Close

Dairygold Paperless

Register now
 

Employee Privacy Policy

Introduction and Purpose of this Policy

This Privacy Policy explains how Dairygold Co-Operative Society Limited and all of its subsidiaries (together “we”, “us” or “Dairygold” and in each case “we” refers to the entity within the Dairygold group who is your relevant employer) use Personal Data which we collect about employees and other staff. “Personal Data” is information about living individuals, being information that relates to them or which identifies them directly or indirectly. This Privacy Policy is in accordance with Dairygold’s legal obligations in particular the General Data Protection Regulation (“GDPR”) that will come into force on the 25th May 2018.

The purpose of this Privacy Policy is to explain to you what information we hold about you and others, how we use this information, on what legal basis we are permitted to use this information, how long we will hold it and how we keep it secure. This Privacy Policy also describes your rights under data protection legislation and how you can exercise these rights.

Responsibilities

Dairygold has a responsibility to ensure that Personal Data is:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • kept for no longer than is necessary for the purposes for which the Personal Data are processed; and
  • processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Employees have a responsibility to inform Dairygold if there is any change to their Personal Data.

Associated or Relevant Documentation

Number Title Location
  Dairygold Closed Circuit Television (CCTV) Policy Sharepoint
  Dairygold I.T. Users Policy Sharepoint
  Dairygold Data Breach Standard Operating Procedure (“SOP”) Sharepoint

  1. What does this Employee Privacy Policy cover?

 “Personal Data” is information about you or another living individual from which you or they are identifiable.  Our aim is responsible handling of Personal Data and this Privacy Policy describes how we use Personal Data that we collect in the course of hiring staff and employees.  Personal Data may be provided to us by you directly or by a third party.  This Privacy Policy covers Personal Data obtained from a variety of online and paper sources, including:

  • Employee applications including unsolicited CVs we receive;
  • E-recruitment programmes;
  • Employee references;
  • Employee file which will include details of name, home address, date of birth, professional qualifications, children, civil status (to the extent that these details will affect benefits);
  • Emergency contact details of employees;
  • Occupational health form;
  • Doctor’s reports on fitness to work and any necessary accommodations;
  • CCTV;
  • Human resources service providers who provide employee applicant details to Dairygold;
  • Trustees or providers of Dairygold pension schemes (for accounting purposes); and
  • Other third-party service providers including contractors.
  1. Types of data subjects

We hold Personal Data relating to:

  • Employees and agency staff (past and current) and their family members (next of kin or where relevant for pension or benefits purposes);
  • Candidates for employment as part of the recruitment process; and
  • Work experience students.
  1. Personal Data we hold

The Personal Data we hold about you and other individuals may differ depending on our relationship, including the type of communications between us and the services we provide.

Examples of the Personal Data we may hold and process is described in detail in Appendix I and includes:

  • Contact information including home address and emergency contact details;
  • General information on next of kin;
  • Education, employment information, proof of qualification, C.V.s, profiling assessment results;
  • Government and other official identification numbers;
  • Salary and family information for pension or benefit;
  • Sensitive information including health information;
  • Assessments on personality and aptitude;
  • Time and attendance data;
  • Biometric data; and
  • CCTV images.
  1. How we use Personal Data

We use Personal Data to administer the operations of Dairygold on a day to day basis. The purposes for which we use your Personal Data may differ based on our relationship.

We will use the Personal Data to:

  • Hire new employees;
  • Assess fitness for work and assess any workplace facilities or accommodation required;
  • Process payment of wages, deductions to third parties, benefits and expenses to an employee;
  • Assess the benefits to which an employee is entitled;
  • Provide training or instruction to an employee;
  • Review details of any incident or complaint made by a third party or other employee;
  • Assess suitability of employees for promotions;
  • Provide benefits to employees including pensions and life assurance;
  • Ensure proper time and attendance and comply with certain employment laws including the Organisation of Working Time Act 1997 (as amended);
  • Protect the security of our premises and assets, ensure the safety of employees and work processes, and including for use in disciplinary processes;
  • Establish or defend a legal claim made against Dairygold;
  • All other purposes connected with your employment or engagement by Dairygold including for the purposes of our legitimate interests in Appendix 1.
  1. Sensitive Personal Data

These more sensitive or “special” categories of Personal Data include Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sexual orientation.

