Where do we obtain your Personal Data?
You provide some of this data directly to us. Information is provided by you:
- When you respond to a request pertaining to compliance with legal obligations, for example in the area of company law, anti-money laundering and counter-terrorist financing laws and regulations, market abuse regulations, taxation laws and regulations;
- When you are or may be appointed as a director, officer, duly appointed attorney, legal representative or authorised signatory of a Client company, are a customer or employee of a Client company, or subscribe for shares in or are an ultimate beneficial owner of a Client company;
- When you enter into an employment relationship with CGS, or when you send us a copy of your resume or curriculum vitae for recruitment purposes;
- When you interact with us on social media;
- When you act on behalf of a professional adviser or a service provider to a Client company; and
- When you send us your information in a professional or personal capacity to enquire about the provision by CGS of services to your company, or to another party.
We also obtain data from third parties. These third-party sources vary over time, but have included:
- Data vendors, such as those providing information on filings made with the Companies Registration Office in Ireland and with the Companies House in the United Kingdom;
- Recognised screening tools which are used to supplement the data collected for the purposes of compliance with anti-money laundering and counter-terrorist financing laws and regulations, in addition to compliance with financial sanctions obligations.
- Data obtained directly from Clients;
- Legal advisors that have been engaged for the purposes of the establishment of an entity or the completion of a transaction.
- The parent or affiliated companies of Clients, and other third parties involved in Client transactions;
- Previous service providers to an existing third-party company, in circumstances where files are transferred to us as the incoming service provider;
- Where you have chosen to make your information publicly available on social media, we use this information to assist us in our efforts to comply with applicable anti-money laundering and counter-terrorist financing laws and regulations;
- For recruitment purposes, from recruitment agencies and/or recruitment websites and social media applications; and
- Publicly available sources such as open government or regulator databases, or other data in the public domain.
Where do we store your personal data and our security measures
The personal data that we process can be stored on the systems of CGS, on Client systems, or on third-party systems accessed by CGS for the purposes of providing Services. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, alternation, disclosure or destruction. For example, we store personal data you provide on computer systems that have limited access. We will continue to revise policies and procedures and implement additional security features as new technologies become available.
Although we will do our best to protect your personal data, CGS cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
Recipients and Categories of Recipients
CGS share information we have about you in accordance with this data privacy notice with:-
- Other group or affiliated entities;
- Our professional advisers (including tax advisers, legal advisers, accountants) and auditors;
- With other third-party service providers engaged by CGS, such as the providers of health care or pension scheme solutions, cloud service providers, IT service providers, record retention firms, marketing firms, third party screening firms, training providers and translators. In such cases, these service providers must abide by data privacy and security requirements which are at least equivalent to the standards applied by CGS;
- With other professional advisers to or service providers of Clients for the purposes of providing the Services as may be necessary in connection with the performance of contractual obligations, or in circumstances where information is provided to facilitate compliance with applicable anti-money laundering and counter-terrorist financing obligations;
- third parties where we are under a legal obligation to transfer it to that third party or where we provide it on behalf of a client who is under such legal obligation;
- Our shareholders and prospective sellers or buyers of any of our assets or business;
- With third parties generally when you have requested us to do so;
- A third party where it is necessary to protect the vital interests of the data subject or another natural person; and
- When we have a good faith belief that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other governmental agencies.
Special Categories of Personal Data
Where we act as data controller in respect of any special category of personal data, we do so in complete compliance with the Article 9 requirements of the GDPR and have appropriate safeguards and protections in place to protect such personal data. Special category personal data will only be processed where necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.
Transfers of personal data to non-EEA countries
We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. This may be because you have instructed us or where we enter into standard European Commission approved data protection contracts. Remote access to our systems is on authorised devices only and appropriate technical safeguards are applied to protect personal data.
Links to other sites from our Website or Social Media Posts
Our website (and Social Media Posts) may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
CGS does not conduct Automated Decision Making
CGS will not use your personal data for automated decision-making purposes (including profiling).
CGS has not appointed a Data Protection Officer
The GDPR requires that a firm or body designate a Data Protection Officer (“DPO”) in the following circumstances: –
- where the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
- where the core activities of the controller or the processor consist of regular and systematic monitoring of data subjects on a large scale; or
- where the core activities of the controller or the processor consist of processing on a large scale of special categories of data and personal data relating to criminal convictions.
As these circumstances do not apply to us, you are advised that we have not appointed a DPO for the purposes of GDPR.
Data Subject Rights
To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:-
- The right of access enables you to receive a copy of your personal data;
- The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you;
- The right to erasure enables you to ask us to delete your personal data in certain circumstances;
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances;
- The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party); and
- The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
If you wish to exercise any of these rights, please contact us (see How to Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
In limited circumstances (such as our use of social media), we may act as a joint controller with another party. In such circumstances, upon your request to exercise any of the above rights we will advise you if there is another controller who you should contact. Please note that any other joint controller will also have its own privacy policy.
You also have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Commissioner is the lead supervisory authority of CGS. You can find your local supervisory authority on https://ec.europa.eu/info/law/law-topic/data-protection. Prior to making a complaint we would ask that you contact us to attempt to resolve the issue.
Statutory or Contractual Requirement to provide Information
When collecting your personal data is mandatory (either under applicable law or in accordance with a contractual requirement), this will be stated at the time of collection of the personal data.
Changes to this Privacy Statement
We may change this Privacy Statement from time to time. If we make changes, they will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.
Each time you use this website the then current Privacy Statement will apply and you should review it each time you use the website to satisfy yourself that you are happy with it.
How to Contact Us
If you have a privacy concern, question or complaint, or you wish to exercise any of your rights as a data subject, please do not hesitate to contact us by email at Info@corporategs.ie