Blackglen Corporate Governance Solutions Limited

Privacy Policy Statement

Last updated: 30 March 2020

Definitions

Blackglen Corporate Governance Solutions Limited

(the “Company”, “We” or “CGS”)

 

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016

 

(the “GDPR”)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

 

(“Data Controller”)

 

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

 

(“Data Processor”)

 

Introduction

CGS takes data privacy seriously. This privacy statement sets out how we collect and use personal data that we obtain about you and your rights in relation to that data.  Should you have any questions about  this privacy statement or want to make an enquiry or complaint about how we handle your personal data, please email info@corporategs.ie.

Our role as a Data Controller and a Data Processor

CGS is a Data Controller responsible for your information when you interact with us except where CGS is engaged in the processing of personal data of the directors, officers, duly appointed attorneys or legal representatives, authorised signatories, employees, customers, shareholders, ultimate beneficial owners, or personnel connected with professional advisers or service providers of its clients or affiliated companies thereof, for the purposes of providing corporate administration, corporate secretarial, share trustee, GDPR compliance services, due diligence services or other services pursuant to a contract (the “Services”).

Where CGS is engaged in providing Services, it will be acting as a Data Processor, and the Client will be acting as a Data Controller.

Who do we collect information on?

We collect information on: –

  • Our clients and prospective clients
  • Our suppliers and prospective suppliers
  • Our business contacts
  • Visitors to our websites
  • Visitors to/followers of our social media profiles or individuals who interact with our posts or directly message us on third party social networking sites
  • Our staff and individuals who apply for roles with us; and
  • individuals who we interact with in our dealings with these aforementioned parties or whose personal data is provided to us by these parties in the course of our business.

What data do we collect and why?

(please review all applicable drop-down options below)

From Clients and prospective clients and individuals who we interact with in our dealings therewith or whose personal data is provided to us by these parties in the course of our business.

Types of data we may collect:-

Name

Residential / business address

Email address, phone numbers and other contact details

Social Media profile handles

Job title/ Role / Organisational Seniority

Sex

Age and date of birth

Nationality

Legal domicile and place of birth

Tax ID

Marital status

Bank account details

Source of funds

Proof of address information / documents (and as a result the contents thereof)

Proof of identity information / documents (and as a result the contents thereof)

Sanctions screening and adverse media searches

Family members names

Dietary requirements (for the purpose of arranging catering for meetings / events only)

Reason for collection and / or processing and basis for same

We collect and process this information:-

•to access our ability to provide a prospective client with services and calculate appropriate fee’s for same;
•to comply with our contractual obligations and manage our client relationships including dealing with any disputes/issues which may arise;
•to collect our fees or costs; in providing information on our services and updates that we consider may be relevant to clients;
•to enable us to maintain appropriate business records;
•to identifying where we may make improvements in service delivery;
•to comply with internal policies and procedures (for example our anti-corruption and bribery policy);
•in order to comply with our obligations to check the identity of clients in compliance with anti-money laundering law and regulations; and
•where required by our insurers and other regulatory or tax authorities.

Our legal basis’ for processing this information include the performance of the Client contract, compliance with our legal and regulatory obligations and for the legitimate interests of the administration and operation of our business.  A general retention period of seven years (after the Client relationship ends) will be applied unless there are any legal and or regulatory exceptions which require documentation to be held for longer periods. If you require further information, please contact us.

Where we have been asked to quote for work and are not successful in winning the business data is retained for a period of one year following issuance of the quotation/proposal and then deleted unless in certain circumstances. Please contact us if you require further information.

Our suppliers and prospective suppliers and individuals who we interact with in our dealings therewith or whose personal data is provided to us by these parties in the course of our business

Types of data which we may collect:

Name

Residential / business address

Email address, phone numbers and other contact details

Social Media profile handles

Job title/ Role / Organisational Seniority

Sex

Dietary requirements (for the purpose of arranging catering for meetings / events only)

Reasons and basis for collection and or processing and retention period

We collect and process this information:

•to obtain quotes from and negotiate terms with prospective suppliers;
•to receive services from our suppliers;
•to comply with our contractual obligations and manage our relationships with suppliers including dealing with any disputes/issues which may arise;
•to make contact details and information available to our personnel, clients, auditors, insurers; regulatory and tax authorities or to other parties as we believe is reasonably necessary to receive and to review the provision of those services from suppliers;
•to enable us to maintain appropriate business records;
•to perform analytics — such as trends, business intelligence, profitability and progress; and
•to comply with internal policies and procedures (for example our anti-corruption and bribery policy).
Our legal basis’ for such processing are the performance of the supplier contract and for the legitimate interests of the administration and operation of our business

A general retention period of seven years (after the supplier relationship ends) will be applied unless there are any legal and or regulatory exceptions which require documentation to be held for longer periods. Please contact us if you require further information.

