Privacy Statement

Last updated 21st September 2020

CONTENTS

INTRODUCTION.. 4

PART A: SPECIFIC PROCESSING INFORMATION.. 5

  1. JOB APPLICANTS. 5
  2. WEBSITE VISITORS. 7
  3. INDIVIDUALS CONNECTED TO OUR DPO SERVICES. 9
  4. SUPPLIERS (SOLE TRADERS) 11
  5. REPRESENTATIVES OF THIRD PARTY LEGAL ENTITIES. 13

PART B: GENERAL PROCESSING INFORMATION.. 15

PART C: YOUR RIGHTS. 16

 

INTRODUCTION

About this statement and how to read it

The purpose of this document is to provide information to you about the use of your personal data by Symmetry Solutions Ltd (“Symmetry” or “we”).  At Symmetry we respect your right to privacy and we handle your personal data in accordance with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Data Protection Act 2018 (“the Act”) (together “Data Protection Legislation”).

This document outlines what personal data we, as data controller, collect and process in our dealings with you, how and why we process those personal data and what your rights are in respect of your personal data.

The statement has been written to provide you with clear and transparent information in an easy to understand format. To help with this, the statement is split into three sections:

Contact

If you have any questions about our privacy statement, your rights, or how we use your information, please do not hesitate to contact us at:

Post:      Data Protection, Symmetry Solutions Ltd, The Tara Building, 11-15 Tara Street, Dublin 2, Ireland
Tel:        01 5547350
Email:    hello@symmetrygroup.ie

Changes to this statement

We will update this Privacy Statement from time to time. Any changes will be made available on our website and, where appropriate, notified to you by written notice or e-mail.

 

 

PART A: SPECIFIC PROCESSING INFORMATION

 

1.        JOB APPLICANTS

Where you have applied for a job with Symmetry, this section relates to you.

1.1.              How we collect your personal data

Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies we work with, an introducer who has referred you to us or via our third level education partners. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.

1.2.              The personal data we use

We will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:

1.3.              The purpose and legal basis for processing your personal data

We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):

We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.

1.4.              Who we share your personal data with

Your personal data will be shared to relevant staff within our organisation but also to a limited number of third parties where it is necessary to do so, including:

Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.

1.5.              Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to consider a job application from you and failure to provide this information may result in us not being able to consider you for the position or role.

1.6.              How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary.  For example, we immediately delete any applications we receive from individuals once they are deemed to be an unsuitable fit for us. For individuals who are employed by us, information about our handling and retention of their personal data is contained within our internal privacy statement for staff.

 

2.        WEBSITE VISITORS

Where you visit our website, this section relates to you.

If you visit our website and do not engage with us in any other way, please see our cookies banner on our website for more information on the cookies we use on our website.

If you choose to submit an online enquiry via our website, please proceed to the next section below which relates to online enquirers.  

2.1.              How we collect your personal data

Information about you, including your personal data, is gathered directly from you when you submit an enquiry to us via our website’s contact form.

2.2.              The personal data we use

We process and use all personal data included in the webform and related correspondence. This includes your IDENTITY DATA (your name), CONTACT DATA (your email address)  and any other personal data you submit in the subject line and your message to us.

2.3.              The purpose and legal basis for processing your personal data

We only process your personal data where it is lawful and necessary to do so. Your personal data are processed in line with our legitimate interests to enable website visitors to make contact with our company, to respond to those individuals and, where you have expressed an interest in one of our products or services, to contact you about related products or services that may be of interest to you.

2.4.              Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. For example, we may share your personal data to third parties who are providing services to us to enable us to manage the relationship with you, such as our software providers. Where we use suppliers to process your personal data on our behalf, we have entered agreements which contain appropriate contractual protections to protect the security of the data.

2.5.              Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, please note that without your personal data we will be unable to approach you if you have any enquiry of our services.

2.6.              How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary.

 

 

3.        INDIVIDUALS CONNECTED TO OUR DPO SERVICES

In providing our outsourced data protection officer (“DPO”) services (“DPO Services”) to clients (“DPO Clients”), we perform our duties accordance with the tasks detailed in GDPR Article 39. In accordance with GDPR Article 38(3), we do cannot receive any instruction from DPO Clients regarding the exercise of those tasks and therefore we perform the DPO role in an independent manner as a data controller.

