Privacy Notice


Table of Contents

1. Scope

2. Responsibilities

3. Privacy Notice

3.1 Who are we?

3.2 Purposes for Processing

3.3 Categories of Information Processed.

3.4 Cookies and Similar Technologies.

3.5 Grounds for Processing.

3.6 Categories of Recipients.

3.7 Cross-Border Data Transfers.

3.8 Data Retention.

3.9 Your Rights.

3.10 Complaints.

Document Control and Approval

4.1 Change History Record.


1. Scope

This privacy notice applies to all-natural persons whose personal data is collected, in line with the requirements of the EU General Data Protection Regulation.


2. Responsibilities

The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to The Project Foundry Ltd. collecting/processing their personal data.

All Employees/Staff of The Project Foundry Ltd. who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent, to the processing of their data, where required, is secured.


3. Privacy Notice

3.1 Who are we?


The project foundry began with a simple mantra: keep it simple. We believe that project management does not need to be difficult or complicated. In fact, the power of simplicity is key to project success.


Keeping it simple makes things easier for our customers, so we will continue to espouse it. Simplicity, clarity, and honesty and this goes for our product, our publications, our people, and our company. It is who we are.


The Project Foundry offer a comprehensive range of program management and project management services including, but not limited to:

  • Project Management As A Service
  • VPMO
  • Enterprise VPMO
  • Professional Services
  • Program Management
  • Change Management
  • Cloud Technology Consultancy


3.2 Purposes for Processing


We process data about people for the following purposes:

  • Sales and Marketing
  • Executing Projects
  • Delivering training
  • General office administration and accounting
  • HR administration, including payroll and recruitment
  • Management of sub-contractors


3.3 Categories of Information Processed


Our company collects personal data from you and will use that data to place you in employment (contract and / or temporary) with third parties. We will collect personal information from you via several methods including making telephone contact with you, emailing you with positions that may be of interest to you, and sharing your data with potential employers and arranging and completing interviews with you.


When you contact us to act as an agent for you in your pursuit of an employment position with a third party the lawful basis for this processing is contractual. You can of course request that we stop processing your data (which you can do at any stage). Alternatively, we may decide to desist in promoting you to potential employers. Our company in their capacity as your agent operates as a Data Controller in respect of the personal data you supply to us.  We share your data with third-party Clients to advance your prospect of obtaining your desired.


We collect personal data about you from the application forms and questionnaires you may be asked to complete; we also gather personal data from records of our correspondence, phone calls, emails and details of your visits to our website, including but not limited to personal information like Internet Protocol (IP) addresses. This information can be used to identify visitors to our website and also to collect statistics about the behaviour of visitors to our website.



Processing Purpose Category of Information Processed
Project Management, Program Management and Associated Services ·       Contact names

·       Date of Birth

·       Telephone numbers (land line and mobile)

·       Social Media Identifiers (e.g. twitter accounts)

·       email addresses

·       Postal Addresses

Delivering Training ·       Student names

·       email addresses

·       Exam scripts / assignments


General office administration and accounting ·       Contact names.

·       Contact details (e.g., address, email address, telephone number)

·       Tax identifiers (e.g Irish PPS Number for employees or VAT number for subcontractors

·       Timesheets

·       Data associated with accounts receivable or accounts payable.

HR administration and management of sub-contractors ·       Contact Names

·       Contact details (address, email, phone number)

·       PPSN (for employees)

·       Attendance records/time sheets

·       Training records

·       Sick certs and data relating to occupational health

·       CVs

·       Salary Details

·       Contracts of Employment

·       Bank Details

·       Details of Contractor Company

Health and Safety ·       Occupational health data

·       Accident reports, including details of injuries and contact information for injured parties or witnesses


3.4 Cookies and Similar Technologies


The Project Foundry does not use website analytics technologies. Any cookies that are written by the site are necessary for the operation of the services on this site.


What are cookies?

A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site. More sophisticated cookies allow you to do other things, like create accounts on a site or use an online shop.


Non-essential cookies

Google Analytics cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system, and browser type, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.


Third party cookies

Instagram and Twitter cookies are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (e.g., to share or tweet a piece of information), they will place cookies on your computer. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.

We embed videos on our site using YouTube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to YouTube first to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies; to find out more please visit YouTube’s privacy policy.


Can I refuse cookies?

  • You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting you will be unable to use certain parts of our site and it may not work smoothly.
  • Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.


For more information on cookies see the All About Cookies website.


