GDPA MEMBER COMPLIANCE POLICY

CWIRE RETAIL HOLDINGS LTD

HEREIN REFERRED TO AS THE (ENTITY)


SINCE 10TH AUGUST 2020 CERTIFICATION NUMBER: 80335


We are 100% committed to protecting your data, the same way we wish our own personal data to be protected by others. If you have any concern, please reach out to us. Our policy herein is designed to meet our local Data Privacy Regulation, including regulations of other jurisdictions where applicable. Should you find any aspect which does not meet our obligation towards you, please feel free to let us know via the Communication Options provided at the end of this page and we will address the matter accordingly.

CLICK HERE TO VALIDATE OUR CERTIFICATION

CONSENT FORM – MAoC 17

We request your consent to use the personal data you enter below. This permits us to fulfill our obligations to you. At anytime you can exercise your RIGHTS regarding your personal data that we may have in our possession. We never request excessive personal data/information just for the sake of it and are able upon request to justify the reason as to why we are requesting such data/information and its purpose.

If you are under our minimum age of consent (MAoC) which is 17 years of age, your details will be permanently deleted within 5 working days if it has not been forwarded by your Guardian.

GDPR PRIVACY POLICY

Our compliance policy tells you how and for what purposes we collect and use personal data and what to expect us to do with your personal information when you contact us or use one of our services. We tell you why we are able to process your information; what purpose we are processing it for; whether you have to provide it to us; how long we store it for and whether there are other recipients of your personal information.

We the ENTITY implement the following compliance principles as our foundation and in line with local and where applicable international data protection regulations. These principles are listed below together with an explanation of how we comply with these principles.

  1. Processed lawfully, fairly and in a transparent manner: this means having a lawful basis (reason) for processing data, handling the data honestly, and being unambiguous about how we intend to use this data.
  2. Collected for specified, explicit and legitimate purposes: this means being open and clear about why personal data is being collected and outlining the exact legal purpose for processing.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes of processing: this means only holding the amount of information sufficiently necessary for the purpose(s) intended.
  4. Accurate and where necessary, kept up-to-date: this means taking reasonable steps to ensure accuracy of information, and verifying and rectifying/updating information without delay as required.
  5. Kept in a form which allows the identification of an individual for no longer than is necessary: taking into account the purpose(s) for which information is held, this means reviewing the length of time information is kept, and making sure information is not kept for longer than necessary.
  6. Processed in a manner that ensures appropriate security: this means preventing data breaches by having suitable security measures in place to fit the type of data processed (for example, physical security measures such as locks on manual filing systems, and electronic security measures such as passwords on computer terminals).
  7. Your right to view your health record: You have the right to ask for a copy of all pharmacy records about you (generally in paper or electronic form). There are some exemptions, which means you may not always receive all the information we process.
  8. Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
  9. Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  10. Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  11. Your right to object to processing: You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
  12. Your right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent. Generally, you are not required to pay any charge for exercising your rights. We have one month to respond to you.
  13. Where your data will be stored: Your data will be held on the computer system(s) within our pharmacy and on any paperwork relevant to the provision of pharmacy services to you. Your data may also be held by systems and support networks involved in your care. Your data may also be backed up or archived within purpose-built, professionally managed, secure data storage facilities in Ireland, which will be monitored 24 hours a day, 365 days of the year. Appropriate security measures are in place in line with our requirements to protect your data.
  14. How we comply with the General Data Protection regulation (GDPR): We have internal procedures to ensure that all information which is collected and held about you is held in accordance with the legal requirements and principles of GDPR which came into effect on 25th May 2018.
  15. Data Protection Officer: We manage and address our ongoing path to compliance via the GDPA platform. GDPA are experienced in Data Protection and Confidentiality matters and provide us with the tools in taking full responsibility for all matters relating to data protection and compliance. Our organization is responsible for making sure that our business processes and decision making are in line with compliance requirements and good practice. We will ensure that we remain accountable and transparent to you and the supervisory authorities. We are committed to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us or our DPO (if applicable) via the COMMUNICATION OPTIONS below.
  16. The Data Protection Commission: If you remain dissatisfied, you can make a complaint about the way we process your personal information directly to our Supervisory Authority listed below under SUPERVISORY AUTHORITY.

