Privacy Statement

How we use your information

PRIVACY STATEMENT

Invistech Limited

1. Definitions used in this statement

Invistech Limited, Us, We & Our, the Company all refer to, in this document, Invistech Limited located at Unit 2, Airport East Business Park, Kinsale Road, Cork. with registered company number: 462212. We also have offices in Limerick and Dublin.

You refers to all individuals and organisations that we currently, prospectively or historically process personal data for.

Services include but are not limited to designing, building and managing IT and Telephony solutions.

Data Protection Officer: We have appointed the following individual / organisation to handle all our data protection related queries: Kenneth Baker, Enguard Security Limited, Unit 2, Airport East Business Park, Cork. Email:datap rotection@invistech.com Tel: 0818 911 365

Enguard Security Limited located at Unit 2, Airport East Business Park, Cork, with registered company number: 605390 is a separate company through common management control. Enguard Security Limited process data as a processor for Invistech and are regulated by a specific data processor agreement. As our data protection advisors, a member of their staff will act as Data Protection Officer, under contract, to manage all data protection rights requests, breaches and and any other privacy queries on Invistech’s behalf and within Invistech’s secure systems.

Criminal records For the purposes of this policy criminal records data means information about an individual's criminal convictions and offences, and information relating to criminal allegations and proceedings.

Data protection laws
For the purposes of this policy data Protection laws means all applicable laws relating to the processing of Personal data, including, for the period during which it is in force, the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Acts 1988 to 2018.

Data Subject means the individual to whom the personal data relates. for the purposes of this statement data subject are, but not limited to, employees, web visitors, customers, supplier contacts, referrals, prospective or job applicants.

Personal data means any information that relates to an individual who can be identified from that information.

Processing means any use that is made of data, including collecting, storing, amending, disclosing, or destroying it.

Special categories of personal data means information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.

Website, our website refers to http://www.invistechitsupport.ie or www.invistech.com

2. Scope of this privacy statement

2.1. This privacy statement covers our privacy practices with respect to the processing of your Personal data.

2.2. For purposes of the applicable Data Protection Laws, Invistech Limited is the "data controller". This means that Invistech Limited determines the purposes for which, and the manner in which your personal data is processed.

2.2. This privacy statement describes the information that we collect about you, how we obtain your personal information, and how we may use or disclose that information in connection with the delivery of our services to you or your employment with us. This privacy statement also describes the measures we take to protect the security of your personal information and how you can contact us about our privacy practices, including to exercise your privacy rights.

3. Data we may collect

3.1. We may collect the following data, which includes personal data, in each case, in accordance with this privacy statement from you:

■ Address - postal (home)

■ Bank details

■ Cookies (Web)

■ Copy of driver's license (name, address, photo, date of birth, driver’s number)

■ CV, referee details – past educational and employment details

■ Email address

■ Full Name

■ Gmail list name / email (for controller under contract)

■ Health and safety form for work activity

■ Health data i.e. sick cert, doctor name / fit for work status

■ Job title

■ Data visible during customer live support (access to images seen on customer's client computer is by contract, strictly confidential and never recorded)

■ Next of kin details (name, contact number, relationship to person)

■ Place of work

■ PPSN

■ Private mobile telephone number

■ Telephone (home number)

■ Training documents (Certs)

■ VOIP - call record (for controller under contract)

■ Back up (files description of file name location type of file - on occasion may contain individual name in title or as author)

4. How we may collect data

4.1. We may collect data in the following ways:

○ Data is given to us by you;

○ Data is received from other sources; and

○ Data may be collected automatically.


5. Data that is given to us by you

5.1. Invistech Limited may collect your data in a number of ways, in each case, in accordance with this privacy statement, for example:

○ When you contact us through the Website, by telephone, post, email or through any other means;

○ When you receive our products/services;

○ When you are employed by us;

○ When you enter into a contract with us

5.2. People who Email Us

5.2.1. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our data protection policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. Unsolicited material of a criminal nature will be reported to the relevant authorities and blocked.

5.2.1. We may use your data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights" below).

5.3. Information provided through the website

5.3.1. You have the opportunity to send us information via this website, such as through the “contact us” pages or any other area where you may send emails, request brochures or provide feedback. the legal basis for this specific processing is consent.

5.3.2. By choosing to participate in these, you might provide us with some personal information. This information may include your name, email and telephone number. The purpose of collecting this information is so we can contact you regarding any questions you may have asked or to provide you with other information that may be relevant to you or your business in the form of materials about our company.

5.3.3. This information will only be used by us for:

● The purpose for which it was provided by you and any reasonably incidental purposes;

● Verification purposes and statistical analysis; and

● Marketing and administration purposes.

