1. Definitions used in this statement
Invistech Limited, Us, We & Our, the Company
all refer to, in this document, Invistech Limited located at Unit 2,
Airport East Business Park, Kinsale Road, Cork. with registered company
number: 462212. We also have offices in Limerick and Dublin.
refers to all individuals and organisations that we currently,
prospectively or historically process personal data for.
include but are not limited to designing, building and managing IT and
Data Protection Officer:
We have appointed the following individual / organisation to handle all our
data protection related queries: Kenneth Baker, Enguard Security Limited,
Unit 2, Airport East Business Park, Cork. Email:datap email@example.com
Tel: 0818 911 365
located at Unit 2, Airport East Business Park, Cork, with registered
company number: 605390 is a separate company through common management
control. Enguard Security Limited process data as a processor for Invistech
and are regulated by a specific data processor agreement. As our data
protection advisors, a member of their staff will act as Data Protection
Officer, under contract, to manage all data protection rights requests,
breaches and and any other privacy queries on Invistech’s behalf and
within Invistech’s secure systems.
For the purposes of this policy criminal records data means information
about an individual's criminal convictions and offences, and information
relating to criminal allegations and proceedings.
Data protection laws
For the purposes of this policy data Protection laws means all applicable
laws relating to the processing of Personal data, including, for the period
during which it is in force, the General Data Protection Regulation
(Regulation (EU) 2016/679) and the Data Protection Acts 1988 to 2018.
means the individual to whom the personal data relates. for the purposes of
this statement data subject are, but not limited to, employees, web
visitors, customers, supplier contacts, referrals, prospective or job
means any information that relates to an individual who can be identified
from that information.
means any use that is made of data, including collecting, storing,
amending, disclosing, or destroying it.
of personal data means information about an individual's racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade union
membership, health, sex life or sexual orientation and biometric data.
Website, our website
2. Scope of this privacy statement
2.1. This privacy statement covers our privacy practices with respect to
the processing of your Personal data.
2.2. For purposes of the applicable Data Protection Laws, Invistech Limited
is the "data controller". This means that Invistech Limited determines the
purposes for which, and the manner in which your personal data is
2.2. This privacy statement describes the information that we collect about
you, how we obtain your personal information, and how we may use or
disclose that information in connection with the delivery of our services
to you or your employment with us. This privacy statement also describes
the measures we take to protect the security of your personal information
and how you can contact us about our privacy practices, including to
exercise your privacy rights.
3. Data we may collect
3.1. We may collect the following data, which includes personal data, in
each case, in accordance with this privacy statement from you:
■ Address - postal (home)
■ Bank details
■ Cookies (Web)
■ Copy of driver's license (name, address, photo, date of birth,
■ CV, referee details – past educational and employment details
■ Email address
■ Full Name
■ Gmail list name / email (for controller under contract)
■ Health and safety form for work activity
■ Health data i.e. sick cert, doctor name / fit for work status
■ Job title
■ Data visible during customer live support (access to images seen on
customer's client computer is by contract, strictly confidential and never
■ Next of kin details (name, contact number, relationship to person)
■ Place of work
■ Private mobile telephone number
■ Telephone (home number)
■ Training documents (Certs)
■ VOIP - call record (for controller under contract)
■ Back up (files description of file name location type of file - on
occasion may contain individual name in title or as author)
4. How we may collect data
4.1. We may collect data in the following ways:
○ Data is given to us by you;
○ Data is received from other sources; and
○ Data may be collected automatically.
5. Data that is given to us by you
5.1. Invistech Limited may collect your data in a number of ways, in each
case, in accordance with this privacy statement, for example:
○ When you contact us through the Website, by telephone, post, email
or through any other means;
○ When you receive our products/services;
○ When you are employed by us;
○ When you enter into a contract with us
5.2. People who Email Us
5.2.1. Any email sent to us, including any attachments, may be monitored
and used by us for reasons of security and for monitoring compliance with
our data protection policy. Email monitoring or blocking software may also
be used. Please be aware that you have a responsibility to ensure that any
email you send to us is within the bounds of the law. Unsolicited material
of a criminal nature will be reported to the relevant authorities and
5.2.1. We may use your data for the above purposes if we deem it necessary
to do so for our legitimate interests. If you are not satisfied with this,
you have the right to object in certain circumstances (see the section
headed "Your rights" below).
5.3. Information provided through the website
5.3.1. You have the opportunity to send us information via this website,
such as through the “contact us” pages or any other area where
you may send emails, request brochures or provide feedback. the legal basis
for this specific processing is consent.