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Business Contacts and individuals who we interact with in our dealings therewith or whose personal data is provided to us by these parties in the course of our business

Types of data we may collect:-

Name

Residential / business address

Email address, phone numbers and other contact details

Job title/ Role / Organisational Seniority

Sex

Social Media profile handles

Dietary requirements (for the purpose of arranging catering for meetings / events only)

Reasons and basis for collection and retention period

We collect and process this information: –

  • to make contact details available to our personnel;
  • in providing information on our services, business developments, industry updates and other updates that we consider may be relevant thereto;
  • to perform analytics — such as trends, business intelligence, marketing effectiveness, uptake and progress;
  • to identify where we may make improvements in service delivery and offer new services; and
  • For direct marketing purposes*.

Our legal basis’ for such processing are the legitimate interests of the administration and operation of our business and in certain circumstances* with the relevant individual’s consent.  Personal data is retained for the length of the business relationship.

If a business contact requests to be forgotten their contact details will be deleted. If a business contact opts out of receiving marketing materials their details will still be retained (as we may still be in contact) but marketing materials will no longer be sent to them.

Visitors to our website

(for the purposes of this policy statement our website includes www.corporategovernancesolutions.ie and all associated sub-pages linked to this domain and others owned by the Company or its subsidiaries or related entities)

Types of data which we may collect

Time and date of your visit

The pages you visit and your physical location when visiting them

Other more specific details like your IP address, the links you click and the route you take through the website.

Your information if you report a problem with our website.

Reasons and basis for collection and retention period

We collect and process this information to improve our website offerings and enhance your online visit to us through the use of analytics cookies and third party cookies.

Please refer to our cookies policy available at http://corporategovernancesolutions.ie/cookies-policy/ for more information in respect thereof including  information on managing your cookies preferences.

Our legal basis for such processing is our legitimate interest to improve our website offerings and enhance your online visit to us.

Visitors to our social media profiles, followers of our social media profiles and persons who interact with us on our social media profiles

(for the purposes of this policy statement our social media profiles include our twitter page at https://twitter.com/CorporateGover4 and https://www.linkedin.com/company/corporate-governance-solutions )

Types of data which we may collect

Social media handles

Personal information which you may disclose / post on social media including but not limited to:

•Name

•Residential / business address

•Email address, phone numbers and other contact details

•Job title/ Role / Organisational Seniority

Other personal information you may disclose to us when interacting with us on social media

 

LinkedIn Specific:

Information made available to us by LinkedIn Ireland Unlimited Company in respect of your interactions with us on LinkedIn including :

•your views of our social media posts

•your physical location when viewing, reacting or interacting with our social media profiles and related posts
•your shares and reactions of our social media posts
•the links you may click on our social media posts

Please note Linkedin consider themselves the controller of your data in most instances and you should familiarise yourself with their privacy policy which is available via their website.

Twitter Specific:

Information made available to us by Twitter, Inc. and Twitter International Company in respect of your interactions with us on Twitter including : –

•your views of our social media posts
•your shares and reactions of our social media posts

Please note Twitter considers itself the controller of your data in most instances and you should familiarise yourself with their privacy policy which is available via their website.

Our staff and individuals who apply for roles with us

Note: The below acts as a summary and should not be deemed comprehensive notice regarding processing activities and data collection or related matters. All current staff should refer to the Employee specific data privacy notice provided to them for a more comprehensive outline of data collection and processing activities undertaken in respect thereof. All prospective staff / candidates should refer to the privacy notice for each post advertised for further information as to how we process applicant data. If you require a copy of same, please email info@corporategs.ie

Types of data which we may collect

Recruitment related data and information on your personnel file – these include your name, signature, postal address, nationality, email address, fax number, social media handles /profile information,  date and place of birth, nationality, curriculum vitae, bank  account details, tax  identification, credit history, signatures, references, work  and educational history, interview notes and other contact details, right to work documentation, your PPS or social security  number (or equivalent); passport number; utility  bills, photographic  identification and verification such as  copies  of your passport, passport number, gender, drivers  licence and address verification, photographs, working hours, annual leave and other holiday records, emergency contact details, marital status, next of kin and family details.

Payroll information – these include bank account details, salary arrangements, bonus entitlements and allowances.

Performance, grievance and disciplinary details – these include performance and grievance review forms, notes from performance review and grievance investigation meetings, performance improvement and grievance plan documentation, witness statements, complaints.

