DACTEC Ltd. aims to achieve the best possible standards of protection for all the data, including personal data, which it collects and processes. It is committed to compliance with the requirements of the Data Protection Acts and the General Data Protection Regulations of May 2018.
DACTEC recognises its responsibilities and will comply with, all relevant statutory legal requirements. It recognises its obligations to manage and achieve adequate standards of Data Protection on behalf of any Customers, Suppliers, employees or others, who provide it with Personal Data. It recognises its responsibilities in terms of the collection of, storage of, retention of, sharing of, providing access to and the correction of inaccurate information. It recognises the rights of individual data subjects to access to, to the correction of, deletion of or portability of their data, and will comply with the GDPR in this regard – or will provide a full explanation where any conflict arises as set out in this policy.
It will carry out a regular audit of the types of personal data which it holds and processes. It will assess the risks associated with the data it processes and will take the necessary measures to keep it safe and to comply with the legislation. It will provide appropriate instruction, training, information and supervision of any person who may process the data. It will provide for review periodically, in light of experience and changing circumstances in the future, but at least annually.
The legal basis for the processing of data in DACTEC is by explicit consent and as a necessary requirement for the provision of Customer support. The processing may also comply with the legitimate interests of the DACTEC Representative and the employee (employment contracts).
The purpose of collecting personal data from Customers is to use this to communicate with them and support them with their chamber needs.
The data may be stored in a variety of means as set out in this policy. All data is kept secure and considered confidential. Data may be shared with chamber manufacturers and will only be shared with other third parties with the written consent of the data subject as set out in this policy.
The retention period for personal data is normally 10 years except in exceptional circumstances.
It is recognised that in co-operating with this policy Customers, employees and others will comply with the requirements of this policy. They will report any concerns about data protection to the company without delay so that such concerns can be investigated.
Date: 25th May 2018
David Toner M.D and Data Protection Officer, DACTEC Ltd.
DACTEC is an Irish based and owned Company founded in 2008. It sells and supports production and test chambers.
The Customer and Supplier personal data we collect is as follows:
The Employee personal data we hold consists of address and phone numbers. All Employees are members of DACTEC’s owning family.
DACTEC employs 2 Directors full time, the M.D./Sales Engineer and the Sales/Business Development Manager.
All DACTEC staff, Customers and Suppliers, will co-operate fully with the arrangements made by DACTEC, as set out in this policy, for the protection of Personal Data.
Anyone with concerns about Data Protection issues should immediately report all such concerns to the M.D., so that they can be investigated and acted upon appropriately without delay.
Any employee, or other person, is expected to comply with the requirements of this policy so that DACTEC may remain compliant with the Data Protection Acts and the GDPR.
Any employee, or other person, is expected to avoid causing a breach of Data Protection by any of their actions.
Any employee, working as a data processor, is reminded that they have specific statutory responsibilities under the Data Protection Acts and the GDPR.
When advice and persuasion fail, and Customer, Supplier, an employee, or other person continues to fail to comply with the requirements of the Data Protection Policy, it is the policy of DACTEC to pursue the matter through an appropriate disciplinary code or other appropriate action.
Compliance with the arrangements set out in this Data Protection Policy is required of all employees, Customers and Suppliers.
Compliance with the arrangements set out in this Data Protection Policy will be a requirement of securing contracts / the provision of services or products. Where a Supplier fails to comply with, or to heed, representations made to him / her by the M.D., then DACTEC may seek to cancel the contract forthwith.
A statement of Policy will be prominently displayed in the office area.
The Data Controller for this business is the M.D..
All personal Data is collected and used for the purposes of support of the Customers.
Customers, Suppliers or others with any concerns about matters related to Data Protection should discuss these directly with the M.D., who is the Data Controller, and as such has the ultimate responsibility for such matters.
For the purposes of this policy, the Data Protection Officer is also DACTEC’s Data Controller as it a small business with a minimal management structure.
DACTEC’s M.D. will consider all such concerns expressed and will act to minimise any risks identified as he sees fit. In the event of a Breach of Data Protection, he will respond in accordance with the procedures set out in this policy.
Because of the size of DACTEC, no formal system or arrangement has been made for consultation with Customers, Suppliers or others in matters of Data Protection. All such matters should be discussed directly with the M.D. Employees of the Company will be proved with training to ensure adherence to GDPR.
The Personal Data that DACTEC collects and processes is as follows
DACTEC stores the Personal Data records it has collected in the following manner:
All of these are stored on the DACTEC PCs and the M.D’s mobile phone.
All of these devices are password protected and backed up securely.