Our compliance policy provides you with details of how we collect and process your personal data via our ONLINE/OFFLINE Channels (referred to as our OOC) which include:

websitehttps://www.chemistwarehouse.com.au/

facebookhttps://www.facebook.com/ChemistWarehouse/

instagramhttps://instagram.com/chemistwarehouseaus/

twitterhttps://twitter.com/ChemistWhouse

linkedinhttps://www.linkedin.com/company/my-chemist-warehouse-group

youtubehttps://www.youtube.com/channel/UC1mfhAu4MKP83grVEBOXlBg

and

This policy incorporates our obligations to comply with privacy regulations on how we collect and process your personal data via OFFLINE methods which include: face to face physical presence; sending physical hard copy data/information via traditional postal services / courier (air/sea/road) and all other applicable offline methods.

By providing us with your data, you warrant to us that you are over the minimum age of consent (MAoC). If you are not over the MAoC, please provide parental, carer or guardian consent.

We the ENTITY are the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this policy).

We have appointed the Global Data Protection Agency “GDPA” as our registered European GDPR Secretariat.

Our GDPR Secretariats duties are to view your submission and submit them to us, where we will take the necessary steps in answering you accordingly in-line with the GDPR Regulations and the general protection of your personal data. Should you have any questions about our policy as defined herein, you can submit them via the form provided at the bottom of this page.

If required, you can also forward via post your hard-copy communication to our registered postal address within the European Union exactly as follows;

We would be grateful if you contacted us first if you do have a complaint so that we can try to resolve it for you via the COMMUNICATION OPTIONS below.

It is very important that the information we hold about you is accurate, up to date and that we are doing the right thing by you. Please do let us know if at any time your personal information changes.

We the Entity are committed to processing your personal data in accordance with our responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The provisions of this section include where we the Entity shall:

  1. apply this policy to all personal data processed by us;
  2. be solely responsible for the ongoing compliance as defined in this policy;
  3. review this policy at least once per year.

The provisions of this section include where we the Entity shall:

  1. ensure the processing of data is lawful, fair, and properly documented and logged;
  2. review at least once per year our compliance processes;
  3. give individuals the right to access their personal data and any such requests made to us shall be dealt with in a timely manner and no greater than one calendar month from the date the request was submitted by the individual.

The provisions of this section include where:

A) All data processing performed by us the Entity, shall be based on at least one of the following lawful bases:

  1. consent
  2. contract
  3. legal obligation
  4. vital interests
  5. public task
  6. legitimate interests.

B) We the Entity shall keep logs on their appropriate lawful basis.

C) Consent is relied upon as a lawful basis for processing data, evidence of “explicit opt-in” consent shall be kept with the personal data.

D) Communications are sent to individuals based on their consent. The individual at all times has the option to revoke their consent. The provision and system is clearly available and in place to ensure such revocation is reflected accurately in the Entity’s systems. You will find 10 provisions in place and available to you at the end of this policy as follows:

  1. Data Breach Registrar
  2. Data Subject Opt-Out
  3. Data Subject Portability
  4. Data Subject Erasure
  5. Data Subject Correction
  6. Data Subject Access
  7. Data Subject Restriction
  8. Data Subject Right To Be Informed
  9. Report a Data Breach
  10. Report a Cyber Security Incident

The provisions of this section include where we the Entity shall ensure that personal data collected is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Consideration relevant to the us the Entity include:

  • ORDER MANAGEMENT: To fulfill the processing of order(s) placed by the individual with us the Entity.
  • SERVICE MANAGEMENT: To fulfill the service(s) placed by the individual with us the Entity.
  • CUSTOMER RELATIONS: To handle consented communication or when necessary communications between us the Entity with the individual to fulfill the obligations and legitimate interests of both parties.
  • TAXATION PURPOSES: To evidence legitimate transactions with our local taxation authorities and laws.
  • MARKETING ACTIVITIES: To perform marketing activities based on a consent drive basis where applicable and permitted by the GDPR.
  • CONSUMER ANALYTICS: To perform grouped analytics to better understand our consumers on a non-personal and non-identifiable basis.

