Privacy Policy – Work Permit Solutions

The Data Controller is Work Permit Solutions Ltd, 77 Lower Camden Street, Dublin, D02 XE80, Ireland (hereinafter referred to as “The Company”).

PRIVACY POLICY

The Company fully complies with the Data Protection Acts 1988–2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and S.I. No. 336/2011 – European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.

The GDPR, effective across the European Union from 25 May 2018, supersedes the Data Protection Directive 95/46/EC and underpins Ireland’s updated data protection legislation. The Company processes all personal data with the utmost care, lawfulness, and transparency.

DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA

The Company processes personal data relating to:

Clients and prospective clients (natural persons);
Representatives, employees, shareholders, directors, or attorneys of corporate clients (“Clients”);
Candidates seeking employment;
Individuals who have engaged with The Company.

The categories of personal data processed include, but are not limited to:

Identification data: name, surname, date of birth, address, VAT number;
Contact data: telephone number, email address, postal address;
Professional information: job title, company position, subcontracting details;
Communications: emails, letters, and call recordings;
Identity documents and photographs;
Audio-visual content;
Written opinions, memoranda, and reports;
Criminal record information (where legally permitted);
Financial information: bank account details, pension data, statutory payments, and court orders;
Employment-related documents: offers, letters of intent, contracts;
Special categories of data (e.g., health, race, political beliefs, union membership) under Article 9 GDPR (only where necessary and with explicit consent);
Data relating to politically exposed persons (PEPs);
Judicial data under Article 10 GDPR;
Personal data relating to minors (exceptional circumstances only);
Data shared with third parties (e.g., employers, government authorities) where necessary.

PURPOSES AND LEGAL BASIS FOR PROCESSING

Personal data is processed solely for the following purposes:

Execution and management of contractual obligations;
Pre-contractual steps taken at the request of the data subject;
Legal compliance, including due diligence;
Administrative and accounting operations;
Client communications, including updates where prior consent has been obtained.

The lawful bases for processing include:

Necessity for contract performance (Article 6(1)(b) GDPR);
Compliance with legal obligations (Article 6(1)(c) GDPR);
Legitimate interests (Article 6(1)(f) GDPR);
Consent, where required, particularly for processing special categories of personal data (Article 6(1)(a) and Article 9(2)(a) GDPR).

Data may be sourced directly from the data subject or from third parties, such as job boards, employment agencies, referees, healthcare professionals, or disclosure bodies.

SPECIAL CATEGORIES AND JUDICIAL DATA

Processing of special categories of data (Article 9 GDPR) occurs solely with explicit consent, unless processing is required by law or for the establishment, exercise, or defence of legal claims.

Processing of judicial data (Article 10 GDPR) is restricted to instances where strictly necessary and in compliance with applicable legal safeguards.

Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal may, however, affect The Company’s ability to provide services.

OBLIGATION TO PROVIDE PERSONAL DATA

Provision of certain personal data is mandatory for contractual and legal purposes. Failure to provide necessary data may prevent the formation or performance of a contract. Other data requested during service provision is voluntary but essential to the fulfilment of the requested services.

DATA PROCESSING AND RETENTION

Personal data is processed using secure servers and cloud services located within the European Union.

Data retention periods:

General retention: 26 months following contract completion or case closure;
Curriculum Vitae and associated documents: retained for up to 26 months unless a legitimate ongoing interest exists;
Employment-related data: retained in line with statutory retention requirements.

Data is stored on secured CRM systems and databases. Information is shared with prospective employers or clients primarily within the European Economic Area (EEA). Transfers outside the EEA are subject to appropriate safeguards under Articles 45–47 GDPR, and require explicit consent where no adequacy decision exists.

DATA MINIMISATION

Data processed specifically for Employment Permit or Visa applications is securely destroyed or permanently deleted immediately after submission, subject to mandatory retention obligations for legal or financial compliance.

ACCESS TO DATA

Personal data is accessible solely by authorised personnel within The Company and by contracted service providers (Data Processors) bound by Article 28 GDPR agreements ensuring confidentiality and data security.

Personal data may be disclosed, on a need-to-know basis, to:

IT infrastructure and support providers;
Payment service providers;
Delivery and postal services;
Public authorities and regulatory bodies where legally required.

DATA SUBJECT RIGHTS

Under GDPR, data subjects have the following rights:

Right of access (Article 15 GDPR);
Right to rectification (Article 16 GDPR);
Right to erasure (“right to be forgotten”) (Article 17 GDPR);
Right to restriction of processing (Article 18 GDPR);
Right to data portability (Article 20 GDPR);
Right to object to processing (Article 21 GDPR);
Right to withdraw consent at any time (without affecting processing prior to withdrawal).

Requests to exercise any of the above rights should be submitted to: [email protected].

DATA SECURITY

The Company upholds rigorous data security standards to protect all personal data. No personal data will be shared with any party that cannot be verified or authenticated.

Additional safeguards include the use of military-grade Virtual Private Networks (VPNs) and the decision not to offer user login areas on the website to reduce security vulnerabilities.

POLICY AMENDMENTS

The Company reserves the right to amend this Privacy Policy to reflect changes in law or internal practices. Updates will be published on our website, and we recommend reviewing the policy periodically.

Concerns about data security or data handling should be reported immediately via: [email protected].

COMPLAINTS

Data subjects retain the right to lodge a complaint with the Data Protection Commission (DPC) should they believe that their data protection rights have been infringed:

Website: https://www.dataprotection.ie
Telephone: +353 57 868 4800 / +353 761 104 800

Last updated April 2025

The Work Life Balance Bill has been passed in Ireland

Key Changes in Ireland’s Employment Permits System: Pending Commencement

Overhauling Ireland’s Employment Permits: Key Insights into the 2022 Bill