5.3.2. By choosing to participate in these, you might provide us with some
personal information. This information may include your name, email and
telephone number. The purpose of collecting this information is so we can
contact you regarding any questions you may have asked or to provide you
with other information that may be relevant to you or your business in the
form of materials about our company.
5.3.3. This information will only be used by us for:
● The purpose for which it was provided by you and any reasonably
● Verification purposes and statistical analysis; and
● Marketing and administration purposes.
5.4. Processing of data for job applicants, current and former
5.4.1. Controller status: Invistech is the data controller
for the information you provide during the recruitment process unless
otherwise stated. If you have any queries about the process or how we
handle your information please contact us at firstname.lastname@example.org
Usage of information you provide to us during recruitment process:
All of the information you provide during the recruitment process will only
be used for the purpose of progressing your application, or to fulfil legal
or regulatory requirements if necessary.
5.4.3. We will not share any of the information you provide during the
recruitment process with any third parties for marketing purposes or store
any of your information outside of the European Economic Area. The
information you provide will be held securely by us and/or our data
processors whether the information is in electronic or physical format.
5.4.4. We will use the contact details you provide to us to contact you to
progress your application. We will use the other information you provide to
assess your suitability for the role you have applied for.
5.4.5. We do not collect more information than we need to
fulfil our stated purposes and will not retain it for longer than is
5.4.6. The information we ask for is used to assess your suitability for
employment. You don’t have to provide what we ask for but it might
affect your application if you don’t.
5.4.7. We ask you for your personal details including name and contact
details. We will also ask you about your previous experience, education,
referees and for answers to questions relevant to the role you have applied
for. Our recruitment team will have access to all of this information.
5.4.8. You will also be asked to provide equal opportunities information.
This is not mandatory information – if you don’t provide it, it
will not affect your application. This information will not be made
available to any staff outside of our recruitment team, including hiring
managers, in a way which can identify you. Any information you do provide,
will be used only to produce and monitor equal opportunities statistics.
Our hiring managers shortlist applications for interview. They will be
provided with your name or contact details. They will not be provided with
your equal opportunities information if you have provided it.
We might ask you to participate in assessment days; complete presentations
or and/or to attend an interview – or a combination of both.
Information will be generated by you and by us. For example, we will record
interview notes. This information is held by Invistech.
5.4.11. If you are unsuccessful following assessment for the position you
have applied for, we may ask if you would like your details to be retained
in our talent pool for a period of six months. If you say yes, we would
proactively contact you should any further suitable vacancies arise.
5.4.12. Conditional Offer:
If we make a conditional offer of employment we will ask you for
information so that we can carry out pre-employment checks. You must
successfully complete pre-employment checks to progress to a final offer.
We are required to confirm the identity of our staff, their right to work
in Ireland and seek assurance as to their trustworthiness, integrity and
reliability.You will therefore be required to provide:
● Proof of your identity – you will be asked to attend our
office with original documents, we will take copies.
● Proof of your qualifications – you will be asked to attend
our office with original documents, we will take copies.
● We will contact your referees, using the details you provide in
your application, directly to obtain references
● If we make a final offer, we will also ask you for the following:
○ Bank details – to process salary payments
○ Emergency contact details – so we know who to contact in case
you have an emergency at work.
5.4.14. If you are successful, the information you provide during the
application process will be retained by us as part of your employee file
for the duration of your employment plus 6 years following the end of your
5.4.15. If you are unsuccessful at any stage of the process, the
information you have provided until that point will be retained for 12
months from the closure of the campaign.
● Information generated throughout the assessment process, for
example interview notes, is retained by us for 12 months following the
closure of the campaign.
● Equal opportunities information is retained for 12 months following
the closure of the campaign whether you are successful or not.
6. Data that may be received from third parties and publicly available
6.1. Invistech Limited may receive data about you from third parties and
publicly available sources in each case, in accordance with this privacy
statement that we require in order to deliver our service to you or offer
employment to you.
7. Data that may be collected automatically
7.1. To the extent that you use our services we may collect your data
automatically, for example:
○ We may automatically collect some information about your visit to
our Website. This information helps us to make improvements to Website
content and navigation, and includes your IP address, the date, times and
frequency with which you access the Website and the way you use and
interact with its content.
○ We may collect your data automatically via cookies, in line with
our cookie statement and settings on your browser. For more information
about cookies, and how we use them on the Website, see our
8. Our use of data
8.1. Any or all of the above data may be required by us from time to time
in order to provide you with the best possible experience when using our
services as a client, customer or web visitor or employed by us as a member
of our staff.