The provisions of this section include where we the Entity shall:

  1. take reasonable steps to ensure personal data is accurate;
  2. where necessary for the lawful basis on which data is processed, put steps in place to ensure that personal data is kept relevant and up to date.

The provisions of this section include where we the Entity shall:

  1. ensure that personal data is kept for no longer than necessary, and shall put in place an archiving policy for each area in which personal data is processed and review this process at least once per year;
  2. define the archiving policy including what data should and/or must be retained, for how long, and why.

The provisions of this section include where we the Entity shall:

  1. ensure that personal data is stored securely using modern software for online security and that is kept-up-to-date;
  2. limit the access of personal data to personnel who need access and appropriate security shall be in place to avoid unauthorized sharing of information;
  3. when deleting personal data, do so safely, securely and in such a manner where that the data is irrecoverable by any means;
  4. have in place appropriate back-up and disaster recovery solutions;
  5. maintain all records for a maximum period as required and permitted by law.

We the Entity have defined the social media platforms we use in the INTRODUCTION section above.

Separate to our policy herein, we also adhere to the privacy conditions related to us and placed upon us by each of the social media platforms.

Here are the links to the privacy policies provided by the social media platforms we are or may become members of and to other social media platforms which you may find useful;

You may find it beneficial and/or of interest in reading them, so you can understand on how they protect your data and where applicable any provisions they place upon us the Entity in protecting your data.

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we the Entity shall:

  1. immediately log the breach;
  2. assess the risk to people’s rights and freedoms;
  3. where required, report this breach to the affected individual(s) and the appropriate supervisory authoritie(s);
  4. conduct a Full Audit and based on the findings, update the security procedures and security measures to mitigate the chances of a similar breach reoccurring.

Under certain circumstances, you have rights under data protection laws of the GDPR in relation to your personal data.

These include the right to:

  1. Request access to your personal data. (Data Subject Access Request)
  2. Request correction of your personal data. (Data Subject Correction Request)
  3. Request erasure of your personal data. (Data Subject Erasure Request)
  4. Object to processing of your personal data. (Data Subject Restriction Request)
  5. Request restriction of processing your personal data. (Data Subject Restriction Request)
  6. Request transfer of your personal data. (Data Subject Portability Request)
  7. Right to withdraw consent. (Data Subject Opt-Out Request)
  8. Right to be informed. (Data Subject Right To Be Informed Request)

If you wish to exercise any of the rights set out above, you can do so directly via the options available at the end of this policy.

You will not have to pay a fee. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We handle children’s personal data based on 15 key standards:

