SF Engineering Privacy Statement
Last reviewed – 10 April 2018
This is the SF Engineering, hereinafter called ‘SF’ privacy statement. The SF address is Aghagad, Grange, County Sligo, Ireland for the purposes of complying with the Data Protection Acts 1988 and 2003 (“Data Protection Acts”) and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 and in preparation/contemplation of Regulation 2016/679 as well as relevant implementing Irish legislation.
The foundation of data protection as it applies to personal data is built upon 6 data protection principles:
1. Lawfulness, fairness and transparency.
2. Purpose limitations.
3. Data minimisation.
4. Storage limitations.
5. Integrity and confidentiality
We want you, our staff, contractors and visitors, viewing this website https://sfengineering.ie/ to be informed as to our use and care of your personal data.
By visiting the website https://sfengineering.ie/ you are deemed to be on notice of, and in agreement with, the manner in which we collect and process personal data which we receive via this website. If you do not agree with the manner in which we collect and process personal data, you should stop using this website now and not revisit. We hope you will stay with us though.
SF Policy on Data Protection
Your right to privacy is recognised and respected. SF will not collect any personal information about you on this website without your clear permission. Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality in full compliance with the provisions of current valid law.
We do not collect any personal data about you on this website, apart from the information you volunteer. Any information you provide in this way will not be made available to any third parties unless we have received your express consent or unless we are obliged to do so by law. We may use data which you have submitted to us for statistical, market research, search engine optimisation (SEO) or promotional purposes in the normal way. SF will prohibit any third party linking data to you.
The contact page on the https://sfengineering.ie/ website invites you to provide:
- Your name (First and Last)
- Your e-mail address
- Equipment of interest tick box option
- Company Name
Obtaining Copies of Your Data
If your right of access to the data which you have requested is not restricted by an exemption under the Data Protection Acts, and is correctly requested, we will supply a copy of any personal data relating to you which we have received from you via this website. We are entitled to destroy any personal data which you submit to us at our discretion and will do so for security and/or data minimisation reasons where appropriate. In the event that we have destroyed any personal data which you have supplied to us we will not have any obligation to supply you with copies of this destroyed data or verification of the destruction. We will endeavour to provide you with a personal data destruction date if available.
If you wish to obtain copies of any personal data which we hold, you must write to us at: Aghagad, Grange, County Sligo, Ireland or email us at firstname.lastname@example.org or for UK email@example.com. You should include any personal identifiers such as your name, address, phone number, e-mail address etc. For obvious data security reasons we may require that you provide us with a valid photo identification to facilitate the access request. Indeed we reserve the right to require, see and confirm photo identification before passing any personal data to a requestor.
If you make a request in respect of your personal data, we will comply with this request within 30 days of receiving it in writing.
Correcting Inaccurate Information
If you discover that we hold inaccurate information about you, you can request that we correct that information and SF would very much encourage you to do so. Any such request must be in writing and should be transmitted to us either by post or by email at the addresses referred to above. We may require photo identification to confirm and fulfil the request.
We will review permissions already given by you before any actions are taken in respect of any further processing and update these as or if required by contacting you.
Deleting Your Data
In certain circumstances, you may also request that data which you have supplied be deleted. If you wish to request a deletion, you will be expected to identify some contravention of data protection law in the manner in which we have processed the data which you require to be deleted. We may require photo identification to confirm and fulfil the deletion/rectification request.
If you have concerns about how personal data are processed via this website or indeed have any other relevant complaints, please do not hesitate to bring these to the attention of SF by calling +353(0)719163334 or emailing firstname.lastname@example.org.
Right to Communicate
If you provide us with any postal or email address, we may communicate with you by post or email to provide you with promotional information regarding services which we provide or to keep you informed of any relevant matters which we believe might be of some interest to you. If you do not wish to receive this information from us you must notify us of this in writing, either by post or email (unsubscribe), at the address mentioned earlier.
SF provides an option for you to receive our newsletter (should you wish) by email to keep you abreast of current products and services. This newsletter is administered by an external service provider called Campaign Monitor.
Of note is Campaign Monitors undertaking to achieve GDPR compliance before 25 May 2018 (Regulation enforcement date) See their trust center resources HERE.
You may unsubscribe from the newsletter by calling +353(0)71 9163334, emailing email@example.com or online.
Purpose of data collection
The Data Protection Act states that the purpose(s) for which the data are processed must be ‘specified, explicit and legitimate’. With this in mind, SF outlines the following purposes for which they process data:
SF collects, processes and retains personal data for the following reasons:
- To communicate with, inform and answer queries from prospective, current or past customers and visitors.
- To deliver relevant information to you
- To initiate and provide a quality legitimate service
- To fulfil obligations under law. E.g. the Data Protection Acts 1988-03, SI 336 2007, Directive 95/46/EC. In contemplation of Regulation 2016/679 and expected associated Irish legislation.
