Effective as of 5th May 2021
Personal data is information that relates to a person who is identified or identifiable. A person is identifiable if the data can be used to identify him or her direct or indirectly. So information such as your name, email address, contact details, ID number, recordings, CCTV footage may all be considered personal data.
Any references in this policy to “we”, “us”, “our”, “Ward”, “Ward Solutions” and/or the “Company” is to Ward Solutions Limited. Ward Solutions Limited is a private limited company incorporated in Ireland whose registered number is 316165 and whose registered office is at Unit 2054, Castle Drive, Citywest Business Campus, Dublin 24, Ireland. Any references in this policy to “we”, “us”, “our”, Ward and or Ward Solutions is to Ward Solutions Limited.
You have a number of rights which you may exercise in respect of your personal data. If you wish to exercise any of these rights, please email firstname.lastname@example.org detailing the right that you wish to exercise together with official documentation confirming your identity such as passport, driving licence. We must respond to you without delay and in any event within one month (subject to limited extensions). You are entitled to lodge a complaint with the Data Protection Commission if you are not happy with our response when you chose to exercise any of your rights below. The following are a synopsis of your data protection rights. We are allowed to refuse your request in certain limited circumstances. If this arises we will let you know without delay.
Right to information - You have a right to certain information in relation to your personal data. We have included this in this document.
Right of access - You have the right to receive information from us in relation to the personal data that we hold about you.
Right of erasure/right to be forgotten - This is your right to have information which we hold in relation to you deleted in certain circumstances.
Right to rectification - This is your right to have inaccurate personal data held by us concerning you corrected and incomplete personal data completed.
Right to object - It is your right to object to the processing of your personal data by us but only where we are processing the personal data on the grounds of legitimate interest.
Right to restriction - It is your right to require us to limit the processing of your personal data where certain circumstances arise.
Right to data portability - This is a right to have your personal information transferred in an electronic and structured form to you or to another party This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
Right to object to automated decision making including profiling - This is a right not to be the subject of automated decision-making by us using your personal information or profiling of you.
Right to withdraw consent - where we are processing your personal data on the grounds of consent you have a right to withdraw your consent to the processing.
The Company at all times reserves the right to process personal data for the establishment, exercise or defence of legal claims.
Any personal information which Ward collects about you will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts, 1988 to 2018 and the GDPR. As IT security consultants, we take our responsibilities to protect your personal data very seriously and employ the most appropriate physical and technological measures including
- Restricted access to Personal Data
- Time limits on retention of Personal Data
- Provision of data protection training to employees, contractors and other staff who have access to and process Personal Data
- Staff training and awareness on security issues
- Technical measures including:
We review these measures regularly.
- encryption on Ward laptops
- logging mechanisms to record certain access to Personal Data and alteration and other processing of Personal Data;
What personal data do we collect about youWe collect the data that you actively provide during the following activities:
when filling in forms on our website (www.ward.ie) and other social media
during phone calls
in other correspondence e.g. email.
when logging a request on our customer service platform (JIRA).
The following data can be collected actively from you:-
- First and last name
- The organisation for which you work
- E-mail address
- Job Title
- Phone number (where contact is made by phone of if provided when filling in a form on our website)
- VAT number
- IP address
As well as the information that you actively provide to us if you visit our site to browse, read or download information from our website, certain statistical information is available to us via our internet service provider. This information may include:
- The IP address from which you access our website
- The top-level domain name used (for example .ie, .com, .org, .net)
- The type of browser and operating system used to access our site
- The date and time of your access to our site
- The pages you visit
- Any previous website address from which you reached us, including any search terms used
If you fill out a form on our website providing us with your personal data as outlined above, this may enable us to identify you on future visits to the website by combining the personal data that you have provided to us in the form and your IP address. This will enable us to identify your particular preferences and to particularly market those products and services to you. If you are already a client of the Company, we may chat to you about these particular products and services. Unless you provide us with your personal data through the form we will not be able to identify you on future visits to the website by your IP address although we may be able to identify more generally the company with which you work.
In addition, we also collect certain statistical information when you read our newsletter.
6.1 Use of your personal data – why and for how longWe will only process any personal data which you provide to us in accordance with the purpose for which it was provided
If you are our client we will use your personal data:
a) to provide products and services to you in accordance with any agreements entered into between us. For this purposes, we will store your personal data in our Client Relationship Management System (“CRM”) in accordance with the legitimate interests of the Company to generate as many sales as possible and to promote our organisation as a leader in its field we may send you information by e-mail from time to time about our products and services that might be of interest to you, security updates, white papers and events. You will always be provided with the opportunity to opt- out of receiving these communications; in an anonymised format for research, statistical analysis and behavioral analysis and for diagnosing problems with the website and fraud prevention and detection. b) Due to the longevity of the life of many of the products and consultancy services that we provide, unless notified otherwise by you we retain your personal data for seven years from the date that we finish providing products or services to you and delete the personal data after this period has expired. c) If, as a client or prospective client, you attend our offices, we have closed circuit television cameras (“CCTV”) located at the entrance / exit to our offices and to the rear of our offices. The CCTV cameras cover some of the car park, road and pathways around the offices. The CCTV system is implemented in a proportionate manner as necessary to keep our offices physically secure, to protect against breaking and entering and for the security of employees and visitors to the office. The CCTV footage may be monitored and is retained for no longer than one calendar month (except where accidents or incidents have been identified to us in which case we will retain the relevant footage for use in relation to any investigation that may arise). CCTV footage is not disclosed to any third party except where required by law. d) If you are not a client of the Company but have provided us with consent to contact you with information in relation to our products and services, events, whitepapers, security updates or any other information we will only send you the information that you have asked us to send to you. You can withdraw your consent to our sending you this information at any time. We will continue to send you this information unless you tell us that you no longer require it. We will send emails reminding you of your right to withdraw your consent from time to time.