  • BEST INTERESTS OF THE CHILD: We account for the best interests of any child as a primary consideration where any conflict arises, keeping children safe from exploitation risks and protecting their health and well-being.
  • DATA PROTECTION IMPACT ASSESSMENTS (DPIA): We undertake DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our service and/or come in contact with our products, which may arise from the data processing.
  • AGE-APPROPRIATE APPLICATION: We undertake a risk-based approach to recognizing the age of individual users. This applies to the standards in the code of all users. Where we rely on consent for any aspects of our services, we obtain parental authorization for under aged individuals.
  • TRANSPARENCY: Under Article 5(1) of the GDPR we process personal data lawfully, fairly and in a transparent manner in relation to data subjects including children.
  • DETRIMENTAL USE OF DATA: We do not use children’s personal data in ways that show to be detrimental to their well-being, or that go against industry codes of practice, other regulatory provisions or Government advice.
  • POLICIES AND COMMUNITY STANDARDS: We uphold our own published terms, policies and community standards (including privacy policies, age restriction, behavior rules and content policies) herein and beyond. It’s our way of saying that we say what we do and we do what we say.
  • DEFAULT SETTINGS: Our operational settings are set to ‘high privacy’ by default, unless a compelling reason for a different default setting can be shown, taking into account the best interests of the child.
  • DATA MINIMIZATION: We collect and retain only the minimum amount of children’s personal data where needed to provide the elements of the service in which a child is actively and knowingly engaged. Where applicable children are also given separate choices over which elements they wish to activate.
  • DATA SHARING: Data relating to children is not disclosed unless a compelling reason to do so is shown, taking into account the best interests of the child.
  • GEOLOCATION: Geolocation tracking features are switched off by default, unless a compelling reason to switch it on is shown. In such case, an obvious sign for children is shown when location tracking is active. Options which make a child’s location visible to others default back to off at the end of each session.
  • PARENTAL CONTROLS: Children are provided with age-appropriate information about parental controls. If any of our online service allows a parent or a guardian to monitor a child’s online activity or track their location, then our service will provide an obvious sign to the child when they are being monitored.
  • PROFILING: Any profiling options are turned off by default. The off by default setting does not mean that profiling is not possible or not permitted. Whenever possible, children are offered control over whether and how their personal data is used. Profiling is subject to a privacy setting and only occurs when there are appropriate measures in place to protect the child from any harmful effects, such as content that is detrimental to their health or well-being.
  • NUDGE TECHNIQUES: We do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protection.
  • CONNECTED TOYS AND DEVICES:  Should we provide connected toys or devices e.g. a fitness band that records the child’s level of physical activity and then transmits this back to servers, or a home hub interactive speaker device,) it will include effective tools to enable conformance to the code. This includes being clear about who is processing the child’s personal data and what their responsibilities are, anticipating and providing for use by multiple users of different ages, providing clear information about our use of personal data at point of purchase and on set-up, finding ways to communicate just in time information and avoiding passive collection of personal data.
  • ONLINE TOOLS: Where applicable, prominent and accessible tools are provided to help children exercise their data protection rights and report concerns.

HOW TO BLOCK COOKIES?

Cookies are a nemesis to all and we apply our best efforts applying cookies that permit us to perform our legitimate interest in being able to service you and to improve the functionality and flow of our business. Should you feel uncomfortable with our cookies, you may disable them via your chosen browser following the instructions provided via the following links. Please note that disabling cookies may interrupt the flow of your information to us and not permit us to meet our obligations to you:

  1. how to disable cookies on chrome
  2. how to disable cookies on firefox
  3. how to disable cookies on edge
  4. how to disable cookies on mac
  5. how to disable cookies on ipad
  6. how to disable cookies on iphone
  7. how to disable cookies on phone
  8. how to disable cookies on opera
  9. how to disable cookies on internet explorer
  10. how to disable cookies on safari

OUR COOKIE LIST

Below is the list of cookies we use. All Cookies are leveraged to provide site functionality, analytics, advertising and profiling (if applicable) to ensure you get the best experience possible.

COOKIE LIST: CW IE

STILL HAVE CONCERNS ABOUT COOKIES?

If you are still not comfortable with the cookies we use then feel free to reach out to us via the COMMUNICATION OPTIONS provided below and we will do our best to put any concern you may have to rest.

When designing our website(s), we sought expert advice on how to implement “PRIVACY BY DESIGN”, as it was our primary objective in presenting a platform built to safeguard YOUR individual rights as outlined by the GDPR Principles.

The following 12 steps were defined and acted upon:

  1. We implemented data protection issues as part of the design and implementation of systems, services, products and business practices.
  2. We made data protection an essential component of the core functionality of our processing systems and services.
  3. We anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
  4. We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
  5. We ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
  6. We provide the appropriate communication channels where our members can dialogue with us.
  7. We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
  8. We provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
  9. We offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
  10. We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
  11. When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
  12. We use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.

