Effective from 16 August 2019
1. INTRODUCTION
1.1. Who we are
Your privacy is of paramount importance to FKM Engineering Limited, company number 58655, and having its registered office at Otter House, Naas Road, Dublin 22 (hereinafter referred to as “FKM Group”, “we”, “us” or “our”, which terms shall also include our Affiliates. “Affiliates” means any entity that directly or indirectly controls, is controlled by, or is under common control with us. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity).
1.2. About this statement
The purpose of this privacy statement (“Privacy Statement”) cument is to provide information to you about the use of your personal data by FKM Group. At FKM Group, we respect your right to privacy, and we handle your personal data in accordance with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Data Protection Act 2018 (“the Act”) (together “Data Protection Law”).
The FKM Group understands that as a group which focuses on data to carry out our work, we have a responsibility to ensure all information that we may collect is appropriately and safely monitored, stored and destroyed according to Data Protection Law.
1.3. Data controller
FKM Engineering Limited processes your personal data in the capacity of data controller. Where your relationship is with an Affiliate of FKM Engineering Limited, the Affiliate and FKM Engineering Limited are considered “Joint Controllers” in that they jointly decide how and why to collect and use your personal data. The Joint Controllers are jointly responsible for and are committed to processing your personal data in a fair and transparent manner and in accordance with Data Protection Law.
1.4. Point of contact
If you have any queries about this statement or how your personal data is being processed, you should contact our Chief Operations Officer (COO) Breda Gleeson, bgleeson@fkm.ie.
1.5. Definitions
WHAT IS PERSONAL DATA?
Personal Data is defined as any information relating to an identified or identifiable natural person . This can be related to FKM’s employees or its customer, suppliers and contractors. Personal data types include name, email, address, age, CCTV images and photograph IDs as well as online identifiers such as IP address or information collected through cookies, .
WHAT IS PROCESSING?
Within this policy, the term ‘processing’ when referring to personal data is often used. Processing personal data refers to the treatment of the data during its lifecycle. This includes collecting, storing, structuring, merging, sharing and destroying data.
2. HOW WE PROCESS YOUR PERSONAL DATA – JOB APPLICANTS
2.1. How we collect your personal data
Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies or online job websites. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.
2.2. The personal data we use
FKM Group will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
- IDENTITY DATA, including your
- first name, surname, salutation;
- date of birth (if included on your CV);
- photographic identification, where your photograph is included on your CV and/or where images are collected by our CCTV cameras in the event you visit our offices;
- CONTACT DATA, including your email address, home address, telephone number(s);
- PREFERENCES, in respect of the job you are applying for with FKM Group;
- OCCUPATIONAL, including
- the name of your employer, your job title and department;
- your employment and education history and any other information contained in a CV provided to us as part of a job application;
- STATEMENTS ABOUT YOU, including
- references we obtain from your nominated referees as part of a job application;
- statements made as part of the interview and evaluation process when you apply for a job with us;
- LOCATION, whereby, in the event of an interview in our offices, we can identify when you were on our premises by way of access/sign-in controls and/or CCTV;
2.3. The purpose and legal basis for processing your personal data
We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):
- Identifying you and processing your job application;
- Verifying the information you provided and assessing your suitability for the role;
- Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application;
We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.
2.4. Who we share your personal data with
Your personal data will be shared to relevant staff within the FKM Group but also to a limited number of third parties where it is necessary to do so, including:
- To your nominated referees;
- To third party companies or individuals who are providing recruitment services to the FKM Group;
- To statutory, regulatory, government or law enforcement bodies as required by law;
3. HOW WE PROCESS YOUR PERSONAL DATA – OFFICE VISITORS
3.1. How we collect your personal data
When you visit our FKM Group premises, we collect personal data from you via our sign-in software, our CCTV cameras and any correspondence you have with FKM Group staff in relation to your visit.
