Privacy Policy – Effective 11 October 2018- Version 3.1 (Updated August 2024)
On the 25th May 2018, the General Data Protection Regulation (GDPR) came into effect across all EU member states. The GDPR provides one framework data protection law for Europe, representing a significant harmonisation of data protection requirements and standards across the EU. Teams Plus (a trading name of Contracting Plus Consultants Limited; ‘The Company‘) is committed to satisfying all GDPR requirements to provide confidence to our clients, that their data is being managed to the highest standards. This policy has been updated to reflect the requirements of GDPR and hopefully will give you clarity on how we manage the lifecycle of your data. If you have any questions about this policy or your data, you can email us at dpo@contractingplus.com
Before we get into the policy, it’s important you understand some of the key terms used as they are mentioned within the policy document.
Personal Data: Information relating to a living individual who is, or can be, identified by that information, including data that can be combined with other information to identify an individual. This can be a very wide definition, depending on the circumstances, and can include data which relates to the identity, characteristics or behaviour of an individual or influences the way in which that individual is treated or evaluated.
Processing: means performing any operation or set of operations on personal data, including:
Data Controller: A Data Controller is the person or organisation who decides the purposes for which, and the means by which, personal data is processed. The purpose of processing data involves ‘why’ the personal data is being processed and the ‘means’ of the processing involves ‘how’ the data is processed. For the purposes of this document, The Company is the Data Controller.
Data Processor: A person or organisation that processes personal data on the behalf of a data controller.
Data subject: A Data subject is the individual the personal data relates to.
Model Contract: A ‘model contract’ is a general type of contract that includes specific provisions dealing with data protection, and that has been approved either by the EU Commission or by the Data Protection Commissioner. A data controller in Ireland, which wishes to transfer personal data outside of the EEA, can use the model contract as the basis for its relationship with the third-country organisation.
Teams Plus is a trading name of “Contracting PLUS. When we use “Teams Plus” or “our” or “us” or “we”, within this document, we are referring to Contracting Plus Consultants Ltd which includes all associated branch locations. Teams Plus is committed to helping Irish SME’s build high-skilled off-shore teams in India to compliment the work of their local staff where these SME’s would not otherwise have the knowledge or the resources to undertake this themselves.
Teams Plus has an appointed Data Protection Office (DPO) and has the following responsibilities:
If you wish to contact Teams Plus’s DPO, please email dpo@contractingplus.com.
Our data collection process aims to be open and transparent at all times. Teams Plus gathers personal data via a number of mediums i.e. telephone, web forms, email, apps, social media, etc for the following reasons:
In addition, our web sites use ‘cookie’ technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or apps. They help us make the sites work better for you as well as provide Teams Plus with analytics on how the service is being used.
Our most important concern is the protection and reliability of customer data. We use a mixture of Private and Public cloud infrastructure providers to ensure customer data is secure and available at all times. All our Cloud Providers are located within the EU and adhere to the highest compliancy standards including the following certifications/regulations: – DoD SRG, FedRAMP, FIPS, IRAP, ISO 9001, ISO 27001, ISO 27017, ISO 27018, MLPS Level 3, MTCS, PCI DSS Level 1, SEC Rule 17-a-4(f), SOC 1, SOC 2, SOC 3 – EU Data Protection Directive, HIPAA.
All client data is regularly backed up with robust disaster recovery procedures in place. In addition, we use a number of third-party web based systems for uses such as survey gathering, form data collection, etc. where the data gathered may reside outside of the EU jurisdiction. To comply with Data Protection Legislation, the countries must be considered as offering an adequate level of protection in accordance with Article 25 of the Data Protection Directive. In these cases, where the third-party companies reside in the US we will ensure that the party is either registered under the EU-U.S. Privacy Shield Framework or where this is not in place we will work to ensure a ‘Model Contract’ is put in place with any effected supplier as soon as possible to ensure there is no dilution in your data privacy rights or obligations.
When an individual engages with us, we term this person an “Interested Party”. If the individual opts to use the services of Contracting PLUS they then become a “Client”. Once an individual leaves our services they then become an “In-active Client”. Below is the data retention policy for each class of individual:
An “Interested Party” is a person who has pro-actively engaged with us. Engagement might be a phone call or email correspondence to learn more about our services. It might also include a download from our website or registering to attend an event held (online or offline). It can often take several weeks or months before it’s definitively clear that an individual does not wish to progress to client. We will continue to keep in touch with Interested Parties until such time as they specifically opt out of further communications. Once that happens we will purge any personal data obtained within 30 days of the data subject opting out.
For “Clients” we delete permanently the following classes of information where the information in question is over seven years old post the end of the accounting year-end (end of December for Ireland, end April for the UK).
For “In-active Clients” we delete permanently all classes of information (electronic and paper) where the information in question is over seven years old post the inactivity date of the client. We will maintain basic contact information for the purpose of marketing. In-active clients can specifically opt out of further communications. Once that happens we will use an automated process to purge the personal data obtained within 30 days of opting out.
