privacy policy

NUI Galway Students’ Union – Data Privacy Policy Statement


NUI Galway Students’ Union is an Irish non-incorporated body. Under our constitution, the Board of Trustees owns all assets of Union. The assets include NUI Galway Students’ Union Commercial Services Ltd. a company registered in Ireland. Both entities are collectively referred to as “NUIGSU“, “we” or “us” in this policy document.



Maintaining the security of your data is a priority at NUIGSU, and we are committed to respecting your

privacy rights. We pledge to handle your data fairly and legally at all times. NUIGSU is also dedicated to being transparent about what data we collect about you and how we use it. This policy, which applies whether you visit our store(s), use your mobile device or go on line, provides you with information about:

  • How we use your data,
  • What personal data we collect
  • How we ensure your privacy is maintained, and
  • Your legal rights relating to your personal data.


How We Use Your Data


NUIGSU (and trusted partners acting on our behalf) uses your personal data:

  • To provide goods and services to you,
  • To manage any registered account(s) that you hold with us,
  • To verify your identity,
  • For crime and fraud prevention, detection and related purposes,
  • With your agreement, to contact you electronically about promotional offers and products and services which we think may interest you,
  • To enable NUIGSU to manage SU Member Services interactions with you, and
  • Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).


Promotional communications

NUIGSU uses your personal data for electronic marketing purposes (with your consent) and may send you email messages to update you on the latest NUIGSU offers.

You have the right to opt out of receiving promotional communications at any time, by contacting NUIGSU via the contact channels set out in this Policy. 

Sharing data with third-parties

NUIGSU only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. 

Other third parties

Aside from our service providers, NUIGSU will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes. We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:

  • To comply with our legal obligations,
  • To exercise our legal rights (for example in court cases),
  • For the prevention, detection, investigation of crime or prosecution of offenders, and
  • For the protection of our employees and customers.

International transfers

To deliver products and services to you, it is sometimes necessary for NUIGSU to share your data outside of the European Economic Area.

This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 10 years.


What Personal Data Do We Collect?

NUIGSU may collect the following information about you:

  • Your name, age/date of birth and gender,
  • Your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address,
  • Your password(s),
  • When you make a purchase or place an order with us, your payment card details,
  • Your communication and marketing preferences,
  • Your interests, preferences, feedback and survey responses,
  • Your location,
  • Your correspondence and communications with NUIGSU.


How We Protect Your Data

NUIGSU is committed to keeping your personal data safe and secure. Our security measures include:

  • Regular cyber security assessments of all service providers who may handle your personal data,
  • Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents,
  • Security controls which protect the entire NUIGSU IT infrastructure from external attack and unauthorised access, and
  • Internal policies setting out our data security approach and training for employees.


What Can You Do To Help Protect Your Data

NUIGSU will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from NUIGSU asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to NUIGSU and more generally:

  • Keep your account passwords private. Remember, anybody who knows your password may access your account.
  • When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or
  • Other personal data that can be easily obtained. We also recommend that you frequently change your password.
  • Avoid using the same password for multiple online accounts.


Your Rights

You have the following rights:

  • Confirmation whether NUIGSU is processing any personal data about that individual;
  • The right to request the Legal Basis for NUIGSU processing your SU Member data;
  • The right to ask what personal data that we hold about you at any time;
  • The right to access your personal data;
  • The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge;
  • The right to opt out of any marketing communications that we may send you;

Data subjects not are entitled to obtain:

  • Information about any 3rd parties which may have had access;
  • Deletion of own personal data (if consent is the only lawful basis for retention);
  • Access to other people’s personal data;
  • Access to their personal data, if it not in their best interest;


If you wish to exercise any of the above rights, please click on this SAR Application Form Link to download a Subject Access Request (SAR) form.

Complete the form with your contact details and information request background. Please attach a copy of a Photo ID and a Utility Bill as proof of identification post to:

Data Controller

NUI Galway Students’ Union

Áras na Mac Léinn

NUI Galway

University Road



Contact Information

If you have any questions about how NUIGSU uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

NUI Galway Students’ Union

Áras na Mac Léinn

NUI Galway

University Road



You have the right to lodge a complaint with the Data Protection Commissioner (DPC). Further information, including contact details, is available at



This policy was last updated on 1st September 2018.