Our Data Protection Policy
Data Protection at Bárd
The General Data Protection Regulation and Data Protection Acts 1988-2018 apply to the processing of personal data.
Bárd na nGleann (Bárd) is committed to complying with its legal obligations in this regard. Bárd collects and processes personal data relating to its job applicants and employees in the course of business in a variety of circumstances, e.g., recruitment, training, payment, performance reviews, and to protect the legitimate interests of Bárd.
This policy covers any individual about whom Bárd processes data. This may include current and former employees and job applicants. Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking.
Personal data kept by Bárd shall normally be stored on the personnel file or HR electronic database. Highly sensitive data, such as medical information, will be stored in a separate file, in order to ensure the highest levels of confidentiality. Bárd ensures that only authorized personnel have access to the personnel file.
It may be necessary to store certain other personal data outside the HR department, e.g. salary details will be stored in the payroll department. Bárd managers or supervisor may have access to certain personal data where necessary. Bárd has appropriate security measures in place to protect against unauthorized access.
Collection and storage of data
Bárd processes certain data relevant to the nature of the employment regarding its employees and, where necessary, to protect its legitimate business interests. We will ensure that personal data will be processed in accordance with the principles of data protection, as described in the GDPR and Data Protection Acts.
Personal data is normally obtained directly from the job applicant or employee concerned. In certain circumstances, it will, however, be necessary to obtain data from third parties, e.g. , references from previous employers. Where relevant to the nature of the work, Bárd may make an application to the Garda Vetting Bureau for Garda clearance of an employee.
Personal data collected by Bárd is used for ordinary personnel management purposes. Where there is a need to collect data for another purpose, Bárd shall inform you of this. In cases where it is appropriate to get your consent to such processing, Bárd will do so.
Job applicants and employees are responsible for ensuring that they inform the HR department of any changes in their personal details, e.g. change of address. We endeavour to ensure personal data held by Bárd is up to date and accurate.
Retention of data
Bárd is under legal obligation to keep certain data for a specified period of time. In addition, Bárd will need to keep personnel data for a period of time in order to protect its legitimate interests. Recruitment data, e.g., resumes/CVs and cover letters will be retained for a period of 24 months.
Security and disclosure of data
Bárd will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access.
HR data will only be processed for employment-related purposes and, in general, will not be disclosed to third parties, except where required or authorised by law or with the agreement of the employee. HR files are normally stored in the HR department and employees who have access to these files must ensure that they treat them confidentially. Employees working in the payroll department must treat all personal data they receive confidentially and must not disclose it, except in the course of their employment.
Recruitment data, e.g., resumes/CVs is controlled by Bárd, with access limited to authorised Bárd managers and supervisors, and is processed on HireHive servers.
All employees will have access to a certain amount of personal data relating to colleagues, customers and other third parties. Employees must play their part in ensuring its confidentiality. They must adhere to the data protection principles and must not disclose such data, except where necessary in the course of their employment, or in accordance with law. They must not remove or destroy personal data except for lawful reasons. Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal.
Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal.
Medical data
Bárd may receive certain medical information, which will be stored in a secure manner with the utmost regard for the confidentiality of the document. Bárd does not retain medical reports on job applicants who do not become employees for longer than is necessary.
Access requests
Employees and job applicants are entitled to request data held about them on computer or in relevant filing sets. Bárd will provide this data within one month of receipt of request. There is no charge for requesting this data.
Right to object
Employees and job applicants have the right to object to data processing that is causing them distress. Where such objection is justified, Bárd will cease processing the data unless it has a legitimate interest that prevents this. Bárd will make every effort to alleviate the distress caused to the individual. An objection should be made in writing to admin@bardnangleann.com , outlining the data in question and the harm being caused to the employee.
Transmission of data outside the State
As Bárd operates internationally, it may be necessary in the course of business to transfer employee’s personnel data within Bárd and to other group companies in countries outside the European Economic Area, which do not have comparable data protection laws to Ireland. The transfer of such data is necessary for the management and administration of Bárd’s contracts and to facilitate the overall administration of personnel within the group. When this is necessary, Bárd will take steps to ensure that the data has the same level of protection as it does inside the State. Bárd will only transmit data to companies that agree to guarantee this level of protection.
Review
This policy will be reviewed from time to time to take into account changes in the law and the experience of the policy in practice. This was last reviewed and updated in May 2018.
Questions
For any clarification or data access requests, please contact our admin offices.