FDC respects the privacy of all those individuals whose Personal Data it comes into contact with, which in particular includes the following:
- All users of the FDC websites;
- FDC employees and contractors (including applicants for employment with FDC);
- All members (including former employees) of FDC sponsored pension schemes;
- Clients of FDC and their Employees;
- FDC business contacts and suppliers; and
This is not an exhaustive statement of all of FDC’s data protection practices and FDC may apply specific policies within certain environments. FDC might include a separate privacy notice at the point of capturing data on a new service and any specific consents obtained or information provided in this way will apply specifically to that service and will supplement this Policy. FDC may also introduce additional user choices on our digital platforms which will be clearly explained to users as required by data protection law.
What is Personal Data?
Personal Data is any information relating to a living individual that allows for the identification of that individual. Personal Data can include a name, address, contact details, an identification number, IP address, CCTV footage, access cards/co-tags, audio-visual or audio recordings of a person, details about an individual’s location or any other detail(s) specific to that individual.
In circumstances where FDC controls Personal Data by deciding why and how that Personal Data is processed, FDC will be a “Data Controller”. Any entity that processes Personal Data controlled by FDC and does so on behalf of FDC, is a “Data Processor”. Data Processors may include third party service providers engaged by FDC (for example communications providers, payroll and marketing services or recruitment agencies). As required by applicable data protection law, when FDC appoints a Data Processor, we will ensure that appropriate contractual protections are in place.
FDC Website, Social Media and Apps
FDC is not responsible for the privacy practices of any external websites, device manufacturers or platforms which may be accessed or used in connection with a person’s use of the FDC website. They are subject to their own privacy statements which may materially differ from those of FDC so users should review them for further information.
What Personal Data does FDC collect and use online?
FDC collects various types of Personal Data when a person uses the FDC website. The following are examples of Personal Data collected by FDC:
Interest-Based Online Advertising and Google Analytics
This section of our Privacy Notice provides details about interest-based online advertising (also called “targeted advertising”, “remarketing”, or “behavioural advertising”), Google Analytics, and your choices with respect to this type of advertising.
You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en.
You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioural Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/, Because those opt-out and preference control pages are specific to the individual browser used to visit it, and because that page is not operated by FDC, we are unable to perform the opt-outs on your behalf.
Advertising and Marketing
If a person provides consent for marketing communications FDC may use their name, address, email address, postal address and/or telephone number for marketing communications. FDC will also only contact users by email, phone or SMS for direct marketing purposes where the users have been notified about their rights to object to such processing and where there is a reasonable expectation by the Data Subject to be contacted for such purposes. Users can opt-out of receiving direct marketing communications from FDC by following the unsubscribe/opt-out link in the relevant marketing message.
FDC Staff Data
As an employer, FDC collects and processes Personal Data in relation to its staff, applicants for employment with FDC, pension scheme membership, as well as independent contractors engaged by FDC. Such Personal Data includes:
- Personal Details: name, date of birth, PPS number, bank account details, next of kin, details of social media accounts;
- Contact details: address and phone numbers(s);
- Employment History/application details: educational history, employment history;
- Medical information: medical certificates, sicks notes, health and safety data;
- Family details: names and dates of birth of children (if a person is applying for parental leave);
- Details required for pension purposes, passport details, birth certificates, marriage certificates and details of prior pension scheme membership;
- Car registration and vehicle insurance details for the purpose of expense claims;
- Details regarding trade union membership (for the purposes of payment of trade union membership fees only); and
- Performance – related data: performance management ratings for managers and annual incremental salary reviews of employees.
FDC may engage a number of third parties for the collection and processing of Personal Data of its staff and contractors to assist in the normal course of personnel and benefits administration.
The purposes and lawful justifications for FDC’s data processing
FDC collects and processes the employment-related Personal Data described above for the purposes and with the lawful justifications described below:
|Payroll, including payment of salaries and expenses of staff and independent contractors, making income tax returns, processing of voluntary payroll deductions and for the purposes of internal budgeting and projection of payroll costs.||Such processing is necessary for the performance of the employment contract and contracts for services between FDC and each employee or contractor.|
|For maintaining human resources records.||For the performance of the employment contract between FDC and each employee and to meet legal obligations in relation to employment records.|
|For recruitment purposes.||Such processing is based on the consent of the individual applicant.|
|Performance appraisal including for conducting salary reviews.||Necessary for the performance of the employment/services contract.|
|IT security and maintenance e.g. IT helpdesk, device encryption, the provision of secure remote access to FDC networks and systems.||This is necessary for compliance with our legal obligations in relation to data security and to protect FDC’s legal obligations for ensuring that workplace policies are adhered to.|
|Provide information in the context of disputes or legal claims||Necessary for the purpose of establishing, exercising or defending a legal claim (Article 9(2)(f) in respect of Special Categories of Personal Data).|
|Freedom of Information or regulatory requests.||To comply with statutory obligations.|
|To assess the working capacity of employees and for related reasons (such as insurance), in limited circumstances FDC may process employee’s health data and disclose it to third party service providers for these specific purposes.||For purposes connected with FDC obligations under employment law with particular regard to the health and safety and working capacity of is employees. Where such data is processed it shall be subject to suitable and specific measures.|
Return to Work Safely Protocols and Additional Retention Period (including Covid-19 Tracking and Visitor Logs)
FDC Group has processes in place to facilitate employees returning to work safely and in accordance with appropriate protocols.
Employees must fill in a Return to Work form 3 days before they can come back to work. The data is collected directly from the employee, through the collection of the form and the employee is fully aware of their obligations to complete the same and out requirements under our legal obligations.
All employees must Check In on the CRM when they are in the office. They must also keep a log of contact.
