SECAD Data Protection Policy
Purpose of this Policy
The purpose of this policy is to outline SECAD’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts 1988 & 2003 and in accordance with the EU General Data Protection Regulation (2016/679) (GDPR) which came into effect on 25th May 2018.
Purpose of Collection of Personal Information
Personal information is information relating to a living individual who is, or can be, identified by that information, including data that can be combined with other information to identify an individual.
SECAD collects information about individuals for the following reasons:
- Employee information for Human Resources purposes
- The necessary collection of data for the effective operation and administration of a variety of community and local development programmes that SECAD operates on behalf of the Irish Government, the EU, Cork County Council and others and as part of the legitimate activities of the company.
Data Protection Principles
SECAD is committed to complying with the Data Protection Acts 1988 & 2003 and the provisions of the General Data Protection Regulation (2016/679) (GDPR).
The following principles will apply:
- The data will be obtained and processed in a fair, transparent and lawful way
- The data will only be used for the purpose of carrying out the legitimate activities of the company and for no other reason
- The data will be processed to a minimal degree
- The data will be accurate and up to data
- The data will not be kept for longer than is necessary or required by SECAD’s funders or other recommended retention periods
- The data will not be used or disclosed in any manner incompatible with the ‘Purpose of Collection of Information’ (see above)
- Appropriate measures will be taken against unauthorised access to, or alteration, disclosure or destruction of, the data and against its accidental loss or destruction
Right of Access to Information
Any individual about whom SECAD keeps personal data is entitled to:
- a copy of the data held by SECAD about him or her;
- know the categories of their data and SECAD’s purpose/s for collecting or processing it;
- know the identity of those to whom SECAD might disclose the data;
- know the source of the data, unless it is contrary to public interest;
- know the logic involved in automated decisions;
- Data held in the form of opinions, except where such opinions were given in confidence and even in such cases where the person’s fundamental rights suggest that they should access the data in question, it should be given.
To make an access request the data subject must:
- apply to SECAD in writing (which can include email);
- give any details which might be needed to help SECAD identify him/her and locate all the information kept about him/her e.g. previous addresses;
In response to an access request SECAD will:
- supply the information to the individual promptly and within 40 days of receiving the request;
- provide the information in a form which will be clear to the ordinary person, e.g. any codes must be explained.
If SECAD does not keep any information about the individual making the request SECAD will inform them of this within the 40 days of receiving the request.