Privacy Statement
Terms of Service, Privacy & Data
PRIVACY NOTICE
Parker Stewart Ltd.
9 Pembroke Street
Dublin 2 D02KR83
INTRODUCTION
1.1 Parker Stewart (‘we’, ‘us’, ‘our’) are strongly committed to protecting your Personal Data. This Privacy Notice applies to your use of the website: www.parkerstewart.ie (the “Site”) and sets out how we collect, use and protect your personal data. If you do not agree with the data practices described in this Privacy Notice, please do not use the Site.
1.2 This Notice (“Notice”) has been developed to ensure our users feel confident about the privacy and security of personal data and to meet our obligations under the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (the “Data Protection Law”). Under Data Protection Law, personal data is information that identifies you as an individual or is capable of doing so (“Personal Data”).
1.3 We must comply with the data protection principles set down in the Data Protection Law and this Notice applies to all personal data collected, processed and stored by us through your use of the Site.
1.4 For the purposes of Data Protection Law, we are the data controller of your Personal Data. You will find our contact details in the “Contact us” section below.
WHAT KINDS OF PERSONAL DATA DO WE COLLECT?
2.1 We receive and store any information you enter on the Site or give us in any other way, including when registering for an account, uploading your CV, applying for jobs, viewing a listing, as well as provided in your comments and requests.
LEGAL BASIS FOR PROCESSING
3.1 Given the varied functionality of each Site we rely on the following legal basis under
Data Protection Law in processing your Personal Data:
Legal Basis Example
performance of a contract If you register or create an account, subscribe to a mailing list or apply for a role via a Site we will process your Personal Data to the extent required to deliver the service requested.
10778157.3 1
compliance with legal obligations We may need to disclose your identity
and other Personal Data to comply with a request from law enforcement, An
Garda Síochána / PSNI, police or other government agencies or court order.
Legitimate interests We may disclose your identity and other relevant Personal Data in connection with any complaint regarding your use of a Site. This is necessary in order to protect us from any liability in relation to your use of a Site.
HOW WE GATHER DATA AND PERSONAL DATA
4.1 We gather Personal Data from your use of a Site (for example, creating a user profile, posting content of comments that contains Personal Data) and through your interaction with us (for example, when you contact us via email or through the Site).
HOW WE MAY USE YOUR PERSONAL DATA
5.1 Except as disclosed in this Privacy Notice, we will not disclose Personal Data that we collect to any parties other than those with whom we partner or are affiliated with, without your consent. Except as disclosed below, we will not sell, share, trade, rent, or give away your Personal Data.
Information you provide
5.2 We may use your Personal Data to process any requests made by you (for example, by contacting a Company on your behalf following your application for their vacancy), respond to your inquiry, and communicate with you in respect of job applications when necessary. We may also use information you provide to communicate with you about your interest in our events and our company, to help us improve, operate and enhance your experience on the Site, to promote our events, notify you about important functionality changes to the Site, new services, and special offers we think you will find valuable, to tailor advertisements, content, and other aspects of your experience on and in connection with the Site, for other administrative purposes, to prevent or detect abuses of our terms of use, and to enable third-parties to carry out technical or other functions on our behalf as well as any other purpose that we may disclose to you at the point at which we request your Personal Data. We may combine non-personal information that you provide with supplemental information (including mailing address updates and demographic data) that we obtain from public sources or reputable third-parties. Information combined with personally identifiable information becomes, and is treated as, Personal Data under this Privacy Notice.
5.3 If you contact us via the Site, or in any other way, we may retain the correspondence and the information it contains, such as:
10778157.3 2
your name
e-mail address
the reason for contacting us
We may use the information to:
respond to your inquiry to notify you of related job opportunities for marketing purposes
When you contact us, we will request your affirmative, positive consent to use your contact information for marketing or other business purposes. In the event you do not consent to the use of your contact information for marketing or other business purposes, your data will not be used for those purposes. If you provide your consent but subsequently do not wish to receive notifications about related opportunities, or otherwise want to restrict the use of information you provide to us, please follow the instructions on any marketing correspondence or send us an e-mail at the address listed below.
Do we disclose Personal Data to anyone else?
