The meaning of Personal Data
“Personal Data” is defined in the data protection laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.
Collection and Use of your Personal Data
When using the Sites you may have an opportunity to provide us with Personal Data which can identify you, such as your name, email address, home address, telephone number, social media account ID etc. This includes, for example, information you provide when you participate in social media functions on a Site, enter a competition, promotion or survey, when you fill in a form or report a problem with a Site.
Please do not disclose sensitive Personal Data to us via a Site, such as information relating to your racial or ethnic origin, political opinions, religious or other beliefs, physical or mental health, criminal background, etc.
Personal Data which we collect from you will only be used for the purposes for which it was provided by you.
The categories of Personal Data we may collect, the purpose and the lawful basis
Personal Data collected from you include the following:
|Categories of Personal Data||Purpose||Lawful basis|
|Application data (e.g. name, CV, contact details)||Processing of this personal data is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews.||Processing is necessary for us to take steps to consider entering into a contract with you and, if your application is successful, to enter into a contract with you.|
|Contact information in general (e.g. full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers)||Managing and responding to your queries.||Performance of contract and legitimate interests – it’s important that we can respond to your enquiries.|
|Browsing information (IP address, browser information) and information processed via cookies and analytic tools (see details below in section 9 Cookies Policy)||(1) Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality.
(2) Re-targeting and marketing tailored information to our users.
|Legitimate interests – we perform this monitoring to make sure our Sites work properly, to diagnose any problems with our server and to administer our Sites. The purpose described on the left under (2) also constitutes our legitimate interests.|
|Contact Information for Marketing (full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers)||Sending you marketing information, in particular information and updates in relation to our business, products and services and allowing you participate in promotional and marketing activities and to refine our marketing strategies if you have subscribed for and consented in the receipt of such information or participation in promotional and marketing activities.||Your explicit consent.|
|Personal data included in business correspondence and related documents, e.g. name, e-mail address, postal address, phone number, query details||Communicating with our current and prospective customers, suppliers, members and business associates (in particular via e-mail), e.g. during commercial negotiations, in contemplation of or during the performance of a contract, or to address a query.||Performance of contract and our legitimate interests to conduct business with you.|
|All information||Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity.
Complying with instructions from law enforcement agencies, any court or otherwise as required by law.
For our general record-keeping and customer relationship management.
Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation.
Resolving any complaints from or disputes with you.
|Legitimate interests (see column on left).|
We do not hold more data than is necessary for the purpose for which we collect it. We do not collect or keep your Personal Data for any longer than is necessary for the purposes for which it was collected or as required by law.
Keeping you informed and direct marketing
With your consent and where relevant we will keep your name, address and/or contact details (including telephone numbers and/or email addresses) in our databases and may from time to time use that information to make you aware of our own related products and services as well as updates on developments in our industry sector generally which may be of interest to you. We may contact you in writing, by telephone, fax or email for this. If at any time you decide that you do not want your contact details used for these purposes, please tell us (see “Contact us” below).
Right of Access, Rectification and Erasure
You have various rights under data privacy laws in your country. These may include (as relevant): the right to request access to the Personal Data we hold about you; the right to rectification including to require us to correct inaccurate Personal Data; the right to request restriction of processing concerning you or to object to processing of your Personal Data, the right to request the erasure of your Personal Data where it is no longer necessary for us to retain it; the right to data portability including to obtain Personal Data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent. You can also lodge a complaint with a supervisory authority.
If at any time after giving us Personal Data you decide that you would like a copy of the Personal Data or you no longer wish us to hold or use the information, or if that the information becomes out of date or inaccurate, please see “Contact Us” below if you wish to exercise any of these rights (as relevant).
Disclosure of Personal Data to Third Parties
Ornua will not disclose your Personal Data to any third party except as described in this Policy or as otherwise agreed by you.
We may disclose your Personal Data to third parties, including but not limited to as follows:
- to third parties who supply services to us and who help us and our group of companies to operate our business. For example, sometimes a third party may have access to your Personal Data in order to support our information technology or to handle mailings on our behalf;
- to our legal and other professional advisers;
- as necessary in order to comply with a legal requirement, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;
- to regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; and
Due to the global nature of our business, your Personal Data may be stored and transferred to parties located in other countries, including outside the European Economic Area. These other countries will either have different data protection laws than your country of residence or they will not have data protection laws. They may not be deemed by the European Commission as providing adequate protection for Personal Data.
In particular, we may store your Personal Data on servers in the United States of America. The US are not deemed by the European Commission to have adequate protections for Personal Data. Steps will be taken to put in place safeguards (including around security) to protect your Personal Data when it is in these other countries. This may include the use of European Model Clause contracts, where required under applicable law or a Privacy Shield registration, where the recipient is in the US. You can find out what these are online at the following address: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. If you have any questions or wish to be provided with a copy, please contact us (details below). Please note commercially sensitive information may be removed/blanked out from copies supplied to you.
