PRIVACY STATEMENT
1. WHO WE ARE
When we talk about Rainbow Engineering or “we”, “our,” “us” or “the Company” in this statement, we are talking about Rainbow Engineering. The Company fully respects your right to privacy and we are committed to ensuring that your privacy is protected. Please read the following to learn more about how we collect, use, process, and disclose your information, including personal information and how we keep it secure. For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (the “Act” the data controller is the Company whose registered office is at Unit 1 Scurlockstown Business Park, Trim, Co Meath.
2. WHAT DOES THIS PRIVACY STATEMENT COVER?
This Privacy Statement covers our treatment of your personal information that we gather when you are using our services or when you, a third party or an organisation you are connected with contact us in any manner. We gather various types of information, including information that identifies you as an individual (“Personal Information”) as explained in more detail below.
3. PURPOSE AND BASIS FOR PROCESSING
We will hold, process and may disclose personal data provided by you, a third party or an organisation you are connected with for the following purposes
• Providing environmental/engineering services/opinion
• Preparation of expert witness reports and giving evidence in relation to criminal and civil proceedings
• Managing health and safety and reporting on incidents
• Regulatory (for example disclosing tax data to the Office of the Revenue Commissioners) and professional requirements and
• Exercising our right to defend, respond or conduct legal proceedings
• For the prosecution of criminal proceedings on instruction from the relevant regulatory body (i.e. the HSA, An Garda Síochána)
4. WHAT INFORMATION DO WE COLLECT?
We collect information from you from three (3) main sources. This includes information we collect, (1) directly from you as a client, from a trusted third party or an organisation you are connected with (i.e. an insurance company or a loss adjuster) (2) for relationship management purposes, and (3) information we automatically collect when you visit our website.
4.1. Personal information we collect directly from you as a client
We collect the following Personal Information directly from you, from a trusted third party or an organisation you are connected with when you or the trusted third party or the organisation enquires about or engages us to provide environmental or engineering services or an expert engineering opinion
• Name
• Address
• Date of birth
• Civil status
• Contact details
• PPS number
• Job description
• Work/Career history
• Photo
• Records (including training records)
• Licences and permits (including but not limited to driving licence, CSCS certificates of competence)
• Car registration number (in the case of an RTA)
• Documentation which may be provided in connection with any incident, including but not limited to, pleadings, investigation reports, witness statements and incident report forms
• General correspondence, from solicitors, barristers, experts, witnesses, Gardaí. This list is non- exhaustive
• Correspondence and minutes of meetings relating to any incident, including but not limited to, investigative processes, witnesses, experts, legal and medical issues
• Emergency contact details
• Signed confidentiality agreement
• CCTV images captured through the legitimate use of CCTV, as appropriate
It is your responsibility to ensure that all Personal Information you provide to us or that is provided to us is complete, accurate and up-to-date in all respects and not misleading. Our ability to provide our advice and services, and the quality thereof, may be negatively affected if you fail to do so.
You may provide Personal Information about yourself or about other people to us during the course of our dealings with you. Whenever you provide us with Personal Information about another person, you must ensure that you are entitled to disclose the Personal Information relating to that other person to the Company and that we may process that Personal Information in accordance with this Privacy Statement without having to take any further steps. It is your responsibility to ensure that the person concerned is aware of the content of this Privacy Statement.
4.2. Personal information we collect for relationship management purposes
We may collect Personal Data for relationship management purposes when you, a trusted third party or your organisation contact us or communicate with any of our staff, when you supply your Personal Information to us via email, by telephone or otherwise;
We collect the following Personal Information from you:
• your name
• your employer, your job title and/or position
• your contact details, including your postal address, email address and phone number
4.3. Personal information we automatically collect when you visit our website
We may collect information when you visit our website. Please see our Cookie Policy below.
We collect the following Personal Information from you:
• the name of the domain and host from which you access the internet
• the internet protocol (IP) address of the computer which you are using
• the browser software you are using
• the operating system you are using
• the date and time at which you are accessing the Website
We will also collect information about your interaction with our Website using cookies. For more information on how we use cookies, please see our Cookie Policy below.
