This is your guide to how personal and business data is managed by Strong Roots (Handyfood Innovation Limited). Please review the information carefully.
We at Strong Roots (Handyfood Innovation Limited) (SR/HFI)) respect your privacy and comply with our obligations under the Data Protections Acts 1988, and 2003, and the General Data Protection Regulation (2018). DDCU are committed to protecting and respecting your privacy. It is important that you know exactly what we do with the personal information you and others provide to us, why we collect it, where it is kept, and how you can interact with us about it. This notice sets out our approach to Data Privacy to fulfil our obligations under the General Data Protection Regulation (GDPR).
We will try to keep this Notice as simple as possible, however, if you do not understand any of the terms used or information contained within, please email firstname.lastname@example.org.
1. Who we are
When we talk about “SR/HFI”, or “us” or “we” in this notice, we are talking about Strong Roots (Handyfood Innovation Limited), 4th Floor, Garryard House, 25-26 Earlsfort Terrace, Dublin 2, D02PX51.
2. Data Protection Officer
Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fully satisfied. You can contact our Data Protection Officer at email@example.com or by writing to them at: Data Protection Officer, Strong Roots (Handyfood Innovation Limited), 4th Floor, Garryard House, 25-26 Earlsfort Terrace, Dublin 2, D02PX51.
3. The information we collect about you
There are a number of reasons for gathering information about you. For example, when you start doing business with us or you join us as an employee. We need to know how to get in touch with you, we need to be certain of your identity. We also need your information to manage our business and to comply with our legal obligations.
We also collect information through our website and online services, market research, social media and our CCTV footage.
The information we collect falls into the following categories:
Identity & contact information
Name, date of birth, contact details, PPS number (or foreign equivalent), nationality, home status and address, email address, work, home and mobile phone numbers, family details and marital status, tax residency and tax related information.
Financial Details / Circumstances
Bank account details, salary details, employment status and employment details, next of kin information, life assurance, and pension and investment details may be collected.
Sensitive data we may hold about you includes health or criminal conviction information. We only hold this data when we need to for the purpose of offer of employment, contract review, or where there is a legal obligation to do so.
Information about others
We only hold personal information on record provided by you in case of emergency/next of kin.
If you give us information about someone else (e.g. next of kin) please be sure that you have that persons agreement to do so. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this document. We will require signed consent from that person following this. You can choose not to share information, but this is vital to your health and wellbeing.
When we request information we will always advise you if providing this information is a contractual requirement or not, and whether that information is needed to allow us to comply with our legal obligations.
4. How we use the information we collect about you
We use your information to conduct our business and look after you, in a manner satisfactory to you. If you do not provide personal/business data, we may not be able to provide you with payment for services etc.
Some of the ways we use your information are:
– Manage and administer your accounts.
– Manage and respond to complaints.
– Meet our legal and regulatory obligations.
– Contact you by post, phone, text, email, social media, or other means only subject to your instructions or as necessary by law.
When we ask you for your consent, we will provide you with more information on how we will use your data in reliance on that consent. We do not share your information with third parties for marketing purposes.
5. How we keep your information safe
We protect your information with security measures under the laws that apply and we meet international standards. Our building, computers, and hard copy files are all fully secure. When you contact us to ask about your information we will need you to identify yourself. This is to help protect your information.
6. How long do we keep your information for
The length of time your data is held for can depend on a number of factors, such as the type of product /service you have/length of service and the regulatory rules around the retention of this data. We never hold data for longer than is legally required.
As a general rule, we keep your information for a specified period after the date on which a transaction has completed or you cease working with us.
7. Meeting our legal and regulatory requirements
To use your information lawfully and to comply with regulatory obligations, we rely on one or more of the following legal bases:
– Performance of a contract.
– Legal obligation.
– Protecting the vital interests of you and others.
– Public interest.
– Our legitimate interests.
– Your consent or explicit consent.
To meet our legal and regulatory requirements, we collect some of your personal information, verify and keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our products and services.
When conducting direct marketing to you, we need your consent to make you aware of products and services which may be of interest to you. Direct marketing can be carried out by phone, email, post, text or through other digital media, e.g. Apps. It is always up to you to decide the level of direct marketing you find acceptable and this is usually done when you commence working with us.
If you do receive direct marketing or we contact you to get feedback on ways to improve our offerings, you always have the choice to opt out.
If sensitive personal data needs to be used about you, we ask for your consent. Your decision will be based on the knowledge of what information needs to be collected, and what it will be used for. You can remove your consent at any time by contacting us.
9. Your information and third parties
In certain circumstances the sharing of your information with third parties is necessary. This only happens to the following categories:
– Your authorised representatives (e.g. attorney under a Power of Attorney, any party authorised by you to receive your personal data, a retail intermediary).
– Collecting debt owed by you.
– Selling your debt (if necessary).
– Help trace, investigate and recover funds.
– Protect our legitimate interests (your personal information remains safe when our service providers use it, in accordance with our instructions) and we expect third parties to have the same levels of information protection that we have.
Our service providers can include IT and telecoms providers, software development contractors, data processors, computer maintenance contractors, printing companies, document storage and destruction companies, debt collection agencies, budgeting and advice agencies, tracing agencies, archiving services suppliers, analytics companies, marketing companies, receivers, liquidators, examiners and legal advisors.
To meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside of Ireland.
10. International transfers of data (outside the EEA)
We do not transfer your personal data outside the European Economic Area (EEA).
11. How to exercise your information rights
Processing your personal information comes with significant responsibilities for us, and we take these responsibilities very seriously. The new legislation means we will become more transparent in relation to how your personal data is processed and it means you will have significantly more rights about your information.
You have the right to:
– Access your information and receive copies of the information we hold about you.
– Request that inaccurate information is corrected and incomplete information updated.
– Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interests.
– Object to use of your personal data for direct marketing purposes.
– Have your data deleted – this is known as “the right to be forgotten.”
– Restrict the use of your data (under certain circumstances).
– Obtain a transferable copy of certain data to which can be transferred to another provider, known as “the right to data portability.”
– Withdraw consent at any time, where any processing is based on consent.
12. How long do responses take
We are obliged to respond to you without delay and in most circumstances, will respond within one calendar month. If the request is complex in nature, the response will take no longer than a further two calendar months. Should this be necessary we will explain the reasons why the delay is necessary. If you make your request electronically, where possible, we will reply in kind.
You have the right to submit a complaint to the Data Protection Commission at: https://www.dataprotection.ie/docs/contact-us/b/11.html
Tel: 0761 104 800
Lo Call: 1890 252 231
Post: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
13. Changes to this Notice
We will update this Data Privacy Notice as the need arises. Any changes will be communicated to you and made available online.