8.2. Specifically, data may be used by us in each case, in accordance with
this privacy statement for the following reasons:
The management and administration of our organisation;
Facilitating the delivery of our services and or products;
Human resources management;
For compliance with legislation relevant to the organisation.
For specific purposes such as, but not limited to, the following
● Health and safety
● Consultancy purposes
● Service provision (hardware and telecoms) support
● Communicating cases with staff on hangouts
● For access to In2tel portal, Gmail / Google, Office 365 apps, as IT
provider for customer
● For purchasing / payment invoicing
● For communicating a problem
● Finding an IT solution (login details for the customer and email
● For website functionality
9. Who we share data with
9.1. We may share your data with the following organisations to deliver,
maintain and improve our service in each case, in accordance with this
Any of our group companies or affiliates - we may share information
with our processor Enguard who provides our data protection advice
Our staff, consultants and/or professional advisors
Third party service providers who provide services to us which
require the processing of personal data
Relevant authorities, by legal obligation such as An Garda Siochana
or Revenue Commissioners.
9.2. Links to Other Website:
This privacy notice does not cover the links within our website linking to
other websites. We encourage you to read the privacy statements on the
other websites you visit.
10. Keeping data secure
10.1. We will use technical and organisational measures to safeguard your
data, for example:
○ Our staff are governed by a strictly enforced data protection
○ Our systems are configured, maintained and monitored to ensure the
best possible technical measures we can achieve. These have been
implemented to secure your data.
○ Technical and organisational measures include measures to deal with
any suspected data breach. If you suspect any misuse or loss or
unauthorised access to your data, please let us know immediately by
11. Data retention
11.1. Unless a longer retention period is required or permitted by law, we
will only hold your data on our systems for the period necessary to fulfil
the purposes outlined in this privacy statement or until you request that
the data be deleted.
11.2. Even if we delete your data, it may persist on backup or archival
media for legal, tax or regulatory purposes.
11.3. All retention of personal data is regulated by our
organisation’s Retention Schedule which is part of our Data
12. Your rights
12.1. We will put you in control of your privacy with clear choices. We
apply the following data protection principles to our data processing
● Lawfulness, fairness and transparency: We will
only process data as permitted by the law, in a fair manner. We will be
transparent about data collection and use so that you can make informed
● Purpose limitation: When we do collect data, we
will use it to for purpose provided to benefit you and, to make your
● Data minimisation: we will only process the
minimum of data necessary
● Accuracy: we will maintain accurate records
● Storage limitation: we will only store data for
the length of time required or as detailed by legislation.
● Integrity and confidentiality (security): We will
protect the data that you entrust to us via strong security and encryption.
● Accountability: We will respect your local data
privacy laws and fight for legal protection of your privacy as a
12.2. These principles form the foundation of Invistech’s approach to
privacy and will continue to shape the way we build our products and
12.3 We must always have a lawful basis to process
personal data, as set out in the data protection legislation. The legal
bases for processing data, as detailed in Article 6 of the GDPR are
consent, contract, vital interest, legitimate interest, public task or
12.4. Consent on our website:
When you visit our website or fill our contact forms you are given the
option to consent to the use of that information as set out in this
statement. We will always communicate any changes made to our statement to
ensure that you are always informed on how your information is used and
why. You will find links to more information and controls so that you can
make the right decisions for you.
12.5. Data privacy rights
12.5.1. Right to be informed:
You have the right to be informed of how we process your data. We comply
with this right through the issuing of this Privacy statement or other
appropriate communications with data subjects on how their data is used.
12.5.2. Right to access
The right to request copies of the information we hold about you at any
time, or that we modify, update or delete such information. If we provide
you with access to the information, we hold about you, we will not charge
you for this, unless your request is "manifestly unfounded or excessive."
Where we are legally permitted to do so, we may refuse your request. If we
refuse your request, we will tell you the reasons why.
To invoke your right to access please complete our Subject Access Request
form and return to us or write to us requesting access to your personal
data mentioning “subject access request”.
Where possible, we will provide the requested information to you within one
month from the receipt of a valid request. if we cannot fulfill the request
in that time we will inform you of the reason for the delay and new
timeframe. To access the Subject Access Request Form please contact us.
12.5.3. Right to rectification:
The right to have your data rectified if it is inaccurate or incomplete. To
access Data Rectification Request form please contact us.
