Amatino Client Data Protection Policy, May 2018
Introduction Your privacy is important to Amatino. This privacy statement sets out how we will protect your data, in line with current Irish and EU legislation, through appropriate organisation and technical security measures/processes. It also describes your rights in relation to that data.
We reserve the right to make changes to this statement, as necessary, and the policy will be reviewed on a yearly basis.
This privacy policy specifically covers the data we hold in our day to day business with you as the client, should you already access our services, and in our communication to you for marketing purposes. If you are a new client, we will seek additional explicit consent, usually by means of written communications such as a letter of engagement where the scope and price of the service will be mutually agreed and the purposes for which we collect and process your data will be clearly set out in writing for you. A full list of your rights under the General Data Protection Regulation is shown below.
How Amatino collects personal data
You can give us your personal data in many ways, e.g. when you ask us to provide you with accounting services, or if you register through our website to receive our regular updates, or when making enquiries about our services.
When we collect data from you we will ensure it is adequate for the purpose and never excessive. We would like to send you marketing communications to keep you up to date with any updates to the range of services available to you, but we will only do so, if you provide us with your express consent. You can change your mind and opt out of this type of communication at any time, by following the directions included in those communications.
All the personal data we hold about you will be processed by our staff in Ireland and no third parties will have access to your personal data, unless there is a legal obligation for us to provide them with this.
Client Engagement
We need to know basic personal data to provide you with our services, and to claim our right to be paid in return for our services, under our standard terms of engagement/contract we have with you. If you do not provide this information, then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need to provide the agreed services.
How we use your personal data
- Provision of Services – we require some personal data in order to provide you with the services you have requested.
- Marketing - we will only send e-mail electronic communications. We will record your mailing preferences. We will use this information to keep the quantity of communications appropriate and to make sure any communications are as relevant as possible.
- Management reporting and business planning - we may produce internal documents, analysing our interaction with clients, to monitor our own activities.
- Data validation - for the highest level of accuracy in the data we hold. This includes contacting you directly to check the data we hold is accurate. This minimises the possibility of sending information to you at an incorrect e-mail address.
- Disclosures required by law - the law can require the disclosure of information for various reasons, in such circumstances we must comply with those requests.
Data Sharing
While doing business with you we may share information with carefully selected organisations we engage with to provide certain services. These include:
- Data storage services, for cloud storage and data management;
- IT providers;
- Financial organisations such as banks and building societies.
Please note that outside of the EU member states, privacy laws may not be equivalent to those provided by the GDPR. In such countries, Amatino and any third party processors will still handle your data as described in this document, ensuring appropriate security measures in line with legislation.
Protecting your data
We ensure the highest levels of security, both with technical encryption and passwords when collecting and processing data, and when your data is in transit and when at rest on the cloud or on our servers. This is regularly reviewed to ensure those measures remain effective and up-to-date with the latest available technologies.
Retention of data
To ensure we can perform our services, we will retain basic data provided to us normally for a minimum of seven years. It is in the legitimate interests of Amatino to be able to do this and to ensure that we can provide support to you for the minimum period allowed under Irish law and regulation. For this reason, we will retain these records only for the period allowed under Irish and EU law and regulation, unless you object or request to engage your right to be forgotten, in which case your details will be deleted from our system and any necessary files returned to you. Our data will be audited twice yearly to remove any data which we no longer need to retain.
When visiting our website, we may use features which collect your IP address and data on which pages you are visiting on our site. Please see our Website Privacy Policy for further details.
Categories of data we collect
- Personal data: name, and title, date of birth, date of marriage, VAT and PPS numbers, bank and company details;
- Contact data: postal address, email address and telephone numbers.
Rights
Current legislation provides the following rights for individuals in relation to their personal data:
- The right to access the personal data we hold on you;
- The right to correct and update the personal data we hold on you;
- The right to have your personal data erased;
- The right to object to processing of your personal data;
- The right to data portability;
- The right to withdraw your consent to the processing at any time for any processing of personal data to which consent was sought;
- The right to object to the processing of personal data where applicable;
- The right to lodge a complaint with the Irish Data Protection Commission.
Contact
If you have any questions regarding this statement or you wish to discuss your data, you can contact Amatino’s Data Protection Representative at liza@amatino.ie or by writing to:
Liza Clancy Amatino First Floor, Market Square House Carrickmacross County Monaghan