In performing the DPO role, we obtain a range of personal data from the DPO Client relating to individuals connected to that DPO Client, such as shareholders, directors, employees, customers, patients, suppliers, or otherwise.

Please note that for our other services, such as our consultancy, representation, software or outsourced appointments, we act as a data processor on behalf of our client. Information about any such processing of personal data shall be contained in the data controller’s privacy statement or policy.

3.1.              How we collect your personal data

Information about you, including your personal data, is gathered directly from the DPO Client pursuant to our performance of the DPO role and duties for that DPO Client.

3.2.              The personal data we use

A lot of our DPO work is conducted using limited amounts of personal data. For example, we may process a DPO Client’s employee’s name and contact data for the purposes of interacting with that employee on a particular piece of work.

However, certain parts of the DPO work can involve viewing, reviewing and analysing all types of personal data held by a DPO Client in order to provide relevant guidance and direction to the DPO Client on how best to protect that personal data and protect the individuals’ rights. Examples of where we may handle large amounts of personal data are in the event of assisting with reviews of specific processing activities or systems, or assisting with the management of data subject requests, cyber incidents, personal data breaches or complaints.

3.3.              The purpose and legal basis for processing your personal data

We only process your personal data where it is lawful and necessary to do so, and only for the purpose of performing the DPO role for which we are appointed by the DPO Client and, once appointed, legally bound by GDPR Article 39. As such, your personal data are processed as follows:

3.4.              Who we share your personal data with

We only share your personal data with a third party where we have a necessity and have a valid legal basis to do so. Furthermore, we are legally bound by data protection law to perform the DPO tasks secrecy and confidentiality, and also are contractually bound to maintain confidentiality as per each DPO Services agreement with each DPO Client.

Accordingly, we only share your personal data with third parties in a limited set of circumstances, which may include:

3.5.              Consequences of not giving your data to us

There is no obligation on you or on the DPO Client to provide personal data to us. However, we do need some personal data in order to perform the DPO Services for the DPO Client and failure to provide this information may result in us not being able to provide a certain element of the DPO Services where such personal data may be required.

3.6.              How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. Personal data relating to the performance of the DPO Services contractual terms and conditions shall be kept for a period of 7 years from the end of the relationship with the DPO Client. This is in line with our legitimate interests to protect ourselves against a claim pursuant to statute of limitation law.

 

4.        SUPPLIERS (SOLE TRADERS)

4.1.              How we collect your personal data

As a supplier or service provider to Symmetry, we collect your personal data directly when you interact with us via telephone, email, post, fax and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include;

4.2.              The personal data we use

Our relationship with you as a supplier is a business to business relationship and the personal data processed is limited to those necessary to establish a relationship with you and obtain your services, including:

4.3.              The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so.

Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to Symmetry, including when we:

Your personal may also be used:

4.4.              Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

4.5.              Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to be able to enter into an agreement with you in order to avail of your services and failure to provide this information may result in us not being able to enter into such an agreement.

4.6.              How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. Personal data relating to the performance of a service contract with you shall be kept for a period of 7 years from the end of the relationship with you. This is in line with our legitimate interests to protect ourselves against a claim pursuant to statute of limitation law.

 

5.        REPRESENTATIVES OF THIRD PARTY LEGAL ENTITIES

5.1.              How we collect your personal data

In our business to business relationships with third party companies and organisations (e.g. suppliers, state bodies, or otherwise), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources:

5.2.              The personal data we use

As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:

5.3.              The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including

5.4.              Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

5.5.              Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data to be able to enter into an agreement with Your Organisation in order to avail of Your Organisation’s goods or services and failure to provide this information may result in us not being able to enter into such an agreement.

5.6.              How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary.

 

PART B: GENERAL PROCESSING INFORMATION

1.        How we keep your personal data safe

Appropriate security measures are implemented in order to protect your personal data.

Security measures refer to physical security in the office as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data.

In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.

 

2.        Transfers outside the European Economic Area

In connection with the above purposes we do not currently transfer your personal data to third parties outside the European Economic Area (“EEA”). If and to the extent we ever do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include:

PART C: YOUR RIGHTS

You have a number of rights in respect to your personal data. These are: