Our GDPR Compliance Statement- May 2018
Carr Communications are committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection programme in place which complies with existing law and abides by the data protection principles. We recognise our obligations and have updated and expanded our statement to meet the demands of the GDPR and the Irish Data Protection Bill 2018.
Privacy Statement Procedures
At Carr Communications Limited, your privacy and data protection rights are very important to us. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Bill 2018 (the “Data Protection Acts”) lays down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permits individuals to access their personal data on request and confers on individuals the right to have their personal data amended if found to be incorrect.
This document outlines Carr Communications policy to help ensure that we comply with the Data Protection Bill.
This Statement sets out the basis by which any personal data we collect from you, or that you provide to us (Data) will be processed by us. Please read the following carefully to understand our treatment and use of data.
Carr Communications have designated a Data Protection Officer and have appointed a data privacy team to implement and monitor our compliance with data protection regulations. This team is responsible for promoting the awareness of GDPR updates, monitoring data protection rules and regulations across the organisation, continuously assessing our data protection procedures, identifying any gap areas, and implementing data polices or procedures.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- The time, date and purpose of your visit to Carr Communications;
- Details of your visit to Carr Communications including, whether this is required for our own billing purposes or otherwise and the resources that you access;
- Personal details required for resources you may require from Carr Communications;
- Information that you provide by filling in forms either via our website or on site. This includes information provided at the time of contacting us, sending us your CV, requesting further services, requesting information from us and submitting comments. We may also ask you for information if you report a problem with any of our services including our website and in person;
- If you contact us, we may keep a record of that correspondence;
- When you access our website, www.carrcommunications.ie your computer’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data on the use of our Site. This information may be used to help us to improve our Site and the services we offer
We use your data that we hold to:
- Ensure that content from us and our website is presented in the most effective manner for you;
- Provide you with information, products or services that you request from us, or which we feel may interest you, where you have consented to be contacted for such;
- Notify you about changes to our service(s).
DATA PROTECTION PRINCIPLES
We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight data protection principles:
- Obtain and process information fairly
We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
- Keep it only for one or more specified, explicit and lawful purposes
We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes.
- Use and disclose only in ways compatible with these purposes
We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
- Keep it safe and secure
We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction.
- Keep it accurate, complete and up-to-date
We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date.
- Ensure it is adequate, relevant and not excessive
We shall only hold your personal data to the extent that it is adequate, relevant and not excessive.
- Retain for no longer than is necessary
We have procedures in place to ensure that once the purpose for which information was obtained has ceased, and the personal information is no longer required, we ensure this data is deleted and disposed of in a secure manner. Our data protection officer and data team liaises with the wider company to ensure files are regular purged and that personal data is not retained any longer than is necessary.
- Give a copy of his/ her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the data protection legislation to access their data.
SECURITY OF DATA
We are committed to protecting the security of your data. We use a variety of security technologies and procedures to help protect your data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our Site. Any transmission of data is at your own risk. Once we receive your data, we use appropriate security measures to seek to prevent unauthorised access.
Overall responsibility for ensuring compliance with Data Protection Acts rests with Carr Communications. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor.
All employees and contractors of Carr Communications who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-Ordinator is Carr Communications Data Protection Officer, and co-ordinates the provision of support, assistance, advice, and training throughout the Carr Communications to ensure that Carr Communications is in a position to comply with the legislation.
PROCEDURES AND GUIDELINES
Carr Communications is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
INFORMATION SECURITY AND TECHNICAL AND ORGANISATIONAL MEASURES
Carr Communications takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- Password policies;
- Access controls to certain folders etc.
Questions, comments, requests and complaints regarding this Privacy Statement and the information we hold are welcome, and should be addressed to Data Protection Officer, Carr Communications Ltd, 5 Northumberland Road, Ballsbridge, Dublin 4.
This Data Protection Policy will be reviewed annually in light of any legislative or other relevant developments.