We only process data concerning health to ensure your safety while at work and where required to assess your fitness for work and/or to process benefits (e.g. sick pay). Such data may also be processed in the context of legal proceedings or claims or for the purpose of carrying out our (and your) obligations and rights under employment law (for example, through the use of biometric data for time and attendance, health and safety, and compliance with the Organisation of Working Time Act 1997 (as amended)). We may process Sensitive Personal Data where required for reporting on our obligations, on an anonymous, aggregate basis, pursuant to employment equality legislation and it is your choice whether you share any additional special categories of Personal Data with us for this purpose in which case we shall not process this data for any other purpose.

  1. Criminal Data

Dairygold does not process data concerning criminal convictions or offences unless required to do so in the context of a legal obligation.

  1. Legal justification for our use of Personal Data
    • To comply with the law, we need to tell you the legal justification we rely on for using your Personal Data for our purposes which includes processing Personal Data based on:
      • The legitimate business interests of Dairygold or a third party (as set out in Appendix 1);
      • Performance of a contract to which you are subject;
      • Compliance with legal obligations; and
      • Consent (where appropriate).
    • A detailed description of all the types of Personal Data that we hold relating to you and the reason that we hold it for the purposes set out in Section 4 above is set out in Appendix I.
  2. Security of Personal Data

Dairygold are responsible for looking after your Personal Data in accordance with this Privacy Policy, our internal standards and procedures, and the requirements of data protection law.  Dairygold shall apply suitable and specific safeguards which are designed to ensure that the requirements of data protection legislation are applied to our processing operations.

As much of the Personal Data we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Data is kept secure.  For example, we use anti-virus protection systems, firewalls, and data encryption technologies.  We have procedures in place at our premises to keep any hard copy records physically secure.  We also train our staff regularly on data protection and information security.

When Dairygold provides Personal Data to a third party (including our service providers) or engages a third party to collect Personal Data on our behalf, the third party will be required to use appropriate security measures to protect the confidentiality and security of Personal Data and will assume certain responsibilities under data protection law for looking after the Personal Data that they receive from us.

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us.

  1. Data breaches

Dairygold utilises the security measures mentioned above to ensure a data breach does not occur which may include a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. Where a data breach does occur, we will follow our internal Data Breach SOP procedure to manage the breach and notify the relevant supervisory authority and any employees if necessary.

  1. Sharing of Personal Data

In connection with the purposes described above, we may need to share your Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them).  These third parties may include:

Type of third party

 

Examples
Our service providers External third party service providers, such as security professionals, accountants, auditors, experts, lawyers and other professional advisors; travel assistance providers; IT systems, support and hosting service providers; banks and financial institutions that service our accounts; payroll providers; document and records management providers; profiling service providers; recruitment providers; employment advisory providers, pension trustees and pension providers; training providers and other third party vendors and outsourced service providers that assist us in carrying out our activities.
Occupational health providers Internal and external medical professionals and health insurance providers.
Government authorities and third parties involved in court action We may share Personal Data with: (a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.
Other third parties Trade unions, insurers, retirement planners or a purchaser or prospective purchaser of a business of Dairygold.

 

  1. Monitoring communications

We reserve the right to monitor electronic communications (for example, emails) pursuant to the Dairygold IT Users Policy which is in our legitimate interests to protect you, our organisation and IT infrastructure.

  1. Retention of Personal Data

We will keep Personal Data for as long as is necessary for the purposes for which we collect it.  The retention period for each type of data is documented in our Dairygold Data Classification Retention and Destruction Policy.

Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.

For further information about the period of time for which we retain your Personal Data, please contact us using the details below.

  1. Personal Data Rights

The following is a summary of the data protection rights available to individuals in the EEA in connection with their Personal Data. These rights may only apply in certain circumstances and are subject to certain legal exemptions.

