Privacy Policy and Data Protection

Our privacy policy was last updated on the 22nd November 2022 

  1. The Site

This Privacy Policy is issued by Education for Sustainability CLG. You may buy, enrol, access and complete a Course on the Site or afterwards over the phone of face to face. The Site is owned and operated by Education for Sustainability (referred to as “EFS” “we”, “our” or “us”). We care about your privacy. This Policy, which applies to the Site, (together with our Website Terms of Use and any other documents referred to in the Site) explains how we collect and use your information. Please read it carefully. For questions about this Policy, or if you want to enforce your rights: please contact EFS’s Privacy Officer, at


  1. Who we are

Education for Sustainability CLG is a non- profit social enterprise aimed at increasing climate literacy and fostering behaviour change in Ireland. We execute a variety of educational programmes such as workshops, teacher training and a 10-week climate literacy course for 6th class up to transition year. It is our vision to create a world where young people are actively engaged in taking action for sustainable development by making environmental education and sustainability a fundamental part of the national curriculum. If you have any questions about the Terms, our Privacy Statement or our Cookie Policy, you can contact us at

Education for Sustainability CLG is registered under company number 688685 with its registered address at 64 Watson Park, Killiney Co. Dublin A96X9D7, Ireland. Our tax number is 3743812PH

For the purpose of applicable data protection laws EFS forms part of the data protection regime in the Ireland and the Data Protection Act 2018 (DPA 2018) and EU General Data Protection Regulation 2016/679 applies to the processing of personal data wholly or partly by automated means and to the processing your Personal Information collected through the Site. 

2.1 Definitions 

2.1.1  “Personal Information” in this Policy means “Personal Data”; as defined in the EU General Data Protection Regulation 2016/679(EU). In summary, it means information that identifies you, whether directly or indirectly, including for example your name, gender, address, email address, phone number and any other information that you may voluntarily submit to us, as well as any online identifiers such as your click stream data or IP address. 

2.1.2  “Data Protection Laws” means the data protection and information privacy laws of Ireland and the European Union and includes any legislation in force from time to time which implements Directive 95/46/EC or Directive 2002/58/EC of the European Community, the Data Protection Acts 1988 and 2003 (as amended), and once applicable the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and/or any corresponding or equivalent Irish laws or regulations, once in force and applicable. 

2.1.3  “Data Processing” refers to any action performed on Personal Data, such as collecting, recording, organizing, storing, transferring, modifying, using, disclosing, uploading or deleting. 

2.1.4  “General Data Protection Regulation” means Regulation (EU) 2016/679, known as the General Data Protection Regulation (the “GDPR”). 

2.1.5  “Special Categories of Data” has the meaning as set out in Data Protection Laws. 


  1. When do we collect information about you?

We collect Personal Information when you visit our platform or website, when you enrol for a Course and register for My Quest portal login details, when you email, call or write to us, or provide us with information in any other way, including by interacting with us via social media such as Facebook or Twitter. We also collect information when you take a Course or otherwise, use our portal or if your company or supporting council or benefactor has provided your details to us to enable us to provide you with access to and use our courses or apps. 


  1. Consent

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us at 


  1. What types of personal information do we collect and process?

5.1  Each time you visit a Site we may automatically gather the following information: 

5.1.1  technical information about your computer such as domain name, browser type and version, operating system and platform, IP address, cookie information and time zone setting; and 

5.1.2  information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time), what web pages you visited on the Site and how long you spend on each page, page interaction information (such as scrolling, clicks and mouse-overs), page response times, download errors, traffic data, location data, weblogs, history of resources accessed on the Site, methods used to browse away from the page and information on what website you visited before accessing the Site. 

5.2  We process the following kinds of personal information if you provide it to us, or if your company provides it to us, or if it comes into existence by virtue of you taking a Course: 

5.2.1  Information about you, including your name, job title, address, email and other contact details; 

5.2. 2  Information about the company you are associated with; 

5.2.3  Information about your use of our mobile applications, including information about which pages you view; 

5.2.4 Information concerning your progress in taking a Course including information concerning your performance in assessments and where appropriate, your entitlement to a certificate; 

5.2.5  Information you provide to us during communications you have with us and with our staff, for example comments or queries about the courses we provide. 

5.2.6  Information about the course or about the content that you provide, such as the location of the person or the date on which you posted a photo or created an event, what you see through features that we provide, so we can do things such as propose masks and filters that you might like, or give you guidelines on using the same. 


  1. Why do we collect and use your Personal Information, and what are our lawful grounds for doing so?

6.1  We use your Personal Information for the following purposes: 

6.1.1  To process and respond to requests, enquiries and complaints received by you, in accordance with our legitimate interest to provide you with a responsive service. 

6.1.2  To track your progress through a Course, to assess your performance in assessments and to determine whether you have reached the standard which is required if you are to earn a CPD certificate. 

6.1.3  To provide services and products requested by you. We do this as necessary to carry out our legitimate interest to operate a business which offers training courses. 

6.1.4  To communicate with you about services and/or products provided to you. We do this as necessary to carry out our legitimate interest to operate a business which offers training courses. 

6.1.5  To update our records and for audit purposes, in accordance with our legitimate interest to operate a business which offers training courses. 

6.1.6  To prevent or detect fraud, in accordance with our legitimate interest to do so. 

6.1.7  Where legally required or where it is in our legitimate interest to do so, to comply with requests from law enforcement and regulatory authorities. 

6.1.8  To analyse trends and profiles, for our legitimate interest to aim, to enhance, modify, personalise or otherwise improve our services and communications for the benefit of our customers. 

6.1.9  To carry out customer satisfaction research, for our legitimate interest to aim to enhance, modify, personalise or otherwise improve our services and communications for the benefit of our customers. 

