8. Mobile device management].



  1. Cookies

Cookies are used to monitor website traffic and enhance your experience of our website. Cookies are pieces of data which your computer, mobile or tablet device downloads when you visit a website. Cookies are used to keep track of your preferences and to recognise return visitors.

You can set your web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of this website may not function as intended.

  1. Hyperlinks

Some of the pages on our websites may contain hypertext links to websites not maintained by Ireland China Business Association. You are reminded that different terms and conditions of use will apply as a user of such websites. In addition, such websites may not attain the same privacy standards that Ireland China Business Association maintains.