Rest assured, we are not perfect and have no doubt that we may have not taken certain aspects into account, not because we have ignored them but because they have slipped our radar. Tell us, this is the only way we can improve our service and obligation to YOU via the COMMUNICATION OPTIONS below.

To us, Trust is Everything!

Your privacy is important to us, and we’re committed to the protection of your privacy in your employment with us. This Recruitment Privacy Policy (RPP) describes what Personal Data our company as well as any of our subsidiaries, affiliates, and related entities (together the ENTITY) collects about you as a prior, current, or former employee (Employee).

This RPP covers what Personal Data we collect about you, how the Personal Data will be used and shared (if at all), how the Personal Data will be stored, and your rights in relation to the collection of your Personal Data during, before, or after your employment with the ENTITY. It also describes how you can access, modify, and if needed, request deletion of your Personal Data. This RPP also covers how your Personal Data is handled by our third-party data processors.

DEFINITIONS

  • APPLICABLE COMPANY: This RPP is applicable to the ENTITY listed above.
  • ENTITY: For the purposes of this RPP, we will refer to the Company as the ENTITY, we, our, or us.
  • EMPLOYEE: This RPP applies to the Personal Data of all individuals who seek to be, are, or were employed by the ENTITY. These individuals shall be referred to as Employee or Employees. When we refer directly to you, as the Employee, we’ll refer to you as you, as well as through second-person pronouns such as your and yours.
  • PERSONAL DATA: “Personal Data” means information that we obtain from you in connection with your potential, current, or past employment with us that can identify you. For the purposes of this RPP, Personal Data is any information about an identifiable Employee that seeks to be, is, or was employed by the ENTITY. Personal Data does not mean any data that is anonymised or identify that cannot identify you in any way.

CONTACT INFORMATION

The best way to contact us is through our Human Resources Department via the COMMUNICATIONS OPTIONS below.

You may contact us for any questions you have about the handling and processing of your Personal Data. You may also contact us to have access to your Personal Data or any other request. If you are unsatisfied with the handling of your Personal Data, you may make a complaint with the relevant data protection authority.

COLLECTION OF PERSONAL DATA

We collect different types of Personal Data in different ways. Some of the Personal Data gathered is automatic (through technologies which give us information about you), and some of the information is given by you directly to us.

In order to ensure that we are meeting our responsibilities and duties as your employer or prospective employer, we collect, process, and maintain different types of Personal Data in regard to those individuals who seek to be, are, or were employed by us, including, but not limited to:

  1. Gender.
  2. Marital status, for the purpose of ascertaining and distributing benefits such as health insurance.
  3. Dependant status, for the purpose of ascertaining and distributing benefits such as health insurance.
  4. Date of birth.
  5. General contact information, such as address, telephone number, and email.
  6. Resumes that you provide and/or application(s) that you fill out and provide to us.
  7. Your start date.
  8. Your job title.
  9. The location where you are working.
  10. Any training or education programs you undertake through us
  11. Professional or personal references
  12. Company policies and employment forms signed by you.
  13. Payroll Information: This includes, but is not limited to, tax forms, your social security number, bank account information, additional direct deposit Information, and your photo ID. If, at any point, your payroll information changes, you will be required to fill out updated payroll forms. These forms will be kept in your file along with any previous payroll forms that you have given the ENTITY.
  14. Forms that contain any information relating to your personal employee benefits, health care plans, insurance policies and the like.
  15. Beneficiary information.
  16. The contact information of the individual that you list to be first notified in the event of an emergency. This includes phone numbers, addresses, and any other personally identifying information for that individual.
  17. Assessments, evaluations, performance reviews, training completion rates, and training scores.
  18. Any monetary raises, bonuses, stock information, retirement information, commissions, overtime rate, salaried rate and/or regular hourly rate.
  19. Any requested time off, accrued paid time off, tardiness, or requests to leave before the scheduled end of your workday.
  20. Grievances, including complaints made by fellow employees or clients or customers, corrective action plans for inappropriate behaviour and write-ups.
  21. Accolades, including recommendations, awards, or other instances of recognition for quality work.
  22. Letter of resignation, if received by the ENTITY.
  23. Letter of termination, if given by the ENTITY.
  24. Other personal details you voluntarily provide to us.
  25. Other personal details you are required to provide us as required by law or to serve the legitimate interests of the ENTITY.