There is also a Visitor Log that is to be filled in when someone visits the office e.g. postman, courier, cleaning, etc.
The data that is processed and retained is minimised and retained securely with strict access controls in place.
The purpose of the processing is to support the Health and Safety of employees and clients under the return to work safely protocols provided by the HSA, HSE and DBEI and other Public Health Authorities and the proposed retention periods of same. FDC Group is extending the recommended retention periods of the return to work safely forms that are submitted by each employee. It is our intention to retain these records for a period of 3 months. The purpose of this extended retention period outside of the recommendations is that the HSA may perform checks for compliance, and it does not appear to be appropriate that these forms be deleted immediately as we move through the different phases. We have established that it would be in our legitimate business interests to retain the return to work forms for a period of 3 months to prove that we have complied with the protocols should such an audit/compliance check be initiated by the HSA.
Processing for Security Purposes
FDC may disclose Personal Data to third parties in certain instances. These service providers are subject to a contractual obligation to only process Personal Data obtained from FDC for purposes for which it was obtained and in accordance with FDC’s instructions.
FDC will not provide your Personal Data to third parties who may contact you for direct marketing or promotional purposes unless you have consented to FDC disclosing your Personal Data to such third parties for that purpose.
In certain circumstances FDC will disclose personal data to other external third parties such as its professional advisors as necessary in the context of the performance of their services. Such recipients may include external legal advisors, auditors, actuaries, pension and tax advisors, pension administrators and other professional advisors. Disclosure of such data will take place for a variety of reasons including in order to ensure that FDC meets its tax and other (including tax) obligations and in order performing its statutory objectives in the public interest.
FDC may also disclose personal data to its insurance providers in connection with legal claims and prospective legal claims or proceedings.
Our legitimate business interests
Your personal data will also be processed on the basis of legitimate interests. Where it is processed on this basis, we ensure that there is a fair balance between our legitimate interests or the legitimate interests of our clients and your privacy rights. The following are some examples of when FDC processes your personal data for legitimate business interests. Your personal data may not be processed in all such cases and if it is, it will always be subject to measures to comply with Data Protection Law.
- To enable us to manage our relationship with you including having readily available access to your information through use of IT systems and functionality.
- To monitor, maintain and improve internal business processes, information, technology and communications that may benefit you or FDC.
- To ensure business continuity and disaster recovery and to respond to information technology and business incidents and emergencies.
- To ensure adequate network, information security and fraud prevention protections are in place.
- To undertake system testing, for example, prior to implementing system improvements.
- For internal analysis and reporting for the management of individual customer accounts and to make strategic decisions for our business.
- To establish, exercise and safeguard our rights which may include taking enforcement action against customers or defending complaints or claims made about us.
- To assess the quality of our customer services and to provide staff training. This includes monitoring and testing of how we manage your services(s) and our interactions with you.
- To perform analysis on customer complaints for the purposes of preventing errors and process failures.
- To provide information as part of a merger or sale of the business or part thereof.
- To disclose information to service providers such as solicitors, auctioneers, I.T. support services, finance houses or insurance service agents where necessary.
- To ensure we act as a prudent service provider on the customer’s behalf.
- To provide relevant marketing communication and service notifications that a customer or prospect would reasonably expect to receive from FDC
FDC endeavours to ensure that Personal Data is retained for an appropriate period and no longer than necessary. Retentions of data is detailed in our Data Retention Policy.
Data Transfers outside the EEA
FDC does not generally transfer any Personal Data outside the European Economic Area (“EEA“). However, in some cases FDC may use carefully selected service providers, including certain cloud storage service providers, to perform certain functions which involves data transfers outside the EEA. Certain FDC service providers may also store Personal Data in data centres located outside the EEA. These service providers are subject to a contractual obligation to comply with applicable data protection law and to ensure that appropriate measures are put in place to ensure the protection of any personal data that is transferred outside the EEA.
Your Data Protection Rights
In certain circumstances, you have the following rights under data protection law in relation to your personal data:
A right to access Personal Data held by FDC
- Any individual has a right to make an access request, in writing, under data protection law for a copy of their Personal Data held by FDC. FDC may ask for further identification details to confirm your identity before the relevant information is.
- It should be noted that there are specific exemptions relating to accessing Personal Data held for journalistic, artistic and literary purposes, which may be relevant to FDC.
Other data protection rights
- Rectification of inaccurate personal data;
- Erasure of personal data (also known as the “right to be forgotten”);
- Restriction of processing of persona data;
- Right to data portability;
- Right to object to processing of personal data.
However, under data protection law, these rights are available only in certain circumstances. If you wish to exercise any of your data protection rights, please contact Jessica Perrott, FDC House, Wellington Road, Cork or firstname.lastname@example.org. Please provide as much detail as possible to enable us to respond to your request and to locate relevant personal data about you
In accordance with applicable laws, FDC ensures that all Personal Data controlled by FDC is held securely using appropriate security measures including the following:
- Physical measures such as locked filing cabinets and offices containing Personal Data;
- IT security systems;
- Restricted access to Personal Data subject to approvals;
- Time limits on retention of personal data;
- Provision of targeted data protection training to employees, contractors and other staff who have access to and process Personal Data;
- Password restrictions on access to Personal Data; and
- Technical measures including:
- encryption on FDC laptops; and
- Logging mechanisms to record certain access to Personal Data and alteration and other processing of Personal Data.
In the event of a personal data breach, FDC will comply with applicable reporting and notification obligations under data protection law.
If you wish to make a complaint about FDC’s data protection practices, please contact Jessica Perrott at email@example.com. You may also lodge a complaint to the Data Protection Commission (https://www.dataprotection.ie/docs/Raise-a-Concern/1716.htm).
Last Updated: August 2020