O’Connor Pyne & Co. Limited – GDPR Privacy Statement May 2018
O’Connor Pyne & Co. Limited fully respects your right to privacy and we are committed to ensuring that your privacy is protected and we wish to be transparent on how we process your data. This statement (together with our Terms and Conditions) sets out the basis on which any personal data we collect from and about you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This statement is being provided to you in line with our obligations from 25th May 2018 under the General Data Protection Regulation (GDPR).
This statement refers to the personal data you provide to us in the course of the engagement. We will process your personal data for the purpose of providing our services to you as agreed for the engagement, because this processing is necessary for us to fulfill our obligations under our contract with you. If you have given us consent, we may also use your contact information to market our services to you in the future. We will retain your personal data for seven years because we believe that we have a legal resposibility to retain it for this period arising from this engagement. Following this, we will destroy the data unless we have a separate obligation to retain the data for a further period.
The data will not be shared with any third party, except where we have a legal or professional duty to do so, or where we engage a third party to store data on our behalf within the European Economic Area (ie. a cloud computing provider). We will put in place and maintain adequate physical, procedural and electronic safeguards to maintain the integrity and confidentiality of the data stored by us and we will take reasonable steps to ensure that safeguards of an adequate standard are put in place by any third party engaged by us to store this data. The transmission of information via the internet and including email is never completely secure. We do our very best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us by means of email and any transmission is at your own risk. We have mitigated this risk by offering the use of our Secure Portal which we would advise all clients to use when sending personal or sensitive information to us.
In accordance with GDPR, you have a right to access any personal data that we hold concerning you. You have a right to ask that your data to be rectified where it is inaccurate, incomplete or not up to date. In certain circumstances you have the right to erasure of your personal data, to restrict the processing of your data, to object to the processing of your data, and to portability of your data. In view of our legal responsibility to retain the data as part of this engagement, we cannot comply with most requests that the data should be erased or transferred before the end of our retention period, or that we should cease processing the data in accordance with the terms of our engagement.
We will collect and process the following data about you:
This is information about you that you give us by corresponding with us by phone, e-mail or otherwise. It includes the information you supply us with when you engage us to provide financial advice and tax services. The information you give us may include, but is not limited to, your name, address, e-mail address, phone number, your demographic information, your financial information, financial and payment data such as bank account numbers and transaction information, bills, photo ID such as a passport or driving licence or other identification documents, medical records, etc.
Depending on the circumstances, we might also obtain personal data about you from other sources such as public registers, government and regulatory authorities, business partners, financial and insurance advisors, service providers, etc. You are not obliged to provide us with your personal information. However, if you do not, we might not be able to carry out the services you have requested of us.
We gather and use your information to:
The way we analyse personal information for the purposes of analysing your eligibility for certain services and to report to our clients as part of the services may involve profiling, which means we may process your personal information using software that is able to
evaluate your personal aspects and predict risks or outcomes.
O Connor Pyne & Co. Limited will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavor to keep your information accurate and up-to-date, and not keep it for longer than is necessary.
We must have a legal basis to process your personal information. We process your data in order to comply with legal obligations to which we are subject, to perform the services you have requested of us or to take steps at your request prior to undertaking to provide services for you. In most cases the legal basis will be one of the following:
We may share your personal information with third parties in the following circumstances:
We may disclose or share your data in order to comply with any legal obligation or in order to enforce or apply our Terms and Conditions.
Any third parties that we may share your data with are obliged to keep your details secure and are restricted from using your data in any way other than to provide services for O’Connor Pyne & Co. Limited, or services for the collaboration in which they and O’Connor Pyne & Co. Limited are engaged. O’Connor Pyne & Co. Limited requires that all such agents, contractors or partners enter into contractual guarantees to observe security and privacy obligations as least as stringent as those set forth in this privacy statement.
We take our data security responsibilities seriously, employing the most appropriate physical and technical measures. Unfortunately, the transmission of information by means of the internet, including through e-mail, is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us by means of e-mail and any such transmission is at your own risk.
It is our aim to only hold your data for as long as is necessary. Data will be retained for as long as required under legal or regulatory obligations and to commence or defend legal claims and for as long as required for legitimate business purposes. Unless otherwise required under applicable law, we will store your data for as long as we provide services to you and for a period of no less than six years beginning on the date we archive your file.
We might store your information in different places. Physical files are stored in our office and in our archives. Electronic files are stored on our secure servers and potentially in the cloud. We may transfer your data to, and store it at, a destination outside of the European Economic Area. Whenever we transfer your data in such a way, we will ensure appropriate safeguards are in place. You may contact us via e-mail, letter or telephone in case you wish to find out more.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Where we process your data solely on the basis of your consent, you are entitled to withdraw your consent at any time. This will not affect the lawfulness of our processing before the withdrawal.
In the event that you wish to make a complaint about how your personal data is being processed by O’Connor Pyne & Co. Limited or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Commissioner at any time and O’Connor Pyne & Co. Limited’s appointed Head of Privacy, Oriel Lawton.
If you would like to contact us with any queries or comments in relation to your personal data, please send an e-mail to our Head of Privacy, Oriel Lawton, at email@example.com or send a letter to 4 Joyce House, Barrack Square, Ballincollig, Cork or give us a call on 021 4810080 and ask to speak to our Head of Privacy.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information to you prior to processing this data.
We seek to resolve directly all complaints about how we handle personal information. Please send your data protection queries to our Head of Privacy, Oriel Lawton, at firstname.lastname@example.org. You also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Telephone 0303 123 1113 (local rate) or 01625 545 745
We seek to resolve directly all complaints about how we handle personal information. Please send your data protection queries to our Head of Privacy, Oriel Lawton, at email@example.com. You also have the right to lodge a complaint with the Data Protection Commissioner, whose contact details are as follows:
Data Protection Commissioner