6.1.10  If you make enquiries through a Site and agree in the contact form to receive email updates we will send you such updates on the grounds of your consent. 

6.1.11  To enable third parties to carry out any of the purposes set out above on our behalf. For this we use our legitimate interest to run our business as efficiently as possible. 

6.1.12  To create personalized services with clear recommendations and suggestions that are unique and relevant to users, we use users preferences, interests and activities based on the data that we collect and learn from users. 

6.1.13  To communicate with users about our services and let users know about the Policies and Terms as well as to respond to users when the user contacts us. 


6.2   The legal basis on which we collect, process and transfer your information in the manner described above are: 

(i)     your consent (where we have sought it and you have provided it to us), and in which case, you can withdraw your consent at any time; 

(ii)     where any such processing is necessary for the performance of a contract with us; and 

(iii)     our legitimate interests in conducting our business in a responsible and commercially prudent manner. 

(iv)     Our legitimate interest in maintaining a business relationship and communicating with you, as a business contact, about our courses, events and providing you with information about new developments. 


7.    Transfers abroad 

Where relevant and necessary for EFS’s business, we may transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union. If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include (i) entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or (ii) seeking and obtaining your explicit consent to the transfer. 


  1. Retention

We will not hold your personal data for longer than is necessary. We retain your personal data for as long as we need it for the purposes described in this privacy notice, or to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise between you and us. 


 9.Recipients of Data

9.1  We may disclose your Personal Information to companies within our corporate group. We will not share Personal Information collected through our Site with unrelated third parties, except as provided in this Policy. 

9.2  We may disclose to your employer details concerning your progress in taking the Course, up to and including the award of a certificate.  

9.3  We may disclose your Personal Information to competent regulatory authorities and bodies as requested or required by law. 

9.4  If we sell all or any part of our business, the parties which buy it may have access to your Personal Information. 

9.5  We also provide information and content to research partners and academies to conduct research and support innovation as well as promote our business and these parties are not authorised to keep or use your Personal Information for any other purpose. 

9.6  We may disclose the data to third parties who we engage to provide services to us in connection with this website, such as outsourced service providers, IT services providers, professional advisers, and auditors. 


  1. How long do we keep your Personal Information?

10.1  We hold your Personal Information for as long as we need to for legitimate legal or business reasons, including complying with any regulatory obligations. Personal Information collected through a Site may be kept as follows: 

10.1.1  We employ the services of Google Analytics and Hotjar (the Analytics Companies). Further information concerning the nature of the services which they provide to us is set out in our Cookie Policy here:  (Link to Cookie Policy here). 

10.1.2  The Analytics Companies keep anonymised information concerning your visits to the Site on their servers, in accordance with their respective privacy policies. 

10.2  We will keep your information for at least as long as our relationship with you is active, and for any further period as required by our retention policy.  

10.3  If you would like more detailed information about our retention policy, please email us at or use one of the other methods in the “Contact us” section below. 


  1. Security

We aim to ensure that your Personal Information is secure. In order to prevent unauthorised access or disclosure, we have appropriate physical, technical and organizational measures to safeguard and secure the Personal Information we collect. Our service providers are required to do the same. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information once we receive it, we cannot guarantee the security of your data transmitted to a Site; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorized access. 

11.1  While using some third parties services for the purpose of payment processing, research or statistical data analysis, some personal information may be transferred to those third parties. We remain responsible for your information when shared with third parties, and shall instruct such third parties to abide by the GDPR rules. 

11.2  All private information like User’s e-mail address, access log-in can be accessed only by providing User’s password. 


  1. Cookies

Each Site uses cookies to distinguish you from other users of the Site. This helps us to provide you with a good experience when you browse a Site and also allows us to improve the Site. Providing us with your Personal Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with our complete services. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy linked at clause 10 above.  


  1. Links to other Websites

A Site may contain links to the website of other companies and organisations which may be of interest (“Third Party Site”). If you decide to leave the Site and access the Third-Party Sites or to use or install any Third-Party Applications, Software or Content, you do so at your own risk and you should be aware that our terms and policies no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any site to which you navigate from the Site or relating to any applications you use or install from the site. 


 14. Your rights and how to update your information 

You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data: 

14.1  The right to be informed about the processing of your personal data;  

14.2  The right to access your personal data;  

14.3  The right to rectification of your personal data;  

14.4  The right to erasure of your personal data; 

14.5  The right to data portability; 

14.6  The right to object to processing of your personal data;  

14.7  The right to restrict processing of your personal data. 

In order to exercise any of the rights set out above, or if you have any questions about how we process your personal data, you can email us at  or write to us at 64 Watson Park, Killiney Co. Dublin A96X9D7. Please note that the limitation or deletion of your personal data may mean that we will be unable to provide you with the communications and/or invitations described above. 

We are required to keep all personal data accurate and up to date.  To assist us in doing so, we ask you to contact your usual business contact at EFS or email with any relevant changes, such as change of address or contact telephone numbers. 


  1. Restriction of data subject rights in certain circumstances

Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. 


  1. Complaints 

We take a high level of care in how your personal data is handled to ensure that it is safeguarded and our legal obligations are met. If you are not happy with the way we have used your information or addressed your rights, you may contact us at  You also have the right to make a complaint to the Irish Data Protection Commission by emailing


  1. Unsubscribe 

If you no longer wish to receive further marketing communications and/or invitations from us, you can unsubscribe at any time by emailing us at   


  1. Contact us

If you have any questions or comments about this Policy, or if you wish to exercise your rights, please contact EFS’s Privacy Officer for queries or requests relating to taking a Course: 

By email:

By post: To 64 Watson Park, Killiney Co. Dublin A96X9D7