A&L Goodbody takes data privacy seriously. This statement sets out how we, as a data controller, collect and process personal data about:
- visitors to our websites
- individuals who apply for jobs through our website
- subscribers to or users of our online services
- individuals who we communicate or interact with in the course of our business
- individuals whose personal data is provided to us in connection with the provision of our services
- individuals who attend events which we organise or sponsor
- individuals who are employed or engaged by suppliers of goods or services or parties tendering to provide goods or services
Our "websites" includes this website, all our associated sites (such as our knowledge sites and blogs) and our social media pages. This statement also sets out information about data subject rights and our obligations under data protection law.
1. INFORMATION THAT WE COLLECT
There are instances where we invite or request individuals to provide us with their personal data, including through our websites or at events which we organise or sponsor. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email, at events or via our websites.
In providing our services, we may also receive personal data directly or indirectly, including from publicly accessible sources. Categories of such personal data include: names, addresses, contact information and other information that is relevant to the provision of our services.
At any events which we organise or sponsor, directly or with other third parties, we may have a photographer or a videographer present and we may capture your image. We may use or make any images available on our websites, social media sites or in printed material. If you have any objection to this, you can inform the photographer or videographer or notify any of our staff at the event.
We may also receive your personal data directly or indirectly where you work for or represent one of our suppliers or a party tendering to provide goods or services to us, in connection with services or goods we receive from that supplier. Categories of such personal data include: names, addresses, contact information, your job title, your IP address, our correspondence with you or with the supplier you represent or are engaged by, about you, financial information and other information that is relevant to the receipt of those services or goods. Where we need to provide or allow you to have access to our systems or premises, for security reasons, we may monitor and record that access and retain your identification photograph.
Information communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.
In the context of the COVID-19 pandemic we may request certain health and related data from you in advance of attendance at any of our offices. This includes whether you have been diagnosed with or are displaying symptoms of COVID-19 or whether you have been advised by a doctor to cocoon or self-isolate. You may also be asked to confirm if you have been in close contact with a person who has been confirmed or is a suspected case of COVID-19 and advise of any travel outside of Ireland within certain timeframes.
2. HOW WE USE PERSONAL DATA
The purposes for which we use personal data and the legal basis for why that processing is necessary or permitted are:
|Purpose(s) for Processing||Legal Basis|
|Communicating with you, our clients or other persons in the course of our business||(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in organising events, managing and improving our business and services and providing services provided such interests are not overridden by the rights and interests of the data subjects concerned|
|Providing our services to clients and managing and improving our business and services||As above|
|Maintaining and operating our websites||To support our legitimate interests in organising events, managing and improving our business and services and providing services provided such interests are not overridden by the rights and interests of the data subjects concerned|
|Use of images obtained through film/photographs in printed or online media (including our websites)||As above|
|Marketing about our firm and services and events||(a) To support our legitimate interests in organising events, managing our business and providing and improving services, provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent – which you may withdraw at anytime|
|Processing of job applications||(a) To perform or enter into a contract with the data subject; (b) to support our legitimate interests in managing our business and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned|
|Managing the goods and services we receive (including contract management, managing security and access to our systems and premises, payment of invoices and assessment of our suppliers or parties who tender to provide goods or services to us)||(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in (i) performing a contract with our supplier who you work for or represent (ii) ensuring the protection of our systems and premises and (iii) assessing our suppliers or tenderers, provided such interests are not overridden by the rights and interests of the data subjects concerned|
|For the prevention and detection of fraud, money laundering and other crimes or for the purpose of responding to a binding request from a public authority or court||To comply with our legal obligations|
Transferring information to third parties, including to our own service providers
|(a) To support our legitimate interests in managing and improving our business and services and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned; (b) to comply with our legal obligations; or (c) to protect vital interests.|
|For public interest reasons in the area of public health including protecting against serious cross-border threats to health||To comply with any legal or regulatory obligations and any public health requirements.|
We will retain personal data only for as long as necessary for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject; and for the exercise or defence of legal claims that may be brought by or against us.
We will retain personal data about job applicant candidates for no more than one year. Any health data collected in the context of managing health epidemics or pandemics will be retained for only so long as is necessary, and, in any event, no longer than one month. Our retention practices may be reviewed and updated from time to time in line with legal requirements and best practice.
3. DISCLOSURE OF YOUR INFORMATION
We may disclose personal data to:
- Third parties, including cloud service providers, who provide a service to us
- A public authority in the event that we are required to do so by law
- A third party where we are under a legal obligation to transfer it to that third party or where we provide it on behalf of a client who is under such legal obligation
- A prospective seller or buyer of any of our assets or business
- A third party where it is necessary to protect the vital interests of the data subject or another natural person
- Third parties who we partner with to organise or sponsor events
- Third parties who tender to or provide services or goods to us
To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
4. LINKS TO OTHER SITES
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
5. DATA SUBJECT RIGHTS
To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
- The right of access enables you to receive a copy of your personal data
- The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
- The right to erasure enables you to ask us to delete your personal data in certain circumstances
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances,
- The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
- The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
6. SECURITY AND WHERE WE STORE YOUR PERSONAL DATA
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our Site, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
7. CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to change this statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this statement. However, if we make material changes to this statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review this statement periodically for updates..
8. CONTACT US
Questions, comments, requests and complaints regarding this statement and the personal data we hold are welcome and should be addressed to PrivacyOfficer@algoodbody.com or by writing to A&L Goodbody IFSC, North Wall Quay, Dublin 1. All requests will be dealt with promptly and efficiently.
Last updated: July 2020