On Time Honest Solutions
The Griffeen Centre
Office 1, First Floor
1. HOW WE PROCESS PERSONAL DATA
For people who contact us through our website
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal date will become part of your file with us. If you do not become a client, we will delete your personal data 12 months after your last contact with us.
For people who sign up for our newsletter
We use the contact information you have provided us to send you our newsletter and other updates. Our legal basis for this processing is the consent that you provided when you signed up. We always include an unsubscribe option in our marketing communications, so you can opt out of receiving such communications at any time. We will retain your contact information until you unsubscribe or opt out.
For people whose information we received from one of our clients
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide the services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of 2 years because we believe we have a legal responsibility to retain it for this period.
2. Whom we share data with
Where required contractually and or legally, we share your personal data with Revenue Commissioner of Ireland, HMRC, Department of Social Protection and Central Statistics Office. We may share your personal data with regulators, including our professional body.
We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.
3. Transfers of data outside the European Economic Area
On occasion we may transfer data to a service provider located outside the EEA. The safeguard we have put in place for this transfer is to enter into European Commission approved standard contractual clauses with the provider.
4. Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
5. Your rights
You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:
- Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
- Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
- Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.
In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at firstname.lastname@example.org or by post at OTHS The Griffeen Centre Office 1, First Floor Dublin.
You also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Data Protection Commission
Station Road, Portarlington,
Co. Laois, R32 AP23,
Telephone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757
GDPR Compliance Summary
OTHS has carried out a thorough analysis of the information security policies and controls in place to conclude that OTHS is compliant with the GDPR as expected from a processor with the exceptions listed separately, which require mutual agreement and assumptions.
OTHS IS FULLY COMPLIANT WITH THE BELOW GDPR ARTICLES:
Article 25 Data protection by design and by default, Article 28 Processor, Article 29 Processing under the authority of the controller or processor, Article 30 Records of processing activities, Article 31 Cooperation with the supervisory authority, Article 32 Security of processing, Article 33 Notification of a personal data breach to the supervisory authority, Article 34 Communication of a personal data breach to the data subject, Article 35 Data protection impact assessment, Article 40 Codes of conduct, Article 49 Derogations for specific situations.
We do not store and or process any “Sensitive Personal Data” a Data Protection Officer (DPO) is not required, however, you can contact us at the following email address with any queries / concerns email@example.com
EXCEPTIONS / ASSUMPTIONS:
In case of Article 7 Conditions for consent, and Article 44 General principle for transfers, all payroll data sent to OTHS is stored within our network in Dublin, Ireland; however, payroll data sent via email and secure file transfer, this data resides within European Union. To accommodate Article 44, we will follow up with each affected client individually who use their own portals for payroll data transfer which are not in the European Union.
In case of Article 47 Binding corporate rules, the payroll data of our UK clients, where their payroll data will be sent to Ireland for processing and reported back to the HM Revenue and Customs from Ireland; which would fall under point 2, sub point c, as we are required to submit Real Time Information (RTI).
In case of Article 48 Transfers or disclosures not authorised by Union law, OTHS will only honour such requests, where a mutual legal assistance treaty is in force between the requesting third country and the Republic of Ireland and with a written consent from the client (controller).
In case of Article 50 International cooperation for the protection of personal data, should OTHS deem necessary to consult the supervisory authorities prior to personal information (payroll data) transfer to a third country, the affected client will be notified to provide OTHS any and or all documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third country to in order to submit a query to the supervisory authorities for clarification.
Please note that any policies and or procedures referenced in this document are classed as OTHS Confidential and these WILL NOT be shared with any third party and or client.