EMcG Solutions Ltd Privacy and Data Protection Policy
Introduction
EMcG Solutions Ltd is committed to protecting the privacy and personal data of our clients, customers, and employees in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy laws. This policy sets out our approach to privacy and data protection and describes the types of data we collect, how we use it, and the measures we have in place to ensure its security.
1. Identity and Contact Details of the Data Controller
EMcG Solutions Ltd is the Data Controller. For any privacy-related queries, you can contact our Data Protection Officer, Dr. Eileen McGloin, at eileen.mcgloin@emcgsolutions.com.
2. Purposes for Collecting Personal Data
EMcG Solutions Ltd collects and processes personal data for the following purposes:
- Conducting research and analysis on behalf of our clients.
- Delivering services, including project management and coordination, business coaching and mentoring, and monitoring and evaluation studies.
- Responding to customer enquiries and providing information about our services.
- Fulfilling contractual obligations.
3. Legal Basis for Collecting and Processing Personal Data
Our legal basis for processing personal data includes:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
- Contract: Where the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal Obligation: Where the processing is necessary for us to comply with the law.
- Legitimate Interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests.
4. Retention Period(s)
Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory requirements, and safeguard our legal rights. Specific retention periods are documented in our data retention policy.
5. Third-Party Data Sharing
We may share personal data with third parties, including:
- Service providers and partners who assist us in delivering our services.
- Regulatory authorities and law enforcement agencies, where required by law.
- Other third parties with your consent or as necessary to fulfill our contractual obligations.
6. Data Subjects’ Rights
Individuals have the following rights regarding their personal data:
- The right to access and obtain a copy of your personal data.
- The right to rectification if your data is inaccurate or incomplete.
- The right to erasure (right to be forgotten) under certain circumstances.
- The right to restrict processing under certain conditions.
- The right to data portability, allowing you to obtain and reuse your data across different services.
- The right to object to processing based on legitimate interests or direct marketing.
7. Privacy by Design and Default, and Consent
We implement Privacy by Design and Default principles in our systems and processes to ensure data protection is integrated from the outset. Where processing is based on consent, we will obtain clear and explicit consent from individuals before collecting or using their personal data.
8. Social Media
We use social media platforms to engage with the public and promote our services. Any personal data collected via our social media interactions will be processed in accordance with this privacy policy.
9. CCTV (if applicable)
If we use CCTV, we will display appropriate signage and ensure that the use of CCTV is for security and safety purposes only. Recordings will be kept secure and retained for a limited period.
10. Other Data Controller Obligations
We regularly review our data protection practices and ensure our staff are trained in data protection principles. We also conduct data protection impact assessments for high-risk processing activities.
11. Data Security
We take the security of personal data seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, or loss. We regularly review our security measures to ensure they are up-to-date and effective.
12. Data Breaches
In the event of a data breach, EMcG Solutions Ltd will promptly notify affected individuals and relevant authorities, as required by law. We have procedures in place to detect, report, and investigate data breaches.
13. International Data Transfers
Where we transfer personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect the data, such as standard contractual clauses or binding corporate rules.
14. Complaints to the Data Protection Officer
If you have any complaints or concerns about our use of your personal data, you can contact our Data Protection Officer, Dr. Eileen McGloin, at eileen.mcgloin@emcgsolutions.com.
15. Complaints to the Data Protection Commission
If you are not satisfied with our response or believe we are processing your personal data in violation of the law, you have the right to lodge a complaint with the Data Protection Commission.
Contact Us
For any questions about this policy or our approach to privacy and data protection, please contact our Data Protection Officer at eileen.mcgloin@emcgsolutions.com.