What is the Purpose of this Privacy Statement?
This Privacy statement refers to our commitment to treat the information of job candidates, employees, clients, contractors, suppliers and other interested parties with the utmost care and confidentiality.
With this statement, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights in accordance with the applicable data protection legislation including the Irish Data Protection Acts and the EU General Data Protection Regulation.
Who does this Privacy Statement refer to?
This statement refers to all parties (job candidates, employees, clients, contractors, suppliers and other interested parties etc.) whose personal data is processed by us.
Who must follow this Privacy Statement?
Our employees must follow this policy. Contractors, consultants, partners and any other external entity are also required to comply. Generally, this Statement applies to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
What data is included?
As part of our services, we need to obtain and process data. This data includes any offline physical data or online data that makes a person identifiable such as names, addresses, phone numbers, usernames and passwords, IP addresses, any online identifier, CCTV, bio-metrics, digital footprints, photographs, social security numbers, financial data etc. It also may include one or more factors specific to the physical, physiological, genetic, mental, cultural or social identity of that person.
When ordering online or by phone, registering on our websites, using Live Chat, submitting forms or providing us with feedback on our products or services you may be asked for your name, email address, phone number, credit card information or other details to help you with your experience.
How do we use your information?
We may use the information we collect from you in the following ways:
• To personalise your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To improve our website in order to enhance your experience.
• To allow us to better service you in responding to your customer service requests.
• To quickly process your transactions.
• To ask for ratings and reviews of services or products.
• To follow up after correspondence (live chat, email or phone inquiries)
· To protect against any unauthorised or illegal processing by internal or external parties
The technical data may be used for administrative and statistical purposes and may be shared with our internet service provider. We may use this information to help us to improve our website. This technical data does not provide us with the personal data of visitors to our website.
Web browsing
By simply visiting our website you do not disclose, nor do we collect, personal data on you. All that we may know about your visit may be limited to technical data such as:
- The logical address (or IP address) of the server you used to access this website
- The top level domain name from which you access the internet (for example .ie, .com, .org, .net)
- The previous website address from which you reached us
- The type of web-browser you used
- Web traffic data.
Data retention
We retain personal data for no longer than is allowed under data protection law and, in any case, no longer than such personal data is necessary for the purpose for which it was processed. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As a registered user of our websites we will retain your Identity, Contact, Profile, Technical, Usage, Marketing and Communications Data for as long as your user account is live. We retain the personal data you provide while your account is in existence or as needed to provide you access to our websites. Even if you only use the Website or any other Cyclone service occasionally, we will retain your Identity, Contact, Profile, Technical, Usage, Marketing and Communications Data until you decide to close your user account. We retain personal data for longer if required by applicable law or regulation or justified under applicable statutory limitation periods.
Security of data
Cyclone takes seriously its security obligations in respect of your personal data under the Data Protection Acts to prevent unauthorised access to, or alteration or destruction of personal data in our possession. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
Disclosure of data
Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information to partners, associates, agents or subcontractors and to possible successors to our business. Some of these parties may reside outside the European Economic Area (which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in Ireland. We may also disclose your information for the prevention and detection of crime and to protect the interests of Cyclone or others, or if required to do so by law or other binding request.
Clients
Where you, as a Data Controller, engage the services of Cyclone, we will act as Data Processors on your behalf. In doing so, we will: -
- Only process personal data under the Contract in accordance with your reasonable written instructions and in accordance with applicable Data Protection Legislation
- Adopt appropriate technical and organisational measures against accidental disclosure, loss or destruction of personal data
- Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal data processed on your behalf
- Refer to you any requests, notices or other communication from data subjects, the Office of the Data Protection Commissioner or any other law enforcement agency relating to personal data processed on your behalf
- Ensure that all Cyclone personnel processing personal data are under an obligation of confidentiality
- Make available reasonable information necessary to demonstrate compliance with our Data Protection Obligations
- Make available such information and assistance as is reasonably necessary for you to comply with your obligations to respond to requests for exercising the data subject’s rights, to report personal data breaches and to conduct Data Protection Impact Assessments and Prior Consultation with Data Protection Authorities
- Comply with our obligations to you in respect of sub-processing and Third Country Transfers.
- Delete or return all personal data processed on your behalf, upon the termination of any services provided by us to you
For further information in relation to this please contact:
Data Protection Officer,
Cyclone,
Pleasant’s House,
Pleasant’s Street,
Dublin 8
How we protect your data
· Restrict and monitor access to sensitive data;
· Develop transparent data collection procedures;
· Train employees in data protection and security measures;
· Build secure networks to protect online data from cyber attacks;
· Establish clear procedures for reporting privacy breaches or data misuse;
· Include contract clauses or communicate statements on how we handle data;
· Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.).
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your personal information. This does not include website hosting partners and other parties who assist us in conducting our business, or serving our users. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights or property.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third-party links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
We collect this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to us, the following rules apply. Our data will be:
· Accurate and kept up-to-date
· Collected fairly and for lawful purposes only
· Processed by us on the basis of either a valid contract, consent, legal compliance or legitimate interest
· Protected against any unauthorised or illegal processing by internal or external parties
Our data will not be:
· Communicated to any unauthorised internal or external parties;
· Stored for more than a specified amount of time required for the purpose it was obtain
· Transferred to organisations, states or countries outside the European Economic area without adequate safeguards being put in place as required under Data Protection law.
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data.
Explicit consent will be required for the processing of any special category of personal data.
Right of rectification or erasure
If we hold incorrect information about you which was originally submitted by you through our websites, you have the right to have the data amended. Further, you have the right to have any information you have sent to us via this website erased. To request your right to rectification and/or erasure please send your request to us in writing to:
Data Protection Officer,
Cyclone,
Pleasant’s House,
Pleasant’s Street,
Dublin 8
together with:
- Your name and address.
- A description of the specific personal data you wish rectified.
- If you request an erasure of your personal data all your data will be erased subject to the following important notice.
We are not required to rectify or erase your data where to do so would prevent you from meeting your contractual obligations to us or where we are required to process (including retaining) your personal data for a lawful purpose in accordance with the Data Protection Acts.
Right of Access
You have a right to be given a copy of any of your personal data held by us, in accordance with section 4 of the Data Protection Acts subject to certain exceptions. To request a copy of your personal data please send a written request to:
Data Protection Officer
Cyclone
Pleasant’s House
Pleasant’s Street
Dublin 8
Ireland
Please note: We do not accept access requests via telephone, email or text message.