5. HOW DO WE USE AND PROCESS THE INFORMATION?
5.1. Process and use of personal information we collect directly from you as a client
We use and process Personal Information that we collect as follows:
5.1.1. Purposes related to and ancillary to entering into and performing our contract with you
It is necessary to provide us with your Personal Information on this basis as it is necessary to provide our services to you. The consequence for not doing so is that we will not be able to perform the engineering and or environmental services for which you, a trusted third party or your organisation engage us.
5.1.2. Where it is in our legitimate interest to do so
In particular:
• to enter into a contractual relationship with you, a trusted third party and/or the organisation with which you are connected
• to provide environmental and/or engineering advice/ expert opinion or other services or matters that you, a trusted third party and/or the organisation has requested (including reporting on an incident or advisory service for which our client engages us)
• managing and administering your, a trusted third party’s and/or an organisation’s business relationship with us, including processing payments, billing and collection and support services
• for purposes related and/or ancillary to any of the above or any other purpose for which your Personal Information was provided to us.
When we process your Personal Information based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
You have certain rights when we process your Personal Data on this basis. For more on exercising your data subject rights please see ‘Exercise my Data Subject Rights’.
5.1.3. To comply with legal obligations to which we are subject
In particular:
• to comply with our legal and regulatory obligations (e.g. record keeping obligations)
• to comply as appropriate with Engineers Ireland, Chartered Accountants Ireland, the Health and Safety Authority, Environmental Protection Agency and other relevant governmental and/or regulatory authorities or bodies
• to establish, exercise and defend our legal rights and any legal proceedings which may arise
5.2. Personal information we collect for relationship management purposes
The Personal Information that we collect is processed and used as follows:
5.2.1. Where it is in our legitimate interest to do so. We have legitimate interests in
• developing and maintaining relationships with business contacts
• conducting administrative and operational processes within our business
• protecting the security and integrity of our premises, IT systems, online platforms and other systems
• managing and administering our relationship with our business contacts and with our clients
When we process your Personal Information based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
You have certain rights when we process your Personal Data on this basis. For more on exercising your data subject rights please see ‘Exercise my Data Subject Rights’.
5.3. Personal information we automatically collect when you visit our website
The Personal Information that we collect is processed and used as follows:
5.3.1. Where it is in our legitimate interest to do so. We have legitimate interests in
• providing you with access to our Website and enabling you to use it
• conducting administrative and operational processes within our business
• protecting the security and integrity of our online platforms, IT systems and other systems
• providing, improving, monitoring and testing the effectiveness of our Website
• ensuring the content on the Website is presented in an effective, accessible and user-friendly format
• monitoring metrics such as numbers of visitors, traffic data and demographic patterns
When we process your Personal Information based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
You have certain rights when we process your Personal Data on this basis. For more on exercising your data subject rights please see ‘Exercise my Data Subject Rights’.
6. HOW DO WE SHARE YOUR PERSONAL INFORMATION?
6.1. Personal information we collect directly from you as a client
We may disclose some or all of the Personal Information we collect from you to certain trusted third parties and/or an organisation connected with you in accordance with contractual arrangements we have in place with these third parties or as required by law, including:
• third parties such as insurance companies, loss adjusters, solicitors, barristers, consultants, expert witnesses, advisors and technology service providers.
