About Fáilte Ireland
Fáilte Ireland is the National Tourism Development Authority, and it is the statutory body established by the National Development Authority Act, 2003 whose principal place of business is at 88-95 Amiens Street, Dublin 1 (also referred to as "Authority," "we," "our," "us") is the Data Controller when you provide your personal data to us.
Under legislation, we are required to work to promote tourism and the development of tourism facilities and services in Ireland.
Our mission is to support the implementation of Government policy to maximise the long-term sustainable growth in the economic, social, cultural and environmental contribution of tourism to Ireland. We do this by working with a wide range of people across the public and private sectors and across tourism communities. We provide a wide range of supports, information and services to people, businesses, organisations and stakeholders across leisure tourism (including accommodation, food & drink, attractions, activities, festivals & events, transport, touring & guiding, etc.,) and business tourism (including conferences, meetings and business events, venues, planners and other intermediaries).
Fáilte Ireland fully respects your right to privacy. Fáilte Ireland is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data.
The purpose of this Data Protection Policy is to provide you with an overview of how Fáilte Ireland processes its data subjects’ personal data. This Data Protection Policy is designed to help you obtain information about our data protection practices.
Any information that we process about you will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Acts, 1988 to 2018 and other Irish or EU Data protection legislation. Fáilte Ireland holds personal data received from several sources in connection with the performance and delivery of our public functions and the promotion of tourism and the development of tourism facilities and services.
This Data Protection Policy provides information on what personal data Fáilte Ireland processes on whom and why, along with information as to how that data is managed and how you can exercise your legal rights under the GDPR. It is designed to be as transparent and informative as possible and to ensure you that we handle your data with the utmost care and integrity. This Data Protection Policy is displayed in the footer of Fáilte Ireland’s website www.failteireland.ie.
In the interest of maximum transparency, this Data Protection Policy is supplemented with Privacy Statements. These Privacy Statements provide more in-depth information on data processing, purpose and storage and retention specific to different types of Subjects (employees, board members, people operating in tourism and availing of business services, general public and holidaymakers, stakeholders and dignitaries, suppliers, etc).
Please see the table below which provides an overview of these Privacy Statements.
| Privacy Statement Title | Publication | Subjects |
|---|---|---|
| Employee Privacy Statement | Internal | Employees (Past, present and potential) |
| Board Members Privacy Statement | Internal | Board Members (Past, present and potential) |
| Business Services Privacy Statement | External | People operating in tourism and with whom Fáilte Ireland works including people working in the tourism industry, stakeholders, other public bodies. |
| Supplier Privacy Statement | External | Suppliers and contractors for products and services which Fáilte Ireland procure and use. |
| Consumer Privacy Statement | External | Members of the public/holidaymakers/ visitors and tourists. |
Fáilte Ireland uses a number of lawful bases in processing personal data of a range of subject groups. The largest group of subjects are those who operate within the tourism sector, including other public bodies, with whom Fáilte Ireland work and to whom Fáilte Ireland deliver its services in line with its statutory obligations. Fáilte Ireland uses its Legislative Mandate as an Official Authority under the National Tourism Development Authority Act, 2003 (NTDA Act, 2003) as the lawful basis to process personal data for the purposes of ‘the promotion of tourism and the development of tourism facilities and services’ in Ireland. Where legislative mandate cannot apply, Fáilte Ireland uses the most appropriate lawful basis including purpose of a contract, consent, vital interest and legitimate interest. Fáilte Ireland will ensure that the lawful basis of processing personal data are aligned with the Data Maps (as per Article 30 of the GDPR) and also our Privacy Statements.
| Subjects | Personal Data | Lawful Basis |
|---|---|---|
| Employees (Past, present and potential) | Contact & financial data, work ID, & PPSN | Purpose of a Contract |
| Employees (Past, present and potential) | Imagery | Legitimate Interest |
| Employees (Past, present and potential) | Family details; next of kin | Vital interest |
| Board Members (Past, present and potential) | Contact & financial data; Imagery, Declaration of interest data | Legislative Mandate |
| People People operating in the tourism sector, groups, stakeholders, dignitaries, other public bodies, media with whom we work to develop the tourism economy | Contact & financial data; Imagery | Legislative Mandate |
| Members of the public/holidaymakers/ Leisure & business tourism visitors attending public events | Contact data; Voice recording; Imagery (crowd images) | Legislative Mandate |
| Members of the public/holidaymakers/ Leisure & business tourism visitors | Contact data Imagery | Consent |
| Children and vulnerable adults | Contact data Imagery | Consent |
| Users of Ireland’s Content Pool imagery toolkit. | Contact data; Imagery | Purpose of a Contract |
| Suppliers and people who we contract goods and services from | Contact data; professional data Imagery | Purpose of a Contract |
If you submit personal data relating to other people – such as your friends, family, colleagues and others – you are also deemed to be representing that you have the authority to do so and permit us to use their personal data for the purposes described in this Data Protection Policy.
Please contact dataprotection@failteireland.ie if you have any questions about our privacy practices which are not addressed here.