- To inform prospective, current or past customers and visitors of further relevant information and activities as agreed. E.g. Information about new services, products, relevant innovations etc.
- To carry out our lawful responsibilities as a business in a viable manner
- To facilitate necessary communications between relevant customers, contractors, visitors and systems to process and progress legitimate goals and activities.
The above list is not exhaustive given the broad nature of SF products and services within the industry and therefore this statement will be reviewed to reflect this variability as required.
The general personal data legitimate processing conditions under law underlying the purpose(s) of data collection by SF are:
- You (prospective or previous) provided consent
- To prevent injury or other damage to you (the data subject): or serious loss of or damage to your property or otherwise to protect your vital interests
- Necessary for the administration of justice
- Necessary under an enactment
- That the processing serves an official function; or
- Where necessary for the purposes of the legitimate interests pursued by SF or by any lawful third party in the absence of reasons which prejudice your fundamental rights and freedoms or your (the data subject’s) legitimate interests.
Data collected must be adequate, relevant and not excessive
SF adheres to the principle that data gathered must be adequate, relevant and not excessive. It is important to note here that laws, rules and practices can evolve or change, so this will be reflected in the application and the operative spectrum of the three guiding principles below.
Adequate: To provide the services on offer, personal data must be gathered for the purpose of communication, information, administration and legal compliance.
Relevant: Only personal data germane, appropriate and necessary under law to the requirements of the services/activities provided and legitimate interests of SF are sought.
Not excessive: The necessity of having an ‘upper limit’ of personal data collection is
acknowledged. SF is mindful of the potential for ‘excessive data creep’.
Data Retention/Destruction and Minimisation
SF seeks to minimise the quantum of personal data held. To facilitate this, unnecessary and/or superfluous data will be deleted/discarded in a secure manner. Where information must be held e.g. under a legal obligation. All files (electronic and hard-copy) are protected securely by SF.
Interception by Third Parties
While we will treat any personal data received from you in accordance with the terms set out in this privacy statement and we will take all reasonable steps to store the data securely, we cannot ensure that your data is not intercepted by third parties in the course of being transmitted to us. In the event that any information is intercepted when being transmitted to us via the internet we bear no responsibility or liability to you for the manner in which any such intercepted data is used by any third parties.
Changes to Our Policy
Details of transfers to third country
SF do not transfer personal data to third countries at this time
The existence of each of data subject’s rights
Individuals (data subjects) are provided (GDPR 2016/679 Arts 12-22) with the following rights to (summary):
- Transparent information and clear communication regarding their data
- Information as to how the subject’s data was collected
- Information as to how the subject’s data was collected but not from the subject him or her self
- Access by the data subject
- Rectification of data
- Erasure of data (Right to be forgotten)
- Restriction of processing
- Notification of rectification, erasure or processing
- Data portability
- Object to processing
- Object to automated processing/decision-making including profiling
An individual (data subject) has the right to withdraw consent at any time, where relevant. Should you wish to withdraw consent please contact SF Engineering, Aghagad, Grange, County Sligo, Ireland, email us at firstname.lastname@example.org, +353719163334
Automated decision-making, profiling decisions
SF does not engage in automated decision-making currently
Personal Data Retention period
Personal data is only retained as long as it is needed or to fulfil a legal obligation
SF holds personal data under various legal obligations including:
- The Terms of Employment (Information) Act, 1994 require that an employee’s terms and conditions of employment be retained for the duration of their employment.
- The National Minimum Wage Act, 2000, at section 22, provides for a 3 year retention period to show compliance with the Act’s provisions, for example, payslips showing the employees were paid at least minimum wage.
- The Organisation of Working Time Act, 1997, at section 25, and the Organisation of Working Time (Records) Prescribed Form and Exemptions) Regulations 2001, provide for a 3 year retention period for records of weekly working hours, the name and address of employee, the employee’s PPS numbers and a statement of their duties.
- The Protection of Young Persons (Employment) Act, 1996, at section 15, provides for a 3 year retention period of employment records relating to persons under 18 years of age.
- The Protection of Employment Acts, 1977-2007, at section 18, provides that where an employer has collective redundancies, it must retain the records to show that the provisions of the Act were complied with for a 3 year period
Personal data source and whether it came from publicly accessible sources
Data Protection Commissioner
The Data Protection Commissioner’s office provides a wealth of helpful information and can be viewed HERE
You can lodge a complaint with the Commissioner’s Office by clicking HERE
Further information about UK data protection law generally can be found on the Information Commissioner’s Office (ICO) website. Please click HERE for ICO and organisations and HERE for ICO and the public.
Talk to SF Engineering Now
Call us now at +353 71 91 63334 or +44 (0) 1487 740131 or email email@example.com or firstname.lastname@example.org to discuss your requirements with us. Alternatively click on the Request a Callback button below to arrange for one of our team to contact you.