5.4 We shall disclose your information to third parties only when you have authorised us to do so, it is necessary as part of business practices or when there is a legal or statutory obligation to do so. Whenever we disclose information to third parties, we will only disclose that amount of personal information necessary to meet such business need or legal requirement. Third parties that receive your information from the us must satisfy us as to the measures taken to protect the personal data such parties receive, in accordance with Data Protection Law and as stated in this Privacy Notice. Appropriate measures will be taken to ensure that all such disclosures or transfers of your information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
5.5 We may employ other companies and individuals to perform functions on our behalf, including marketing, and providing analytics assistance. From time to time, we may also share Personal Data or non-personally identifiable information with third-parties that we have engaged to perform certain services in connection with the operation of certain aspects of the Site, including to customize, deliver, measure, analyse, improve and support our services, content, advertising and layout, your interaction with those aspects, and to deliver more relevant messages and advertisements to you. These third-party service providers are authorised to use Personal Data only as needed to perform their functions on our behalf and are required to maintain the security of your personal information.
5.6 We may also change our ownership or corporate organisation while providing the Site. As a result, we may transfer your information to another company that is affiliated with us, with which we have merged, or which has acquired all or some of our assets. We will advise you if such a change of ownership or change of corporate structure takes place and we will update this Privacy Notice accordingly.
10778157.3 3
5.7 We may provide information, when obliged to do so under the Data Protection Law and in response to properly made requests, for example, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with the Data Protection Law.
5.8 We may also provide information when required to do so by law, for example under a court order, and may transfer data to legal counsel where same is necessary for the defense of legal claims.
5.9 We may also disclose your identity or any Personal Data in connection with any complaint regarding your use of the Site.
HOW LONG DO WE KEEP PERSONAL DATA?
6.1 The period for which we retain information varies according to the use of that information. In some cases, there are legal requirements to keep data for a minimum period of time. Unless specific legal requirements dictate otherwise, we will retain information no longer than is necessary for the purposes for which the data were collected and processed (as described above).
HOW DO WE PROTECT DATA ABOUT YOU IF IS TRANSFERRED OUT OF EUROPE?
7.1 Our Site is published in Ireland and is governed by Data Protection Law and Irish law.
7.2 Some websites transfer data outside of the EEA for a number of purposes (for example, for storage purposes). We do not transfer any Personal Data outside of the EEA for any purpose.
7.3 If this changes at any point in the future, this Privacy Notice will be updated to take account of this change. Note that in this event, any transfer of Personal Data outside of the EEA shall be made through transfer mechanisms approved or allowed for under Data Protection Law and we shall take all necessary steps to ensure that there is adequate protection, as required by Data Protection Law.
HOW YOU CAN EXERCISE YOUR RIGHTS IN RESPECT OF PERSONAL DATA WE HOLD ABOUT YOU
Your rights
8.1 We shall vindicate all your rights under Data Protection Law. These rights are as follows:
Your right to withdraw your consent to the processing of Personal Data at any time
your right to request from us access to personal data and to have any incorrect personal data rectified
10778157.3 4
your right to the restriction of processing concerning you or to object to processing
your right to have your personal data transferred to another service provider
your right to have personal data erased (where appropriate)
information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance and its envisaged consequences
Vindication of your rights shall not affect any rights which we may have under Data Protection Law.
Exercising your rights, managing information and opting out
8.2 You may update or change information related to you by sending us an e-mail at ciaran.bergin@parkerstewart.ie. You may always opt-out of receiving future commercial e-mail messages from us or request that your information be removed from our Site by e-mailing us at the address provided above. You may also unsubscribe from our marketing communications by sending us an e-mail.
8.3 You can update or correct your Personal Data, remove it from our system or exercise any of your rights by making a request to us at the contact information provided below. If for some reason access is denied, we will provide an explanation of why access has been denied.
8.4 We will confirm your request within 21 days of receipt, and process your request within 30 days of receipt.
HOW DOES THE SITE PROTECT PERSONAL INFORMATION ABOUT YOU?
9.1 We employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard Personal Data against loss, theft and unauthorised uses access, uses or modifications. Security and testing are performed on systems containing personal data to verify control effectiveness. Security of these systems are monitored continuously.
