EMN Website Privacy Notice

Under Data Protection legislation, individuals have a number of rights in relation to the personal data an organisation holds about them. The purpose of this notice is to inform you of the personal data processed through this website, how this data is handled and what your rights are.

Who we are and how to contact us?

EMN Ireland is the Irish National Contact Point (NCP) of the European Migration Network (EMN). EMN Ireland maintain a national migration network, composed of organisations and individuals active in the area of migration and asylum including, including national policymakers (Government departments and bodies), I/NGOs, academia and other interested parties active in the area for migration and asylum. 

EMN Ireland is located at Economic and Social Research Institute (ESRI). The ESRI is a research institute that undertakes economic and social research to advance evidence-based policymaking in these areas.  It is a company limited by guarantee and is registered as a charity. Its sources of income are multi-annual programmes of research funded by a number of government departments and agencies, commissioned research projects, competitive research grants and a government grant-in-aid.

Our contact details are as follows:

European Migration Network (EMN) Ireland

Economic and Social Research Institute

Whitaker Square

Sir John Rogerson’s Quay

Dublin 2

Tel: 01 863 2000

Email: [email protected]

The Data Protection Officer at the ESRI is Ms Rachel Joyce. Data Protection related queries can be sent to [email protected]

What personal data do we hold?

EMN Ireland maintains a professional/stakeholder contact database for the purposes of information dissemination within its network on relevant matters in migration and international protection debates. This data is maintained on the basis of legitimate interests.

In additional, EMN Ireland processes personal data submitted through its website – individuals may sign-up to receive news, event and publication notifications. You are asked to input your name and email address.  Such information is collected on a consent basis.

EMN Ireland also maintains a database on published migration case law and this is available as a resource on our website. All data is sourced from judgments published by the Courts Service of Ireland and already in the public domain. All protection-related judgments are anonymised at source. We process these data on the basis of legitimate interest i.e. our core function to provide up-to-date, reliable and comparable information on migration to support policy-making in the EU.

Do we share personal data with any third parties?

EMN Ireland does not disclose your personal data to any third parties.

We use third party cloud software to host and manage communications and event registration. We ensure that these platforms provide appropriate data protection including where data is hosted and security credentials. The privacy notices of these providers are available here:

Communications distribution: https://infiniteweb.ie/   and https://mailchimp.com/

Event/Conference Registration via Microsoft Forms: https://www.microsoft.com/en-us/trustcenter/default.aspx

Webinar hosting/registration via Zoom https://zoom.us/privacy

What is the legal basis for processing the data?

Under data protection law, there are six available lawful basis under which an organisation may process personal data. They are consent, contractual purposes, legal obligations, vital interests, public task, and legitimate interests.

The legal basis for which we process each category of personal data is:

Communications Distribution List                           Legitimate interest

                                                                                       Consent via website subscription

Case law database                                                        Legitimate Interest; data already in public domain

Legitimate interest means we have a legitimate business interest. When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Data for activities where privacy impact may override legitimate business interests (unless we have your consent or are otherwise required or permitted by law). If you no longer wish to received communications from EMN Ireland on this basis, please email [email protected].

Consent means you have provided clear and explicit consent. This may be withdrawn at any time through the unsubscribe option on e-communications.

How long will the data be stored for?

For data processed on a legitimate interest basis, it will be retained for as long as there is a purpose associated with the legitimate interest. For data processed on a consent basis, it will be held for as long as the individual consents and there is a business purpose. An individual can opt-out of receiving communications from EMN Ireland at any time but emailing [email protected] or clicking Unsubscribe on automated e-communications.

What rights do you as the data subject have?

Data protection legislation confers the following rights on individuals:

1. The right to be informed

An individual has a right to know whether an organisation processes personal information relating to them and certain additional information in relation to the processing, such as its purposes, the categories of data, the recipients of the data, and the existence of additional rights such as the rights to erasure and objection (where applicable).

2. The right of access

Individuals have the right to access their personal data, be aware of and verify the lawful basis on which it is processed.

3. The right to rectification

Individuals have a right to have inaccurate personal data rectified or completed if it is incomplete.

4. The right to erasure

Individuals have a right to have their personal data erased in certain circumstances. This right applies where personal data is processed on the basis of consent or when the personal data is no longer necessary for the purpose which it was originally collected or processed it for; it doesn’t apply where personal data is being processed or retained in order for the organisation to comply with a legal obligation.

5. The right to restrict processing

Individuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, an organisation may store the personal data, but not use it. This right applies where:

  • an individual contests the accuracy of their personal data and this is being verified
  • the data has been unlawfully processed (i.e. in breach of the lawfulness basis on which it is processed) and the individual opposes erasure and requests restriction instead
  • an organisation no longer needs the personal data but the individual needs it to be kept in order to establish, exercise or defend a legal claim
  • the individual has objected to the processing of their data where it is being processed on the basis of public interest task or legitimate interests and the organisation is considering whether their legitimate grounds override those of the individual.

6. The right to data portability

This right allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies where the lawful basis for processing this information is consent or for the performance of a contract, and the processing is being carried out by automated means.

7. The right to object

An individual has the right to object to the processing of their personal data where:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics.

8. Rights in relation to automated decision making and profiling

Automated decision making and profiling is defined as:

  • automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

An organisation can only process personal data in this way when it’s:

  • necessary for the entry into or performance of a contract; or
  • authorised by Union or Member state law applicable to the controller; or
  • based on the individual’s explicit consent.

ESRI Subject Access Request Procedures

Making and submitting a Subject Access Request

If you wish to make a Subject Access Request, please do so in writing to the Data Protection Officer, ESRI, Sir John Rogerson’s Quay, Dublin 2 or  [email protected]

To order to facilitate processing of your request and timely retrieval of your personal data, we ask that individuals provide the following details:

  • Name of Requester
  • Details of the personal data that you are requesting e.g., application form, emails of a specific subject matter, letters or
  • Data Subject Right you wish to exercise (where applicable) e.g., right to rectification, erasure
  • Any other relevant information
  • The form you wish data to be provided to you


In order to ensure that personal data is not disclosed to the wrong person, proof of identity will be required with your data access request.

If a request is being made on your behalf by a third party such as a solicitor, authority and verification will be sought.

Data pertaining to your information only

You are entitled to your own data only. If data from additional parties to the request are required by you, it is necessary for each party to consent to the release of their personal data in writing to the Data Protection Officer. Data pertaining to individuals not party to the request will not be released to you.

Response Times

We will respond to your request without undue delay and your request will be concluded no later than 1 month from when it is received.

The timeline may be extended by up to 2 months taking into account the complexity and whether it is a repeat request.


Your data will be provided to you free of charge.

However, a reasonable fee may apply when a request is manifestly unfounded or excessive.

Right to complain to Data Protection Commissioner

If you are unhappy with the outcome of your request, you may make a complaint to the Data Protection Commission who will investigate the matter for you. Further details on your rights under the Data Protection Act are available on the Data Protection Commissioner’s website www.dataprotection.ie.

Use of Cookies

This website uses cookies. We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. We do not collect personally identifiable information through website cookies.

Analytics cookies are used to understand how users engage with our website, improve performance and monitor statistics to provide the most relevant and useful content to you. 

To Block Cookies

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them visit: www.aboutcookies.org.

For more information
View Google’s Privacy Policy: http://www.google.co.uk/intl/en/analytics/privacyoverview.html
To opt out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout