Aver's Data Protection Policy

 

During the course of carrying out its functions Aver International Ltd. needs to gather and use the personal data of individuals. These can include customers, pre-employment screening candidates, suppliers, business contacts and other people that the organisation may have a relationship with or may need to contact. Data is considered personal if the identification of an individual is possible based on the data available. In order to protect the privacy rights of individuals the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Acts (1998 & 2003) set out the responsibilities of organisations processing personal data as well as the rights of individuals whose personal data is being processed.

The purpose of this policy is to ensure that Aver International complies with all data protection laws and regulations when processing personal data; protecting the rights of our staff, clients, and candidates undergoing pre-employment screening.

In order to comply with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Acts, Aver International is responsible for, and must be able to demonstrate, compliance with the following principles: Personal data shall be;

  • Collected, created or processed only for one or more specified, explicit and lawful purposes
  • Adequate, relevant and limited to only what is necessary
  • Used and disclosed only in ways compatible with these purposes
  • Accurate and, where necessary, kept up to date
  • Protected in appropriate ways
  • Not be retained for any longer than is necessary
  • Processed in accordance with the rights of data subjects

Under Article 23 of the GDPR individuals have the following rights when it comes to the processing of their personal data :

  1. The right of access; You can ask for a copy of all your personal details by writing to any organisation or person holding your personal details on a computer or in manual form.
  2. The right to rectification; If you discover that a data controller has details about you that are not factually correct, you can ask them to change or, in some cases, remove these details.
  3. The right to erasure; have the right to have your data erased, without undue delay, by the data controller.
  4. The right to restrict processing; You have a limited right of restriction of processing of your personal data by a data controller. Where processing of your data is restricted, it can be stored by the data controller, but most other processing actions, such as deletion, will require your permission.
  5. The right to data portability; In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context, and to transmit this data to another data controller of your choosing without hindrance. This is referred to as the right to data portability. This right only applies where processing of personal data (supplied by the data subject) is carried out by automated means, and where you have either consented to processing, or where processing is conducted on the basis of a contract between you and the data controller.
  6. The right to object; A data controller may intend to use your details for official purposes, in the public interest or for their own interests. If you feel that doing so could cause you unnecessary damage or distress, you may ask the data controller not to use your personal details. This right does not apply if:
  •  you have already agreed that the data controller can use your details
  •  a data controller needs your details under the terms of a contract to which you have agreed
  1. Rights in relation to automated decision making and profiling; You have the right to not to be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.
  2. The right to lodge a complaint with a supervisory authority; Under Article 77 of the GDPR, you have the right to lodge a complaint with the Data Protection Commission if you consider that processing of your personal data is contrary to the GDPR. Complaints to the Commission should be made in writing and addressed to: info@dataprotection.ie or The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois. The Data Protection Commissioner also operates a helpdesk function, which is contactable at 0761 104 800 or LoCall 1890 252231

For more information regarding your rights please visit: https://www.dataprotection.ie/docs/A-guide-to-your-rights-Plain-English-Version/r/858.htm

Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their Data Protection Officer and provide these details to their national supervisory authority.

An organisation is required to appoint a designated data protection officer where:

  1. the processing is carried out by a public authority or body;
  2. the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
  3. the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

The DPO shall serve as the contact point for data subjects; they may contact them with regard to all issues related to processing of their personal data. The contact details for Aver Internationals DPO is listed on the Data Protection Officer section of this website.

This policy will be reviewed regularly in light of any legislative or other relevant changes.

We use cookies to improve your experience on this website.