SALTIRE DATA PROTECTION SERVICES LIMITED TAKES YOUR PRIVACY VERY SERIOUSLY.
In this privacy policy we are going to tell you about:
- What personal data we collect about you;
- How we collect your personal data;
- How we use your personal data;
- The basis on which we use your personal data;
- Who we share your information with;
- How long your personal data will be kept;
- Transferring your personal data overseas;
- The steps we take to protect your personal data;
- The rights you have in relation to your personal data; and
- How to contact us about this policy.
Our use of your personal data is subject to your instructions, the General Data Protection Regulation (GDPR)), the Data Protection Act 2018 and other relevant EU and Irish legislation.
In this policy when we say “we” or “us” or “Saltire” we are referring to Saltire Data Protection Services Limited a limited company incorporated in the Republic of Ireland, registered number 648067 and having its registered office at 27/28 Herbert Place, Dublin, Republic of Ireland
D02 DC97.
Contact information is provided below under the heading How to contact us about this policy.
What personal data we collect about you We may collect information from you in the course of our business, including when you engage us to provide services, when you submit a complaint or dispute or other information to us where we are providing services to third parties as EU/EEA representative for such third parties (referred to in this policy as “European representative”), when you contact or request information from us, when you use our website or as a result of your relationship with one or more of our personnel and/or customers. The personal information we may collect about you includes:
- Contact/identity information such as your name, title, address (business and/or home), telephone number, mobile phone number, job title, name of employer, fax number, IP address and email address as well as information to enable us to check and verify your identity if appropriate.
- Service related Information information provided by you or by or on behalf of our customers or generated in the course of providing our services (which may include special category or criminal convictions data), information processed for relationship management and file opening procedures such as name, business information, identification and your relationship to a person and details of that third party’s relationship with you;
- Technical Information about your use of our communication and other systems and communications we send to you electronically; and
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, bank and building society details including security code numbers and other related billing information.
In general, you will be able to choose whether or not to provide us with your personal data. If you do not provide the personal data that we need to collect then this may affect our ability to provide the relevant services. If you do not provide personal data we ask for it may delay or prevent us from providing services to you or responding to you. We will advise you where this is the case.
How we collect your personal data
We collect most of this information from you:
- When you contact us in connection with the European representative services we provide to third parties;
- When you or your organisation use or contact us to provide European representative services;
- When you or your organisation make an enquiry for our services or otherwise engage with our personnel for business related purposes; and
- Where you or your organisation provide services to us.
We may also collect information from third party sources including:
- Credit reference agencies or government departments or agencies; and
- Third party organisations that you have or have had dealings with which may include services such as LinkedIn.
We may also collect information via our information technology (IT) and other systems, for example:
- Case management, document management and time recording systems;
- Automated monitoring of our technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so. This will be for one of the following reasons:
- To respond to information you have provided, a dispute or complaint you have raised or a question you have asked;
- For the performance of our contract with you or your organisations or to take steps at your request before entering into a contract;
- To comply with our legal and regulatory obligations;
- For our legitimate interests or those of a third party;
- For the establishment, exercise or defence of legal claims or proceedings; or
- Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
We may process special category personal data for the following reasons:
- Where you have given your explicit consent (which we understand you to have done if you contact us and provide the relevant information for the purposes of responding to your enquiry);
- For compliance with a legal or regulatory obligation;
- For the purposes of establishing, exercising or defending legal claims;
- Where it is in your vital interests; and
- Where you have made the personal data public.
There may be additional reasons which will be notified to you where they apply. When we refer to special category data we mean information such as race or ethnicity, religious beliefs, sexual orientation, marital status and health. Information about criminal convictions is also included within this type of data.
The basis on which we use your personal data
We have explained our reasons for using your personal data. We set out below more detail on the ways in which we use your personal data. We use your data:
- To deal with any complaints or disputes raised or questions asked;
- To provide European representative services to you/our customers;
- To ensure the confidentiality of commercially sensitive information;
- To manage and administer your or your organisation's business relationship with Saltire, including use for the purposes of processing payments, accounting, auditing, billing and collection and other support services;
- To conduct checks to identify our customers and verify their identity;
- To screen for financial and other sanctions or embargoes, including credit reference checks with credit reference agencies;
- To comply with professional, legal and regulatory obligations that apply to our business;
- Where necessary to gather and provide information required by or relating to audits, enquiries or investigations by enforcement authorities, regulatory bodies, courts, tribunals and government agencies;
- To ensure business policies are adhered to, e.g. policies covering security and to prevent unauthorised access and modifications to systems;
- For operational reasons, such as ensuring safe working practices, improving efficiency, risk management, training, staff assessment and quality control;
- To update and enhance customer records;
- For insurance purposes; and
- To identify those who are authorised to deal with Saltire on behalf of our customers, suppliers and/or service providers.
