General Data Protection Regulation EU 2016/679 (GDPR)
Effective across the European Union: 25 May 2018
DATA PRIVACY STATEMENT
The Company is a Data Controller as defined in GDPR and is committed to protecting and respecting the personal data it processes in the normal course of its business for individual’s resident in the European Economic Area (Data Subjects).
The Company will process personal data in a lawful, fair and transparent manner. For personal data to be processed lawfully it must be required by law (eg for tax, social security orCompany Law purposes), or be part of a contractual arrangement, or be held with the consent of the Data Subject.
Personal data processed by theCompany will normally include the names, telephone numbers and postal and e-mail addresses of Data Subjects with additional information for officers and employees of the Company such as bank account details for payment of fees expenses and salaries, tax and social security information, and employment history.
The personal data of DataSubjects other than data held with ongoing consent will not be retained for longer than is necessary. The Company will make checks at least annually to decide what data should be deleted.
In the event that the Company outsources any processing of the personal data, it will ensure that the DataProcessor it appoints agrees to abide by the requirements of GDPR. No personal data held by the Company will be processed outside the European Economic Area without the consent of DataSubjects.
The Company accepts that the personal data which it holds should be accurate, kept up to date and processed in such a manner that ensures appropriate security. In the event of the Company becoming aware of any breach of data security it will notify the relevant supervisory authority as far as possible within the time limit specified inGDPR.
Data Subjects have the right to request the Company for access to their personal data. They also have the right where appropriate to request rectification, erasure, restriction on processing and data portability. They may also in certain circumstances have the right to object to processing. Where processing is based on consent Data Subjects may withdraw their consent at any time without affecting the lawfulness of prior consent.
The Company as an Irish incorporated SME is not bound by GDPR to appoint a Data Protection Officer but has created the part time role of data administrator within the Company. Any requests for information on personal data should be made in writing and addressed to “The Data Administrator. HallIndustrial Ltd, 5 Churchill, Innishannon, Co Cork. Any complaints about the way the Company handles requests should be addressed to “The Data Protection Commission Canal HouseStation Road Portarlington R32 AP23 Laois Ireland”.
This Data Privacy Statement was adopted by the Company on 17 May 2018.
The Company reserves the right to make such updates as many be appropriate or required by law.