Privacy Statement

 

This Privacy Statement is effective as of 20/09/2020.
Please note that this Privacy Statement will be updated regularly to reflect any changes in the way we handle your personal data or any changes in applicable laws. The following statement applies to Arkphire Ireland Limited and all entities within the Arkphire Group. 

About Us

Arkphire Ireland Limited
Unit 1A, Sandyford Business Centre,
Sandyford,
Dublin 18,
D18 RX65
Ireland

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who interacts with us and will only collect / use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”)

What Does This Statement Cover?

This Privacy Statement describes how Arkphire collects, uses, processes, and shares the personal information that we collect from you, or that you provide to us. It also explains your rights under the law relating to your personal data.

What Is Personal Data?

Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, location data, and other online identifiers.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Statement should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided below.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of Data Protection Commission.

What Personal Data Do We Collect?

We collect and hold some or all of the personal data for each of the purposes as set out in the table below:

What We Do?

Categories of personal data

Collecting your data when requesting further information from us including our website, newsletters, web forms for the purpose of marketing

Name, organisation details, contact details

Collecting data about how you use our systems (including the use of our websites, apps or any tools) to improve services to you

Cookies or similar tracking technologies, log data, which may include your IP address, time of access, use of site, referring URL etc.

Marketing our products and services to you (unless you object)

Name, organisation details, contact details, identifiers

Ensuring the security of company property and staff e.g. CCTV

video footage

Managing our contractual obligations as an IT service provider

Name, organisation details, contact details, identifiers, records of interaction, contracts, financial details

Employment / recruitment

Managing our contractual obligations as an employer

Name, Contact details, Pension details, tax details, work details, Bank details, Insurance, social security numbers or national identifiers, marital/civil status, dependents, education, employment history

Perform administrative functions (e.g. expenses, benefits)

Banking and other relevant financial details we need for payroll/benefits purposes.

Processing personnel files for career management (including performance, training etc. )

Name, contract details, training requirements, performance

Perform any legally required reporting and respond to legal process related to your employment

Social security, citizenship, passport data, and details of residency or work permit

Manage applications from prospective employees

Contact details, Background check, performance details, references, CV including photographs, training programs certs, driver’s license, assessment information

 

What Is Your Legal Basis For Processing?

Under the GDPR, we must always have a lawful basis for using your personal data. The following table describes how we will use your personal data, and our lawful bases for doing so: 

What We Do?

Lawful Basis

Collecting your data when requesting further information from us including our website, newsletters, web forms for the purpose of marketing

Justified on the basis of consent given by the data subject

Collecting data about how you use our systems (including the use of our websites, apps or any tools) to improve services to you

Justified on the basis of consent given by the data subject

Marketing our products and services to you (unless you object)

Justified on the basis of consent given by the data subject or on the basis of our legitimate interests

Ensuring the security of company property and staff e.g. CCTV

Justified on the basis of our legitimate interests

Managing our contractual obligations as an IT service provider

Necessary for the performance of a contract

Employment / recruitment

Managing our contractual obligations as an employer

Necessary for the performance of a contract

Perform administrative functions (e.g. expenses, other benefits)

Necessary for the performance of a contract

Processing personnel files for career management (including performance, training etc. )

Justified on the basis of our legitimate interests

Perform any legally required reporting and respond to legal process related to your employment

Necessary for the compliance with a legal obligation to which we are subject

Manage applications for prospective employees (recruitment)

Justified on the basis of our legitimate interests for ensuring that we recruit the appropriate employees or on the basis of your consent

 

Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms.

Processing personal data for Marketing

With your permission and/or where permitted by law, we will use your personal data for marketing purposes, which may include contacting you by email AND/OR telephone with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose.

If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

Sources of marketing data
The bulk of the personal data we collect and use for marketing purposes relates to individuals employed by our clients and other companies we work with. We may also obtain contact information from public sources, including content made public on social media sites, to make an initial contact with a relevant individual.

Customer Relationship Management (CRM) database
Like most companies, Arkphire has customer relationship management (CRM) database to manage and track our marketing efforts. Personal data used for this purpose includes contact data, publicly available information such as social media posts, your responses to targeted mailing, web activity of registered users. If you wish to be excluded from our CRM databases, please contact us.

Do you Transfer or Share My Personal Data?

We may contract with a third party to support us in what we do as described. In some cases, those third parties may require access to some or all your personal data.

For example, we may share personal data with third parties that provide services to us such as billing, advertising and marketing services, payment processing, customer service, email deployment, security and performance monitoring, maintaining or servicing accounts, processing or fulfilling orders and transactions, verifying customer information, research, data hosting, web hosting, auditing and data processing;

We are careful only to share the information that is necessary for the purposes described. Any third party who receives this information is bound by a contract with Arkphire setting out their obligation in relation to your data as required per Article 28 of the GDPR.

Arkphire takes strong measures to help protect your data from inappropriate access or use by unauthorized persons. We take all necessary steps to ensure that your data will be given adequate protection as required under the GDPR and Arkphire’s own internal policies.

Unless stated otherwise, transfers of personal data from within the European Economic Area (EEA) to third parties outside the EEA are based on an adequacy decision or are governed by the standard contractual clauses (SCC). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

How Long Will You Keep My Personal Data?

We will retain your personal data only for as long as necessary for the purposes outlined above related services provided to you, to comply with our legal obligations, resolve disputes, and enforce our agreements.

We maintain specific records management and retention policies and procedures, so that personal data is deleted according to the following retention key criteria:

  • As long as we have an ongoing and active relationship with you (in particular, if you have a contract with us).
  • As long as we have your consent keeping you informed.
  • As long as it is needed in order to comply with our global legal and contractual obligations.

If you wish to obtain further information on this, please contact us on privacy@arkphire.com

How do you keep my data secure and confidential?

We are committed to ensuring that your information is secure with us and with any third parties who may act on our behalf. We have a number of security precautions in place to prevent the loss, misuse or alteration of your information.

All staff working for Arkphire have a legal duty to keep information about you confidential and all staff are aware of information security and confidentiality.

We hold an ISO27001 certification, which validates that we adhere to the highest and strictest information security standards. This is a security standard awarded and audited by an independent organisation - Certification Europe. ISO27001 is the only auditable international standard that defines the requirements for an Information Security Management System ("ISMS").

The security of your personal data is essential to us, and to protect your data, we take a number of important measures defined in our strict security policies, including the following:

  • limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality
  • procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Data Protection Commission’s Office when we are legally required to do so
  • regular penetration testing performed by a third-party provider, which continues to ensure the strength of our technical defences
  • training for staff in data protection policies and procedures

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of your personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown below.

There is normally no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

Email: privacy@arkphire.com

Postal Address:
Arkphire Ireland Limited,
Unit 1A, Sandyford Business Centre,
Sandyford 
Dublin 18
D18 RX65
Ireland