9.2 When you make requests on the Site, we offer the use of a secure server. Personal information collected on the Site is stored in secure operating environments. Secure Sockets Layer (SSL) software encrypts all information you input before it is sent to us. While we try our best to safeguard your information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
10778157.3 5
HOW CAN YOU MAKE A COMPLAINT ABOUT THE USE OF PERSONAL DATA?
10.1 Complaints on the use, retention and disposal of personal data can submitted via email to ciaran.bergin@parkerstewart.ie
10.2 As a user of the Site you also have the right to lodge a complaint with the Data Protection Commission.
REVIEW
11.1 This Notice will be reviewed and updated from time to time to consider changes in the law and the experience of the Notice in practice. Any and all changes will be advised to customers and, if necessary, we will obtain your consent prior to applying any changes to any Personal Data collected from you prior to the date the change becomes effective. Your continued use of our Site after such changes will be subject to the then-current Notice. We encourage you to periodically review this Privacy Notice to stay informed about how we collect, use, and disclose personal information.
CONTACT INFORMATION
12.1 If you have questions about this Privacy Notice or our treatment of the information provided to us, please contact us at:
Name:
Parker Stewart
c/o Connect Recruitment
Address:
Redleaf House, Townspark, Longford, Co Longford, N39 D8K7
Phone:
043 333 1600
E-mail: Ciaran.Bergin@ParkerStewart.ie
DATA SHARING AGREEMENT
relating to the provision of recruitment services by
Connect Recruitment Resources Ltd
Parker Stewart is a provider of services in the field of recruitment; including but not limited to recruitment consultancy, introduction services, provision of labour hire, payroll services and advertising services.
1. INTERPRETATION
1.1 Defined Terms: In this Agreement:
“Data Protection Acts” means the Data Protection Acts 1988 and 2003 as amended, revised, modified or replaced from time to time;
“Data Protection Commissioner” or “DPC” means the data protection authority for the time being in the territory of Ireland;
“Data Protection Directive” means EU Data Protection Directive (95/46/EC of the European Parliament and of the Council of 24 October 1995) on the protection of individuals with regard to the processing of personal data and on the free movement of such data as amended, revised, modified or replaced from time to time;
“Data Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Data.
“Data Subject Access Request” or “DSAR” has the same meaning as the “Right of access” in Section 4 of the Data Protection Acts.
“General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing the Data Protection Directive;
“Shared Data” means the data, including Personal Data to be shared between the Parties under Clause 11 of the Agreement;
“The Recruiter” means Connect Recruitment Resources Ltd.
“Services” means the services provided by the Recruiter; including but not limited to recruitment consultancy, introduction services, provision of labour hire, payroll services and advertising services.
1.2 Construction: In this Agreement, unless the contrary intention is stated, a reference to:
(a) Data Controller, Data Processor, Data Subject, Personal Data, Sensitive Personal Data, Special Categories of Personal Data, processing and appropriate technical and organisational measures shall have the meanings given to them in the DPA, or, following the coming into force of the GDPR, in the GDPR;
1.3 Exercise of powers of control: Where any obligation in this Agreement is expressed to be undertaken or assumed by any party, that obligation is to be construed as requiring the party concerned to exercise all rights and powers of control over the affairs of any other person which it is able to exercise (whether directly or indirectly) in order to secure performance of that obligation by each such person as if that person were bound by that obligation.
11. DATA PROTECTION
11.1 Sharing of Personal Data: This Agreement sets out the framework for the sharing of data, including Personal Data and Sensitive Personal Data or Special Category of Personal Data, between the Parties as Data Controllers. It defines the principles and procedures that the Parties shall adhere to and the responsibilities the Parties owe to each other.
The Recruiter deems this data sharing initiative necessary as part of the provision of services by the recruiter. The aim of the data sharing initiative is to facilitate the provision to the Customer of information on Candidates by the Recruiter in order to enable the Customer to recruit employees as part of the Services.