12.5.4. Right to erase:
The right to request that we delete or remove your data from our
systems.You also have the right to have the information erased if we do not
have a legitimate reason for retaining this data. We will agree to any such
valid requests within one month of receipt of a request in writing. To
access Data Erasure Request form please contact us.
12.5.5. Right to restrict our use of your data:
The right to "block" us from using your data or limit the way in which we
can use it.
12.5.6. Right to data portability:
The right to request that we move, copy or transfer your data.
12.5.7. Right to object:
The right to object to our use of your data including where we use it for
our legitimate interests.
12.5.8. Rights related to automated decision making and profiling.
You have rights related to automated decision making and profiling, however
this is not a type of processing activity that we as an organisation engage
12.6. To make enquiries, exercise any of your rights set out above, or
withdraw your consent to the processing of your data (where consent is our
legal basis for processing your data), please contact us
Unit 2, Airport East Business Park,
Farmers Cross, Kinsale Road, Cork.
By Phone 0818 911 365
12.7. We reserve the right to request you to provide additional information
in order to enable us to identify your personal data / facilitate requests
and/or to verify your identity.
12.8. The data controller will make every effort to comply with data
subjects rights’ requests however there may be instances where we
cannot fulfill the request of these rights above due to a legal obligation
or restriction dictated by the current data protection or other relevant
legislation. If we refuse a request from the data subject we will explain
this to the data subject immediately and the data subject has the right to
query this to the National Supervisory Authority.
12.9. The data subject has the right to refer their complaint to the
relevant data protection authority which in Ireland is the Data Protection
Commision, please find contact details below;
Data Protection Commission
21 Fitzwilliam Square South
By Email: Info@dataprotection.ie
By Phone: +353 (0) 578 684 800
12.10. Children's Privacy Protection: We understand the
importance of protecting children's privacy in the interactive online
world. Our Website or recruitment is not designed for or intentionally
targeted at children 16 years of age or younger. It is not our policy to
intentionally collect or maintain information about anyone under the age of
12.11. It is important that the data we hold about you is accurate and
current. Please keep us informed if your data changes during the period for
which it is held.
13. Transfers outside the European Economic Area
13.1. Data which we may collect from you may be stored and processed in and
transferred to countries outside of the European Economic Area (EEA). For
example, this could occur if our servers are located in a country outside
the EEA or one of our service providers is situated in a country outside
13.2. We also share information with our third party service providers,
some of which are located outside the EEA.
13.3. We will only transfer data outside the EEA where it is compliant with
data protection legislation and the means of transfer provides adequate
safeguards in relation to your data,
E.g. by way of data transfer agreement, incorporating the current standard
contractual clauses adopted by the European Commission, or by signing up to
the EU-US Privacy Shield Framework, in the event that the organisation in
receipt of the data is based in the United States of America.
13.4. To ensure that your data receives an adequate level of protection, we
have put in place appropriate safeguards and procedures with the third
parties we share your data with. This ensures your data is treated by those
third parties in a way that is consistent with the data Protection Laws.
14. Changes of organisation structure and control
14.1. Invistech Limited may, from time to time, expand or reduce our
organisation and this may involve the transfer of control of all or part of
14.2. Data provided by clients will, where it is relevant to any part of
our organisation so transferred, be transferred along with that part. The
new owner or newly controlling party will, under the terms of this Privacy
statement, be permitted to use the data for the purposes for which it was
originally supplied to us.
14.3. We may also disclose data to a prospective controller of our
organisation or any part of it.
14.4. In the above instances, we will take steps to ensure your privacy is
15.1. You may not transfer any of your rights under this Privacy statement
to any other person.
15.2. We may transfer our rights under this privacy statement where we
reasonably believe your rights will not be affected.
15.3. If any court or competent authority finds that any provision of this
privacy statement (or part of any provision) is invalid, illegal or
unenforceable, that provision or part-provision will, to the extent
required, be deemed to be deleted, and the validity and enforceability of
the other provisions of this privacy statement will not be affected.
15.4. Unless otherwise agreed, no delay, act or omission by a party in
exercising any right or remedy will be deemed a waiver of that, or any
other, right or remedy.
15.5. This Agreement will be governed by and interpreted according to Irish
Law. All disputes arising under the Agreement will be subject to the
exclusive jurisdiction of the Irish courts.
16.Changes to this privacy statement
16.1. Invistech Limited reserves the right to change this privacy statement
as we may deem necessary from time to time or as may be required by law.
16.2. You may contact Invistech Limited with any queries in relation to
this privacy statement.
16.3. This is a live document, under regular review.
16.4. This policy was last updated 16th August 2019.