DATA PROTECTION POLICY
Manzor Marketing must comply with the requirements of the General Data Protection Regulation (GDPR) and the relevant Irish legislation, namely the Data Protection Acts of 1988 – 2018. Through the course of our work we collect and use personal data relating to current, former and potential clients, service users, customers, suppliers, business contacts, and employees (referred to as ‘you’, ‘data subjects’).
The purpose of this policy is to set out how Manzor Marketing seeks to protect personal data and to ensure that its data handlers understand the rules governing how they use the personal data to which they have access during the course of their work.
Manzor Marketing (referred to as ‘we’, ‘us’, ‘our’) is the Data Controller.
We reserve the right to amend this policy from time to time without prior notice. However, we will bring any material amendments to your attention and amendments will not be made retrospectively.
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This states that the personal information we hold about you must be:
(1) Used lawfully, fairly, and in a transparent way. Manzor Marketing will do this in the following way:
- Where possible, your informed consent will be sought before your data is processed.
- Where it is not possible to seek consent, we will ensure that the collection of the data is justified under one of the other lawful processing conditions – legal obligation, the performance of a contract, legitimate interest.
- Where we intend to record activity on CCTV, a fair processing notice will be posted in full view.
- Processing of the personal data will be carried out only as part of our lawful activities, and we will safeguard your data protection rights.
- Data Subject’s data will not be disclosed to a third party other than to a party contracted by us and operating on our behalf.
(2) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. Manzor Marketing will:
- Only obtain data for purposes that are specific, lawful, and clearly stated. As a data subject, you have the right to question the purpose(s) for which we hold your data, and we will clearly be able to state the purpose(s).
- Ensure that the use of your data is compatible with the purposes for which the data was acquired.
(3) Accurate and kept up to date. We ask that you notify us if any of your personal details have changed. Manzor Marketing will take the following actions to ensure your personal data is accurate:
- Put processes in place for regular assessments of data accuracy.
(4) Minimized. The principle of data minimization means that data collection, storage, and usage should be relevant, adequate, and absolutely necessary.
- We will only collect, store and use data about you that is required.
(5) Stored for a limited period only.
- We have identified an appropriate retention period for all categories of data we hold. Some of these retention periods are statutory requirements. Once the respective retention period has elapsed, we undertake to destroy, erase or otherwise put this data beyond use.
- Further information is available in our Data Retention Policy.
(6) Kept Securely. We employ a range of security measures to protect against unauthorized access to, or alteration, destruction, or disclosure of any personal data held by us and our data processors.
- Access to and management of personal data records is limited to those staff members who have appropriate authorization and password access.
- Secure internet connections, firewall, encryption, antivirus software, physical access protection, logical access control, CCTV, staff training, secure data storage, and transfer.
We collect data from a variety of data subjects. As part of our daily organizational activities, we process the personal data of prospective, current, and former:
- Customers/Clients/Service Users
- Employees (see note below)
- Business Contacts
Note: Information relating to the processing of employee data is addressed in a separate policy ‘Employee Data Protection Policy’.
THE PERSONAL DATA WE COLLECT
We may process the following personal data in relation to data subjects:
- Personal contact details e.g.name, address, contact number, email address
- Job title
- Application forms
- Marketing preferences
- Contracts of engagement
- Financial data – Cheque (Bank details)
- IP address
- Click data
- Monitored email/phone calls
- Log in information
- Time / Dates of attendance (visitor logs)
- CCTV images and footage
WHY WE PROCESS PERSONAL DATA
The purpose and method by which we process your personal data may vary depending on our relationship with you. The primary purposes we use personal data are:
- Provision of products and/or services
- Responding to inquiries, complaints, and feedback
- Sending circulars e.g. ezines, subscriptions
- Processing transactions and invoices
- Research and analysis
- Training and information security e.g. quality checking.
- Provide marketing information in accordance with your preferences.
- Manage business operations in line with internal policies and procedures.
- Respond to requests for data access, correction, and other personal data rights.
- Comply with applicable laws and regulatory obligations e.g. tax, health and safety, and legal obligations.
- Establish and defend legal rights to protect the business.
HOW WE COLLECT PERSONAL DATA
We may collect your data in a variety of ways. The majority of the data we collected will be provided directly by you. Other data may be obtained through third parties for example.
PERSONAL DATA PROVIDED BY YOU ABOUT OTHERS
You may provide us with personal data about other individuals, for example, marketing referrals.You should inform the relevant person that you are providing their contact details to us as a marketing referral.
THIRD PARTIES WITH WHOM WE SHARE PERSONAL DATA
As part of our role as Data Controller, we engage a number of Data Processors to assist in the smooth running of our business. This may involve the processing of personal data. In each case, a formal, written contract is in place with the Processor, outlining their data protection obligations, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with the Irish data protection legislation.
For some processing activities, we are required to disclose data to 3rd parties who are not data processors acting on our behalf or data controllers on whose behalf we are working. These categories of recipients include:
- Tax Authorities (e.g. Irish Revenue Commissioners)
- Law enforcement (where required for the investigation, detection, or prosecution of criminal offenses)
TRANSFERS OUTSIDE OF THE EEA
From time to time Manzor Marketing may make use of services provided by 3rd parties which may necessitate the transfer of personal data outside of the EU/EEA. In these instances, we will choose providers who process data on the basis of:
- EU/US Privacy Shield
- Model Contract Clauses
- An Adequacy Decision from the European Commission
YOUR DATA PROTECTION RIGHTS
A data subject has various rights under data protection law, subject to certain exemptions, in connection with the processing of personal data
- Right to access your data – the right to request a copy of the personal data that,
- together with other information about the processing of that personal data (Subject Access Request).
- Right to rectification – the right to request that inaccurate data is corrected, or incomplete information is completed.
- Right to erasure – the right to request the deletion of personal data.
- Right to restriction of processing or to object to processing – the right to request that
- personal data be no longer processed for a particular purpose, or to object to the processing of personal data for particular purposes.
- Right to data portability – the right to request a copy of personal data be provided to the data subject or a third party in a structured commonly used machine-readable format.
In order to exercise any of the above rights, please contact the Data Protection Manager in writing.
If there is ever a data breach including any loss, destruction, alteration, or unauthorized disclosure of personal data, we will adhere to our Data Breach Policy and follow the steps outlined in our Data Breach Procedure.
HOW LONG WE WILL KEEP YOUR DATA
We will only store your data for as long as is necessary. For the purposes described here, we will store your data in accordance with Manzor Marketing Retention Schedules.
IF YOU DECIDE NOT TO PROVIDE PERSONAL DATA
We require certain information from you in order to deliver our service e.g. your address etc. If you do not provide the personal data that we request from you it may hinder our ability to provide an effective service to you.
QUESTIONS & COMPLAINTS
Questions about how your personal data is processed can be forwarded to the Data Protection Manager. Any complaints in connection to the processing of your personal data should be forwarded to the Data Protection Manager.
As a data subject, you also have the right to lodge a complaint with the Data Protection Commissioner if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found on the Data Protection Commission’s website (www.dataprotection.ie) or by phoning 1890 252 231.