5.4. Processing of data for job applicants, current and former Invistech employees

5.4.1. Controller status: Invistech is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at info@invistech.com

5.4.2. Usage of information you provide to us during recruitment process: All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

5.4.3. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

5.4.4. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

5.4.5. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

5.4.6. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

5.4.7. We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

5.4.8. You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

5.4.9. Shortlisting: Our hiring managers shortlist applications for interview. They will be provided with your name or contact details. They will not be provided with your equal opportunities information if you have provided it.

5.4.10. Assessments: We might ask you to participate in assessment days; complete presentations or and/or to attend an interview – or a combination of both. Information will be generated by you and by us. For example, we will record interview notes. This information is held by Invistech.

5.4.11. If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

5.4.12. Conditional Offer: If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in Ireland and seek assurance as to their trustworthiness, integrity and reliability.You will therefore be required to provide:

● Proof of your identity – you will be asked to attend our office with original documents, we will take copies.

● Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.

● We will contact your referees, using the details you provide in your application, directly to obtain references

● If we make a final offer, we will also ask you for the following:

○ Bank details – to process salary payments

○ Emergency contact details – so we know who to contact in case you have an emergency at work.

5.4.14. If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.

5.4.15. If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the closure of the campaign.

● Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign.

● Equal opportunities information is retained for 12 months following the closure of the campaign whether you are successful or not.

6. Data that may be received from third parties and publicly available sources

6.1. Invistech Limited may receive data about you from third parties and publicly available sources in each case, in accordance with this privacy statement that we require in order to deliver our service to you or offer employment to you.

7. Data that may be collected automatically

7.1. To the extent that you use our services we may collect your data automatically, for example:

○ We may automatically collect some information about your visit to our Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

○ We may collect your data automatically via cookies, in line with our cookie statement and settings on your browser. For more information about cookies, and how we use them on the Website, see our Website Terms of Use and Cookie statement

8. Our use of data

8.1. Any or all of the above data may be required by us from time to time in order to provide you with the best possible experience when using our services as a client, customer or web visitor or employed by us as a member of our staff.

8.2. Specifically, data may be used by us in each case, in accordance with this privacy statement for the following reasons:

    1. The management and administration of our organisation;
    2. Facilitating the delivery of our services and or products;
    3. Human resources management;
    4. For compliance with legislation relevant to the organisation.
    5. For specific purposes such as, but not limited to, the following

● Employment

● Health and safety

● Payroll

● Consultancy purposes

● Service provision (hardware and telecoms) support

● Communicating cases with staff on hangouts

● For access to In2tel portal, Gmail / Google, Office 365 apps, as IT provider for customer

● For purchasing / payment invoicing

● For communicating a problem

● Finding an IT solution (login details for the customer and email contact)

● For website functionality

9. Who we share data with

9.1. We may share your data with the following organisations to deliver, maintain and improve our service in each case, in accordance with this privacy statement

    1. Any of our group companies or affiliates - we may share information with our processor Enguard who provides our data protection advice under contract.
    2. Our staff, consultants and/or professional advisors
    3. Third party service providers who provide services to us which require the processing of personal data
    4. Relevant authorities, by legal obligation such as An Garda Siochana or Revenue Commissioners.

9.2. Links to Other Website: This privacy notice does not cover the links within our website linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

10. Keeping data secure

10.1. We will use technical and organisational measures to safeguard your data, for example:

○ Our staff are governed by a strictly enforced data protection policy.

○ Our systems are configured, maintained and monitored to ensure the best possible technical measures we can achieve. These have been implemented to secure your data.

○ Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by contacting us.

11. Data retention

11.1. Unless a longer retention period is required or permitted by law, we will only hold your data on our systems for the period necessary to fulfil the purposes outlined in this privacy statement or until you request that the data be deleted.

11.2. Even if we delete your data, it may persist on backup or archival media for legal, tax or regulatory purposes.

11.3. All retention of personal data is regulated by our organisation’s Retention Schedule which is part of our Data Protection Policy.

12. Your rights

12.1. We will put you in control of your privacy with clear choices. We apply the following data protection principles to our data processing

Lawfulness, fairness and transparency: We will only process data as permitted by the law, in a fair manner. We will be transparent about data collection and use so that you can make informed decisions.

Purpose limitation: When we do collect data, we will use it to for purpose provided to benefit you and, to make your experience better.

Data minimisation: we will only process the minimum of data necessary

Accuracy: we will maintain accurate records

Storage limitation: we will only store data for the length of time required or as detailed by legislation.

Integrity and confidentiality (security): We will protect the data that you entrust to us via strong security and encryption.

Accountability: We will respect your local data privacy laws and fight for legal protection of your privacy as a fundamental right.

12.2. These principles form the foundation of Invistech’s approach to privacy and will continue to shape the way we build our products and services.