Information obtained through electronic means-these include emails stored in your email inbox, data relating to your internet browsing history, CCTV footage and other Information obtained through electronic means such as swipe-card records

Medical information and pension details

Special categories of more sensitive personal information

Reasons and basis for collection and retention period

We collect and process this information:-

  • to ascertain a candidate’s suitability for a specify role
  • to communicate with prospective employees / candidates about the recruitment process
  • to establish a candidate’s or employee’s identity and determine the terms on which a candidate may work with us
  • to manage an effective recruitment process
  • for vetting or screening purposes or fitness and probity assessments or to obtain information from employment or credit reference agencies or previous employers
  • for the duration of the employment relationship, to manage and administrate same in accordance with company policies and procedures and in line with legal obligations
  • to pay employees and (where relevant) deducting tax and national insurance and other contributions
  • to ensure employees health and safety at work, assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
  • to afford natural justice and fair procedures (where relevant);
  • to conduct employee performance reviews, manage employee performance and   determine   performance requirements including decisions about promotions and pay reviews;
  • to protect the data subject’s vital interests (or those of another individuals) in the event of an accident or emergency;
  • to make decisions about the continuation of our relationship with an employee, to properly manage the termination of an employee relationship and following the termination of the relationship in accordance with relevant policies;
  • to comply with our legislative and regulatory obligations in connection with our dealings with our employee’s including pension law,  revenue  law,  health  and  safety  law,  taxation,  crime-detection, crime prevention, crime investigation and prosecution, the prevention of fraud, bribery, anti-corruption, tax evasion, to prevent the provision of financial and other services to those who may be subject to economic  or trade sanctions, In response to legal or court requests  or requests  from regulatory authorities or where it is in the public interest;
  • for quality control, business and statistical analysis, market research or for tracking fees and costs or for customer service, training and related purposes
  • to communicate with employee’s by way of notice pursuant to applicable legislation or our constitution or circulating reports or other correspondence to employees;
  • to enable us to maintain appropriate business records;
  • to ensure network and information security, including preventing unauthorised access to our computer and electronic communications system and preventing malicious software distribution;
  • for tax reporting purposes where required;
  • to assess an employee’s / prospective employees’ education, training and development requirements;
  • to manage education, training and development programme delivery to employees;
  • to monitor equal opportunities;
  • to respond to, evaluate or deal with any queries, complaints or legal issues in relation to a candidate or employee/employees.
  • to conduct internal and external audits and, where necessary, investigations;
  • to establish, exercise, defend or gather evidence relating to any legal claims, litigation or grievance or disciplinary hearings.

Our legal basis’ for such collection and processing are  that this is necessary for the purposes of our legitimate interest in recruiting new personnel; our legitimate interests to conduct our business in a responsible and commercially prudent manner and dealing with any disputes that may arise; our legitimate interests to prevent, investigate or detecting theft, fraud or other criminal activity; our legitimate interest of the administration and operation of our business, our legitimate interest of  pursuing our corporate and social responsibility objectives; fulfilment of our contractual obligations, legal obligations or regulatory obligations; in certain limited circumstances, where we need to protect your interests (or someone else’s interests) or where it is needed in the public interest or for official purposes. In certain circumstances we may also rely on consent as a basis’ for such collection and processing.

CGS will not process prospective staff / candidates or current employee’s personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms.

Recruitment data for successful candidates and employee data will be retained for the duration of the employment relationship with us and for such a period of time after the relationship ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise.

For unsuccessful candidates / prospective employees who are not recruited CGS will process and store the relevant personal data no longer than is necessary for the recruitment process. In addition to using prospective employee / candidate data for the position for which the relevant individual has applied, CGS may retain and use a prospective employee/candidates personal data to consider them for similar positions only with your explicit consent and for a maximum period of 6 months. If you inform us that you do not want to be considered for other positions, CGS will delete your personal data within 4 weeks after completion of the hiring process.

Where do we obtain your Personal Data?

You provide some of this data directly to us. Information is provided by you:

  • When you respond to a request pertaining to compliance with legal obligations, for example in the area of company law, anti-money laundering and counter-terrorist financing laws and regulations, market abuse regulations, taxation laws and regulations;
  • When you are or may be appointed as a director, officer, duly appointed attorney, legal representative or authorised signatory of a Client company, are a customer or employee of a Client company, or subscribe for shares in or are an ultimate beneficial owner of a Client company;
  • When you enter into an employment relationship with CGS, or when you send us a copy of your resume or curriculum vitae for recruitment purposes;
  • When you interact with us on social media;
  • When you act on behalf of a professional adviser or a service provider to a Client company; and
  • When you send us your information in a professional or personal capacity to enquire about the provision by CGS of services to your company, or to another party.