DACTEC shall seek appropriate valid consent from the Customers or Suppliers before any personal data is collected.
Consent for Data Protection Purposes
There are new and specific requirements with regard to consent when collecting and processing personal data. This data / information must be
A Customer, employee or Supplier has the right to withdraw consent for Data processing at any time and exercise of this right must be notified to DACTEC.
The M.D of DACTEC – the Data Controller, will provide a form on which to record consent for data processing. This consent form will form part of the audit trail.
This policy applies to all employees working for DACTEC.
It is the responsibility of all employees to ensure that consent is obtained for all interactions.
Obtaining Consent
Consent is a Customer, employee or Supplier’s agreement for DACTEC to collect their personal data. This consent will be recorded on a consent form.
Anybody has the right to refuse consent for data collection, storage or processing. But this may make it impossible to carry out Support of our Customers.
Consent for Data Collection, Processing and Retention – DACTEC Ltd
DACTEC collects and uses personal data on the basis of your explicit consent having been given when you gave us your contact details, and in order to support your chamber needs. Your personal data will not be used for any other purpose.
Your data will be processed in a fair manner and retained by DACTEC for a period of 10 years after your last interaction with us. Your data will be stored securely and protected during this time.
Your data will not be subjected to automated processing by DACTEC.
You have a number of rights in relation to your personal data held by DACTEC. These include
The Data Controller and the Data Protection Officer is the M.D.
Privacy Notice
How your information will be used
This includes using the information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings.
If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
In limited and necessary circumstances, your information may be transferred outside of the EU. We have in place safeguards to ensure the security of your data.
The Company CEO is the Data Controller and processor of data for the purposes of the DPA and GDPR.
If you have any concerns as to how your data is processed you can contact:
David Toner Tel: 0872370674 Email: contact@dactecltd.com
M.D & Data Protection Offer.
DACTEC will provide access to a full copy of the personal data which it holds on any individual on receipt of a written request for same. An informal request will be sufficient to begin the process of retrieval and copying of the data.
The data will be made available to the data subject on receipt of a written request. The written request must identify the data subject clearly and specify precisely what data of theirs the request applies to. The request in writing permits the company to maintain a clear audit of its records.
A copy of the data record will be provided in hard copy and either delivered by
The transfer of the data record needs to be documented and recorded itself to provide an audit trail.
Electronic copies can only be provided where it has been requested in this format and will be sent to a specified email address that is specific to a named recipient as set out in the original written request for the access / copy of the record. A ‘read’ or ‘opened’ or ‘delivery’ receipt will be requested from the email service provider in order to provide an audit trail.
Alternatively, the data subject may provide a media device where the electronic record can be transferred and a written confirmation of receipt will be requested.
All email that includes personal data will be sent to specific named individuals email addresses.
Where a request is made to correct the data record the request to do so must specify exactly which data in the record is incorrect, and if possible indicate what change needs to be made in the record in order to correct it.
Where a conflict arises between the rights of the data subject and the data controller – DACTEC – the M.D. will make contact with the data subject and outline the nature of and implications of the conflict, in order to achieve a mutually agreeable solution. i.e. where the data subject may request deletion of a record but there is a legal requirement for the company to retain it.
Once the requested change or deletion of a record has been completed the Company will provide confirmation of having done so to the data subject.
DACTEC will not normally share your personal data with any other person or organisation. It is the policy of the Company to seek and receive your permission prior to doing so.
Your consent will be required to share any information about you with any other third party. Your consent will be sought and recorded in your personal record notes.
A written request will be required whether from you, the data subject, or from the third party themselves setting out clearly whom they wish information about, what information they require, when they require it, the purpose for which they require it and how it should be provided.
Any request from a third party will be checked with you, the data subject, before any information is shared.
A record of the request and the transfer of data will be made in the personal record.
All personal data shared will be transferred to a specific individual either directly by hand, by mail to a specified person or by email to a specified personal email address. In the latter case, the file may be password protected / encrypted and the password provided separately from the electronic file.
Records will be included in any sale of the company and should be considered as a transfer of ownership and thus needs to be recorded
This Company will not share retained personal data with third parties for advertising or marketing / promotion purposes.
It is the policy of this Company to retain the Personal Data it has processed for a period of not less than 10 years from the last interaction with the data subject.
All retained records containing personal data will be stored safely, securely and in such a way as to preserve its privacy and confidentiality.
Access to personal data will be restricted to those who reasonably require it in order to perform their work within the Company.
Personal Data will not be shared with other persons other than by the expressed consent of the data subject.
Archived records older than ten years have been retained in case they were needed in the past. It is the policy of the Company to gradually begin reviewing these records and where no reason is found to retain them they will be destroyed or anonymised.
