DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
The Data Controller is Work Permit Solutions Ltd – 77 Lower Camden Street, Dublin, D02 XE80 (hereinafter referred to as The Company)
The Company are fully cognizant of the information regarding the processing of Personal Data, in accordance with the Data Protection Acts 1988-2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679. This Regulation came into force across the European Union on 25 May 2018 and replaces the previous data protection directive which has been in force since 1995, forming the basis of our new Data Protection Irish laws (Data Protection Acts 1988-2018). The Company are also full cognizant of S.I. No. 336/2011 – European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.
DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA
The Company may process the Personal Data (therefore, information referred to identified or identifiable natural persons) of clients or Candidates (or prospect clients), if natural persons; if the client is a legal entity: persons who act on their behalf or in the framework of an employment or other relationship with the legal entity (hereinafter, for the sake of simplicity, referred to as “Clients”); Client’s shareholders, directors, or attorneys.
The Company may collect the following information and data about you which we may hold, store or process:
The personal data processed by The Company shall consist, as the case may be, of:
personal details: (name, family name, date of birth, address, VAT Number);
- personal details (name, family name, date of birth, address, VAT code);
- contact details (phone number, fax, e-mail address, addresses);
- company’s/entity’s position and professional info: if sub-contracting;
- content of communications;
- content of ID, photos;
- audio-video contents;
- opinions, memos and other written documents;
- reports of criminal history;
- bank details (e.g.: account number);
- financial data (including but not limited pension scheme information, court orders, and statutory payments, subject to conditions surrounding such data;
- full details of employment offers or letters of intent: letters of intent which state that the Employer intends to create a Legally Binding relationship with the potential Candidate.
- in exceptional cases: special categories of personal data as defined by Art. 9 of the GDPR, namely: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
- for sake of carrying out the Client due diligence: quality of / relation with the politically exposed person; further information on the Client (if necessary);
- in exceptional cases, judicial data as defined by Art. 10 of the GDPR;
- in exceptional cases: personal data related to minors.
- information with regard to individuals who have engaged with us, whose data may be shared with a third party, such as an Employer, legal entity or a Government Body.
PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
The Personal Data which you will communicate to The Company, or however, of which The Company will become aware during the contractual relationship will be processed exclusively for the purpose of performing the task received (as the case may be, in order to analyse the issues within the scope of The Company’s professional assistance, to prepare opinions and communications to the Client or to third parties, or briefs and memos) and for the related accounting and administrative purposes (managing the client database and the paper-based and electronic files relating to the individual cases).
Therefore, the processing of such data is necessary to perform the contract and/or the related preparatory measures. The Company have and will obtain the above information from you or a third party we collaborate with, such as a Job Board Company, another employment business or agency, a past or potential employer, or from a medical expert (e.g., GP, Consultant, or Occupational Health). References may be gathered from previous employers. The Disclosure and Barring Service or other external company applicable to the placement may supply the outcome of criminal record checks and security clearance.
The mandate conferred on The Company’s Professionals, Employees or Agents includes the informal requests for consultancy services and is not necessarily formalized in a written document. If the Candidate or Client has given their consent, the e-mail address will be used to send the periodic updates regarding issues of importance, or regarding initiatives which we have arranged. The consent that may have been given can be revoked at any time, by simply sending a request to the email address [email protected]
SPECIAL CATEGORIES OF DATA AND JUDICIAL DATA
In the exceptional cases that The Company will ask, or you will disclose Personal Data belonging to the special categories indicated in art. 9 of the GDPR, on a need-to- know basis, The Company will only initiate processing on your consent.
The consent may be revoked at any time. However, the waiver of the consent may prevent The Company from performing the professional services and then may imply the waiver or the mandate by the Firm.
In the case of politically exposed person, the processing of the information thereof is required by law and is aimed at pursuing a public interest.
The Judicial Data pursuant to Art. 10 of GDPR shall only be processed on a need-to-know basis and only if the needed legal requirements occur.
