What is personal data?
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
– Names and addresses
– Contact information – emails and telephone numbers
– PPS Numbers
– Payroll and accounting data
What is sensitive personal data?
Sensitive personal data refers to the above but includes genetic data and biometric data. For example:
– Medical conditions
– Religious or philosophical beliefs and political opinions
– Racial or ethnic origin
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed. McInerney Saunders is a data controller.
What is a Data Processor?
A “data processor” is a person or organisation which processes personal data. McInerney Saunders is also a data processor.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining,
restricting, erasure or destruction.
What information do we collect about you and how?
As you will appreciate, in order to provide services and information to you as a client, and to fulfil certain legal obligations, we hold and process certain personal data about you. This includes your name, physical address, e-mail address, date of birth, telephone number, tax reference number, PPS number, etc.
It follows that we may also hold and process personal data relating to your data subjects, such as your employees and other individuals you deal with in the course of carrying on your business. In this regard we recommend that, where applicable, you obtain consent from your data subjects for the transfer of their personal information to McInerney Saunders, for the purposes of fulfilling our contractual obligations to you.
We also collect information about you when you fill in any of the forms on our website ie sending an enquiry, signing up for an event, filling in a survey, giving feedback etc.
How will we use the information about you and why?
At McInerney Saunders we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement. We will only use this information subject to your instructions, data protection law and our duty of confidentiality. We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent. Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you. We will not share your information for marketing purposes with third parties for the purposes of those parties offering you their products and services.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
Security precautions in place about data collected
When you give us personal information, we take steps to make sure that it’s treated securely. We have extensive security measures in place, in relation to data storage and the devices we use. Once we receive your information, we make our best effort to ensure its security on our systems. We also give clients the option of using Virtual Cabinet, a secure, simple and direct way of sharing and accessing documents, for exchanging personal and confidential data. Your data will generally be stored on our computer servers; at our offices at 38 Main Street, Swords, Co Dublin; or with our staff who may work remotely at client premises or from home. However, whatever the circumstances, we will undertake to take all reasonable measures to protect your data.
We would like to send you information about our services which may be of interest to you. If you have consented to receive marketing, you may opt out at any point as set out below. You have a right at any time to stop us from contacting you for marketing purposes.
How long will we hold your data for?
Please note that we will not retain personal data for longer than is necessary to fulfil the purposes for which it was collected. However, we may be required, by applicable laws or regulations, to hold personal data for a longer period.
Data Subject Rights
The General Data Protection Regulation (‘GDPR’) enhances many of the existing rights of individual data subjects and also introduces new rights. McInerney Saunders are committed to adhering to the GDPR and the associated rights of data subjects.
The main rights of individuals under the GDPR with regard to their personal data are summarised briefly below:
Subject access – individuals have a right to request copies of their personal data and to receive further information about the processing of their data.
Correction – individuals have the right to require correction of any personal data which is inaccurate, incomplete or not up to date.
Deletion – individuals can require that their personal data be deleted in certain circumstances.
Objection – individuals have an absolute right to stop direct marketing activity and to object to processing on certain other grounds.
Portability – in certain circumstances individuals have the right to require that data being processed on an automated basis be sent to them or another controller in a commonly used machine readable format.
Automated processing – individuals have specific rights to be protected from automated processing of their personal data which result in decisions about them which have legal or other significant implications for them.
Consent – where processing of personal data takes place on the basis of consent, individuals can withdraw that consent at any time. The basic timescale for responding to individual requests is one month, although that period can be extended in certain circumstances.
McInerney Saunders has updated engagement letters to accommodate data protection changes introduced by the GDPR, including data subjects’ rights.
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority, being the Office of the Data Protection Commissioner.
– By email: firstname.lastname@example.org
– Or write to us at McInerney Saunders, 38 Main Street, Swords, Co Dublin.