Data Protection Policy for Data Ireland

Introduction

At Data Ireland privacy and data protection rights are very important to us.

Data Ireland is registered under the Data Protection Act 1998 - 2003 as a data controller and data processor and all personal data will be maintained in accordance with the obligations of that Act.

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.

This document outlines Data Ireland’s policy to help ensure that we comply with the Data Protection Acts.

Inquiries about this Data Protection Policy should be made to: Data Protection Co-Ordinator, Data Ireland, 1st Floor, 19-24 St. Andrew Street, Dublin 2.

Data Protection Policy

Purpose of this policy

This policy is a statement of Data Ireland’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts.

Collecting information.

We collect and use information to provide the following services:

  • To undertake advertising, marketing, direct marketing and public relation exercises.
  • To provide a full range of database management services, including supplying consumer and business data, data profiling, data hygiene, data capture and address validation and correction.
  • To perform accounting and other record-keeping functions.
  • To provide personnel, payroll and pension administration services
  • Use of name and address data for identity verification, anti-fraud and anti-money laundering services.

Data Protection Principles

We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:

  • Obtain and process information fairly

We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations.

  • Keep it only for one or more specified, explicit and lawful purposes

We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes as defined in the company personal data usage matrix.

  • Use and disclose only in ways compatible with these purposes

We shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.

  • Keep it safe and secure

We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.

  • Keep it accurate, complete and up-to-date

We adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date.

  • Ensure it is adequate, relevant and not excessive

We shall only hold personal data to the extent that it is adequate, relevant and not excessive.

  • Retain for no longer than is necessary

We have a retention policy for personal data.

  • Give a copy of his/ her personal data to that individual, on request

We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.

Responsibility

Overall responsibility for ensuring compliance with Data Protection Acts rests with Data Ireland. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of Data Ireland who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-Ordinator is Data Ireland’s Data Protection Officer, and co-ordinates the provision of support, assistance, advice, and training within Data Ireland to ensure that the company is in a position to comply with the legislation.

Procedures and Guidelines

Data Ireland is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

Access Requests Policy & Procedure can be located on our website.

Access Request Policy

Access Request Form

Review

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

This Data Protection policy is available on the Data Ireland Intranet.