MANDATORY OR NON-MANDATORY REQUIREMENT TO PROVIDE PERSONAL DATA
Some Personal Data, in particular, the personal and contact details, the bank details and the information required in the context of the client identification as well as banking details, are necessary to establish the contract. Without such data we will not be able to, or we will be prevented from providing our services.
The further Personal Data required during our services shall be voluntarily given, but as they refer to the subject of our assistance, they are fundamental in order to carry out the required services.
HOW PERSONAL DATA ARE PROCESSED AND RETAINED
The Personal Data are processed and stored on servers and/or cloud supports provided by third parties and located in the EU and shall be retained for 26 months from the date the contract execution is completed or the case in the context of which the Personal Data were collected or conferred is closed.
Your data is filed on our CRM systems and databases. Your Curriculum Vitae or Resume and other associated documents will be sent or shared with prospective employers or clients. Once a position of Employment has been secured and a Contract of Employment has been drafted and signed by the relevant parties, more information may be provided to them to enable the position to begin. Such employers and clients generally operate within the European Economic Area (EEA). Personal data shall not be transferred to a country or territory outside the EEA unless Express consent for such an act to be carried out has been granted, pursuant to art. 45 of the GDPR (as, f.i. is the case of Switzerland and UK) or any other legal basis for transfer pursuant to Art. 45, 46 and 47 of GDPR occurs.
Any data that is processed for the specific purposes pertaining to Employment Permit Applications of any kind or Visa Applications are destroyed or permanently deleted upon submittal as a proactive security measure based on Company Policy, bar data which must be retained subject to legal or financial record requirements.
PERSONS OR ENTITIES WHO OR WHICH MAY HAVE ACCESS TO PERSONAL DATA ON BEHALF OF THE FIRM OR TO WHOM THE DATA ARE COMMUNICATED
The Personal Data we collect will be processed exclusively by our persons in charge of data processing. Furthermore, the Personal Data will be accessible to the providers of the IT infrastructure, as well as the hardware and software assistance providers.
Each external person or entity who has access to Personal Data is appointed as Data Processor, pursuant to art. 28 of the GDPR, subject to strict constraints regarding confidentiality and security.
Some of the Personal Data, namely the personal and bank details, may also be communicated to payment and delivery service providers.
The Personal Data shall also be communicated to public authorities (e.g.: judicial or supervisory authorities) and administrations (e.g.: Tax Agency and business register), on a need-to-know basis.
DATA SUBJECT’S RIGHTS
We take this opportunity to remind that the GDPR gives the data subjects the following rights:
- the right of access the personal data and information, for example: the purpose of data processing and the types of data held by us (art. 15 of the GDPR);
- the right to obtain the rectification of incorrect personal data which concern you, or to integrate incomplete personal data (art. 16 of the GDPR);
- the right to erasure (“right to be forgotten”) of the personal data which concern you, if one of the grounds envisaged under art. 17 of the GDPR applies;
- the right to restriction of processing, i.e. to obtain that the personal data which may be subject to dispute are flagged and not deleted, for the period necessary to exercise a given right regarding such data (art. 18 of the GDPR); (v) the right to data portability (art. 20 of the GDPR); (vi) the right to revoke the consent given to the processing of Personal Data.
The Company earnestly commits to championing robust, proactive data security measures, be they related to a Client or a Candidate, without differentiation. The Company shall not divulge personal data to parties it cannot confirm or has failed to authenticate. Further bolstering security, the Company employs a Military Grade VPN. Given the potential risks associated with them, this website does not offer sections for Client or Candidate login, as deemed prudent by The Company.
GDPR POLICY CHANGES OR UPDATES
The Company reserves the right to change, amend or annex, at its sole discretion, sections of this GDPR Policy in line with updates and changes in legislation. This GDPR Policy should be checked periodically or with each visit to the website.
If at any stage, you have concerns about your data or the integrity of how your data is being stored or processed, please contact us immediately – [email protected] and we will be happy to assist you.
Lastly, the GDPR Regulation 2018 confers on all data subjects the right to submit a complaint to The Data Protection Commission (DPC), Should there be a purported violation of the DPC Provisions.
Last updated January 2024