- 1. GENERAL PROVISIONS
o 1.2. Under this Policy the Data Subject is deemed to be any natural person, whose personal data is controlled by the Data Controller.
o 1.3. The Data Controller ensures that by accepting and implementing this Policy, the following underlying principles relating to personal data processing are aimed at implementing:
- (a) the goal is to process the personal data in respect to the Data Subject in a lawful, fair and transparent manner (the principles of lawfulness, fairness and transparency);
- (b) the goal is to collect personal data in specified, explicit and legitimate purposes and cease further processing in a way which is incompatible with the purposes; any further personal data processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is considered incompatible with the primary purposes (the principle of purpose limitation);
- (c) the goal is to use the personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (the principle of data minimisation);
- (d) the goal is and efforts are made that personal data is accurate and, where necessary, kept up to date within a reasonable time period from the fact of change occurrence; the goal is to take every reasonable step to ensure that the inaccurate personal data are erased without any delay or rectified within a reasonable time period taking into account the purposes of their processing (the principle of accuracy);
- (e) the goal is to store any personal data in a form that enables identification of the Data Subject no longer than necessary for the purposes the personal data is processed for; longer storage periods of personal data are allowed when the personal data is only processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, having implemented appropriate technical and organisational measures needed in order to protect the rights and freedom of the Data Subject (the principle of storage term limitation);
- (f) taking into account the general nature of the personal data processed by the Data Controller, the goal is to process personal data in a manner that in conjunction of appropriate technical or organisational measures aids in ensuring appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage (the principle of integrity and confidentiality);
- (g) The Data Controller is held responsible for adherence to the aforementioned principles and has to be able to prove they are complied with (the principle of accountability).
1.4. When using the services of third parties, for instance, when attending the page of the Data Controller in the social network of Facebook, conditions of third parties may be applied. For instance, Facebook applies its Data Policy to every user and visitor. For this purpose, using the services of such third parties, it is recommended to get acquainted with the applicable terms and conditions. 1.5. This Policy has been enshrined in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), Law on Legal Protection of Personal Data of the Republic of Ireland (hereinafter referred to as LLPPD) and other legal acts of the European Union and Republic of Ireland. The concepts used in the Policy are understood as defined under GDPR and LLPPD.
- 2. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
o 2.1. By submitting his / her personal data, the Data Subject agrees and does not object that the Data Controller controls and processes them in accordance with the purposes, measures and procedure established under this Policy and legal acts.
o 2.2. If the Data Subject does not agree with this Policy and the personal data processing described in it, he / she should not visit the Website and / or use the services of the Data Controller.
o 2.3. By submitting his / her personal data, the Data Subject grants the right to the Data Controller to collect, accumulate, catalogue, use and process with respect to the purposes set under this Policy all the personal data directly or indirectly submitted when visiting the Internet Website and using its services.
o 2.4. The Data Subject is held responsible that the data he / she provides is accurate, correct and detailed. Knowingly incorrect data input is considered to be a violation of the Policy. If there is a change of the provided data, the Data Subject must correct them without any delay and if there is no possibility to do so, he has to inform the Data Controller about the change. The Data Controller shall not be held liable in any case for any loss to the Data Subject and / or third parties due to the Data Subject’s indication of incorrect and / or incomplete data or failed to communicate in relation to addition of data and / or modification after their change.
- 3. PROCESSING OF PERSONAL DATA TO REGISTER DATA SUBJECTS FOR THE PURPOSE OF PROVIDING SERVICES
o 3.1. Seeking to register Data Subjects with the purpose to provide services, the Data Controller automatically processes the following personal data received from Data Subjects once they have given their consent:
- (a) First name and last name;
- (b) Telephone number;
- (c) Email address.
o 3.2. The data is directly received from the Data Subject and is not transferred to third parties.
o 3.3. The legal grounds for personal data processing is within the scope of Article 6 Chapter 1 Paragraph a) (processing on the basis of the Data Subject’s consent) of GDPR.
o 3.4. When the Data Subject is a child up to 16 years of age, his / her personal data may be processed only with the consent of one of the parents or carers. Taking this into account, the Data Subject up to 16 years of age shall be registered on the Website by the parents or carers of the Data Subject.
o 3.5. The Data Controller ensures that in the case where the Data Subject is a child, no practice of profiling shall be conducted in accordance with his / her personal data.
o 3.6. While processing the Data Subject’s personal data, when the Data Subject is a child, on lawful grounds of the interest of the Data Controller or a third person, the Data Controller must evaluate the superiority of the interest of the child, his fundamental rights and freedoms and process his / her personal data on these grounds only in exceptional cases, when the appropriate interest of the Data Controller is obviously superior to those of the child as well as his fundamental rights and freedoms.,
- 4. THE PROCEDURE AND TERMS FOR PERSONAL DATA STORAGE
o 4.1. By processing and storing the Data Subjects’ personal data, the Data Controller implements organisational and technical measures that shall ensure protection of personal data against accidental or unlawful destruction, modification, disclosure as well as any other unlawful processing.
o 4.2. The Data Controller applies the following terms for personal data storage:
|The purpose of personal data processing||Storage term|
|Registration for service provision by the Data Controller||3 years from the last contact day with the Data Subject or before the Data Subject’s withdrawal of consent for data processing|
o 4.3. Exceptions of the aforementioned storage terms may be established as long as such deviations do not violate the rights of the Data Subjects, comply with legal requirements, are properly documented and as far as they are legally grounded with regards to the interest of the Data Controller or third person.
o 4.4. The data needed to declare, conduct and protect the legal requirements are stored as long as they are necessary for such purposes in accordance with judicial, administrative or non-judicial procedure.
- 5. RIGHTS OF DATA SUBJECTS
o 5.1. By submitting a request to the Data Controller, the Data Subject has the right at any time to get acquainted with his / her personal data processed by the Data Controller and find out how they are processed, require correction of the incorrect, incomplete and inaccurate personal data as well as require suspension of the actions of his / her personal data processing except for their storage, where the data processed is non-compliant with the law and the conditions of this Policy.
o 5.2. As far as personal data processing is based on consent, the Data Subject has the right to withdraw his / her consent at any time, without prejudice to the lawfulness of the consent-based personal data processing before its withdrawal.
o 5.3. The Data Subject may exercise the rights he / she has, by submitting a written request by email to the address [email protected], or by post to the address Unit Q1, Marina Commercial Park, Centre Park Road, Cork, or directly by arriving at the office of the Data Controller.
o 5.4. Not being satisfied with the response from the Data Controller, or deeming his / her personal data processing is non-compliant with legal requirements, the Data Subject may submit a complaint to the State Data Protection Inspectorate of the Republic of Ireland.
- 6. FINAL PROVISIONS
o 6.1. The legal relationships related to this Policy are subject to the law of the Republic of Ireland.
o 6.2. The Data Controller is not liable for any loss, including the loss due to disturbance of use of the Internet Website, for loss or damage of data due to the acts or omission, errors, wilful damage and other improper use of the Internet Website by the person or third persons, acting with the knowledge of the person. The Data Controller is not liable for disturbances of log-in and / or use of the Internet Website and / or any damage caused by it, occurring due to acts or omission by third parties not related to the Data Controller or person, including the failures of electricity, internet access provision, etc.
o 6.3. The Data Controller is entitled to make modifications in the Policy partially or in full.
o 6.4. Any additions or modifications to the Policy become effective as of the day of their publication on the Internet Website.
o 6.5. After any additions or modifications are made to the Policy, the person’s continuation to use the Internet Website and / or the services provided by the Data Controller is considered a non-objection granted by the person in relation to such additions and / or modifications.