3.5 Grounds for Processing


Processing Activity Processing Conditions Relied On
Project Management, Program Management and Associated Services ·       Necessary for execution of contract

·       Legitimate interest (It is necessary to be able to contact relevant persons to deliver project and program management services we are contracted to deliver)

Delivering Training ·       Necessary for execution of contract

·       Consent

·       Legitimate interest (It is necessary to contact students / potential students to deliver training programs we are contracted to deliver)

General office administration and accounting ·       Legitimate Interest (It is in the legitimate interest of the organisation to process information for administration and compliance with accounting requirements)

·       Statutory Obligations Necessary for execution of contractual obligations

HR administration and management of sub-contractors ·       Statutory obligations (e.g., payment of payroll taxes etc.)

·       Legitimate Interests (It is in the interests of the organisation to manage staff and ensure compliance with duties of care and other obligations efficiently and effectively.)

·       ​Necessary for the execution of contractual obligations

·       Necessary for obligations arising in the area of employment, taxation, and social security law

Health and Safety ·       Legitimate Interests (It is in the legitimate of the organisation to process data about health and safety issues for the purposes of seeking legal advice, defending claims, and supporting insurance risk assessment)

·       Necessary for obligations arising under employment law and social security legislation.

·       Statutory obligations


3.6 Categories of Recipients


For many of our processing activities, we are required to disclose data to 3rd parties who are not data processors acting on our behalf or data controllers on whose behalf we are working.

Categories of recipients include:

  • Client organisations (for the purposes of placing candidates for employment purposes)
  • Tax authorities (e.g., Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
  • Standards bodies or bodies accrediting certifications taught or examined by The Project Foundry.

3.7 Cross-Border Data Transfers


The Project Foundry may, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365, and similar tools.


Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data based on:

  • EU/US Privacy Shield
  • Model Contract Clauses
  • An Adequacy Decision from the European Commission.
  • In exceptional circumstances we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into (e.g. transferring data to a US-based accrediting body for certifications so that a client can receive their accreditation).
  • On a case-by-case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defense of legal claims.


3.8 Data Retention


The Project Foundry retains personal data about individuals for a range of periods. The basis for our retention periods considers:

  • Statutory obligations
  • Contractual obligations
  • Quality assurance standard obligations provided by our training partners or accrediting bodies.
  • For reasonable periods after the conclusion of engagements for QA and risk management purposes.


On a case-by-case basis, records may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation.  Where records are subject to this kind of “hold” process, the ongoing retention will be reviewed on an annual basis.


3.9 Your Rights


  • For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
  • For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.
  • You have the right to request:
  • A copy of data we hold about you (Right of Access)
  • That any error in data we hold about you is corrected (Right of Rectification)
  • That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
  • That we refrain from processing data for a specific purpose (Right to Restrict processing)
  • You have the right to complain to the Irish Data Protection Commissioner, and to seek compensation through the Courts.


Legal Disclosure

We reserve the right to disclose your personal data as required by applicable law and when we believe that disclosure is necessary to protect our rights and / or to comply with a judicial proceeding, court order, or other legal process served on us. Your personal data will also be shared between our Group Companies for the activities permitted under this Policy.

In the event The Project Foundry goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account and personal data will likely be among the assets transferred. You will be notified via and via a prominent notice on our Website of any such change in ownership or control. We may also disclose your personal information to any other third party but only with your prior consent.


3.10 Complaints


In the event that you wish to make a complaint about how your personal data is being processed by The Project Foundry Ltd., or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and The Project Foundry Data Compliance Manager.

The details for each of these contacts are:



Supervisory Authority Contact Details The Project Foundry Ltd. Data Compliance Manager
Contact Name: Helen Dixon – Commissioner Mark Carragher
Address Line 1: Canal House The Academy
Address Line 2: Station Road 42 Pearse St.,
Town / City: Portarlington Dublin 2
Eircode: R32 AP23 D02 HV59
County: Co. Laois Dublin
Country: Ireland Ireland
Telephone: +353 (0)761 104 800 +353 (0) 1 4452218



4. Document Control and Approval

The Data Compliance Manager is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements for GDPR.

A current version of this document is available to all members of staff


4.1 Change History Record


Issue Description of Change Approval Date of Issue
V1 Initial Issue Stuart Anderson 10/05/2018
V2 Formatting and Address updates Nicole O’Brien 15/01/2021
V3 Updating DPO Nicole O’Brien 28/02/2023