Description When is this right applicable?

 

Right of access to Personal Data

 

You have the right to receive a copy of the Personal Data we hold about you and information about how we use it.

 

This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).
Right to rectification of Personal Data

 

You have the right to ask us to correct Personal Data we hold about you where it is incorrect or incomplete.

 

This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).
Right to erasure of Personal Data

 

This right entitles you to request that your Personal Data be deleted or removed from our systems and records.  However, this right only applies in certain circumstances.

Examples of when this right applies to Personal Data we hold include (subject to certain exemptions):

  • when we no longer need the Personal Data for the purpose we collected it;
  • if you withdraw consent to our use of your information and no other legal justification supports our continued use of your information;
  • if you object to the way we use your information and we have no overriding grounds to continue using it;
  • if we have used your Personal Data unlawfully; and
  • if the Personal Data needs to be erased for compliance with law.

 

Right to restrict processing of Personal Data

 

You have the right to request that we suspend our use of your Personal Data.

 

Where we suspend our use of your Personal Data we will still be permitted to store your Personal Data, but any other use of this information will require your consent, subject to certain exemptions.

 

You can exercise this right if:

  • you think that the Personal Data we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Data is in fact inaccurate;
  • the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of its use instead;
  • we no longer need the Personal Data for the purposes we have used it to date,  but the Personal Data is required by you in connection with legal claims; or
  • you have objected to our processing of the Personal Data and we are considering whether our reasons for processing override your objection.

 

Right to data portability

 

This right allows you to obtain your Personal Data in a format which enables you to transfer that Personal Data to another organisation.

 

You may have the right to have your Personal Data transferred by us directly to the other organisation, if this is technically feasible.

This right will only apply:

 

  • to Personal Data you provided to us;

 

  • where we have justified our use of your Personal Data based on:

o    your consent; or

o    the fulfilment by us of a contract with you; and

 

  • if our use of your Personal Data is by electronic means.

 

Right to object to processing of Personal Data

 

You have the right to object to our use of your Personal Data in certain circumstances.  However, we may continue to use your Personal Data, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Data in connection with any legal claims.

 

 

 

 

 

Right to withdraw consent to processing of Personal Data

 

Where we have relied upon your consent to process your Personal Data, you have the right to withdraw that consent.

 

This right only applies where we process Personal Data based upon your consent.
Right to complain to the relevant data protection authority

 

If you think that we have processed your Personal Data in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator.  If you live or work in an EEA member state, you may complain to the regulator in that state.

This right applies at any time.

If you wish to exercise your rights, please contact us using the details below. Please note that it may not be possible for Dairygold to always comply with your request as some of these rights are limited by legislation.  Where this is the case we will always respond within the statutory period of one month and inform you of the reasons why we cannot fully comply with your request.

  1. Who to contact about your Personal Data

If you have any questions or concerns about the way your Personal Data is used by us, you can contact a member of the HR team or e-mail us at: dataprotection@dairygold.ie

This Privacy Policy was last updated on 21st May 2018.

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our organisation, legal requirements, and the manner in which we process Personal Data.

Type of Personal Data Examples

 

Lawful Basis
Contact information Name, address, email and telephone number Necessary for the performance of a contract (Art 6(1)(b))
General information Gender, civil and family status, date and place of birth, details of next of kin, employment contract, salary and benefit details (for employees)

Vehicle registration number and insurance (for the purpose of processing expense claims) for employees and independent contractors

 

Legitimate interest in administering personnel functions of Dairygold and ensuring up-to-date contact information for the employee in the case of an accident (Art 6(1)(f))

Necessary for the performance of a contract (Art 6(1)(b))

Necessary to comply with employment or social protection law (Art 9(2)(b))

Necessary to protect the vital interests of the data subject (Art 9(2)(c))

Education and employment information Educational background, employer details and employment history, skills and experience and references. Professional memberships and affiliations and any other relevant information e.g. employment status. This applies for both employees and independent contractors to the extent relevant.

