Personal Data Privacy Statement in accordance with General Data Protection Regulation (GDPR)
O’Connor Pyne & Co. Limited fully respects your right to privacy and we are committed to ensuring that your privacy is protected and we wish to be transparent on how we process your data. This statement (together with our Terms and Conditions) sets out the basis on which any personal data we collect from and about you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This statement is being provided to you in line with our obligations from 25th May 2018 under the General Data Protection Regulation (GDPR).
This statement refers to the personal data you provide to us in the course of the engagement. We will process your personal data for the purpose of providing our services to you as agreed for the engagement, because this processing is necessary for us to fulfill our obligations under our contract with you. If you have given us consent, we may also use your contact information to market our services to you in the future. We will retain your personal data for seven years because we believe that we have a legal resposibility to retain it for this period arising from this engagement. Following this, we will destroy the data unless we have a separate obligation to retain the data for a further period.
The data will not be shared with any third party, except where we have a legal or professional duty to do so, or where we engage a third party to store data on our behalf within the European Economic Area (ie. a cloud computing provider). We will put in place and maintain adequate physical, procedural and electronic safeguards to maintain the integrity and confidentiality of the data stored by us and we will take reasonable steps to ensure that safeguards of an adequate standard are put in place by any third party engaged by us to store this data. The transmission of information via the internet and including email is never completely secure. We do our very best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us by means of email and any transmission is at your own risk. We have mitigated this risk by offering the use of our Secure Portal which we would advise all clients to use when sending personal or sensitive information to us.
In accordance with GDPR, you have a right to access any personal data that we hold concerning you. You have a right to ask that your data to be rectified where it is inaccurate, incomplete or not up to date. In certain circumstances you have the right to erasure of your personal data, to restrict the processing of your data, to object to the processing of your data, and to portability of your data. In view of our legal responsibility to retain the data as part of this engagement, we cannot comply with most requests that the data should be erased or transferred before the end of our retention period, or that we should cease processing the data in accordance with the terms of our engagement.
Data we collect and process
We will collect and process the following data about you:
Information you give us
This is information about you that you give us by corresponding with us by phone, e-mail or otherwise. It includes the information you supply us with when you engage us to provide financial advice and tax services. The information you give us may include, but is not limited to, your name, address, e-mail address, phone number, your demographic information, your financial information, financial and payment data such as bank account numbers and transaction information, bills, photo ID such as a passport or driving licence or other identification documents, medical records, etc.
Information we collect about you
Depending on the circumstances, we might also obtain personal data about you from other sources such as public registers, government and regulatory authorities, business partners, financial and insurance advisors, service providers, etc. You are not obliged to provide us with your personal information. However, if you do not, we might not be able to carry out the services you have requested of us.
How we use your data
We gather and use your information to:
- allow us to provide you with the financial and/or tax services you request from us
and fulfil our
- contractual obligations to you;
- to perform administrative activities in connection with our services;
- comply with legal obligations we might be subject to such as anti-money laundering;
- to carry out background checks and conduct due diligence;
- to comply with legal and professional obligations and to cooperate with regulatory bodies;
- to exercise, defend or protect our legal rights or the rights of our clients or third parties;
- provide you with information about other services we offer that are similar to those you have already
- requested of us or enquired about;
- to notify you of changes to our services;
- to monitor and improve the quality of our services;
- to operate and expand our business activities;
- to conduct data analysis;
- to allow you to participate in events organised by us where applicable.
The way we analyse personal information for the purposes of analysing your eligibility for certain services and to report to our clients as part of the services may involve profiling, which means we may process your personal information using software that is able to
evaluate your personal aspects and predict risks or outcomes.
O Connor Pyne & Co. Limited will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavor to keep your information accurate and up-to-date, and not keep it for longer than is necessary.
Why we process your data
We must have a legal basis to process your personal information. We process your data in order to comply with legal obligations to which we are subject, to perform the services you have requested of us or to take steps at your request prior to undertaking to provide services for you. In most cases the legal basis will be one of the following:
- for our legitimate interests, for example to provide services to our clients, to ensure that the services
- we provide are appropriate to our clients’ requirements, to improve our services, manage our risks,
- maintain accurate records, manage our business in an efficient way and to provide you with
- information about other services we offer;
- for the legitimate interests of our clients and other third parties, where applicable; or
- to comply with legal and regulatory obligations to which we are subject such as due diligence and
- reporting obligations.
Who we share your data with
We may share your personal information with third parties in the following circumstances:
- to agents, contractors, advisers, contractors and business partners for the purposes of fulfilling our contractual obligations to clients, for example to deliver our services and to provide the financial advice that you have requested;
- to third party service providers such as entities providing customer service, Revenue, archiving services, third party experts, solicitors, financial advisors or external auditors and other services;
- in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
We may disclose or share your data in order to comply with any legal obligation or in order to enforce or apply our Terms and Conditions.
Any third parties that we may share your data with are obliged to keep your details secure and are restricted from using your data in any way other than to provide services for O’Connor Pyne & Co. Limited, or services for the collaboration in which they and O’Connor Pyne & Co. Limited are engaged. O’Connor Pyne & Co. Limited requires that all such agents, contractors or partners enter into contractual guarantees to observe security and privacy obligations as least as stringent as those set forth in this privacy statement.
We take our data security responsibilities seriously, employing the most appropriate physical and technical measures. Unfortunately, the transmission of information by means of the internet, including through e-mail, is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us by means of e-mail and any such transmission is at your own risk.
It is our aim to only hold your data for as long as is necessary. Data will be retained for as long as required under legal or regulatory obligations and to commence or defend legal claims and for as long as required for legitimate business purposes. Unless otherwise required under applicable law, we will store your data for as long as we provide services to you and for a period of no less than six years beginning on the date we archive your file.
Where we store your information
We might store your information in different places. Physical files are stored in our office and in our archives. Electronic files are stored on our secure servers and potentially in the cloud. We may transfer your data to, and store it at, a destination outside of the European Economic Area. Whenever we transfer your data in such a way, we will ensure appropriate safeguards are in place. You may contact us via e-mail, letter or telephone in case you wish to find out more.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you;
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete without undue delay;
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records without undue delay;
- Right to restriction of processing – where certain conditions apply, to have a right to restrict the processing of your data;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing;
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Where we process your data solely on the basis of your consent, you are entitled to withdraw your consent at any time. This will not affect the lawfulness of our processing before the withdrawal.
In the event that you wish to make a complaint about how your personal data is being processed by O’Connor Pyne & Co. Limited or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Commissioner at any time and O’Connor Pyne & Co. Limited’s Data Protection Representative.
If you would like to contact us with any queries or comments in relation to your personal data, please send an e-mail to email@example.com or send a letter to 4 Joyce House, Barrack Square, Ballincollig, Cork or give us a call on 021 4810080 and ask to speak to our Data Protection Representative.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information to you prior to processing this data.
We seek to resolve directly all complaints about how we handle personal information. Please send your data protection queries to us at firstname.lastname@example.org. You also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Telephone 0303 123 1113 (local rate) or 01625 545 745
We seek to resolve directly all complaints about how we handle personal information. Please send your data protection queries to us at email@example.com. You also have the right to lodge a complaint with the Data Protection Commissioner, whose contact details are as follows:
Data Protection Commissioner