12.3 We must always have a lawful basis to process personal data, as set out in the data protection legislation. The legal bases for processing data, as detailed in Article 6 of the GDPR are consent, contract, vital interest, legitimate interest, public task or legal obligation.

12.4. Consent on our website: When you visit our website or fill our contact forms you are given the option to consent to the use of that information as set out in this statement. We will always communicate any changes made to our statement to ensure that you are always informed on how your information is used and why. You will find links to more information and controls so that you can make the right decisions for you.

12.5. Data privacy rights

12.5.1. Right to be informed: You have the right to be informed of how we process your data. We comply with this right through the issuing of this Privacy statement or other appropriate communications with data subjects on how their data is used.

12.5.2. Right to access The right to request copies of the information we hold about you at any time, or that we modify, update or delete such information. If we provide you with access to the information, we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

To invoke your right to access please complete our Subject Access Request form and return to us or write to us requesting access to your personal data mentioning “subject access request”. Where possible, we will provide the requested information to you within one month from the receipt of a valid request. if we cannot fulfill the request in that time we will inform you of the reason for the delay and new timeframe. To access the Subject Access Request Form please contact us.

12.5.3. Right to rectification: The right to have your data rectified if it is inaccurate or incomplete. To access Data Rectification Request form please contact us.

12.5.4. Right to erase: The right to request that we delete or remove your data from our systems.You also have the right to have the information erased if we do not have a legitimate reason for retaining this data. We will agree to any such valid requests within one month of receipt of a request in writing. To access Data Erasure Request form please contact us.

12.5.5. Right to restrict our use of your data: The right to "block" us from using your data or limit the way in which we can use it.

12.5.6. Right to data portability: The right to request that we move, copy or transfer your data.

12.5.7. Right to object: The right to object to our use of your data including where we use it for our legitimate interests.

12.5.8. Rights related to automated decision making and profiling. You have rights related to automated decision making and profiling, however this is not a type of processing activity that we as an organisation engage in.

12.6. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your data (where consent is our legal basis for processing your data), please contact us

By Post:

Data Protection,

Invistech Limited,

Unit 2, Airport East Business Park,

Farmers Cross, Kinsale Road, Cork.

By Email: dataprotection@invistech.com

By Phone 0818 911 365

12.7. We reserve the right to request you to provide additional information in order to enable us to identify your personal data / facilitate requests and/or to verify your identity.

12.8. The data controller will make every effort to comply with data subjects rights’ requests however there may be instances where we cannot fulfill the request of these rights above due to a legal obligation or restriction dictated by the current data protection or other relevant legislation. If we refuse a request from the data subject we will explain this to the data subject immediately and the data subject has the right to query this to the National Supervisory Authority.

12.9. The data subject has the right to refer their complaint to the relevant data protection authority which in Ireland is the Data Protection Commision, please find contact details below;

By Post:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

By Email: Info@dataprotection.ie

By Phone: +353 (0) 578 684 800

Web: www.dataprotection.ie

12.10. Children's Privacy Protection: We understand the importance of protecting children's privacy in the interactive online world. Our Website or recruitment is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16.

12.11. It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during the period for which it is held.

13. Transfers outside the European Economic Area

13.1. Data which we may collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA.

13.2. We also share information with our third party service providers, some of which are located outside the EEA.

13.3. We will only transfer data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data,

E.g. by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission, or by signing up to the EU-US Privacy Shield Framework, in the event that the organisation in receipt of the data is based in the United States of America.

13.4. To ensure that your data receives an adequate level of protection, we have put in place appropriate safeguards and procedures with the third parties we share your data with. This ensures your data is treated by those third parties in a way that is consistent with the data Protection Laws.

14. Changes of organisation structure and control

14.1. Invistech Limited may, from time to time, expand or reduce our organisation and this may involve the transfer of control of all or part of Invistech Limited.

14.2. Data provided by clients will, where it is relevant to any part of our organisation so transferred, be transferred along with that part. The new owner or newly controlling party will, under the terms of this Privacy statement, be permitted to use the data for the purposes for which it was originally supplied to us.

14.3. We may also disclose data to a prospective controller of our organisation or any part of it.

14.4. In the above instances, we will take steps to ensure your privacy is protected.

15. General

15.1. You may not transfer any of your rights under this Privacy statement to any other person.

15.2. We may transfer our rights under this privacy statement where we reasonably believe your rights will not be affected.

15.3. If any court or competent authority finds that any provision of this privacy statement (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy statement will not be affected.

15.4. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

15.5. This Agreement will be governed by and interpreted according to Irish Law. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the Irish courts.

16.Changes to this privacy statement

16.1. Invistech Limited reserves the right to change this privacy statement as we may deem necessary from time to time or as may be required by law.

16.2. You may contact Invistech Limited with any queries in relation to this privacy statement.

16.3. This is a live document, under regular review.

16.4. This policy was last updated 16th August 2019.