NALA - Privacy policy Template

Privacy statement

Learn with NALA Privacy Statement


This Privacy Statement tells you how the National Adult Literacy Agency (NALA) processes your data on the website, Learn with NALA.

‘Data’ means any information about people that is collected by another person or organisation. ‘Data processing’ is a phrase used to describe the different ways data is used and stored.

NALA respects your right to privacy. We comply with how the law says we must handle your data.

This document tells you why we collect data from you, or about you from other people or organisations

We take great care with any data we hold and take steps to keep your data secure. We make sure we use your data only for the specified, and legitimate reasons set out in this Privacy Statement.

In this statement, we outline:

  • the types of data we collect
  • how we use your data
  • your rights in relation to the data we hold about you
  • how long we hold your data for
  • how to contact us if you have any questions about your data or if you have any complaints.

NALA is a ‘data controller’

We control data and this means we are a ‘data controller’. NALA is the data controller of the types of data about people described in this statement

Our contact details
National Adult Literacy Agency
Sandford Lodge
Sandford Close
Dublin D06 YF65

About NALA

We are a charity and we are a membership organisation. NALA membership is open to all organisations and everyone interested and involved in adult literacy.

We exist to support people with unmet literacy, numeracy and digital literacy needs. We do this so that they can play their full part in society and have access to the learning opportunities they need. We are committed to making access to literacy a human right.

Throughout the document references to ‘NALA’, ‘us’, ‘our’ and ‘we’ refer to the National Adult Literacy Agency.


We will process all data in line with the relevant data protection laws and principles. These include the:

  • General Data Protection Regulation (GDPR) 2018
  • Data Protection Acts (DPA) 2018.

Data we collect

‘Data’ is personal information that identifies or is related to a living person. When we talk about ‘you’ or ‘your’ in this Privacy Statement we mean any living person whose data we collect.

We collect data to provide services to support our work in NALA. This includes when you:

The next table outlines the categories and types of data we collect. The types of data we collect may change over time. The table shows you the typical types of data we collect.

Typical types of data we collect
When learners are registering with the Learn with NALA website
Legal basis
What data we collect
  • Name
  • Address
  • Email
  • Gender
  • Date of birth
  • Personal Public Service
  • Number (PPSN)
  • Phone number
When learners are submitting for Quality and Qualifications Ireland (QQI) awards
Legal basis
We need to use and store data in the way the law demands.
What data we collect
  • Name
  • PPSN
  • Date of birth
  • Awards achieved
  • Personal Public Service
  • Gender
  • Portfolio submissions
When an education centre, organisation or company registers with the Learn with NALA website
Legal basis
What data we collect
  • Contact name for the centre, organisation or company
  • Contact’s email address
  • Contact’s phone number
  • Staff name(s)
  • Tutor name(s)
  • Tutor email addresses
When responding to queries from individuals
Legal basis
What data we collect
  • Name
  • Phone number
  • Email address
  • Query details

With whom we share data

There are various circumstances where we may share data with other people or organisations (often called ‘third parties’). We may share your data with third parties when we need to, and the law says we can. NALA may share relevant data with the following categories of third parties:

  • State or regulatory organisations as required by EU and Irish Law
  • Quality and Qualifications Ireland
  • Education and Training Boards
  • IT or cloud services providers (people who store data remotely online)
  • government departments
  • legal representatives, if necessary
  • other service providers that we appoint to process data on our behalf.

We only share your data when we are confident any third party we give your data to:

  • complies with data protection legislation
  • will protect your data just as we do.

We only give them the data they need to provide the service that they are undertaking on our behalf. Sometimes we transfer data outside of the European Economic Area to people handling data for us. When we do this, we will make sure that they have the appropriate safeguards in place to protect your data.

Keeping your data

We will keep your data only for as long as we need it to provide the relevant service to you. To decide how long to keep your data we consider:

  • the amount, nature and sensitivity of the data
  • the potential risk of harm from unauthorised use or disclosure of your data
  • if we need your data to keep providing a service to you.