3.2. The personal data we use
FKM Group will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
- IDENTITY DATA, including your
- first name and surname upon sign-in;
- photographic identification, where images are collected by our CCTV cameras;
- CONTACT DATA, including your email address upon sign-in;
- OCCUPATIONAL, including
- the name of your employer, your job title and department where you correspond with the FKM Group in relation to your visit;
- VISIT DETAILS, being the FKM Group staff member who is hosting you and any other details of the visit that may be included in correspondence;
- LOCATION, whereby we can identify when you were on our premises by way of access/sign-in controls and/or CCTV;
3.3. The purpose and legal basis for processing your personal data
We collect your personal data in line with our legitimate interests to manage, monitor and protect our physical properties, assets and information, and to maintain the safety of persons visiting our premises and environs.
3.4. Who we share your personal data with
Your personal data are shared to external third parties in limited circumstances and only where it is necessary to do so, including:
- To the third party companies who provide us with our sign-in software and who administer our CCTV system;
- To an Gardaí Síochána or other law enforcement agency to facilitate the investigation into a criminal offence.
4. HOW WE PROCESS YOUR PERSONAL DATA – WEBSITE VISITORS
When you visit our FKM Group website, we use “Cookies” to store data on your computer and avoid the need for you to re-enter certain details on visiting our website again; and (ii) website visitor tracking and analysis software (e.g. Google analytics) to understand how you interact with our website and enable us to improve the online experience for you. See our Cookies Policy.
You may also choose to provide personal data directly to us by way of contacting us via our “Get In Touch” form under the “Contact” section of our website. Communications and inquiries received through our website will include your name, email address and message. The communications are kept private by being sent directly to our email, which we then use to manage and respond accordingly. The personal data is only shared with the third parties who supply software to enable us to receive, manage and respond to these communications.This inbound communication management is in line with our legitimate interests to run our business.
5. HOW WE PROCESS YOUR PERSONAL DATA – SUPPLIERS (SOLE TRADERS)
5.1. How we collect your personal data
As a supplier or service provider to the FKM Group, we collect your personal data directly when you interact with us via telephone, email, post, fax and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include
- From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results.
- Introducers or common business associates who may pass on your details to us;
- Third parties who provide services to you (e.g. your representatives, advisors, delivery drivers, etc.).
- Our banking providers, in relation to transactions with you;
5.2. The personal data we use
Our relationship with you as a supplier is a business to business relationship and the personal data processed is limited to those necessary to establish a relationship with you and obtain your services, including:
- IDENTITY DATA, including your
- first name, surname, salutation, business name;
- photographic identification, where images are collected by our CCTV cameras;
- CONTACT DATA, including your email address, business address, billing address, telephone number(s), fax number;
- OCCUPATIONAL, including;
- information about your past/current clients, past/current projects and any other information that may be considered by us when assessing your suitability to provide a service; and
- relevant insurance and/or health and safety details where required.
- FINANCIAL, including bank account details and VAT or other relevant tax details to facilitate transactions with you, as well as your transactional and account history with FKM Group;
5.3. The purpose and legal basis for processing your personal data
We will only process your personal data where it is lawful and necessary to do so.
Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to FKM Group, including when we:
- Make an inquiry to purchase a product or service from you;
- Avail of the products and/or services from you as a supplier;
- Transact with you and make payments to you pursuant to the contract;
- Establish, exercise or defend legal claims in relation to the contract;
- Correspond with you throughout the relationship.
Your personal may also be used:
- To enable us to comply with our legal, statutory and regulatory obligations. For example, your personal data may be included in our returns to the Revenue Commissioners in complying with taxation law, as part of the preparation and audit of financial statements in compliance with company law and for compliance with legally binding requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
- To manage our everyday business needs in line with our legitimate interests, such as accounting, complaint management, troubleshooting, technical support, protection of our assets and information, and fraud prevention.
- To inform potential and/or current FKM Group clients that you are a supplier. This will be in limited circumstances and your explicit consent will be sought before it occurs.
5.4. Who we share your personal data with
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
- To our bank when we are transacting with you;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To our clients and prospective clients where you have provided us with consent to do so; and
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us).
6. HOW WE PROCESS YOUR PERSONAL DATA – REPRESENTATIVES OF THIRD PARTY LEGAL ENTITIES
6.1. How we collect your personal data
In our business to business relationships with third party companies and organisations (e.g. clients, suppliers or otherwise), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources:
- Directly from you. Examples include when you, on behalf of Your Organisation:
- Interact directly with us via telephone, email, post, fax and/or in person;
- Submit inquiries and information via our website;
- Provide information as part of an inquiry about a service from us;
- Purchase our services and conduct transactions with us;
- From third parties. Examples include collection from:
- Publicly available information. For example, from press publications, online search engines and related results.