We do not knowingly collect personal information from children without proper parental consent and we make every effort to ensure we have controls in place to secure the privacy of children. Individuals aged 16 or under must ensure they have parent/guardian’s provide written permission before providing any personal information to us. If you believe that we may have collected personal information from someone under the age of 16 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.
Our websites use certain cookies, please see below:
Fáilte Ireland will only share your personal data with partners and third parties when and where is absolutely necessary, including without limitation to the following:
Where we need to share your personal information, we will do so with care and integrity and in line with this Data Protection Policy and our legal obligations. We will ensure that the appropriate technical and organisational measures, processes are data sharing agreements are in place to keep your personal information secure.
If you would like more information about who your data may be shared with, please e-mail dataprotection@failteireland.ie.
Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed 'adequate' by the European Commission, we may enter into 'Standard Contractual Clauses (SCCs)’ with the recipient. These contracts contain standard commitments approved by the European Commission protecting the privacy and security of the information being transferred.
In some of our articles, videos, emails and blogs, we may reference other websites and provide links that are outside of our control. This Data Protection Policy does not cover these other websites and links. Fáilte Ireland does not accept any responsibility or liability for other sites' privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information. Please refer to YouTube’s Terms of Service and Google's Privacy Policy
We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include:
(i) The length of time we have an ongoing relationship and/or provide our services to you or your business.
(ii) Whether there is a legal requirement to which we are subject for e.g. relating to retention of personal data associated with payments and grant services.
(iii) Whether the retention is advisable in light of our legal position (such as regarding applicable statutes of limitations, litigation, or regulatory investigations).
Personal data is stored primarily on Fáilte Ireland’s data management system. All personal data is retained in a secure environment with restricted access.If you would like more information about how long Fáilte Ireland holds your data, please e-mail dataprotection@failteireland.ie.
We take our obligations very seriously and will take appropriate legal, organisational and technical measures to protect your personal data from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
• SSL
• Restricted Access
• IT Authentication
• Firewalls
• Anti-Virus/Malware
We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.
If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).
Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.
Right to object – you have the right to object to certain types of processing such as, direct marketing.
Here are examples of how you can invoke your rights:
(a) Get a copy or to find out what Personal data Fáilte Ireland holds on you and why (known as a Subject Access Request);
(b) Rectify or update your information (e.g., surname, address, mobile number, etc.,); or
(c) Erase your personal information (known as the Right to Be Forgotten)
Please complete the Personal Data Request Form available here.
For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
If you are a registered user of Fáilte Ireland's Trade Portal you can update your personal information held on the Fáilte Ireland Trade Portal at any time.
To access a copy of your personal data that is held by Fáilte Ireland, please complete the Personal Data Request Form available here.
For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.
We reserve the right to modify this Data Protection Policy at any time. You shall be bound by the then-current Data Protection Policy and accordingly, you should review the Data Protection Policy periodically. If we make material changes to our Data Protection Policy, we will provide you with notice of amendments and update the ‘Last Updated’ date at the top of this Data Protection Policy.
If you have any comments, concerns or complaints about our use of your personal data, we ask that you contact us first to try and resolve the matter. You are encouraged to raise any issues with our Data Protection Officer: dataprotection@failteireland.ie.
Data Collection through Google OAuth
The Fáilte Ireland Data Portal uses Google OAuth to connect to Google Analytics 4 (GA4) for tourism analytics purposes. When you authorize this connection, we request read-only access to your Google Analytics data through the https://www.googleapis.com/auth/analytics.readonly scope. This allows us to access analytics data but does not permit us to modify your Google Analytics configuration or data.
Google User Data We Collect
Through this integration, we collect:
• Google Analytics property information
• Analytics reports and metrics
• Website traffic data
• User engagement statistics
• Geographic data of website visitors
• Traffic source information
We do not collect personal information about individual website visitors through this integration, only aggregated analytics data.
How We Use Google Analytics Data
We use this data solely for:
• Displaying analytics information in the Data Portal dashboard
• Analyzing tourism trends and patterns
• Improving tourism services and facilities
• Supporting data-driven decision making for tourism development
• Fulfilling our statutory obligations under the National Tourism Development Authority Act, 2003
Sharing of Google Analytics Data
We do not sell, trade, or otherwise transfer your Google Analytics data to outside parties. The data may be shared internally within Fáilte Ireland and with our direct tourism development partners only when necessary to fulfill our statutory obligations. Any such sharing is conducted with appropriate data protection safeguards.
Protection of Google User Data
We implement specific security measures to protect Google Analytics data, including:
• Secure OAuth token storage
• Encryption of access credentials
• Regular security audits
• Role-based access controls
• Secure API communication
Retention of Google Analytics Data
We retain access to your Google Analytics data only for as long as necessary to fulfill the purposes outlined in this policy. Your OAuth authorization can be revoked at any time through your Google Account settings or by contacting us at dataprotection@failteireland.ie.
If you wish to make a complaint about how Fáilte Ireland processes your personal data or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.
The Data Protection Commission can be contacted at:
Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.
Telephone: +353 (0) 57 8684800
Telephone: +353 (0) 76 1104800
Lo-Call Number: 1890 252 231
E-mail: info@dataprotection.ie
©2025 Fáilte Ireland
For questions about this privacy policy, please contact dataprotection@failteireland.ie