Your rights

You have the following rights in relation to your data. You can send us a request about any of the rights outlined below. We will do our best to handle your request as soon as possible and within one month. However, restrictions may apply in certain situations

‘Access’ your data

(Right of access by the data subject, GDPR, Article 15)

You have the right to know:

  • what data we hold about you
  • why we hold the data
  • how we are using the data.

When sending us a request, please give us as much information as you can. This will help us to identify the data you wish to access. For example, give specific dates.

Please see NALA’s Subject Access Request Policy for more details.

‘Rectification’ – correct your data

(Right to rectification, GDPR, Article 16)

You have a right to ask us to keep data that we hold about you up to date and accurate.

Where data is inaccurate or incomplete, we encourage you to contact us to have this data corrected. When we receive your request, we will make sure that the data is corrected and as up to date as soon as is reasonably possible.

‘Erasure’ – have your data wiped from our records

(Right to erasure [‘right to be forgotten’], GDPR, Article 17)

You have the right to ask us to remove your data from our records in the following circumstances.

No longer needed

You have the right to ask us to remove your data when we no longer need it.

Withdraw consent

If we are only allowed use your data with your consent and you withdraw your consent you have the right to ask us to remove it. As long as there are no other legal reasons we should keep the data, we will remove it.


We will remove your data if its use is illegal.

You object

If you object to us using your data and there are no good reasons why we should keep using it, we will remove your data.

Legal requirements

If the law requires us to remove your data, we will do so.

When we will not remove your data

We cannot remove your data if we need it for any of the following reasons, to:

  • exercise the right of freedom of expression
  • comply with a legal obligation in the public interest
  • safeguard public health
  • archive data, research, or gather statistics in the public interest
  • establish, exercise or defend legal claims.

‘Opt out’ – we don’t use ‘automated decision making’ but if we ever do, we will ask you first

(Right to opt out of automated individual decision-making, GDPR, Article 22)

Sometimes when organisations hold data about you, they use an automated decision system to decide things about you. However, if this type of decision would have a legal or significant effect on you, you can tell the organisation not to do so.

Currently we do not use automated decision making. If we ever decide to use your data in this type of system in the future, we will tell you in advance and give you the right to object.

‘Object’ – you can object to us using your data

(Right to object, GDPR, Article 21)

In certain circumstances, you have the right to object to the further use of your data. In addition, we will only use your data in a way that you would expect us to do, so we can perform our work and activities.

But we may still use it if we:

  • can show compelling reasons why we need to do so
  • can show we need to use your data in the public interest
  • need your data to defend legal claims.

However, we will stop using your data if you tell us you object to us doing so for:

  • direct marketing
  • scientific research
  • historical research
  • statistical analysis.

If we need to use your data in the public interest for scientific or historical research or statistical analysis we will make sure that you cannot be identified. This is known as anonymisation.

Direct marketing

You can object to us using your data for direct marketing or profiling you related to direct marketing.

If you object to us using your data, we may still use it if we:

  • can show compelling reasons why we need to do so
  • can show we need to use your data in the public interest
  • need your data to defend legal claims.

‘Restriction’ – challenge how we use your data

(Right to restriction of processing, GDPR, Article 18)

If you ask us to limit how we use your data, we will do so if the following circumstances apply. You tell us:

  • the data we hold about you is inaccurate – we will restrict use of your data until we update it
  • NALA no longer needs the data, but you need it for legal reasons
  • you have already lodged an objection to us about using your data and we are still considering your objection.

You may also argue that processing your data is unlawful.

You may be against us wiping out your data but ask us to restrict its use instead.

If using your data has been restricted, we will use your data only:

  • with your consent
  • to establish, exercise or defend legal claims
  • to protect the rights of other people
  • for reasons important to public interest.

If we agree to restrict your data, we will contact you to confirm that we have carried out your request.

We will only lift the restriction after we have informed you that we are doing so.

‘Portability’ – you can reuse data in more than one organisation

(Right to data portability, GDPR, Article 20)

You have the right to get from us all data we have about you. For example, if you wanted to get a list of your educational reports from us when applying to a third-level institution.