- Referees you nominate to us as part of Your Company tendering for working with us on as a contractor on a client project;
- Introducers or common business associates who may pass on your details to us;
- Third parties who provide services to Your Organisation (e.g. your representatives, advisors, delivery drivers, etc.).
In all instances where we receive personal data from third parties, we will contact you within 30 days to provide you with full transparency and information about how and why we collected your personal data.
6.2. The personal data we use
As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:
- IDENTITY DATA, including your
- first name, surname, salutation;
- signature on signed documents;
- photographic identification, where images are collected by our CCTV cameras or where you provide consent for us to feature your photo and/or video imagery for marketing purpose;
- CONTACT DATA, including your business email address, business telephone number(s);
- OCCUPATIONAL, including the name of Your Organisation and your job title,
- OPINIONS, where you consent to provide testimonials or references.
6.3. The purpose and legal basis for processing your personal data
We will only process your personal data where it is lawful and necessary to do so, including
- Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and Your Organisation;
- For the purpose of taking steps to enter into and perform a contract to sell services to Your Organisation;
- To enable us to comply with our legal, statutory and regulatory obligations. For example, Your Organisation may be a government body with whom we need to interact as part of our legal obligations and your personal data will be used to manage this relationship;
- Our legitimate interests to provide relevant marketing material to you (unless you have objected to us using your personal data for this purpose);
- Where you have provided us with consent to use your personal data for marketing or referral purposes;
- To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.
- Establish, exercise or defend legal claims;
6.4. Who we share your personal data with
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To our clients and prospective clients where you have provided us with consent to do so;
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); and
- To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes.
7. CONSEQUENCES OF NOT GIVING YOUR DATA TO US
You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to enter certain contracts with you (for example, a purchase contract with you/Your Organisation) or to provide services to you (for example, certain functions on our websites will not be able to function correctly without cookies) and failure to provide this information may result in us not being able to enter such contracts or provide you with such services. You will be notified if this is the case at the time.
8. HOW LONG WE RETAIN YOUR PERSONAL DATA FOR
Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing.
No personal data will be kept for a period longer than necessary. The length of time we hold the data depends on the type of data and also on a number of other factors, including to meet our legal, regulatory and statutory obligations, and to meet our legitimate interests to operate our business. For example, in most cases for personal data we retain in relation to contracts, we retain them for 7 years after the date upon which the relationship ceased.
9. HOW WE KEEP YOUR PERSONAL DATA SECURE
Appropriate security measures are implemented in order to protect your personal data.
Security measures refer to physical security in the office (e.g. securely locked filing cabinets etc.) as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data.
In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
10. INTERNATIONAL TRANSFERS
FKM does not currently transfer any personal data outside of the European Economic Area (“EEA”). However, if this position changes, we will ensure that appropriate measures are in place to comply with our obligations under applicable Data Protection Law.
11. YOUR RIGHTS
You have a number of rights in respect to your personal data. These are:
- The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for. We will accede to any such valid requests within one month of the receipt of a valid request in writing
- The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.
- The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to FKM Group’s processing the data for its own legitimate interests (e.g. direct marketing) or where FKM Group’s processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
- The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
- Direct marketing;
- Establishing, exercising or defending ourselves or others from legal claims; or
- Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
- The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.
- The right, at any time, to withdraw consent you have provided to us to process your personal data.
- The right to lodge a complaint to the Data Protection Commission or another supervisory authority. The Office of the Data Protection Commission can be contacted at:
Email: |
|
Telephone: |
+353 (0)761 104 800 |
Postal Address: |
Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 |
If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very seriously in FKM Groupand we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.
We will update this Privacy Statement from time to time. Any changes will be made available on the FKM Group website and, where appropriate, notified to you by written notice or email.
The FKM Group, Otter House, Naas Road, Dublin 22, Ireland +353 1 414 5000 office@fkm.ie