Ornua uses the services of a third party to undertake client due diligence; the Privacy Statement of the third party provider of these services can be viewed here: https://www.refinitiv.com/en/products/world-check-kyc-screening/privacy-statement.
Keeping your Information Secure
We endeavour to use appropriate technical and physical security measures to protect Personal Data which is transmitted, stored or otherwise processed by us, from any unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with our Sites. These measures include computer safeguards and secured files and facilities. Our service providers are also selected carefully and are required to use appropriate protective measures. In certain areas, we use industry-standard SSL-encryption to protect data transmissions. Most current browsers support the level of security needed.
In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Data, (c) ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
Notwithstanding the foregoing, we cannot guarantee the security of any information you transmit to a Site and you do so at your own risk. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the suspected problem.
Collection of Non-Personal Data, Cookies Policy
You can disable cookies using your Internet browser settings. Please consult your browser’s help function for information on how to disable cookies. Note that if you disable cookies, certain features of our Sites may not function properly.
Social Plugins and Social Media Platforms
On some of our websites we use social plugins (also known as “buttons”) of social networks such as Facebook, Google+, and Twitter. When you visit the Sites the buttons are not activated, and they will remain inactive unless you click on one of the buttons. After you click on a button, it will remain active until you deactivate them or you delete your cookies. If you are logged on to a social network, the network can assign your visit to the website to your user account. If you are a member of a social network, you must log out from the social network before activating the buttons on our website, if you do not want the social network to assign data obtained during your visit to our website with your social membership data.
We use Google Analytics on our websites with the extension “anonymizeIP()”, IP addresses being truncated before further processing in order to rule out direct associations to persons.
Microsoft Application Insights
The Sites use Microsoft Application Insights, a web analytics service provided by Microsoft, Inc. (“Microsoft”). Application Insights uses “cookies”, to help the website analyze how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Microsoft on servers in the US. Microsoft will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft’s behalf. Further details can be found at https://docs.microsoft.com/en-us/azure/application-insights/app-insights-usage-overview
Facebook Fan Pages
We may operate one or more “fan pages” on the Facebook platform. Being the operator of such a fan page, we are also the data controller within the meaning of applicable data protection law. This means that we are responsible for the lawful processing of your Personal Data via the fan page and must ensure that you can exercise your data subject rights against us.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) acts together with us as joint controller within the meaning of Art. 26 para. 1 sent. 1 GDPR. You may contact Facebook via its online contact form or by letter to the aforementioned address.
Data about you may be collected via the fan page by means of cookies irrespective of whether you have a Facebook account or not. The use of such cookies is at Facebook’s sole discretion. We do not have any influence in this respect. Your consent is the legal basis for the setting of cookies (pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR); you grant such consent through your use of the Facebook websites. The setting of cookies mainly serves the purpose of showing personalised ads to users of Facebook websites, including fan pages. Advertisements from Facebook’s advertising partners whose websites the user had visited before visiting Facebook are shown to the user on Facebook (including on the fan page). Moreover, cookies are used to compile statistics about how a fan page is used so that we and Facebook can track the use of a fan page.
There is no statutory or contractual obligation on us to collect your data through cookies whenever you use a fan page and such data collection is not a precondition for conclusion of a contract. Therefore, there is no obligation on us, as the fan page operator, to send your data to Facebook. However, the non-transmission of your data (e.g. by means of blocking cookies) would mean that we either could not provide you with access to the fan page at all or we could only grant you limited access.
We have entered into a joint controllers agreement with Facebook, which is obligatory pursuant to Art. 26 para. 1 sent. 2 GDPR (“Controller Addendum”), in particular setting forth the data protection obligations and the implementation of data subject rights. A copy of this agreement can be accessed here.
Retention period or criteria used to determine the retention period
We keep your Personal Data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above.
The criteria we use to determine data retention periods for Personal Data includes the following: (i) Retention in case of queries. We will retain it for a reasonable period after the relationship between us has ceased (up to 12 months) in case of queries from you; (ii) Retention in case of claims. We will retain it for the period in which you might legally bring claims against us (in some countries this means we will retain it for 10 years) if and to the extent we have entered into any contract with you; (iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement.
If your application for employment is successful and you commence employment with us, your Personal Data will be transferred to your personnel file and will be processed for employment purposes. If your application for employment is not successful, we will keep your Personal Data for a limited period (depending on the country where the hiring Ornua entity is located) following notification that your application was not successful in order to (i) defend against potential claims and/or (ii) inform you about future job opportunities (with your consent, where required, and provided you have not objected to be contacted for this purpose).
If you would like further information about our data retention practices, please contact us (see “Contact Us” below).
Links to Other Websites
Amendments to this Policy