Data Protection Act 2018 Compliance
In this policy, the following words shall have the following meanings:
|“Act”||means the Data Protection Act 2018.|
|“Directive”||means Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.|
|“the Data Protection Regulations”||means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).|
|“the Law”||means all or any of: (a ) the Data Protection Regulation, (b) the Act, (c) the Data Protection Act 1988, (d) the Data Protection Act 2003, (e) regulations made under the Act, (f) Directive.|
“Data controller”, “data processor”, “data subjects”, “personal data”, “process”, “processed” and “processing” shall have the meanings respectively, as defined in the Act. Note that “process” and “processing” are defined to include simple events like receiving data into our system or storing it. Processing is not limited to “doing something with it”.
In this agreement, “personal data”, is limited to data which comes into our hands in some way connected to this agreement.
- The obligations described in this Schedule are in addition to our obligations under the Law.
- Under the Act, we are obliged to inform you what personal data we hold about you, or may hold at some future date. We must tell you how we propose to use that data and give you other information.
- Details of the anticipated processing activities are set out at Appendix 1 to this Schedule.
- Legal basis of processing your personal data
- We shall obtain and process your personal information first, because our contractual relationship makes that essential, and second, because you have given your consent to our handling your personal data. That consent must be given in a clear way and will often overlap with contractual necessity as we have just described.
- If we want to use your personal data for a reason we have not listed, we shall ask for your permission. Technically, you may withdraw your consent at any time. However, that is likely to terminate our contractual relationship and could constitute a breach of contract by you.
- Change in the legal basis of processing
- The terms relating to data processing and management as set out in last previous paragraph may change. That may happen because the law changes or because the nature of our contract requires a change.
- If that happens in a way we think will affect you, we will tell you.
- If you object to a change, you should write to us at firstname.lastname@example.org
- Disclosure and/ or sharing of your personal data
- We process all your information broadly and solely in order to manage our business. None of your personal data is treated differently from any other. We do not disclose your data to any person unless there is a good reason to do so.
- All your personal information is available to certain of our employees, providers and suppliers who work for us in a capacity which requires that access. They are all bound by the provisions of the Act now written into our agreements with each of them.
- Personal identification and contact information and much financial information is disclosed to Revenue Commissioners because the law requires that.
- Any personal information may be disclosed to a governmental organisation where we are required to make any such disclosure. If that happens, we are under no obligation to tell you.
- At our discretion, we might instruct for the processing of your personal data to some organisation outside the European Union, for example, to a cloud based software owner, or in connection with some other technology, over whom we have no direct control. Where possible we shall obtain a contractual undertaking from any such data processor. Before we do so, we shall investigate that person and satisfy ourselves that the level of risk is no greater than it would be in dealing with an organisation within the European Union.
- Your access request
- At any time while this agreement runs, you may review or update the personal data we hold about you. To do this, contact Siobhán Burke at email@example.com
- After receiving the request, we will tell you when we expect to provide you with the information.
- Sometimes, there may be a legitimate reason why we cannot provide you with that data. For example, the information may be sensitive personal information to someone else, who has not consented to your seeing it. If we refuse your request, we will tell you why.
- Removal of information
If during the term of this agreement you wish to remove your personal data, then we may have no alternative than to treat this request as your notice to terminate this contract. If that happens, termination will accord with the provisions in this contract.
- Who handles your data
- Your data is handled almost exclusively by our IT systems. If you wish to correspond with us on any issue relating to your data, please contact Siobhán Burke at firstname.lastname@example.org.
- If you are not happy with the way we have handled your data, you may wish to contact the Data Protection Commission.
You commit to complete confidentiality with regards to:
- information about staff, their lives and their personal contact information;
- our businesses, methods of doing business, future plans, policies, suppliers and customers;
- information about suppliers, agents, distributors and customers;
- information about the Intellectual Property and the know-how we use in our business.
- “Intellectual Property” means Intellectual Property of every sort, whether or not registered or registrable in any country. It includes among other things:
- intellectual property of all kinds coming into existence after today;
- patents, trademarks, unregistered marks, designs, copyrights, software, domain names, discoveries, know-how, creations and inventions, together with all rights which are derived from those rights.
You promise that you will:
- keep all records of Confidential Information on password-protected devices only;
- use your best endeavours to keep confidential, any Confidential Information which you may acquire.
You promise that you will not:
- use for yourself nor divulge nor disclose to any person (and that includes a business of any sort) any confidential information relating to Wordhoard Communications.
- store, copy, or use the Confidential Information in any place or in any electronic form which may be accessible to any other person;
- remove from Wordhoard Communications’ premises or copy or allow anyone else to copy from any document, computer disk, tape or other tangible or cloud-based item which contains any Confidential Information.
- This paragraph does not apply to disclosure:
- of information that it is reasonably necessary to disclose to a customer or other person in the usual course of business so far as that information is disclosed in those circumstances;
- made with the consent of the proper officers of Wordhoard Communications or under the authority of the owner or by order of the court;
- of information or knowledge which comes into the public domain otherwise than by wrongful disclosure by you or anyone else;
- The provisions of this paragraph shall continue after termination of this agreement for a period of 3 years, even if you have destroyed or returned the Confidential Information formerly in your possession.
9. Procedure after end of agreement
When your agreement with Wordhoard Communications terminates, you will:
- not from that time represent to anyone that you are still an employee of Wordhoard Communications or associated with it; and
- return to Wordhoard Communications without request all property owned by Wordhoard Communications whether or not you perceive such property to have value; and
- delete all Confidential Information from any computer disks, tapes or other media; and
- produce a list of all documents, passwords and procedures relating to your employment and which may be unknown to other staff of Wordhoard Communications.
- and if, and only if requested by Wordhoard Communications, you will
- refrain from any further attendance at the offices of Wordhoard Communications,
- not contact or communicate with any customer, supplier, or employee of Wordhoard Communications; and
- If, during or after the termination of this contract some person offers employment to you of a nature which could lead you to breach this contract, then you will immediately bring this contract to the attention of that person.
- All provisions of this agreement intended to continue to be effective after termination, shall continue as intended.
Signed (Contractor) ____________________
Signed (Manager) ____________________
Data Processing Activities
What we or you may process in each category
- We shall process this basic personal data
- your name, age, personal address, private email address.
- all information you gave to us.
- financial information processed through the banking system.
- information supplied to us by a third party, for example, a reference from a former employer or other source relevant to your work.
- information relevant to the performance of assigned work.
- so far as relevant, information relating to discharge of obligations laid down by law or by collective agreements; management, planning and organisation of work; equality and diversity in the workplace; health and safety at work.
- technical information relating to electronic communication, which is personal information only when associated with the name or identity of the data subject.
- This is why and how we shall process personal data
Our processing of personal data will be limited to whatever activity is reasonably required to:
- satisfy our obligations under this agreement;
- manage our financial accounts and other necessary financial records;
- comply with the requirements of the law as enforced through the banking system.
- Post termination
Upon termination of our agreement with you, we and any contractual data processor will:
- delete all your personal data from our electronic records by some method which prevents future re-activation of that data;
- If we hold your data in any physical form, for example, photographs, we will destroy them. We are not obliged to return them to you.
- We shall not destroy or delete all your data until the expiry of six years from our last dealing with you, for these reasons:
- every business must retain financial data for accounting and taxation purposes;
- to provide evidence if required in connection with a possible legal claim by us or by some third party against us;
- for any other reason where the law provides a six years limitation period.