Employee Data Privacy Notice

Employee Data Privacy Notice

 

1. Introduction

This Privacy Notice sets out how we process the personal data of current and former employees, agency workers and interns (collectively the “Employee(s)” or “you”) as a controller. This includes information about who we are, what personal data we collect, why we collect it, who we share it with, why we share it, how long we keep it and your rights.

It is important that you read and retain this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing your personal data, so that you are aware of how and why we are using such information and what your rights are under data protection legislation.

We are Cora Systems Limited (“Cora”, “us”, “we” or “our”). Our address is Unit 7 Mercantile Plaza, Bridge Street, Carrick-On-Shannon Co. Leitrim. We are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which we collect personal data about you that you provide to us.

 

2. Identity Of the Controller of Personal Information

For the purposes of data protection legislation, the Controller is Cora having its registered office address at Unit 7 Mercantile Plaza, Bridge Street, Carrick-On-Shannon Co. Leitrim.

 

3. Contact Details of The Data Protection Officer

The data protection officer appointed can be contacted using the information provided at the below “Contact Us” section.

 

4. When Does This Privacy Notice Apply

This Privacy Notice applies to personal information that we collect, use and otherwise process about you in connection with your relationship with us.

 

5. The Types of Data We Process

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We have set out in the table at Clause 7 a list of the categories of your personal data that we may process. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

 

6. How Do We Collect Your Personal Data

We collect personal data about Employees through the application, recruitment, and onboarding process, either directly from candidates or sometimes from third-party sources such as an employment agency, Recruiter, or publicly available sources (e.g., LinkedIn). We will also collect additional personal data in the course of job-related activities throughout the period of you working for us.

 

7. Why Do We Collect Your Personal Data

We will hold, process, and may disclose your personal data, listed in the table below, for the following purposes:

Personal Data Basis of Processing Purpose of Processing
During the recruitment process we obtain your personal profile and work experience details through online forms, CVs submitted, references, external agencies and any details provided in cover letters. It is necessary for the performance of our contract with you, or to take steps for entering into our contract with you. The use of the data is required to enable us to assess your suitability for a role and to undertake the recruitment process.
Personnel administration data (name, login, employee ID, photo, private contact details, emergency contact data, gender, marital status, date of birth, data on education, professional experiences and qualifications (as provided during the application process), employment contract type, employment status, job level, salary, performance review data, certificates and diplomas, disciplinary sanctions, correspondence, travel expenses, attendance and time keeping data, staff number, login details and IT system identifiers). It is necessary for the performance of our contract with you, or to take steps for entering into our contract with you. This is required to enable us to administer the contractual relationship with you, including the set-up of an electronic personnel file, administer benefits, manage your travel expenses, manage time and attendance keeping.
Performance data It is necessary for the performance of our contract with you. Depending on your job type, we may gather quality and/or quantity related performance data to operate our business and at the same time manage your performance.

Payroll and accounting data (salary, PPS number, social contributions, tax information, bank details, vacation, attendance)

 

 

It is necessary for the performance of our contract with you, or to comply with legal obligations. This is required to enable us to process your salary and benefits, to pay taxes, to comply with its legal obligations (e.g., insurance schemes) and to administer pension schemes.
Health data (sickness, incapacity to work, data related to work accidents) It is necessary for the performance of our contract with you and/or to comply with legal obligations.

Sickness related absence data needs to be processed for payroll purposes; information related to incapacity to work or limitations to work needs to be processed to protect your health.

 

 

Work accidents need to be reported to the competent authorities and social security bodies.

 

Data on work incidents that may encompass health data is processed for compliance reasons and to make your workplace safer.

Security Data (access control, video surveillance data “CCTV”) It is necessary (i) for the performance of our contract with you and (ii) for us to comply with a legal obligation or to protect the vital interests of you or other individuals. This is required for the security of our premises, the protection of our Employees, as well as theft prevention and in general for compliance with legal, regulatory and other good governance obligations.

Communication Data (VoIP communication and directory data, office communication data, name, e-mail, phone)

 

 

It is necessary for the performance of our contract with you. This is required so that you can interact with Employees, customers, and other external parties e.g., via intranet, internet, phone, etc.
Surveys It is necessary to achieve our legitimate interests (see next column). Our legitimate interest is your job satisfaction and workplace improvement.

8. What Happens If You Fail to Provide Personal Data?

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our Employees). We will tell you when we ask for information which is a statutory or contractual requirement or needed to comply with our legal obligations.

 

9. Do We Need Your Consent

In principle, we do not rely on your consent for data use. We may, however, from time to time, (i) ask for your consent to use your personal data for a specific purpose; and/or (ii) process your personal data (including “special category data“) in order to protect your vital interests or the interests of another. If we do so, we will provide you with full details of the data that we would like and the reason we need it. We will also inform you about the fact that you can revoke your consent at any time and how you should do that. Once we have received notification that you have withdrawn your consent, we will no longer process such data and, subject to our retention policy, we will dispose of your personal data securely. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.]