 

Necessary for the performance of a contract (Art 6(1)(b))

Legitimate interest in determining the skill and experience of an employee (Art 6(1)(f))

Government and other official identification numbers PPS number, passport number, tax identification number, driver’s licence number, or other government issued identification number. This applies for both employees and independent contractors to the extent relevant. Necessary for the performance of a contract (Art 6(1)(b))

Necessary for compliance with a legal obligation (Art 6(1)(c))

Financial information and account details Bank account number, or other financial account number and account details, other financial information for processing wages. Necessary for the performance of a contract (Art 6(1)(b))
Pension-related information and information related to other employee benefits PPS number, salary and bonus, names of family members, dates of employment, civil status and type of pension fund chosen. Necessary for the performance of a contract (Art 6(1)(b))

Necessary for compliance with a legal obligation (Art 6(1)(c))

Necessary for the establishment, exercise or defence of a legal claim (Art 9(2)(f)) (where sensitive Personal Data is processed in order to assess eligibility for benefits)

Sensitive information Occupational health form on commencement of work, doctor’s reports, occupational health nurse reports, physiotherapist reports on fitness to work or workplace accommodation needs to be made during term of employment, sick notes.

 

Necessary for the purpose of assessing the working capacity of the employee (Art 9(2)(h))

Necessary to comply with employment or social protection law obligations (Art 9(2)(b))

Necessary for the establishment, exercise or defence of a legal claim (Art 9(2)(f))

Personality assessments Reports from service providers on employee’s personality, emotional intelligence, reasoning, aptitude and potential. Legitimate interest in determining the suitability of an employee (Art 6(1)(f))
Biometric data Template of employee’s or agency worker’s fingerprint. Necessary for compliance with employment law or social protection law obligations specifically the Organisation of Working Time Act 1997 (Art 9(2)(b))
Time and attendance data, Time data is collected through fobs and swipe cards. Necessary for compliance with a legal obligation specifically the Organisation of Working Time Act 1997 (Art 6(1)(c)

 

Legitimate interest in monitoring time and attendance and access to restricted areas.

CCTV CCTV images Legitimate interest in ensuring security, safety and work processes standards (Art 6(1)(f))

When we process Personal Data for the purpose of our legitimate interests, we must inform of you of those legitimate interests. In addition to those set out above, the following legitimate interests of Dairygold may be relied upon to process your Personal Data (where they are not otherwise covered by one of the other legal bases specified in this Policy):

  • Managing Workforce: Managing work activities and personnel generally, including recruitment, appraisals, performance management, promotions, administering salary, and payment administration and reviews, wages and other awards, healthcare, pension plans, training, leave, managing sickness leave, transfers, honouring other contractual benefits, providing employment references, performing workforce analysis and planning, performing employee surveys, providing access to facilities, managing disciplinary matters, grievances and terminations, reviewing employment decisions, making business travel arrangements, managing business expenses and reimbursements, planning and monitoring of training requirements and career development activities and skills, and creating and maintaining one or more internal employee directories.
  • Communications, Facilities and Emergencies: Facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others, safeguarding and maintaining IT infrastructure, office equipment, facilities and other property, facilitating communication with you and your nominated contacts in an emergency.
  • Business Operations: Operating and managing IT, improve internal systems, communications systems and facilities, managing product and service development, communicating with customers and suppliers, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails (including records of changes you may make to customer accounts) and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, reorganisations or disposals and integration with purchaser.
  • Compliance: Complying with legal and other requirements, such as compliance with food safety legislation and practice, income tax and national insurance deductions, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, summons or warrants, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.
  • Employee Monitoring: In accordance with applicable laws and as set out in this Policy, Company may monitor the use of IT information technology and communications systems and the information they contain, including traffic and usage data, for purposes that may include systems maintenance, security, compliance with legal requirements and implementation of internal policies and procedures, as described in further detail in the Dairygold IT Users Policy.
  • Company Policies: To the extent not already covered above, any purposes which are set out in Company Policies which are listed in the ‘Associated or Relevant Documentation’ tab above.