Managing our business
In relation to a number of uses of personal data we refer to above we are using such personal data on the basis that it is in our legitimate interests or those of a third party for us to do so. These interests cover a number of aspects of our business operations, namely:
- To allow us to respond to a dispute or complaint you have raised or a question you have asked;
- Ensuring that we are as efficient as we can be so we can deliver the best service for our customers at the best price;
- To allow us to provide bespoke services where requested by our customers;
- Protecting our commercially valuable information and also our intellectual property;
- Preventing and detecting fraud and/or criminal activity that could be damaging for us and for our customers;
- For credit control purposes and to make sure our customers can pay for the services we provide;
- For the purposes of risk management and to maintain our accreditations so we can demonstrate we operate to the highest standards; and
- Ensuring we are able to keep up to date with our customers and contacts and developments in their organisations.
Who we share your personal data with
We share personal data with our processors where required for the purpose of providing our services including administrative, billing and other business-related purposes. We shall maintain a list of the types of processors we engage. Any questions about processors engaged by us should be sent to our Head of Privacy.
We also routinely share personal data with:
- With our customer(s) - if we have collected your personal data in the course of providing European representative services to any of our customers, we may disclose it to that customer, and to others in the proper course of our duties or as required or permitted by law;
- Professional advisers acting on behalf of you or our customers , e.g. Law firms for the purposes of obtaining legal advice, barristers (https://www.barcouncil.org.uk/privacy-statement/) or advocates (http://www.advocates.org.uk/legal-notices), other legal specialists (including mediators);
- Other third parties where necessary, e.g. the Data Protection Commissioner or other relevant government departments or agencies;
- Companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies, fraud prevention agencies and regulatory bodies with whom such personal data is shared;
- Our insurers and brokers, external auditors, banks and other third parties which provide services to us to allow us to fulfil our regulatory obligations and for risk management purposes;
- Regulators, courts, law enforcement authorities, lawyers or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process or to comply with our legal and regulatory obligations; and
- Third parties for the purposes of collecting your feedback on our service provision, to help us measure our performance and to improve and promote our services.
Other than as set out above, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Personal data about other people which you provide to us
If you provide personal data to us about someone else (such as one of your directors or employees, a member of your family, personnel of our customers or someone with whom you have business dealings) you should ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this privacy policy.
If you are employed by a business or organisation which is a customer of Saltire or if you are a director, officer, partner, shareholder or member of such a business or organisation, we may use your personal data information in the course of providing services to that customer.
How long your personal data will be kept
We will hold your data for as long as is necessary for the purposes set out in this privacy policy. Different retention periods apply for different types of data. We have in place a retention policy which sets out the different retention periods for the types of information we hold.
The retention periods we apply take account of:
- The nature and sensitivity of the personal data;
- Legal and regulatory requirements and guidance;
- Limitation periods that apply in respect of taking legal action;
- The purposes for which we process your personal data; and
- The operational requirements of our business.
Where applicable, these retention periods may be extended where we retain personal information for compliance with legal or regulatory obligations or for the purpose of dealing with complaints and/or legal claims.
Updating personal data about you
We also need to know that your contact information is accurate and up to date so please advise of any changes on eurep@saltiredataprotection.com. You should also use this email address if you want to cancel any request you have made to us or you become aware of any inaccuracy in the contact information we hold about you.
Transferring your personal data out of the European Economic Area
Other than as outlined below we do not, as a matter of course, transfer personal information to third countries or international organisations. However to deliver services to our customers, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA).
Transfers outside the EEA are subject to special rules. Where we do make such transfers, we will mostly rely on derogations which are permitted in terms of the GDPR, for example that the transfer is necessary for the establishment, exercise or defence of legal claims, or to perform a contract with you or another contract which is in your interests. Occasionally, the transfer may be with your explicit consent. Where we do not rely upon a derogation then depending on which country is involved, there may be an "adequacy decision” in place which would allow us to transfer to that jurisdiction.
Where none of these apply then we will implement appropriate safeguards to ensure that the transfer complies with applicable European data protection law and that all personal data will be secure. Where we make such transfers in respect of your personal data we can provide you with further information on these safeguards. Please contact our Head of Privacy for further information.
The steps we take to protect your personal data
We will take appropriate technical and organisational measures to keep your personal data confidential and secure. We have appropriate security measures in place which take account, in particular, of the risks arising from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
The rights you have in relation to your personal data
You have the following rights, which you can exercise free of charge: You can ask us to:
- Tell you how you data is being used;
- Provide a copy of your personal data;
- Correct any mistakes in your personal data;
- Delete your personal data - in certain situations;
- Restrict processing of your personal data - in certain circumstances, e.g. if you contest the accuracy of the data; and
- Provide you with a copy of the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transfer that data to a third party - in certain situations.
You can object:
- At any time to your personal data being processed for direct marketing (including profiling);
- In certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of those rights, please email us on eurep@saltiredataprotection.com.
Your objection (or withdrawal of consent) may mean we cannot perform the services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
You also have the right to complain to the supervisory authority in the part of the EEA where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Ireland is the Data Protection Commissioner who may be contacted at https://forms.dataprotection.ie/contact.
We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commissioner so please contact us in the first instance.
How to contact us about this policy
Please contact us if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Head of Privacy Saltire Data Protection Services Limited
27/28 Herbert Place
Dublin
Republic of Ireland
D02 DC97
Email: eurep@saltiredataprotection.com
We update this policy from time to time.
Please check the website at saltiredataprotection.com for the latest version.
Policy last updated on 5 May 2023.