Privacy & Cookie Policy


Must Do Training Limited (hereinafter Must Do Training) collects, processes and stores significant volumes of sensitive and personal sensitive data on an ongoing basis. The Data Protection Acts 1988 and 2003 confer rights on individuals as well as additional responsibilities on those persons and organisations processing personal data.


This policy applies to all data held by Must Do Training including that which is held in manual or electronic form. All staff have a personal responsibility to ensure compliance with the principles of Data Protection law and to adhere to the company’s Data Protection Policy.


Data Protection Principles

Under the GDPR, the data protection principles set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  1. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  1. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  1. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  1. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  1. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Under Article 30 of the GDPR, all data controllers are “responsible for, and be able to demonstrate, compliance with the principles”.

Basis for Holding Personal Data

As part of it’s work in the provision of occupational health & safety consultancy and training services, Must Do Training must process personal data. In complying with the General Data Protection Regulation, Must Do Training must set out the legal basis on which we process such data.

The legal basis’s for processing data are as follows –

  1. Consent: the member of staff, contractor or learner has given clear consent for the company to process their personal data for a specific purpose.
  2. Contract: the processing is necessary for the member of staff’s employment contract or in the completion of a contract with a contractor or other business.
  3. Legal obligation: the processing is necessary for the company to comply with it’s legal obligations.
  4. Legitimate Interests: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

A full list of the type of personal data and the legal basis under which it is processed is contained in Appendix III.

Rights of the Data Subject

The GDPR provides the following rights for individuals:

  1. The Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data.
  1. The Right of Access: Individuals have the right to access their personal data and supplementary information.
  1. The Right to Rectification: The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  1. The Right to Erasure: the GDPR introduces a right for individuals to have personal data erased. The right is not absolute and only applies in certain circumstances.
  1. The Right to Restriction: Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
  1. The Right to Data Portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  1. The Right to Object: Individuals have the right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
  1. Rights in relation to automated decision making and profiling: Individuals have rights in respect of automated decision making and profiling: to be informed and to request human intervention or review of automated decisions.

Fair Processing of Personal Data

We shall be transparent about the intended processing of data and communicate these intentions via notification to staff, learners and others to the processing their individual personal data.

There may be circumstances where the company is required either by law or in the best interests of our learners or staff to pass information onto external authorities, for example an Garda Síochána, the Child and Family Agency (TUSLA), the Revenue Commissioners, etc. Where possible any such processing of an individual’s personal data shall be notified to them and will be carried out only in accordance with the law.

Securing Personal Data

In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.

The security arrangements of any organisation with which data is shared shall also be considered and where required these organisations shall provide evidence of the competence in the security of shared data (e.g. information management certification to ISO 27001, robust security procedures under a data sharing agreement, etc.)

What Are Cookies

Cookies are small text files stored on your computer when you visit certain web pages. At Must Do Training, we use cookies to keep track of what you have in your basket, and to remember you and your preferences when you return to our site.

If you don’t wish to enable cookies on your computer, that will mean that your experience of using our website site will be impaired – as some of the cookies help us to identify and resolve errors for example, or determine relevant related products to show you when you’re browsing.

Why Do We Use Cookies?

Like most websites, we use cookies to help improve the performance of our website and provide you with a better user experience. Cookies are widely and commonly used to make websites function more efficiently as well as providing different types of information to website owners.

We do not sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to government bodies and law enforcement agencies). If you would like to learn more about how we protect your privacy, please read out privacy policy.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the site.

More Information

Hopefully, this page has helped explain how and why cookies are used on the Must Do Training website, but if you’d like more information, please contact us.



Must Do Training
Must Do Training Logo

Quality Mandatory Training, Anyplace, Anytime!

© 2024 Copyright - Must Do Training - All Rights Reserved.