DATA PROTECTION & PRIVACY INFORMATION
INFORMATION WE COLLECT AND HOW WE USE IT
Examples of personal data processed
Personal data is any information related to an identified or identifiable natural person (‘data subject’) held either electronically or physically. The personal data processed by WeDoYourDo is collected and processed to maintain compliance with our legal obligations. In addition, some data is processed to ensure the performance of a contract (contract of sale or service) or due to a legitimate interest of the Data Controller (eg: the Company). This data is collected at the start and throughout your contact with us.
We only disclose your personal data to others, where you have requested it, and where it is necessary in the context of supplying you with service, we do not sell or make available any of your details to others such as direct-mail or other marketing companies (if you are contacted by any such company who state or imply that they received your contact details from us, we would dearly love to hear from you).
The following is an overview of the type of personal data that may be processed by the Company (please note this is not an exhaustive list):
Name; legal name; preferred name; gender; wedding date, corporate event dates, other identifiers; all contact information including address, email and phone numbers; any correspondence (hard & soft copy, email, text, calls or web messaging services where appropriate) Contracts and forms, training documentation, development plans, interactions via online services/technology used by WeDoYourDo (including bills/invoices, stock management etc.)
Purposes for collecting & holding data
The purpose for which WeDoYourDo holds any information about data subjects is for appropriate purposes, including but not limited to: compliance with legislation and all legal obligations, contractual necessity, recruitment, induction, appraisals, employee communications and interactions, performance evaluations, promotion, training, talent development, insurance contracts, health and safety, security, grievance investigations and other legitimate interests of the Data Controller.
Sensitive Personal Data
We may collect, hold and process data, including sensitive personal data, if it is necessary to do so for compliance with any statutory duty, legal or regulatory obligation with which we are required to comply.
Personal data shall be only be collected in the case that the data subject has given explicit consent to the processing of their sensitive personal data.
Data Retention- (Length of time data is held)
This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. Data will also be retained in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data.
When establishing the criteria that we apply to determine retention periods, we consider the Company’s statutory and regulatory obligations, contract necessity, legitimate interest for processing the data, as well as managing legal claims (Certain data may be required in order to defend any legal claims which may be made. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made (which varies from 2 to 12 years).
In general your information/data may be held for a period up up to 3 years from the end of your contract; from the last time we provided a service to you; from the last time you entered our premises; from your last interaction with any service related to WeDoYourDo.
* While this retention period is based on legal retention periods and is generic in nature, the Data Controller may need to review the specific retention period, to comply with legal or regulatory obligations and may retain data beyond these periods, but only if the Data Controller can justify a legitimate internet or contractual necessity in doing so. Any changes will be communicated to the relevant data subjects.
After the above deadlines pass the Company will destroy both hard and electronic copies of personal data in an appropriate manner in line with GDPR obligations.
Storage of, and access to your data
We will store both hard copy and soft copy data relating to our customers. Hard copy information will be handled correctly and stored appropriately at all times. Soft copy information will be stored using IT systems with passwords. All IT Systems used are in compliance with the GDPR regulations. All employees, particularly members of management, must ensure confidentiality and be mindful when handling any document, which contains personal data relating to another individual(s). All relevant employees receive appropriate instruction and training on the handling of data.
Appropriate Company personnel may, through the course of your contract, have access to relevant customer data. At all times the Company will ensure that any access to a customer’s data is for legitimate and lawful purposes.
In addition, there are third parties we work with in the course of our business. In all circumstances with each processor, the Company ensures that your personal data is only used for legitimate purposes. Personal data will not be shared with any other third parties, except when required for legitimate purposes.
Protection of the data we hold on you
The Company has taken all the necessary steps to ensure that your data is not accessed or processed inappropriately or accidentally or unlawfully destroyed, lost, damaged, altered or disclosed in an unlawful way.
Please note your data will not be transferred outside the EU.
We may collect and store information about you in connection with your use of the Service, including any information you transmit to or through the Service. We use that information to provide the Service’s functionality, fulfill your requests, improve the Service’s quality, engage in research and analysis relating to the Service, personalize your experience, track usage of the Service, provide feedback to third party businesses that are listed on the Service, display relevant advertising, market the Service, provide customer support, message you, back up our systems, allow for disaster recovery, enhance the security of the Service, and comply with legal obligations. Even when we do not retain such information, it still must be transmitted to our servers initially and stored long enough to process. We may store analytical information about your use of our service related to your search activity, the pages you view, the date and time of your visit, products you express an interest in when using our service, and enquiries/purchases you make through the Service. We also may store information that your computer or mobile device may provide to us in connection with your use of the Service, such as your browser type, type of computer or mobile device, browser language, IP address, location and requested and referring URLs.
Legal basis for Processing User Information (EEA end users only):
For residents of the European Economic Area (EEA) and Switzerland only, our legal basis for collecting and using the information described above will depend on the specific information concerned and the context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for instance, to prevent, investigate, or identify possible wrongdoing in connection with the Service or to comply with legal obligations). If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will typically be to operate our Services, communicate with you in relation to our Services, or for our other legitimate commercial interests, for instance, when responding to your queries, to analyse and improve our platform, engage in marketing, or for the purposes of detecting or preventing fraud.
You are entitled to a copy of your personal data though we may limit how frequently we comply with these requests as per the Irish Data Protection Act, where we suspect abuse of this right, such as requesting this information daily. We do not currently charge for this service, though we reserve the right to do so in the future, because we fully respect your right of access to this data. Because we also have to protect your privacy, and guard against others trying to access your data, we will normally only post the data to your registered email address: should you have changed your address unknown to us, you must submit proof of your change of address with your request. For the same privacy reasons, requests for a copy of your personal data should be made in writing to:
The Data Protection Officer,
3 Mill Crescent,
In addition, we may send you website related news/updates and marketing information from time to time with your invoices and/or statements, and possibly on occasion independently of your invoices/statements. If at any stage you wish not to receive any marketing information from us, you may send such a request to the Data Protection Officer above, or alternatively email@example.com and your request will be complied with.
In case of any abuse that you become aware of, such as being contacted or sent information from someone else apart from us but purporting to have been given your contact details from us, or for clarification and queries on any of the issues discussed in this document, please feel free to send correspondence to the Data Protection Officer above or any of the listed email addresses.
Should you be dissatisfied with our responses, you may contact the Irish Data Protection Commissioner or through the courts. Contact details for the Irish Data Protection Commissioner, as well as information on the Irish Data Protection Act(s), may be found at the Data Protection Commissioner’s web site, which at the time of writing was http://www.dataprotection.ie