Chalmin Data Protection and Business Consultancy Ltd trading as Chalmin Data Privacy is committed to protecting and respecting your privacy. This Privacy Notice (the “Privacy Notice”) sets out the basis on which any personal data we collect from you or that you provide to us, or that is provided to us relating to you (“Data”) by any means will be processed. Please read the following carefully to understand our use of personal data. Please note that the Privacy Notice relates only to living individuals in relation to personal data relating directly to themselves, and not to persons in any other capacity.
For the purpose of the Data Protection Acts 1988 and 2003 (as amended) and from 25 May 2018, the General Data Protection Regulation (the GDPR) (the Acts) Chalmin Data Protection and Business Consultancy Ltd trading as Chalmin Data Privacy of 3003 Euro Business Park, Little Island, Cork is both the Controller and Processor of Data.
Our data protection contact may be contacted at firstname.lastname@example.org
Information we may collect from you
We collect Data from you which you volunteer when you provide such Data to us, or via our services with which you interact. We may also be given other Data relating to you by other persons, or we may obtain such other Data about you as may be provided to us in the course of our legitimate business activities.
We may collect and process Data, including the following in the course of providing services to you, which could contain your personal data:
Your full name; your address; your various email addresses; your various phone numbers including mobile phone number; financial information about you, including your bank account details, credit card details, debit card details or other payment details, details of contracts you have entered with third parties for us to provide services to you, details of your driving licence, details of your passport and all other Data which you ask us to process on your behalf, or which is necessary for us to process in order for us to fulfil our role as providing a service to you.
We may also process other data, which is not personal data.
When you access our website your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.
What information about you do we obtain from others?
When you use our e learning platform, we may obtain the following categories of personal data from others:
E mail address and name from your Employer to enable you to take the online course and for us to issue the Certificate for training records.
Security and where we store your Data
We are committed to protecting the security of your Data. We use a variety of security technologies and procedures to help protect your Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Data for their own purposes. Non-EEA countries may not provide an adequate level of protection in relation to processing your personal data. By submitting your data, you agree to this transfer, storing and processing. The sharing, storage and processing of your personal data/ information will predominantly take place within the EEA.
Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to us. Any transmission of data is at your own risk. Once we receive your Data, we use appropriate security measures to seek to prevent unauthorised access.
Uses made of your Data
We use your Data that we hold to:
- In our legitimate interest of advertising our services, provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes (our list of services below);
- carry out our obligations arising from any contracts entered into between you and us;
- comply with legislation; and/or
- notify you about changes to our services.
List of services
We provide data privacy and data protection business solutions and consultancy services and e learning and training programs.
We may use your data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your Data in this way, please notify us to that effect. You can contact us as set out at the end of this Privacy Notice.
We keep your Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Data to provide this service to you, you can request that we erase your Data and close your account with us. Please note that if you request the erasure of your Data:
- We may retain some of your Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
- We may retain and use your Data to the extent necessary to comply with our legal obligation. For example, we may keep some of your information for legal reporting purposes and audit purposes.
- Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Data may not be removed from our backup systems for a limited period of time.
Disclosure of your information
We may disclose your Data to third parties who provide a service to us or in the event that we sell or buy any business or assets, in which case we may disclose your Data to the prospective seller or buyer of such business or assets or if we are under a duty to disclose or share your Data in order to comply with any legal obligation, or to protect our rights, property, or safety of staff or customers. Currently we disclose your Data to the following providers.
We may share your personal data with provide you with our services. For example, our web hosting provider and our IT service providers.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii)you ask us to share your information
- Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and / or court orders
- Service providers who provide us with marketing including, Wi Fi services, website and online platforms, and subcontractors who provide a service to us, and sub processors.
We attach at Schedule 1 a list of all entities with whom your personal data is shared.
Some jurisdictions may not have adequate safeguards for the protection of personal data, and where this is the case, we comply with Chapter 5 of the General Data Protection Regulation (“GDPR”) to provide an alternative method of safeguarding your personal data.
Do we transfer your information outside the European Union or European Economic Area?
We will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools. Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of:
- Model Contract Clauses(SCC)
- An Adequacy Decision from the European Commission.
We do not conduct profiling.
Where we process your Data based only on your consent, you may withdraw your consent.
You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Data. In Ireland the Data Protection Commission is the supervisory authority.
In circumstances where the provision of your Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Data whether the Data is a required field, and the consequences of not providing the Data.
Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any data to those websites.
As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Data. These rights apply in certain circumstances and are set out below:
- The right to access data relating to you (‘access right’).
- The right to rectify/correct data relating to you (‘right to rectification’).
- The right to object to processing of data relating to you (‘right to object’).
- The right to restrict the processing of data relating to you (‘right to restriction’).
- The right to erase/delete data relating to you (i.e. the “right to erasure”) and
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by contacting email@example.com. You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie
Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
If you are receiving marketing from us, you may opt out. If you no longer wish to be contacted for marketing purposes, please contact us as set out at the end of this Notice to request to “opt out” of marketing.
We may need to collect the following information, as it is necessary for the adequate performance of the contract with you and to comply with applicable law (such as anti-money laundering regulations). Without it, you will not be able to use payment services:
- Payment Information. When you use our payment services, we require certain financial information (like your bank account or credit card information) in order to process payments and comply with applicable law.
- Identity Verification and Other Information. We may require identity verification information (such as images of your government issued ID, passport, national ID card, or driving license) or other authentication information, your date of birth, your address, email address, phone number and other information in order to verify your identity, provide the payment services to you, and to comply with applicable law.
We use the payment data collected to:
- Enable you to access and use the payment services.
- Detect and prevent fraud, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations (such as anti-money laundering regulations).
- Enforce the payment Terms and other payment policies..
- With your consent, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences.
Our payments section processes this information given our legitimate interest in improving the payment services and its users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
Changes to this Privacy Notice
We reserve the right to change this Privacy Notice from time to time in our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to this Privacy Notice as modified.
Questions, comments, requests and complaints regarding this Privacy Notice and your Data we hold are welcome and should be addressed to us at Privacy Compliance Co-Ordinator at firstname.lastname@example.org
All requests will be dealt with promptly and efficiently.
This Privacy Notice is effective from 22nd July 2020
We have set out below a list of third parties with whom we share your data.
|Third party name||Description of services provided|
|Microsoft||Cloud Service Providers|
|iSeek Internet Solutions||Webhosting|
|Cuddy O’Leary and Foley||Payroll|
|Compunet||IT Service Providers|