6.2 Who do we share your personal data withWe do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you.
Marketing: We use Hubspot for sending digital forms and direct marketing emails and managing mailing lists. Hubspot stores the personal data in the United States for the purpose of providing us with this service. Following recent decisions in the Court of Justice of the EU and the UK’s recent withdrawal from the EU, we are reviewing the arrangements with regard to data processing occurring in the United States and the United Kingdom and are awaiting further guidance and advice from relevant data protection regulators.
Sub-contractors: From time to time we may use sub-contractors in the provision of the services to you – all sub-contractors use Ward equipment in providing the services to you and have entered agreements with Ward to ensure that they only use your data for the purpose of our agreement with them and on our instructions.
CRM: We use Salesforce as our CRM tool. Salesforce stores personal data within the EEA. We have entered into an agreement with Salesforce to ensure that they will only use your data for the purpose of our agreement with them and on our instructions. We use Conga as a plug-in to Salesforce to generate quotations for our clients. We have entered into an agreement with Conga to ensure that they will only use your data for the purpose of our agreement with them and on our instructions. Conga stores personal data within the EEA.
We use DocuSign as our e-signature platform. DocuSign stores the document itself in the EEA however transactional or metadata may leave the EEA to facilitate the provision of the service. Such transactional data may include, sender and signer(s) history regarding the document (i.e when it was opened, signed), specific envelope/document information, such as IP’s, Date/time of signing, Authentication methods used by recipients.
We use Jira as our issue management tool mainly for managed service customers. We have entered an agreement with Atlassian (the company that created Jira) to ensure that they will only use your data for the purpose of our agreement with them and on our instructions. The data is hosted in the EEA however some data may be transferred outside the EEA.
Sage: If you place orders with us or are responsible in your organisation for arranging payment to us for products and services provided to your organisation we will store your personal information in Sage.
By law: We may also have to disclose your personal data if we are required to do so by law.
Sale or other transfer: We may also disclose your personal data in connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company. If any of these events were to happen, this policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this privacy Statement.
Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
7.1 What personal data do we collect about youWe collect personal data from you as follows:
a) CV – On applying for a role at Ward via our website, you will be required to upload your CV in order for us to determine your suitability for the role. We hold your CV on our Applicant Tracking System (HireLocker). Please do not include information other than your contact details, education (including any relevant qualifications held) and job experience in your CV.
b) Interview notes
c) References and other information to verify the information received during the application process>
d) In certain circumstances, background checks will be carried out depending on the clients that the prospective employee may work with or the nature of the work that will be carried out by the prospective employee e.g. PCI
7.2 Use of your personal data – why and for how longWe will only use the personal data provided only for the purpose of determining whether the candidate will become an employee of the Company.
a) For use in the recruitment and selection process
b) To enter into a contractual relationship with you where you have been offered and have accepted a role with Ward
c) For ascertaining that you are eligible to work in Ireland
d) To verify the information you have given us in the recruitment process and, where relevant, to carry out background checks required by law
e) For the legitimate interests of Ward such as responding to and defending legal claims
f) For the provision of reasonable accommodations during the recruitment process in respect of your disability where you have given your explicit consent for same (will not be used in the selection process)
We will retain CVs for one year from the date of interview. If you are not called for interview, your CV will be deleted unless you give us explicit consent to retain your CV for one year for review in respect of suitable future positions.
We will delete interview notes upon completion of the recruitment process for a particular role except where you are successful in the process and take up a position with Ward.
Who do we share your personal data withWhere you provide personal data directly to us through our website or by email/in hard copy, your personal data is held securely by us and our ATS provider. Access is restricted to those staff members who need the personal data for one of the purposes set out above.
Specifically, CVs and interview notes are shared within the Company with the Head People & Talent and the People & Talent Partner, the line manager and member of senior leadership team who may form the interview panel. CVs submitted through Linked-In Recruiter are governed by an agreement with Linked-In which provides that any data processed by Linked-In on behalf of the Company will be processed in accordance with GDPR. We also have a Data Processing Agreement in place with HRLocker in respect of personal data (CVs) that are stored on our ATS. The data is hosted in the EEA and no transfers outside the EEA occurs.
8.1. What personal data do we collect about youWe collect the following information from you in respect of the individual in an organization from whom we order products and/or services/pay for products and/or services.
• First and last name
• The organisation for which you work
• E-mail address
• Job Title
• Phone number (where contact is made by phone)
• VAT number
• Bank account details
8.2. Use of your personal data – why and for how longWe will only use your personal data for the purpose of our rights and obligations under any agreement entered into between us and in particular to order and pay for products/services and request you to carry out your obligations under the agreement.
We will hold your personal data for the duration of the engagement/agreement between us. We will delete the information once the agreement between us terminates and it is not to be renewed.
We do not generally transfer any personal data outside the European Economic Area (“EEA”) however in some circumstances, we engage with companies who may transfer some of the data outside of the EEA to perform certain legitimate functions. These service providers are subject to a contractual obligation to comply with applicable data protection law and to ensure that appropriate measures are put in place to ensure the protection of any Personal Data that is transferred outside the EEA. Following recent decisions in the Court of Justice of the EU and the recent departure of the UK from the EU, we are reviewing all our arrangements with regard to data processing occurring in the United States and the UK and are awaiting further guidance and advice from relevant data protection regulators.
This Policy and all issues regarding our website are governed by the laws of Ireland and are subject to the exclusive jurisdiction of the courts of Ireland
We welcome your feedback and questions. If you wish to contact us, please send an email to email@example.com or you can write to us at our registered office, Unit 2054, Castle Drive, Citywest Business Campus, Dublin 24, Ireland.