USE OF PERSONAL DATA

We use the information that we collect about you to effectively run our business and to help us provide a pleasant, safe, and productive work environment for you.

We also use Personal Data to:

  1. Accurately process payroll.
  2. Enrol insurance policies.
  3. Manage and plan our business.
  4. Send out business mailings.
  5. Conduct employee reviews.
  6. Handle internal disputes or grievances.
  7. Analyse your qualifications.
  8. Manage employee stocks.
  9. Process any claims you bring.
  10. For internal accounting.
  11. Oversee your work.
  12. Put you through education or training.
  13. Generally, comply with applicable law.
  14. Manage your compliance to data privacy.

We only process your Personal Data where we are permitted by law or required to do so, including where we must process Personal Data for your employment with us, where we have a legal obligation to do so as your employer, for legitimate business purposes, to protect your vital interests, or if we have your consent to do so. We may, though, have to process your Personal Data without your consent or knowledge, but only when required to do so by law. We won’t make any decisions on the automated processing of Personal Data without your consent.

We also process your Personal Data to prevent fraud and ensure the security of all aspects of our business.

SPECIAL CATEGORIES OF PERSONAL DATA

We may collect certain categories of sensitive data, as defined under relevant applicable law. If you are asked for any of these categories of data, you may request the purpose for which the data is required and refuse to provide it, if desired. We collect and process the following sensitive Personal Data only through voluntary disclosure for our legitimate business purposes, including to carry out any legal obligations and responsibilities as needed and required.

  1. Racial origin.
  2. Ethnic origin.
  3. Religious or spiritual beliefs.
  4. Political opinions.
  5. Criminal background.
  6. Sexual orientation.
  7. Health data.
  8. Biometric data.
  9. Genetic data.
  10. Trade union membership.

If we collect other categories of sensitive Personal Data not described here, we will seek your prior express consent.

DATA SHARING

We only share your Personal Data when to those individuals and entities who assist in fulfilling our responsibilities within the employment relationship with you or when required to do so by applicable law (collectively, “Third-Party Service Providers”). These Third-Party Service Providers include, but are not limited to, the website in which you submitted your employment application (if applicable) security personnel companies, payroll information and pay stub viewing applications and companies, scheduling programs, processing systems, company insurance providers and others similarly situated to assist in the employment relationship.

We use these Third-Party Service Providers to help us operate the ENTITY, but we’ll never share your Personal Data other than as described here without your explicit consent. Personal Data will only be disclosed if such Third-Party Service Providers agree to ensure an adequate level of protection of your Personal Data that is consistent with this Privacy Policy. Please note that the Third-Party Service Providers that we utilise will access your Personal Data only on an “if needed” basis as a part of their partnerships with us and with Third-Party Agreements in place. If you have any questions as to how these Third-Party Service Providers handle your Personal Data, you may contact them or us.

In certain cases, we may have to disclose your Personal Data to third parties without your consent or prior knowledge. We limit that disclosure to the following circumstances.

  1. To protect our legal rights.
  2. To satisfy any Local Laws, State Laws, Federal Laws and International Laws or regulations.
  3. To respond to requests, such as discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies.
  4. To bring legal action against an Employee who has violated the law.
  5. In the case of any business transfer, sale, or transfer of assets of the ENTITY.
  6. To generally cooperate with any lawful investigation about our past, present, or potential employees.
  7. If we suspect any fraudulent activity within or in relation to the ENTITY, or if we have noticed any activity which may violate our ethics, guidelines, or other applicable rules.
  8. If you have breached any data privacy regulations.