You have the right to get this data in a structured, commonly used and machinereadable format if:

  • we have used your data to fulfil legal obligations related to a contract
  • we have used your data to fulfil legal obligations related to your consent.

You are also entitled to this data if the way we use your data is fully automated. For example, our Learn with NALA (LWN) platform is fully automated.

We will refuse this type of request if the data you are asking for would adversely affect the rights and freedoms of others.

Right to withdraw consent

If we are storing or using your data and you have given your legal consent for us to do so, you can withdraw your consent at any time.

Right to complain

If you are unhappy with how we use your data or by our response to any requests by you to exercise your rights, then you have the right to complain to the Data Protection Commission.

Where to complain
Data Protection Commissioner
21 Fitzwilliam Square South
Dublin 2
D02 RD28

Where do I send requests?

Our contact details
If you want to make a complaint or have any queries in relation to your data, please contact us.
National Adult Literacy Agency
Sandford Lodge
Sandford Close
Dublin D06 YF65

Please email all your requests to giving us as much detail as possible about the data you require. This will allow us to deal with your request efficiently. To answer your request, we may ask you to prove your identity.

How long will a request take to complete?

Once we receive your request, we have 30 days to respond. We may extend this by two further months if needed. If we do need more time to deal with your request, we will contact you about the delay, within one month of receiving your request.

If we refuse your request, we will let you know within one month of receiving your request and tell you why. You are entitled to contact the Data Protection Commission if we refuse your request.

How much does it cost to submit a request?

We only charge a fee for requests if we think they are unjustified or excessive. If that is the case, we may charge a reasonable fee or refuse the request.

We may also charge if you submit multiple requests or ask for multiple copies.

Breaches of security

In the unlikely event that someone illegally accesses data that we store, we will contact you in line with our legal obligations.

We will use all reasonable efforts to put in place security measures to prevent your data from being:

  • accidentally lost
  • used or accessed in an unauthorised way
  • altered or disclosed.

We will also limit access to your data by other people and organisations. We will only give them access when they need the data to do business with us.

They may only process your data if we instruct them to do so. They are subject to a duty of confidentiality.

Unfortunately, transmitting data over the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.

Once we have received your data, we will use reasonable procedures to try to prevent unauthorised access. We will notify you and the Data Protection Commission where we are legally required to do so.

Website ‘cookies’ we use

A ‘cookie’ is a small piece of data (text file) that a website gathers about people when they visit it. It’s a way for a website to remember data about you like:

  • your language preference
  • login data.

Some of the cookies we use on our website are called ‘first-party cookies’. Firstparty cookies are stored on our website.

We also use ‘third-party cookies’. Third-party cookies are from other websites. We use these for advertising and marketing purposes.

These are the main ways we might use cookies on our website:

1. Strictly necessary cookies

We need to use some cookies so our website can function. They are usually set to respond to what you do on the website. For example, you may click a button asking for services like:

  • setting your privacy preferences
  • logging in
  • filling in forms.

You can set your browser to block or alert you about these cookies, but if you do so some parts of the site will not work for you. These cookies do not store any data that will identify you.

2. Performance cookies

These cookies allow us to count visits and traffic sources (how you found our website). In this way, we can measure and improve the performance of our site.

They help us to know which pages are the most and least popular and see how visitors move around our website. All data these cookies collect is grouped together and anonymous. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.

3. Functional cookies

These cookies allow the website to work better and provide particular functions. They may be put on our website by third party providers whose services we have added to our website. If you do not allow these cookies then some services may not function properly.

4. Targeting cookies

These cookies may be put on our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. They do not directly store data about you, but they identify your internet browser, provider and device.

If you do not allow these cookies, you will experience less targeted advertising. In addition, you may not be able to see some content like videos on our website.

5. Social Media Cookies

These cookies are set by a range of social media services that we have added to the site to allow you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Please check our Cookie Policy for the cookies currently in use on and

fixed phone widget for desktop