EG Electrical General Data Protection Regulation Policy
The General Data Protection Regulation (GDPR) is a comprehensive update to European Law that goes into effect on 25 May 2018. The GDPR was designed to along data privacy laws across Europe and empower all EU resident’s privacy and change the way organisations approach data privacy. The GDPR applies to all organisations that hold data for EU citizens, regardless of size.
Ensuring that personal data is secure and properly dealt with is of paramount importance to EG Electrical, and we have made enhancements to processes, products, contracts and documentation to ensure we conform fully to GDPR.
What is considered to be Personal data?
Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can also include IP addresses and mobile device IDs etc.
Sensitive Personal Data is personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to criminal offences and convictions are addressed separately (as criminal law lies outside the EU’s legislative competence). We do not collect or store any sensitive personal information.
Whose data is covered?
EG Electrical collect and store data from suppliers; subcontractors, customers and other parties such as prospective customers and persons using our websites.
EG Electrical collects personal from a multitude of sources. These sources include information provided in correspondence with us, information provided via our websites and other information necessary to conclude transactions and fulfil contractual obligations.
The provision of all personal data is voluntary, but we may require this to deliver a product or service, or respond to communications from you.
You may also provide us with other information through a web form, or participation in chats or community discussions.
We only hold and process data absolutely necessary for the completion of our duties, as well as limiting the access to personal data to those who act out the data processing.
EG Electrical does not knowingly sell products or services for purchase by minors. If an approach is made by a minor, we will require consent from someone with parental responsibility, and shall make reasonable efforts to verify that person is indeed a parental figure.
What is data processing?
Data processing means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EG Electrical does not process personal data for one or more specific purposes without your consent.
We process data necessary for the performance of a contract to which the data subject is party to, or to carry out instructions at the request of the data subject prior to entering into a contract.
We record all of our processing activities. These records are compiled as to conform to Article 30 of the GDPR, and include the purpose for processing, a description of the categories of data subjects and categories of the personal data, categories of recipients to whom the personal data have been or will be discussed, and the envisaged time limit for erasure of the categories of data.
What do we use the data for?
EG Electrical may utilise your personal data for activities such as contract fulfilment, responding to requests for information or quotations, providing information on products and services, monitoring customer satisfaction etc.
You may withdraw your consent, request your data is erased, or exercise your Right to be Forgotten at any time by emailing firstname.lastname@example.org, or writing to our registered office at Unit 117, Ashbourne Industrial Estate, Ashbourne Co. Meath. Any requests will be met within 1-month of the request being received.
The GDPR does not specify an expiry on a consent given, however EG Electrical will delete all consents where no business activity has taken place for 5-years.
How do we protect your personal data?
We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, and information access authorisation controls.
We also ensure that privacy settings are set at a high level by default, and that data protection is designed into the development of business processes for products and services.
A copy of the EG Electrical Information Security Policy is available on request.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
If a personal data breach results in risk to the rights and freedoms of natural persons, EG Electrical will without undue delay and where feasible, not later than 72 hours after having become aware of the breach, notify the data subject to inform them of the breach.
Subject Access Requests
As specified in the Subject Access Request section of the GDPR, an individual is entitled to the information detailed therein, in an electronic format and free of charge. The data subject is entitled to, amongst other things, confirmation as to whether or not the data concerning them is being processed, where and for what purpose.
Any Subject Access Request received by EG Electrical will be actioned within the mandatory response time of 1-month.
EG Electrical does not sell, rent, or otherwise disclose your personal information to third parties without your consent, unless required to operate our business or compelled to do so by law.
Personal data held by us will be accessible by employees of EG Electrical and its affiliated companies.
If you have a question or a complaint about this privacy notice, our privacy standards, or our information handling practices, please contact Mr Eamonn Gallagher, Managing Director, EG Electrical
Effective date: May 1, 2019