home4home.ie Data Protection Policy (GDPR)
Overview
home4home as a Data Controller must adhere to the principles of data protection which are set out in the General Data Protection Regulation (GDPR) and the Data Protection Act (2018). The Company will comply with all applicable data protection, privacy, and security laws and regulations (collectively referred to as requirements) in the locations in which the Company operates.
Purpose of Policy
The purpose of this Data Protection Policy is to set out the requirements of the Company relating to the protection of personal data where the Company act as a Data Controller and/or Data Processor, and the measures the Company will take to protect the rights of data subjects, in line with EEA and Irish legislation. In the course of our work, all employees are required to collect and use certain types of information about people (hereafter referred to as ‘data subjects’ in line with the regulation), including ‘personal data’ as defined by the General Data Protection Regulation (GDPR). This information can relate to employees, contractors, current, past, and prospective employees, suppliers, and others with whom staff communicate. This document sets out to ensure compliance with the GDPR.
Scope of Policy
This policy covers all employees of home4home (“The Company”). It also covers our customers, contractors, sub-contractors, agency staff and authorised third-party commercial service providers and other persons or entities when receiving, handling, or processing personal data as defined by the GDPR. This policy applies to all forms of data including
computer, manual, and CCTV records relating to its data subjects.
Personal Data
‘Personal data’ means any information relating to an identified or identifiable living person (‘data subject’). It is important to note that the definition of personal data now specifically includes information such as identification numbers, location data, and online identifiers. In practice, any data about a living person who can be identified from the data available (or potentially available) will count as personal data.
Data Protection Principles
It is the policy of the home4home that all data is processed and controlled in line with the principles of the GDPR and relevant EEA legislation. The following data protection requirements apply to all instances where personal data is stored, transmitted, processed, or otherwise handled, regardless of geographic location.
- Personal data shall only be processed fairly, lawfully, and transparently
- Personal data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes
- Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which they are processed
- Personal data shall be accurate, and where necessary kept up to date
- Personal data shall not be kept for longer than is necessary for the purposes for which the personal data are processed
- Personal data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place 1) to prevent and/or identify unauthorised or unlawful access to, or processing of, personal data; and 2) prevent accidental loss or destruction of, or damage to, personal data
- home4home shall be responsible for, and be able to demonstrate compliance with, these key principles
- home4home will ensure that data subject’s rights are protected as set out in the GDPR
- Data subjects will be able to request access to data we hold on them through a Subject Access Request (SAR)
- Data subjects can request to change or correct any inaccurate data
- Data subjects have the right to object to having their data processed
- Data subjects can request to delete data that we hold excluding medical records
Data Processing Policy Requirements
home4home as a Data Controller, shall be responsible for, and be able to demonstrate compliance with these GDPR Requirements:
- The Company will process personal data per the rights of data subjects
- The Company will communicate with data subjects in a concise, transparent, intelligible, and easily accessible form, using clear language
- We will only transfer personal data to Third Parties within Ireland and outside of the European Economic Area (EEA) per this policy
- We shall conduct all personal data processing per legitimate GDPR based processing
conditions in particular
Data Storage Limitation Policy
home4home should erase any personal data that violates:
- Data Protection Law
- Data Protection Regulations
- Contractual Obligations
- Requirements of this Policy
Customer Information
All customer’s information is treated in accordance with our Privacy Policy. The personal information requested from the customer is required in order that the Company can effectively provide the customer with a product or service, or it is applied in the course of administering same. The information that the customer provides may be held by the home4home on a computer database and/or in any other way. We may use this information:
- To administer the products and services that we supply to the customer and in the future concerning the works completed under the Contract and to manage and develop the home4homes relationship with the customer
- For direct marketing purposes, where the customer has given the customer’s permission to do so, to advise the customer of products or services
- To carry out searches (including verifying the customer identity and/or a credit search)
- To prevent and detect fraud or other criminal activity and to trace those responsible. If the customer gives us false or misleading information and we suspect fraud or other criminal activity, we will record this and may report the incident to the relevant regulatory authorities.
- To carry out statistical analysis and market research or to instruct a third party to perform this on our behalf
- We may record telephone conversations to offer the customer additional security, resolve complaints, improve our service standards, for completion of contract or resolution purposes. Conversations may also be monitored for staff training purposes
- We may use a third-party service provider to service and post ads on our behalf across the internet. They may collect anonymous information about the customers visits to our websites, and the customers interaction with our products and services. They may also use information about the customers visits to this and other websites to target advertisements for goods and services. This anonymous information is collected through the use of a pixel tag.
- Neither we nor third parties will ever send the customer electronic marketing information unless the customer has positively consented to our doing so. The customer can change the customers marketing contact preferences at any time (above in relation to us contacting the customer for our legitimate business) by clicking the unsubscribe button at the bottom of any email communication the customer receive from us
Information Security
All persons covered under this policy are prohibited from disclosing a data subject’s confidential information (including personal data) unless this policy or a legal basis allows for such disclosures. All persons covered under this policy must report all suspected incidents of unauthorised access to the relevant manager. Incidents include disclosure, loss, destruction, or alteration of patient and service user’s personal information, regardless of whether it is in paper or electronic form.
Third Party Transfer Policy
home4home will not transfer personal data to a Third Party outside of the EEA regardless of whether the Company is acting as a Data Controller or Data Processor unless:
- The EEA recognises the transfer country/territory as having an adequate level of data subject legal protection relating to personal data processing or the EEA recognises the transfer mechanism as providing adequate protection when made to countries/territories lacking adequate legal protection
- The explicit consent of the data subject is required to allow Third Party transfer or transfer is authorised by law
- All reasonable, appropriate and necessary steps have been taken to maintain the required level of Personal Data Protection Subject to the provisions above, the Company may transfer personal data to a Third Party outside of the EEA where any of the following apply:
- The transfer is necessary to protect the data subject’s vital interests; or
- The data subject has given explicit consent to the proposed transfer; or
- The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the Company and a Third Party;
- The transfer is necessary or legally required for the establishment, exercise, or defence of legal claims; or
- The transfer is required by law; or
- The transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest
Third Parties Relationships Policy
Where home4home engages a Third Party for processing activities, this Data Processor must protect personal data through sufficient technical and organisational security measures and take all reasonable GDPR compliance steps. When engaging a 3rd party for personal data processing, the Company must enter into a written contract or equivalent. This contract or equivalent shall:
- Set out respective parties’ responsibilities
- Must ensure compliance with relevant European and local Member State Data Protection requirements/legislation
At the expiry of a data processor contract, the data processor is contractually obliged to return the full dataset to home4home and provide unequivocal evidence that their copy of the dataset is erased.
Third Party Sites
Our Site may, from time to time, contain links to and from the websites of advertisers, affiliates and other third parties. These links to not imply endorsement of these third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Information Automatically Collected via Cookies
We may automatically log information about you and your computer or mobile device when you access our Site. For example, we may log your IP address, computer or mobile device operating system name, version, manufacturer and model, browser type, device identifiers, browser language, screen resolution, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site. Please see our Cookie Policy for more details.
General Notes
home4home reserves the right to make amendments as required to this policy as necessary to meet its GDPR requirements.
Contact Us
You may send any questions, comments and requests regarding this privacy policy to info@home4home.ie.