• other people in your organisation
• our auditors and professional advisors
• suppliers and service providers to whom we outsource support services
• IT service providers
• parties involved in hosting or organising events or seminars
• regulators and official authorities
• Potential purchasers or bidders
• Relatives or legal representatives of past, current and prospective clients
6.2. Personal information we collect for relationship management purposes
We may disclose some or all of the Personal Information we collect from you to certain trusted third parties in accordance with contractual arrangements we have in place with these third parties, including:
• suppliers and service providers to whom we outsource support services
• IT service providers
• third parties involved in hosting or organising events or seminars
6.3. Personal information we automatically collect when you visit our website
We may disclose some or all of the Personal Information we collect from you to certain trusted third parties in accordance with contractual arrangements we have in place with these third parties, including:
• suppliers and service providers to whom we outsource support services
• IT service providers
7. Special Categories of Personal Data
Certain categories of your personal data are regarded as ‘special’. We only process such data where necessary for the purpose of carrying out the obligations, and exercising specific rights, of Rainbow Engineering. If we wish to process your special personal data for any further purpose, we will seek your explicit consent to do so. You have the right to withdraw your consent to that processing at any time.
Sensitive data includes information relating to an individual’s:
• Physical or mental health
• Religious, philosophical or political beliefs
• Trade union membership
• Ethnic or racial origin
• Biometric or genetic data and
• Sexual orientation
We will only process data relating to an individual’s criminal convictions or involvement in criminal proceedings when permitted by law, or where provided voluntarily by an individual. Copies of your personal data which we hold are available on request from the Data Protection Administrator.
8. IS PERSONAL INFORMATION ABOUT ME SECURE?
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
While the Company takes all due care in ensuring the privacy and integrity of the information that you provide to us, we recognise that no data transmission over the internet can be 100% guaranteed as secure. The possibility exists that this information could be unlawfully observed by a third party while in transit over the internet. We accept no liability should this occur.
9. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing your personal data. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers who act on our behalf. We will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data.
10. HOW LONG WILL WE USE YOUR PERSONAL INFORMATION FOR?
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. COOKIES POLICY
Cookies – A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system. We use them to track your activity to help ensure you get the smoothest possible experience when visiting our website. We can use the information from cookies to ensure we present you with options tailored to your preferences on your next visit. We can also use cookies to analyse traffic and for advertising purposes.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. For more information on how to manage or disable cookies, please visit www.aboutcookies.org and www.allaboutcookies.org.
We use cookies to:
• Remember that you have visited us before; this means we can identify the number of unique visitors we receive. This allows us to make sure we have enough capacity for the number of users that we get
• Customise elements of the promotional layout and/or content of the pages of the Site
• Collect statistical information about how you use the website (including how long you spend on the site) and where you have come to the site from, so that we can improve the site and learn which parts of the site are most popular with visitors
• To speed site navigation and recognise your access rights on the site
Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting https://en.wikipedia.org/wiki/HTTP_cookie which includes additional useful information on cookies and how to block cookies using different types of browser. Please note, however, that by blocking or deleting cookies used on the website, you may not be able to take full advantage of the site.
The cookies used by us fall into these main categories:
• Necessary
• Functionality
• Performance
• Analytics
We also may use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. This information is used to enable more accurate reporting, improve the effectiveness of our marketing, and make our Services and Websites better for our users. We also utilise Google Analytics, a web analysis service provided by Google, to better understand your use of our Websites and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google offers an opt-out mechanism for the web available here.
12. EXERCISE MY DATA SUBJECT RIGHTS
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
• Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
• Right to rectification – you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
• Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
In order to exercise any of the rights set out above, please contact us at the contact details at the start of this privacy notice.
If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
If you are unhappy with how we process personal information, we ask you to contact us so that we can rectify the situation.
You may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.
13. WILL WE EVER CHANGE THIS PRIVACY STATEMENT?
We may need to change this Privacy Statement from time to time. Any changes to this Privacy Statement will be reflected in our updated Privacy Statement available on our website at www.rec.ie. You are responsible for periodically reviewing this Privacy Statement.
This Privacy Statement was most recently updated on 6 December 2019.
14. WHAT IF I HAVE QUESTIONS ABOUT THIS PRIVACY STATEMENT?
If you have any questions or concerns regarding this Privacy Statement/or the Company privacy policies, please send us a detailed message to info@rec.ie and we will try to resolve your concerns.
15. COMPLAINTS
You have the right to lodge a complaint with the Office of the Data Protection Commission if you are unhappy with how your personal data is being handled.