Gowan Group Data Privacy Notice
1.1 This data privacy notice applies to Gowan Group Limited of 1 Herbert Avenue, Merrion Road, Dublin 4.
You can contact us by post at Gowan Group House, 1 Herbert Avenue, Merrion Road, Dublin 4 or by email at firstname.lastname@example.org
1.2 This Data Privacy Notice has been prepared in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (“GDPR”) and sets out how we collect, process, store and keep secure your personal data.
- The information we collect?
2.1 We may collect, record and use information about you in physical and electronic form and will hold, use and otherwise process the data in accordance with the GDPR and as set out in this notice.
2.2 In providing you with information and with our products and services we will collect your personal data. We may also collect personal data from you when you use our Website.
2.3 We may collect or obtain such data from other sources (for example your employer or bank, or third party service providers that we use to help operate our business) or because it is publicly available.
2.4 The categories of personal data that we may collect includes, but is not limited to, the following:
- Name, gender, age, date of birth.
- Contact information such as address, work address, home phone number, work phone number, mobile phone number, and email address.
- Government identifiers (for example PPS/tax number, motor vehicle registration, passport number, driver’s licence)
- Financial and tax related information (for example your bank account details, income and tax residency)
- Employment (for example the organisation you work for and job title) and education details, where appropriate.
- Employment history and references (for example in connection with a job application, or upon entering into employment with us).
- Your postings on any blogs, forums, wikis and any other social media applications and services we provide.
- Your IP address, browser type and language, your access times and complaint details.
- Details about how you use our products and services.
2.5 In certain cases it may be necessary to process what Article 9 of the GDPR defines as “special categories” of personal data. Examples of the special categories are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health including medical and employment history and data concerning a natural person’s sex life and/or sexual orientation.
2.6 We may need to collect such data such as details of your health (for example so that we can make reasonable accommodation for you within our building or in connection with the sale of any product that may need to be suitably adapted).
2.7 If you fail to provide us with this information, or you object to us processing such information the consequences are that we may be prevented from processing your product order or continuing to provide all or some of our services to you.
3 Information provided by or about third parties
3.1 Where we are provided with personal data about you by a third party, we take steps to ensure that the third party has complied with the data protection laws and regulations relevant to that information; this may include, for example, that the third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to process that information as described in this privacy notice.
3.2 If any information which you provide to us relates to any third party (such as a spouse, people who depend on you financially, or a joint account holder or beneficiary), by providing us with such personal data you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with the above provisions, or are otherwise permitted to give us this information.
4 How we use information about you
4.1 We collect and process information about you and/or your business to enable us
- To sell, provide, promote and market our products and our services to you;
- To respond to any initial enquiry (whether face to face, in correspondence, by electronic communication, phone, or on the Website);
- As part of this, we may use your personal data in the course of correspondence relating to the product or service. Such correspondence may be with you, other third parties other members of the Gowan Group of companies, our service providers or competent authorities. We may also use your personal data to conduct due diligence checks relating to the services;
- To meet our pre-contractual or contractual obligations to you or to any third party;
- To comply with our legal or regulatory obligations.
4.2 We may also use your personal data for the purposes of, or in connection with:
- Requests and communications from competent authorities;
- Bank account opening and other administrative purposes;
- Financial accounting, invoicing and risk analysis purposes;
- Customer and prospect relationship purposes, which may involve: (i) sending you insights, opinions, updates, reports on topical issues or details of our products and services that we think might be of interest to you; (ii) contacting you to receive feedback on services; and (iii) contacting you to invite you to product launches and events;
- Recruitment (for example reference checking) and
- Protecting our rights and those of our customers, employees and third party suppliers.
4.3 In addition to the purposes above, we may also use your personal data collected via our Website:
- To manage and improve our Website;
- To tailor the content of our Website to provide you with a more personalised experience and draw your attention to information about our products and services that may be of interest to you; or
- To manage and respond to any request you submit through our Website.
