Azpiral Privacy Policy

Introduction

At Azpiral Privacy and Data Protection rights are very important to us.

Azpiral is registered under the Data Protection Act 1998 – 2018 as a data controller and data processor and all personal data will be maintained in accordance with the obligations of that Act.

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 – 2018 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request and confer on individuals the right to have their personal data amended if found to be incorrect.

This document outlines Azpiral’s policy to help ensure that we comply with the Data Protection Acts.
Inquiries about this Data Protection Policy should be made to Data Protection Officer, Azpiral, Roselawn House, Castletroy, Limerick, V946 X70.

Rationale

This policy is a statement of Azpiral’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts and Regulations.

Data Collection

We collect information you provide directly to us, such as when you create or modify your account, complete transactions, contact customer support or otherwise interact with us. This information can include Name, Address, Home Phone, Mobile Number, E-mail and other information including customer preferences that will help in the personalisation of the service to the individual.

Data Protection Principles

The following key principles are enshrined in the Irish legislation and are fundamental to the Azpiral’s Data Protection policy.

In its capacity as Data Controller and Data Processor, Azpiral ensures that all data shall:

1. … be obtained and processed fairly and lawfully.

For data to be obtained fairly, the data subject will, at the time the data are being collected, be made aware of:

• The identity of the Data Controller (Azpiral or Azpiral’s Client)
• The purpose(s) for which the data is being collected
• The person(s) to whom the data may be disclosed by the Data Controller
• Any other information that is necessary so that the processing may be fair.

Azpiral will meet this obligation in the following way.

• Where possible, the informed consent of the Data Subject will be sought before their data is processed;
• Where it is not possible to seek consent, Azpiral will ensure that collection of the data is justified under one of the other lawful processing conditions – legal obligation, contractual necessity, etc.;
• Where Azpiral intends to record activity on CCTV or video, a Fair Processing Notice will be posted in full view;
• Processing of the personal data will be carried out only as part of Azpiral’s lawful activities, and Azpiral will safeguard the rights and freedoms of the Data Subject;
• The Data Subject’s data will not be disclosed to a third party other than to a party contracted to Azpiral and operating on its behalf.

2. …. be obtained only for one or more specified, legitimate purposes.

Azpiral will obtain data for purposes which are specific, lawful and clearly stated. A Data Subject will have the right to question the purpose(s) for which Azpiral holds their data, and Azpiral will be able to clearly state that purpose or purposes.

3. … not be further processed in a manner incompatible with the specified purpose(s).

Any use of the data by Azpiral will be compatible with the purposes for which the data was acquired.

4. … be kept safe and secure.

Azpiral will employ high standards of security in order to protect the personal data under its care. Appropriate security measures will be taken to protect against unauthorised access to, or alteration, destruction or disclosure of any personal data held by Azpiral in its capacity as Data Controller and/or Data Processor.

Access to and management of staff and customer records is limited to those staff members who have appropriate authorisation and password access.

5. … be kept accurate, complete and up-to-date where necessary.

Azpiral will:

• ensure that administrative and IT validation processes are in place to conduct regular assessments of data accuracy;
• conduct periodic reviews and audits to ensure that relevant data is kept accurate and up-to-date.

6. … be adequate, relevant and not excessive in relation to the purpose(s) for which the data were collected and processed.

Azpiral will ensure that the data it processes in relation to Data Subjects are relevant to the purposes for which those data are collected. Data which are not relevant to such processing will not be acquired or maintained.

7. … not be kept for longer than is necessary to satisfy the specified purpose(s).

Azpiral has implemented a data retention policy for all data which it stores.

8. … be managed and stored in such a manner that, in the event a Data Subject submits a valid Subject Access Request seeking a copy of their Personal Data, this data can be readily retrieved and provided to them.

Azpiral has implemented a Subject Access Request procedure by which to manage such requests in an efficient and timely manner, within the timelines stipulated in the legislation.

Responsibility

Overall responsibility for ensuring compliance with Data Protection Acts rests with Azpiral. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of Azpiral who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. Azpiral’s Data Protection Officer coordinates the provision of support, assistance, advice, and training within Azpiral to ensure that the company is in a position to comply with the legislation.

Review

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.