What are special categories of personal data?

Certain categories of your personal data are regarded as ‘special’ including information relating to an individual’s:

  • physical or mental health;
  • religious, philosophical or political beliefs;
  • trade union membership;
  • ethnic or racial origin;
  • biometric or genetic data; and
  • sexual orientation.

We may process special categories of personal data in the following circumstances:

  1. In limited circumstances, with your explicit written consent;
  2. Where we need to carry out our legal obligations or exercise rights in connection with employment or social security law. We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws. We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance;
  3. Where it is necessary for the assessment of your working capacity, where undertaken by or under the responsibility of a health practitioner or someone under an equivalent confidentiality obligation. We will use information about your physical or mental health, or disability status, to assess your fitness to work and to provide appropriate workplace adjustments;
  4. Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to an occupational pension scheme;
  5. Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We will only process data relating to your criminal convictions or offences when permitted by law.

10. What If We Change the Purpose?

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

11. Sharing Personal Data

For the purposes set out above, it may be necessary from time to time for us to disclose your personal data to third parties or agents, including without limitation to the following:

  • third parties (including contractors and designated agents) to assist in the administration, processing and management of certain activities pertaining to Employees which assist us to administer human resources and employee compensation (including payroll, IT, benefits provision and administration);
  • individuals or companies employed by us to carry out specific services, functions or consultancy work;
  • relatives or legal representatives of Employees;
  • regulatory bodies to whom we are obliged or required to disclose information including Workplace Relations Commission, Courts and Court-appointed persons;
  • legal and medical practitioners;
  • pension providers, the trustees or scheme managers;
  • potential purchasers or bidders;
  • relevant Government departments and agencies; and
  • other support service providers necessary to assist us with the above.

12. Third Country Data Transfers

If we transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please see the ‘Contact Us’ section below if you wish to obtain information concerning such safeguards.

13. Automated Decision Making/Profiling

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

14. How Long Do We Retain Your Personal Data For?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an Employee we will retain and securely destroy your personal data in accordance with applicable laws and regulations.

15. How Is My Personal Data Secured

We operate and use appropriate technical and physical security measures to protect your personal data. Third party processors will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Employees, agents and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

16. Your Rights

You have several rights in relation to your personal data, which may be subject to certain limitations and restrictions. These rights are to:

  • access a copy of the personal data we hold about you;
  • request rectification of your personal data if it is inaccurate or incomplete and have us correct any inaccurate personal data about you and complete any personal data that is incomplete;
  • request erasure of your personal data, (this right does not apply for example, where the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims);
  • request a copy of your personal data in a portable format;
  • request a restriction of the processing of your personal data;
  • move (or port) personal data which is automated in certain circumstances;
  • withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you;
  • to object to the use of automated decision-making/profiling; and
  • to object to the processing of your personal data where we are processing your personal data in reliance on our legitimate interests (in such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out.

However, these rights may not be exercised in certain circumstances, such as when the processing of your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims. If you wish to exercise any of your rights in this regard, please refer to the ‘Contact Us’ section below. We will respond to your request as soon as practicable. We may request proof of identification to verify your request.

Access to information and correction

You may request copies of your personal data held by us as a controller. We will provide you with a copy of the personal data held by us as soon as practicable and in any event not more than one month after the request in writing is received by us. We will provide you with the copy free of charge but please note that we reserve the right to charge a reasonable administrative fee where further copies are requested or the request is manifestly unfounded or excessive. We may also request proof of identification to verify your access request. All access requests should be addressed to the Data Protection Officer, at the address in our ‘Contact Us’ section. At any time, you may object to the processing of your personal data by us and may block specific uses of your personal data by contacting us using the contact details below.

17. Your Right to Lodge a Complaint With A Supervisory Authority

Without prejudice to any other administrative or judicial remedy you might have, you may have the right under data protection legislation in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country (i.e., the Office of the Data Protection Commissioner in Ireland) if you consider that we have infringed applicable data protection legislation when processing your personal data. This means the country where you are habitually resident, where you work or where the alleged infringement took place.  The Irish Data Protection Authority contact details are:

Data Protection Commission

Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231

E-mail: info@dataprotection.ie

For further information please visit www.dataprotection.ie

18. Changes To Our Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

19. Contact Us

Questions, comments and requests regarding this Privacy Notice and your personal data are welcome and should be addressed to us at the below email and/or postal address:

Email: support@corasystemsltd.freshervice.com

Address:  Unit 7, Mercantile Plaza, Carrick on Shannon, County Leitrim, Ireland.

 

Last updated: 01/11/2022