- The legal basis for processing of personal data
5.1 As we are required to do we are setting out the legal basis upon which we rely in order to lawfully process your personal data. In this regard we rely on one or more of the following:
- Your consent to our processing of your personal data; or
- To perform any agreement with you or any essential pre-contractual step; or
- To comply with a non-contractual legal obligation (for example keeping records for tax purposes, anti-money laundering purposes or providing information to a public body or law enforcement agency); or
- To protect your vital interests or those of another natural person In appropriate circumstances; or
- To prevent fraud; or
- To protect our legitimate business interests in the proper administration and operation of our business; or
- For direct marketing of our products and services within a period of 12 months from our last interaction with you (unless you have previously stated at any time that you do not wish to receive such material) whether by post, electronic communications, phone, mobile phone on the basis that all direct marketing communications will contain a clear method to opt out from subsequent direct marketing material.
5.2 To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that data; (ii) we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us); (iii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iv) the processing is necessary for the establishment, exercise or defence of legal claims or (v) you have made the data manifestly public.
5.3 Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.
- Sharing your information
6.1 In the normal course of running our business and in connection with one or more of the purposes set out at clause 4 above, we may disclose details about you to some or more of the following recipients, or categories of recipients:
- Revenue Commissioners;
- Banks/Financial institutions providing finance or refinance;
- Credit Reference Agencies;
- Any Court, Tribunal, Administrative or Competent Authority or Public Body
- Insurance/insurance brokers;
- Professional service providers (accountants/solicitors/barristers);
- Enquiry Agents;
- Professional witnesses – medical doctors/consultants, engineers, and assessors;
- Quality Control Providers;
- Email providers;
- IT suppliers and maintenance contractors;
- IT back-up and forensic software analysts and cloud storage providers, External file and document archive storage providers;
- Pension Services providers, life assurance providers, disability benefit providers.
- Any other person or organisation after a restructure, sale or acquisition of the company (or any holding company), as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).
- Transferring your personal data outside the EEA
7.1 Information we collect will not normally be processed in or transferred to any country or territory outside of the European Economic Area (EEA). It may however be necessary to transfer your personal data outside the European Economic Area (“EEA”) in connection with the lawful basis for processing to jurisdictions which may have less stringent data protection laws.
7.2 When we, or our permitted third parties, transfer your personal data outside the EEA, we or they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA.
7.3 If we transfer your personal data outside the EEA in other circumstances (for example because we have to provide such information by law), we will put in place appropriate safeguards to ensure that your personal data remains adequately protected.
7.4 We may share anonymised and aggregated information with third parties for data analytics, research, and promotional purposes.
- Protection of your Personal Data
8.1 The security of your personal data is important to us. We restrict access to personal information to those of our employees, contractors and processors who have a requirement to process your personal data.
8.2 We employ robust technological security measures (including passwords, fire walls, anti-virus software, data back up as well as physical security measures controlling access to our premises.
8.3 We employ a range of managerial and training measures to ensure that all relevant staff are suitably trained and are aware of our data protection obligations when processing personal data.
8.4 Transmission of personal data over the Internet (for example web-forms or email) is insecure. Therefore we cannot guarantee the safety and security of personal data transmitted in this way.
- Your rights
9.1 Under the GDPR, you have the following rights in respect of your personal data:-
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances where the processing is no longer necessary or where you withdraw your consent or where there is no overriding lawful basis for the processing.
- The right to request a restriction of the processing of your personal data.
- The right to data portability only in circumstances where the processing is carried out by automated means, is based on consent, or for the performance of a contract with the data controller and to the extent that it does not affect the rights and freedoms of others.
- Where processing is based on consent – the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint with the Office of the independent supervisory authority in the Member State in which you ordinarily reside (In Ireland the Office of the Data Protection Commissioner).
- If you have any questions or concerns about how we process your data, you can contact us at dpo@GowanGroup.com
10 How long will we retain your data?
10.1 It is our policy not to keep personal data for longer than is necessary, for the purposes that are set on in this data privacy notice and for long as is required to do so in order to meet any legal obligations that we are bound by.
10.2. We will hold your personal data for the longer of the following periods:
- To honour any contractual obligation with you; or
- To comply with any retention period required by law; or
- The expiry of any limitation period in respect of which investigations or litigation may arise.