We also obtain data from third parties. These third-party sources vary over time, but have included:

  • Data vendors, such as those providing information on filings made with the Companies Registration Office in Ireland and with the Companies House in the United Kingdom;
  • Recognised screening tools which are used to supplement the data collected for the purposes of compliance with anti-money laundering and counter-terrorist financing laws and regulations, in addition to compliance with financial sanctions obligations.
  • Data obtained directly from Clients;
  • Legal advisors that have been engaged for the purposes of the establishment of an entity or the completion of a transaction.
  • The parent or affiliated companies of Clients, and other third parties involved in Client transactions;
  • Previous service providers to an existing third-party company, in circumstances where files are transferred to us as the incoming service provider;
  • Where you have chosen to make your information publicly available on social media, we use this information to assist us in our efforts to comply with applicable anti-money laundering and counter-terrorist financing laws and regulations;
  • For recruitment purposes, from recruitment agencies and/or recruitment websites and social media applications; and
  • Publicly available sources such as open government or regulator databases, or other data in the public domain.

 

Where do we store your personal data and our security measures

The personal data that we process can be stored on the systems of CGS, on Client systems, or on third-party systems accessed by CGS for the purposes of providing Services. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, alternation, disclosure or destruction. For example, we store personal data you provide on computer systems that have limited access. We will continue to revise policies and procedures and implement additional security features as new technologies become available.

Although we will do our best to protect your personal data, CGS cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.

Recipients and Categories of Recipients

 CGS share information we have about you in accordance with this data privacy notice with:-

  • Other group or affiliated entities;
  • Our professional advisers (including tax advisers, legal advisers, accountants) and auditors;
  • With other third-party service providers engaged by CGS, such as the providers of health care or pension scheme solutions, cloud service providers, IT service providers, record retention firms, marketing firms, third party screening firms, training providers and translators. In such cases, these service providers must abide by data privacy and security requirements which are at least equivalent to the standards applied by CGS;
  • With other professional advisers to or service providers of Clients for the purposes of providing the Services as may be necessary in connection with the performance of contractual obligations, or in circumstances where information is provided to facilitate compliance with applicable anti-money laundering and counter-terrorist financing obligations;
  • third parties where we are under a legal obligation to transfer it to that third party or where we provide it on behalf of a client who is under such legal obligation;
  • Our shareholders and prospective sellers or buyers of any of our assets or business;
  • With third parties generally when you have requested us to do so;
  • A third party where it is necessary to protect the vital interests of the data subject or another natural person; and
  • When we have a good faith belief that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other governmental agencies. 

 

Special Categories of Personal Data

Where we act as data controller in respect of any special category of personal data, we do so in complete compliance with the Article 9 requirements of the GDPR and have appropriate safeguards and protections in place to protect such personal data. Special category personal data will only be processed where necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.

Transfers of personal data to non-EEA countries

We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.  This may be because you have instructed us or where we enter into standard European Commission approved data protection contracts.  Remote access to our systems is on authorised devices only and appropriate technical safeguards are applied to protect personal data.

Links to other sites from our Website or Social Media Posts

Our website (and Social Media Posts) may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

CGS does not conduct Automated Decision Making 

CGS will not use your personal data for automated decision-making purposes (including profiling).

CGS has not appointed a Data Protection Officer

The GDPR requires that a firm or body designate a Data Protection Officer (“DPO”) in the following circumstances: –

  • where the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  • where the core activities of the controller or the processor consist of regular and systematic monitoring of data subjects on a large scale; or
  • where the core activities of the controller or the processor consist of processing on a large scale of special categories of data and personal data relating to criminal convictions.

As these circumstances do not apply to us, you are advised that we have not appointed a DPO for the purposes of GDPR.

Data Subject Rights

To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:-

  • The right of access enables you to receive a copy of your personal data;
  • The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you;
  • The right to erasure enables you to ask us to delete your personal data in certain circumstances;
  • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances;
  • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party); and
  • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

If you wish to exercise any of these rights, please contact us (see How to Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

In limited circumstances (such as our use of social media), we may act as a joint controller with another party.  In such circumstances, upon your request to exercise any of the above rights we will advise you if there is another controller who you should contact.  Please note that any other joint controller will also have its own privacy policy.

You also have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Commissioner is the lead supervisory authority of CGS. You can find your local supervisory authority on https://ec.europa.eu/info/law/law-topic/data-protection. Prior to making a complaint we would ask that you contact us to attempt to resolve the issue.

Statutory or Contractual Requirement to provide Information

When collecting your personal data is mandatory (either under applicable law or in accordance with a contractual requirement), this will be stated at the time of collection of the personal data.

Changes to this Privacy Statement

We may change this Privacy Statement from time to time.  If we make changes, they will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.

Each time you use this website the then current Privacy Statement will apply and you should review it each time you use the website to satisfy yourself that you are happy with it. 

How to Contact Us

If you have a privacy concern, question or complaint, or you wish to exercise any of your rights as a data subject, please do not hesitate to contact us by email at Info@corporategs.ie