11.2 Agreed Purposes: The Parties agree to only process Shared Data as described in Clause 11.6 for the following purposes (the “Agreed Purposes”):
(a) to allow the Customer to evaluate and recruit Candidates;
(b) to enable the Recruiter to provide the Services;
11.3 Further processing: The Parties shall not process Shared Data in a way that is incompatible with the purposes described in Clause 11.2.
11.4 General Compliance: Each Party shall ensure compliance with applicable data protection laws at all times during the Term.
11.5 Registration with DPC: If applicable, each Party shall ensure that it has a valid registration with the DPC which covers any data sharing pursuant to this Agreement.
11.6 Types of data: The following types of Personal Data relating to a candidate may be shared between the Parties during the Term of this agreement:
Next of kin (name, relationship and contact number)
Reference contacts
Details of previous employment
Nationality (in case a word permit is required)
Contact Details; phone number and email address
PPS Number
Gender
Date of birth
Address
Full Name
Safe Pass Number/ Manual Handling Training / Construction ticket numbers
Sensitive Personal Data and Special Categories of Personal Data: Sensitive Personal Data and Special Categories of Personal Data may be shared between the Parties, if necessary for provision of services
No irrelevant or excessive data: The Shared Data must not be irrelevant or excessive with regard to the purposes described in Clause 11.2.
Fair and lawful Processing: During the Term each Party shall ensure that it processes the Shared Data fairly and lawfully in accordance with Clause 11.10.
Grounds for Processing: Each Party shall ensure that it processes Shared Data on the basis of one or more of the following legal grounds:
Data Subject has freely given his or her explicit, specific, unambiguous consent;
processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the Parties are subject, other than an obligation imposed by contract;
processing is necessary in order to protect the vital interests of the Data Subject;
processing is necessary for the purposes of the legitimate interests pursued by the Parties except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the Data Subject.
Retention Periods: The Parties shall retain or process Shared Data for the longest of the following retention periods that applies:
the period that is necessary to carry out the Agreed Purposes; or
any period prescribed by applicable law or by best industry practice.
Return/Deletion of Data: The Data Recipient shall ensure that any Shared Data are returned to the Data Discloser or destroyed securely in the following circumstances:
on termination of the Agreement;
on expiry of the Term of the Agreement;
once processing of the Shared Data is no longer necessary for the purposes they were originally shared for, as set out in Clause 11.10;
Security and Training: Both Parties shall use appropriate safeguards to protect the Shared Data from misuse and unauthorised access or disclosure, including
maintaining adequate physical controls and password protections for any server or system on which the Shared Data is stored;
ensuring that data is not stored on any mobile device (for example, a laptop or smartphone) or transmitted electronically unless encrypted; and
taking any other measures reasonably necessary to prevent any use or disclosure of the data other than as allowed under this agreement.
Data Security Breaches and Reporting Procedures. The Parties undertake to notify any potential or actual losses of the Shared Data to each other as soon as possible and, in any event, within two (2) calendar days of identification of any potential or actual loss to enable the Parties to consider what action is required in order to resolve the issue in accordance with the applicable data protection laws and guidance.
Mutual Assistance: The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security breach in an expeditious and compliant manner.
Obligation to Inform: In the event of a dispute or claim brought by a data subject or the Data Protection Commissioner concerning the processing of Shared Data against either or both Parties, the Parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
Obligation to Abide: Each Party shall abide by a decision of a competent court or of the Data Protection Commissioner which is final and against which no further appeal is possible.
Mutual Warranties: Each Party warrants and undertakes that it shall:
process the Shared Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments that apply to its personal data processing operations;
make available upon request to the Data Subjects who are third party beneficiaries a copy of this Agreement, unless the Clause contains confidential information;
respond within a reasonable time and as far as reasonably possible to enquiries from the Data Protection Commissioner in relation to the Shared Data;
respond to DSARs and all other requests from Data Subjects in accordance with applicable law;
where applicable, maintain registration with all relevant Data Protection Commissioner to process all Shared Data for the Agreed Purpose; and
take all appropriate steps to ensure compliance with the security measures set out in Clause 11.13.
Engaging the services provided by Parker Stewart is deemed as acceptance of the terms as set out in this Data Sharing Agreement.
Parker Stewart
18th May, 2018