OPENMIND NETWORKS LIMITED
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Lawful basis for processing|
To manage our relationship with our staff (employees and contractors) to include:
· For general business purposes, such as payroll activities, performance management, making business travel arrangements and/or improving products and services
· To comply with any legal requirement, such as record-keeping and reporting, honouring contractual obligations and/or healthcare obligations.
· To facilitate communication with you and your nominated contacts in an emergency and protecting the health and safety of staff and others.
· For the operation of a CCTV system
· Performance of a contract with you
· Necessary to comply with a legal obligation
· Necessary for our legitimate interests (to keep our records updated)
To manage our relationship with our clients and our suppliers
· Performance of a contract
· Necessary to comply with a legal obligation
· Necessary for our legitimate interests (e.g. to keep our records updated)
|To administer and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
· Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
· Necessary to comply with a legal obligation
|To deliver relevant content and advertisements to our clients and measure or understand the effectiveness of the advertising we serve to them
|Necessary for our legitimate interests (to study how clients use our products and services, to develop them, to grow our business and to inform our marketing strategy)
|To use data analytics to improve our products and services, marketing, customer relationships and experiences
|Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|To make suggestions and recommendations to you about products and services that may be of interest to you
|Necessary for our legitimate interests (to develop our products and services and grow our business)
Openmind willl engage certain service providers to perform certain services on its behalf which may involve the Processing of Personal Data. To the extent that such Processing is undertaken based on the instructions of Openmind and gives rise to a Data Controller and Data Processor relationship, Openmind will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by Data Protection Law.
As part of our record keeping obligations under Art. 30 GDPR, Openmind retains a record of the Processing activities under its responsibility. This comprises the following:
|Art. 30 GDPR Requirement||Openmind’s Records|
|Name and contact details of the Controller
|Openmind Networks Limited with its registered office at 4 Westland Square, Pearse Street, Dublin 2.
|The purposes of the Processing
|Description of the categories of data subjects and of the categories of Personal Data.
|The categories of recipients to whom the Personal Data have been or will be disclosed.
|Where applicable, transfers of Personal Data to a third country outside of the EEA.
Openmind processes Special Categories of Data (“SCD”) in certain circumstances, such as the ordinary course of employee administration. Openmind shall Process such SCD in accordance with Data Protection Law.
From time to time, Openmind may transfer Personal Data to countries outside the EEA which may not have the same or equivalent Data Protection Law as Ireland. If such transfer occurs, Openmind will ensure that such processing of your Personal Data is in compliance with Data Protection Law and, in particular, that appropriate measures are in place such as entering into Model Contractual Clauses (as published by the European Commission) or ensuring that the recipient is Privacy Shield certified, if appropriate. If you require more information on the means of transfer of your data or would like a copy of the relevant safeguards, please contact Openmind’s VP of Operations or in the case of employees/ contractors, please contact the HR department.
We may record telephone calls with employees so that Openmind can:
In addition, Openmind monitor electronic communications between Openmind and employees (for example, emails) to protect the employees, the business and IT infrastructure, and third parties including by:
The use of CCTV involves Processing of Personal Data. The purpose of Openmind’s CCTV system is to protect against crime, including theft, to ensure the security of Openmind’s staff and property, and the health and safety of our staff and customers.
Openmind ensures that the use of CCTV is in line with the requirements under Data Protection Law.
Access to the CCTV systems and recorded material is strictly restricted to authorised colleagues, security colleagues and members of the management teams.
Openmind will keep Personal Data for as long as is necessary for the purposes for which Openmind collects it. This mean Openmind will retain Personal Data for so long as we have a relationship with the individual to whom the Personal Data relates. Once this relationship comes to an end Openmind will retain such Personal Data for a period of time that allows it to: (a) comply with legal record retention requirements; (b) defend or bring legal claims; (c) maintain records for business analyses and audit; and (d) address complaints and other issues regarding its business.
Where Openmind holds Personal Data to comply with a legal or regulatory obligation, Openmind will keep the information for at least as long as is required to comply with that obligation. In some cases a retention period will apply once the initial purpose has ceased e.g. payroll files are required to be kept for current year plus 6 years.
Where Openmind holds Personal Data in order to provide a product or service, Openmind will keep the information for at least as long as Openmind provides the product or service, and for a number of years thereafter. The number of years varies depending on the nature of the product or service provided.
Openmind endeavours to ensure that Personal Data will only be kept which is relevant and not excessive to achieve the purposes for which it is being held.
Date: 25 May 2018
“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
“Data Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Data Processor” means the party that Processes Personal Data on behalf of the Data Controller.
“Data Protection Law” means the General Data Protection Regulation (No 2016/679) (“GDPR”) and the Data Protection Act 2018, once enacted and any other laws which apply to Openmind in relation to the Processing of Personal Data.
“European Economic Area” or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein, and Norway.
“Personal Data” is any information relating to a living individual which allows the identification of that individual. Personal Data can include:
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “Processing” are interpreted accordingly.
“Special Categories of Personal Data” are types of Personal Data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special Categories of Personal Data also include the Processing of genetic data, biometric data (for example, fingerprints or facial images), health data, data concerning sex life or sexual orientation and any Personal Data relating to criminal convictions or offences.
Types of Personal Data
|Categories of Data Subject||Type of Personal Data|
|Staff (current and past employees and contractors)||Personal details: Name, employee identification number, work and home contact details (email, phone numbers, physical address), language(s) spoken, gender, date of birth, social security number, next of kin, disability status, emergency contact information and photograph.
Documentation required under immigration laws: Citizenship, passport data, details of residency, licences, work permits, etc.
Compensation, Benefits and Payroll: Base salary, bonus, benefits, compensation type, pay grade, salary step within assigned grade, details on stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, banking details, working time records (including vacation and other absence records, leave status, hours worked and department standard hours), pay data, national insurance or other number, marital/civil partnership status, domestic partners and dependents.
Position: Description of current position, job title, management category, job code, job function(s) and sub-function(s), company name, branch/unit/department, location, employment status and type, terms of employment, employment contract, work history, hire/re-hire and termination date(s) and reason, length of service, retirement eligibility, promotions and disciplinary records, date of transfers, and reporting manager(s) and supervisors information.
Talent Management Information: Details contained in letters of application and resume/CV (previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates), information necessary to complete a background check, details on performance management ratings, development programs planned and attended, e-learning programs, performance and development reviews, willingness to relocate or driver’s license information.
Company Secretarial Records: Details of any shares of common stock or directorships.
System Access Data: Information required to access company systems and applications.
Special Categories of Personal Data: We may also collect certain types of Special Categories of Personal Data where required or permitted by local law, such as health/medical information, place of birth, trade union membership information, religion, and race or ethnicity.
|Customers||Name, phone number and email address of individuals. Data is held where an issue arises within our customers network. It is then deleted from Openmind’s system. Other customer data such as email addresses of key contacts, is kept in order to fulfil (contractual) business relations with our customers.
|Suppliers||Personal Details where applicable eg bank details of an individual rather than a company. These are stored in the performance of a contract.
IT Security Measures