DATA TRANSFER

We are based in Ireland. In other words, your Personal Data may be transferred from the location in which you reside to our physical location in Ireland. It may also be transferred to third parties, as described above, located in Ireland and abroad. The risks of transferring data outside of your jurisdiction to Ireland include the possibility of data breaches and loss. Before beginning employment, we ask you to specifically consent to the transference of your Personal Data to Ireland. We will continue to process your Personal Data in the manner described herein, and if we change anything about how we handle your Personal Data, including the international transfer of your Personal Data, we will seek your explicit consent again.

DATA STORAGE AND SECURITY

We only store your Personal Data as long as it is necessary for providing you with the benefits and protections that employment with us entails or until you cease your employment with us and request deletion of your data. We may also store your Personal Data for any applicable legal record-keeping, including after the termination of your employment or for additional business purposes (e.g., maintaining our accountancy records or otherwise maintaining the safety and security of our ENTITY, for a time period permitted by applicable law).

We employ organisational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption. We ensure that your Personal Data is protected against unauthorised access, disclosure, or destruction by utilising practices that are consistent with standards in the industry to protect your privacy.

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible.

We the ENTITY are committed to maintaining an ongoing path to compliance at all times.

APPLICATION RETENTION PERIOD

If your application for employment is unsuccessful, the ENTITY will hold your data on file for 6 (six) months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a further 6 (six) months for consideration for future employment opportunities. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

YOUR RIGHTS

You have the right to access your Personal Data and to correct, amend, or delete it if it is inaccurate or has been processed in violation of this Privacy Policy, except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other people would be violated. To exercise any of these rights, you can contact us or you can do it directly via your own compliance dashboard if you are actively employed by us the ENTITY.

You may also contact us to restrict the sharing of your personal data with third-parties, in compliance with the local, state, national or other data privacy jurisdictions that you qualify in being protected under as a data subject.

If the Personal Data we collect, covered by this Privacy Policy, is to be used for any purpose materially different from the purpose described here or disclosed to a third party not acting as our agent, in a manner other than as disclosed here, we’ll always give you an opportunity to opt-out of this materially different use or disclosure.

We are committed and as humanly possible permitted in upholding the highest standards when it comes to protecting your personal data and doing the right thing by YOU, as we would expect in others doing the right thing by US as individuals.

Perfection is something we strive for and is part of our culture. In saying that, we are also human and no doubt will make mistakes. When we do, you will be able to view them via our recorded breaches which you can view via the COMMUNICATIONS OPTIONS provided below.

Being a member of GDPA provides us with the knowledge and tools to continually work towards being compliant with the protection you would expect from us.

If you identify any shortfalls we may have, we invite you to contact us directly via the COMMUNICATIONS OPTIONS provided below, and we will come back to you within the shortest possible time-frame during our business hours and work towards correcting the matter and/or clarifying any doubt you may have.

REPORT A DATA BREACH

REPORT A CYBER SECURITY INCIDENT

DATA SUBJECT ACCESS REQUESTS (DSAR)

COMMUNICATION OPTIONS

You can contact us via traditional post directly to our appointed GDPR Registrar acting on our behalf as our registered European GDPR Secretariat.

Our GDPR Secretariats duties are to view your submission and submit them to us, where we will take the necessary steps in answering you accordingly in-line with the GDPR Regulations and the protection of your personal data.

Please address the mail as follows:

BUSINESS PHONE NUMBER GLOBAL

☎ International: +61 1300 464372
☎ National: 1300 GOGDPA or 1300 464372

BUSINESS PHONE NUMBER EUROPE

☎ International: +30 21 0300 4376
☎ National: 21 0300 4376

BUSINESS HOURS

★ Monday to Friday
★ 9am to 5pm
★ Excluding Public Holidays

Data Protection Commissioner

POWERED BY THE GLOBAL DATA PROTECTION AGENCY
PRIVACY POLICY | COPYRIGHT | DISCLAIMER | CONTACT
©2022 ALL RIGHTS RESERVED