Records will be reviewed on an annual basis. Records that are older than 10 years, that have no apparent reason for retaining them longer, will be deleted.
Records that are held beyond this period where possible will be anonymised. Where a record is retained and cannot be anonymised an explanation will be provided to the data subject and a further consent to retain the record will be sought.
Destruction of the records will be arranged in such a way as to ensure the safety and confidentiality of the data.
This company will not share retained personal data with third parties for advertising or marketing / promotion purposes.
Paper records
Employment and other HR Records are kept on password protected computers.
Electronic / Digital Records
The standard of encryption required to adequately secure data changes with advances in technology. Whole-disk encryption of 256-bit strength should meet the requirement at present and is provided by the current PC.
The company computer / PC is protected by a password
The PC is provided with antivirus protection that provides daily updates and up to the minute protection for internet security.
The WIFI internet used within the company is password protected.
Other Data
The premises are protected by an alarm system when the company is not in use.
Reporting Data Breaches
Once detected all data breaches will be reported directly on the DPC website at the following link which provides detailed information on dealing with breaches.
More information is available at the following webpage data security breach Code of Practice
The Breach will be reported to the following contact options.
All information that may identify an individual is considered personal data. Therefore, the concept of good housekeeping practice is inherent in keeping personal information private and confidential.
All phone conversations should be conducted in a manner to maximise the privacy of the persons involved. Use of names and phone numbers in public areas in association with other business details should be avoided.
Careful use of PCs will allow Customer data to be kept safe and confidential. The PC is provided with appropriate levels of software protection, anti-virus protection etc.
Sending E-mails
Content
Attachments
Sensitive Information
Receiving E-Mails
The responsibility for all data protection lies with DACTEC, the M.D and Data Protection Officer.
As the person responsible for all aspects of Data Protection, he is also responsible for Detection of and reporting of Breaches of Data security.
Under GDPR requirements on detection of a data breach DACTEC will report the breach to the DPC within 72 hours, unless the data was anonymised or encrypted.
It is the policy of this company to inform the individual(s) impacted by the breach and to keep them informed of progress of investigations + remedial actions taken.
If a data breach is discovered immediate action will be taken to minimise any further loss of data or unauthorised access to the data.
Disconnect the PC and other devices from the internet. Disconnect the internet modem from the phone line
Determine the extent of the breach and what data is affected / has been compromised and whose data it is.
Determine who has perpetrated the breach and how. Take steps or advice on how to close the breach and prevent further exploitation of this security weakness.
Prepare a report for the DPC and submit it within 72 hours or sooner if possible.
Anyone acting suspiciously or apparently trying to gain access to data is warned that this is unacceptable behaviour. Failure to correct such behaviour or persistence with it will result in their exclusion from the premises.
Specialist guidance will be sought from the website hosting company about apparent irregularities. The company website has information for public consumption but no direct personal data is collected or stored in any database as part of the website.
| No | Data Hazard / Risk | Risk Level | Control Measure |
| 1 | Website being hacked | Med | Have suitable protection in place by Hosting Service. Provide protection for website databases where present |
| 2 | Unauthorised access to PC | High | Use password protection for Starting PC Password protection for all users of company software systems |
| 3 | Screens visible by visitors | Low | PC is positioned in our office which is nor accessed by any non-employees. We use a screen auto-logoff. Laptop access is similarly controlled. |
| 8 | Contractors working in premises unsupervised | Medium | Lock PC screen if unsupervised |
| 11 | Phone conversations being overheard | High | Keep phone conversations where sensitive data likely to be discussed to a minimum until alone. |
| 12 | Robbery / theft / unauthorised entry to the premises | High | Always lock the PC |
We collect information from you when you fill out a form.
Any data we request that is not required will be specified as voluntary or optional.
When registering on our site, as appropriate, you may be asked to enter your: name or e-mail address. You may, however, visit our site anonymously.
Like most websites, we use cookies to enhance your experience, gather general visitor information, and track visits to our website. Please refer to the ‘do we use cookies?’ section below for information about cookies and how we use them.
Any of the information we collect from you may be used in one of the following ways:
The email address you provide may be used to send you information and updates pertaining to your order or request, in addition to receiving occasional company news, updates, promotions, related product or service information, etc.
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
Yes. Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymous tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better, however, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at www.dacetecltd.ie/terms-of-use.
By using our site, you consent to our privacy policy.
If we decide to change our privacy policy, we will update the Privacy Policy modification date below. Policy changes will apply only to information collected after the date of the change.
This policy was last modified on 24/05/2018