Employees – we recognise that our employees are also data subjects to whom we owe a duty of care in relation to their data, we have internal data protection policies in relation to our employees, and in general we keep data for as long as is necessitated by law, here is a summary of our data retention
Source of Obligation | Retention Period |
Revenue Commissioners, Collector General, Companies Acts legislative provisions | 7 years rolling retention of records |
Personal Injuries related records | Records are retained for a period of 3 years past the date of the cause of action, unless it involves a minor, in which case the retention period will be up until 3 years after the minor reaches the age of 18. |
Breach of Contract related records | Records are retained 6 years from the date of the breach |
Employment contract/terms of employment related information | Duration of the employment – this includes everything from the application form, interview notes, contract related, performance appraisals, references |
Organisation of Working Time – time sheets/holiday and public holiday records National Minimum Wages Protection of Employment – Temporary Agency Workers, Part Time Workers, Fixed Term Workers Protection of Young Persons | 3 years post the termination of the employment. Records kept are sufficient to show compliance with legal obligations in accordance with the statutory provisions. |
Parental Leave Related | 8 years – records kept show the dates when a qualifying employee availed of the parental leave and force majeure leave provisions |
Employment Equality | All records, including interviews and applications are kept for a period of one year. |
Health and Safety Records | All records relating to health and safety will be kept for a period of 10 years |
Data Law Compliance | Records in relation to our compliance with Data Law and GDPR will be kept for a five year period. |
To use your information lawfully, we can rely on four of the six legal bases set out in GDPR Regulation and these are:
When an individual who has signalled that they were interested in our services and whom we have designated “an interested party” does not sign up to use the services provided by us, we will use point 6 to continue to keep you informed of the benefits of the services offered by Teams PLUS and other related communications. All of these communications will include a specific opt-out option.
Clients: We will utilise personal data in the form of email addresses and contact telephone numbers in order to keep our clients and potential clients informed in relation to our services and market related information. We consider that this is in the legitimate interest of our business to maintain our market presence. In balancing your data protection rights against this legitimate interest of our company, we have considered:
We do not ask for more information than is required in order to provide you a service and we only use that data in the provision of that service.
Teams PLUS, as a rule do not disclose any information on our clients to third parties, but when necessary and in the course of the provision of our service to you, we may make such data available to trustworthy reputable bodies/ advisors/partners/connected parties and regulatory authorities such as the Revenue Commissioners and the Company’s Registration Office (CRO).
If disclosure of personal data to a third party is required which exceeds these terms, consent will always be sought in such cases. There are special circumstances under which disclosure of personal data to third parties is allowed. These are provided for under the Data Protection legislation and are:
We do not transfer or share client data with third parties in International locations. However, the employees of Teams PLUS are based in offices outside of the EEA and as part of our service employees based outside the EEA will be part of the Teams PLUS employees processing your data in order to deliver our service. This is all done within the normal security protocols adhered to by us.
In accordance with the GDPR, you have the right as a data subject to:
Note: an individual’s right to erasure (in accordance Article 17 GDPR) does not apply where said information is required to be retained in accordance with relevant legislation. Our policy would be that :- – we retain data for as long as statute or regulations demand; and – we normally destroy files after seven years as per section 5.
Note: When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information. Any questions or queries please email dpo@contractingplus.com
If you have a complaint about the use of your personal information, please contact us at dpo@contractingplus.com to allow us to quickly rectify the situation. In the unlikely event that you do not get a response within 30 days you can complain to the DATA PROTECTION COMMISSION, Supervising Authority of Ireland. Data Protection Commissioner Canal House Station Road Portarlington R32 AP23 Co. Laois Telephone +353 57 8684800 Lo Call Number 1890 252 231 E-mail info@dataprotection.ie
This policy will be reviewed regularly in light of any legislative or other relevant developments. You can always find an up-to-date copy of our policy on our web site which will hold the date of the most recent revision at https://www.contractingplus.com/index.php/privacy-policy
As a client of Contracting Plus you are entitled to receive a copy of your personal data held by Contracting PLUS upon written request, at no cost (for the initial request, subsequent requests will be charged). In order to respond to your request we ask you to download the Access Request Form
If you cannot download the Access Request Form from the internet please write to us requesting a form from: Data Protection Officer, Contracting PLUS, Unit 26J, Block 6500, Cork Airport Business Park, Cork, Ireland and we shall send you a copy by return post. Use of the “Access Request Form” is not mandatory. Completing the Access Request Form should enable us to process your request more efficiently. We do not accept access requests via telephone or text message. TO ACCESS WHAT PERSONAL DATA IS HELD, IDENTIFICATION WILL BE REQUIRED We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released. Review This Policy will be reviewed regularly in light of any legislative or other relevant developments
Whether you are making plans for your future growth ambitions or looking to drive efficiencies right now, we can help. Our team based in Cork and Dublin are available to meet with you and discuss your requirements.
Get In Touch