What is the Purpose of this Privacy Statement?
This Privacy Statement refers to our commitment to treat the information of job candidates, employees, clients, contractors, suppliers and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights in accordance with the applicable data protection legislation including the Irish Data Protection Acts and the EU General Data Protection Regulation.
Who does this Privacy Statement refer to?
This policy refers to all parties (job candidates, employees, clients, contractors, partners, suppliers and other interested parties etc.) whose personal data is processed by us.
Who must follow this Privacy Statement?
Our employees must follow this policy. Contractors, consultants, partners and any other external entity are also required to comply. Generally, this Statement applies to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
What data is included?
As part of our services, we need to obtain and process data. This data includes any offline physical data or online data that makes a person identifiable such as names, addresses, usernames and passwords, IP addresses, any online identifier, CCTV, digital footprints, photographs, social security numbers, financial data etc. It also may include one or more factors specific to the physical, physiological, genetic, mental, cultural or social identity of that person.
What is the legal basis for holding your data?
We collect your data based on the following legal basis
- Consent- where you have explicitly agreed to us processing your information for a specific reason such as marketing or explicit consent for us to process any special category of data about you;
- Contract-where you have entered into an engagement with us and the processing is necessary to perform this engagement
- Compliance -the processing is necessary for compliance with a legal obligation we have such as keeping records for revenue or tax purposes or providing information to a public body or law enforcement agency;. we are required by law to process that data in order to ensure we meet our 'know your client' and 'anti-money laundering' obligations; we may be required to process certain data to carry out our obligations under employment, social security or social protection law; the processing is necessary for the establishment, exercise or defence of legal claims
- Legitimate interest-the processing is necessary for the purposes of a legitimate interest pursued by us to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed or to ensure that complaints are managed effectivity, to prevent fraud, to enhance our service offerings and to keep you and our clients informed about the service we are currently providing to you and our clients.
How long will be hold your personal data?
We will only retain personal data for as long as necessary for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject or to defence any legal actions.
We will retain personal data about job applicant candidates for no more than one year
How we collect your data?
We collects this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to use, the following rules apply. Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by us on the basis of either a valid contract, consent, legal compliance or legitimate interest
- Protected against any unauthorised or illegal processing by internal or external parties
Our data will not be:
- Communicated to any unauthorised internal or external parties;
- Stored for more than a specified amount of time (which is notified to you via this Privacy Statement prior to use receiving the data);
- Transferred to organisations, states or countries outside the European Economic area without adequate safeguards being put in place as required under Data Protection law.
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data.
Explicit consent will be required for the processing of any special category of personal data.
Disclosure of data
Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information to partners, associates, agents or subcontractors and to possible successors to our business. Some of these parties may reside outside the European Economic Area (which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in Ireland. We may also disclose your information for the prevention and detection of crime and to protect the interests of Cooney Carey or others, or if required to do so by law or other binding request.
Information we provide before processing the data
Prior to processing any data we will always provide the following information, as detailed in our Engagement Letter and Terms & Conditions:
- Which of your data is collected;
- How we process your data;
- The purpose for processing their data;
- Who has access to their information;
- Provisions in cases of lost, corrupted or compromised data;
- Information relating to the right to request that we modify, erase, reduce or correct data contained in our systems;
- Information relating to data subjects rights in relation to their data.
How we protect your data
Our commitment to protect your data:
Restrict and monitor access to sensitive data;
- Develop transparent data collection procedures;
- Train employees in data protection and security measures;
- Build secure networks to protect online data from cyberattacks;
- Establish clear procedures for reporting privacy breaches or data misuse;
- Include contract clauses or communicate statements on how we handle data;
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.).
Where you, as a Data Controller, engage the services of Cooney Carey, we will act as Data Processors on your behalf. In doing so, we will: -
- Only process personal data under the Contract in accordance with your reasonable written instructions and in accordance with applicable Data Protection Legislation
- Adopt appropriate technical and organisational measures against accidental disclosure, loss or destruction of personal data
- Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal data processed on your behalf
- Refer to you any requests, notices or other communication from data subjects, the Office of the Data Protection Commissioner or any other law enforcement agency relating to personal data processed on your behalf
- Ensure that all Cooney Carey personnel processing personal data are under an obligation of confidentiality
- Make available reasonable information necessary to demonstrate compliance with our Data Protection Obligations
- Make available such information and assistance as is reasonably necessary for you to comply with your obligations to respond to requests for exercising the data subject’s rights, to report personal data breaches and to conduct Data Protection Impact Assessments and Prior Consultation with Data Protection Authorities
- Comply with our obligations to you in respect of sub-processing and Third Country Transfers.
- Delete or return all personal data processed on your behalf where there is no legal basis for use to retain this data, upon the termination of any services provided by us to you
What is your rights
We have provided a summary of your rights: