Issued (Rev 2)
Goodman Medical Ireland Limited (“GMIL” or “we” or “our” or “us”) is committed to complying with the Data Protection Acts 1988 and 2018 and General Data protection Regulations (GDPR) (“Legislation”) which provides rules and principles which apply to the collection, storage, use, sharing, deletion and transferring abroad of personal data about EU individuals, which include you whether you are a potential candidate, contractor, supplier or customer.
GMIL will follow these rules and principles when processing and controlling your personal data and will ensure it has a robust and effective data protection program in place, to ensure your data is secure and protected, which complies with Legislation. GMIL continuously develop their data protection program to ensure that it is effective, fit for purpose and demonstrates an understanding of, and appreciation for all new and relevant regulations. Our preparation and objectives for GDPR Compliance have been summarised in this notice and includes the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
By visiting our website, you are accepting the terms of this Privacy Notice. You should not use this website if you are not satisfied with this Privacy Notice This Privacy Notice only applies to our website, and it does not apply to other websites owned by third parties and accessible through external links.
Before you submit any personal information or data, please read this Privacy Notice fully to understand our views and practices regarding any personal data you volunteer to provide us and how we will treat it. If you have any queries or comments in relation to this Privacy Notice or your personal data, please email us at firstname.lastname@example.org or send a letter to Data Protection Champion, Goodman Medical Ireland Limited, Mervue Business Park, Galway, H91 H9CK, Ireland.
GMIL have carried out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed, along with how long we retain it for and why, and how we permanently delete/destroy it. We have revised and implemented new data protection policies and procedures to meet the requirements and standards of GDPR and all relevant data protection laws, including:
- Data Protection
Legisation defines ‘Personal Information/Data’ as means or information that identifies a living person. (i.e. past, present or future potential employee or business/service contact.
This would be the information you provide us via our website, email or phone to contact you, such as your name, address, contact number and/or email address, CV if applying for employment or promoting your business/services. Data will be obtained fairly, lawfully and in a transparent manner without adversely affecting your rights. By sending us your data, you are consenting to us processing your data only for the purpose it was collected, and it will not be processed in a manner incompatible.
Where required, GMIL will contact you directly to check the data is correct and ensure its accuracy, and if further processing is required, your relevant consent will be obtained.
Our main policy and procedure for data protection has been updated to meet the standard and requirements of GDPR. Accountability and governance measures are in place to ensure that we understand and adequately circulate and agree our obligations and responsibilities, with a dedicated focus on privacy by design, use for purpose for what it was collected for and rights of individuals.
For Example, information you provide us will be treated with the strictest confidentiality, shared/processed with only appropriate GMIL representative, stored securely under password or key, and when no longer needed for purpose, permanently deleted.
- Data Retention and Deleting
We will only retain your data for the purpose it was collected and when it is no longer required for that purpose it will be permanently and securely deleted or destroyed by shredding.
We have updated our record management, retention and destruction policy and schedule, to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles of the Legislation and that personal data is stored and destroyed compliantly and ethically. We have disposal procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply, along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches
Our Breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been communicated to and all our employees are trained, making them aware of their responsibilities, reporting lines and steps to follow. For Example, where information you provide to us have been proven to be a part of a data breach, we will inform you accordingly.
- International Data Transfers & Third-Party Disclosures
As GMIL operates internationally, it may be necessary in the course of business to transfer your data within our organisation and its subsidiaries companies in countries outside the EEA, which do not have comparable Legislation. Where GMIL transfers or stores personal information outside the EU, to facilitate business obligations, we have procedures, agreements and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
- Legal Basis for processing
We are reviewing our processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
- Privacy Notice/Policy
We have revised this our Privacy Notice(s) to comply with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- Obtaining Consent
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can provide evidence of affirmative opt-in, along with time and date records, and an easy way to see and access how to withdraw consent at any time.
- Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information of an individual’s right to access any personal information that GMIL processes about them and to request information about:
- What personal data we hold about them
- The purpose of processing their personal data
- To whom their personal data will be/has been shared
- How long we intend to store their personal data
- Information on how we sourced their personal data, if not directly from them
- How they can update/correct their personal data
- How they can request their personal data to be permanently deleted or restrict processing in accordance with data protection laws, as well as objecting to us using their personal data and inform them about any automated decision-making that we use
- How to lodge a complaint or seek judicial remedy and who to contact in such instances
- Email us at email@example.com or send a letter to Data Protection Champion, Goodman Medical Ireland Limited, Mervue Business Park, Galway, H91 H9CK, Ireland.
- Subject Access Request (SAR)
You have the right to request personal data held about you and should make a request in writing to the Data Champion, stating the exact data required. You are only entitled to access data about you and will not be provided with data relating to other business-related employees or third parties. GMIL will acknowledge your request within 21 days or receipt and will process same within 30 days of receipt.
- Special Categories Data
Where we obtain and process any special category information, we do so in complete compliance with Article 9 requirements and have high-level encryption and protection on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or Data Protection Bill schedule condition. Where we rely on consent for processing, we will contact you and obtain your consent and this will be verified by a signature, and record that you were clearly advised on the right to modify and/or remove your consent.
- Processor Agreements
Where we use any third-party to process personal information on our behalf, we have drafted compliant Process Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews and audit of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with GDPR.
(1) visitor’s country of origin,
(2) search engine used,
(3) search term used,
(4) traffic of visitors to this website and its pages,
(5) duration of your visit.
IP address of a visitor to this website is recorded by the software that generates our reports, it is not available to GMIL employees and we will absolutely make no attempt to identify any visitor to our website. We only use the non-personal data reports to better understand where our visitors come from, to improve our website and as a tool to assist our recruitment and promotion strategy.
- Data Security
We take our data security responsibilities seriously and will take all reasonable steps to ensure that appropriate physical and technical measures, including staff training and awareness, are in place including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage of your data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and risk of unauthorised access. All personal data is subject to restricted access to prevent unauthorized access, modification or misuse.
Unfortunately, the transmission of information by means of the internet, including through email is not always completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of your data transmitted to or from us by means of email, unsecure web providers and any such transmission is at your own risk.
External links to other websites are clearly identifiable as such on our website, and we are not responsible for the content or the privacy policies of those websites. We recommend that you carefully review the privacy policies of each website you visit.
- Changes to This Policy
GMIL reserves the right to amend this Privacy Notice at our discretion. We will post any updated notice on this website.