Data Protection, Privacy, Cookies and Accessibility Data Protection and Privacy Statement
This Data Protection Statement provides information about the ways in which Spotlight Investigations Limited (“the Company”) collects, stores and uses personal data relating to individuals (data subjects) and businesses when they use the Company website, social media platforms and services. This Data Protection Statement relates to personal data received by the Company where data subjects contact, or request information from, the Company directly, and personal data received by the Company indirectly, and as set out below.
The relationship the Company, Officers and staff has with clients, contacts and businesses is of paramount importance. The security of client, contact, business and personal information is a high priority. In this statement, the Company sometimes refer to “You”. “You” may be a visitor to the Company website or social media platforms or a user of one or more of its Services. This policy does not apply to third-party websites, products, or services, even if they link to Company services, and you should consider the privacy practices of those third-parties carefully.
Personal data is data relating to a living individual who can be identified, or is identifiable, using this data or if this data is used in conjunction with other data that is in the Company’s possession, or could come into its possession. By visiting this website, you are accepting the terms of this Data Protection and Privacy Statement. Any external links to other websites are clearly identifiable as such, and the Company is not responsible for the content or the privacy policies of these other websites. If you are unhappy with this policy you should not use this website and you should inform the Company immediately, as this may affect how the Company interacts with you as an individual, client, contact and business. This Statement applies to, and sets forth the expected behaviours of, all Company Officers, employees and any third parties responsible for the processing of personal data (the collection, use, retention, transfer, disclosure and destruction) on behalf of the Company.
The Company respects your right to privacy and will not collect any personal information about you without your clear permission. Any personal data that you volunteer to the Company, if retained, will be held on secure servers and will only be used to better the Company service offering. The Company is committed to conducting business in accordance with all applicable data protection laws and regulations and in line with the highest standards of ethical conduct.
CONTROLLER CONTACT DETAILS
The Company is the controller for the personal data it processes. You can contact the Company in a number of ways, which are set out on the contact page of our website.
DPO CONTACT DETAILS
The Company has appointed a Data Protection Officer. If you wish to contact our Data Protection Officer in relation to the processing of your personal data by the Company, you can do so by emailing office@spotlightinvestigations.ie.
WHAT PERSONAL DATA DOES THE COMPANY PROCESS?
The Company processes personal data. This includes personal data received by the Company where data subjects contact, or request information from, the Company directly, and personal data received by the Company indirectly.
The personal data that the Company processes includes (i) basic personal information, such as a data subject’s name/surname; date of birth; the company or organisation a data subject works for; job title: transactional information (including invoices due/paid) (ii) contact information, such as a data subject’s postal address, email address and phone number(s); and (iii) any other personal data that is provided to the Company during the course of the performance of its functions.
HOW DOES THE COMPANY COLLECT PERSONAL DATA?
PHONE CALLS TO THE COMPANY: The Company does not audio record or retain audio recordings of phone conversations. Where an individual contacts the Company by phone, caller numbers are automatically stored on the recipient phone in the Company for a limited period of time in a list of inbound and outbound calls, but no further processing of this data (caller numbers) is carried out by the Company. During the course of dealing with a query, complaint or other matter, the Company may record personal data received by it during the course of phone calls in the form of notes made on the relevant case file.
EMAILS: All emails sent to the Company are recorded, forwarded to the relevant section of the Company and are stored for the purposes of the matter/case file to which the email relates. The sender’s email address will remain visible to all staff tasked with dealing with the query.
Please be aware that it is the sender’s responsibility to ensure that the content of their emails does not infringe the law. Unsolicited unlawful material, together with the details of the sender, may be reported to An Garda Síochána and/or other relevant authorities and further emails from such recipients may be blocked.
POST: All post received by the Company may be scanned, forwarded to the relevant section of the Company and stored for the purpose of the matter to which the post item relates.
SOCIAL MEDIA: The Company also receives personal data through its social media interactions on LinkedIn, Facebook and Twitter. Messages or posts received by the Company on these social media platforms are viewed by the Company but the personal data contained in the messages/posts is not logged or stored other than on the relevant social medial platform, and no further processing of such personal data is carried out by the Company.
WEBSITE: The Company website is www.spotlightinvestigations.ie. When you use the Website, the Company will collect any personal data that you choose to send to it or provide to it. If you submit your personal data to it (e.g. using an application form; subscribing to any mailing lists; registering for an event), the Company uses your personal data for purposes made clear to you at the time you submit your information.
FOR OUR COOKIE POLICY SEE BELOW.
HOW DOES THE COMPANY USE PERSONAL DATA?
The Company uses the personal data of its contacts for the following broad purposes:
• To provide Company services to clients, contacts and businesses;
• Process and complete transactions, and send related information, including transaction confirmations and invoices;
• Manage clients, contacts and businesses’ use of Company services, respond to enquiries and comments, and provide service and support;
• Send clients, contacts and businesses updates, event news/notifications and administrative communications;
• For any other purposes about which the Company notifies customers and users.
LEGAL BASIS FOR PROCESSING
The Company will process personal data in accordance with all applicable laws and applicable contractual obligations. Where you have provided your consent, the Company may also use your information to communicate with you via email and, possibly, social media/phone regarding products, services, offers, promotions and events we think may be of interest to you. You will always be able to opt-out of such communications at any time using a one-click UNSUBSCRIBE option within every marketing email.
HOW DOES THE COMPANY SHARE AND DISCLOSE THE PERSONAL DATA TO THIRD PARTIES?
THE COMPANY DOES NOT RENT OR SELL YOUR PERSONAL DATA TO ANYONE.
The Company may share and disclose information (including Personal Data) about site visitors, clients, contacts and businesses in the following limited circumstances: VENDORS, CONSULTANTS AND OTHER SERVICE PROVIDERS.
The Company may share your information with third=party vendors, consultants and other service providers who the Company employ to perform tasks on its behalf. These companies may include (for example) payment processing providers, website analytics companies (e.g. google analytics), email platform (e.g. Microsoft Office 365), mail service providers, website developer and others. Appropriate controls are in place to ensure data is only disclosed to these 3rd parties in compliance with data protection law.
Unless the Company tell you differently and you consent, third-parties do not have any right to use the personal data the Company shares with them beyond what is necessary to assist the Company.
PROTECTION OF THE COMPANY
The Company reserves the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply the Company’s agreements and contracts with you and other agreements; or protect the rights, property, or safety of the Company, and its Officers, employees, consultants, or others.
DISCLOSURES FOR NATIONAL SECURITY OR LAW ENFORCEMENT
Under certain circumstances, the Company may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
IS PERSONAL DATA TRANSFERRED OUTSIDE THE EEA?
NO. Our Case Management, secure email and CRM system are hosted in Ireland.
IS PERSONAL DATA SECURE?
The Company uses appropriate technical, organisational and administrative security measures to protect any information held in Company records from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
For example, on the Company website:
• The Company uses regular Malware Scanning to confirm it is safe to use.
• The Company uses a range of security tools to monitor activity on the site and identify unusual activity.
• Your personal information is only accessible to a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
• In addition, all information you supply through the website is encrypted via Secure Socket Layer (SSL) technology between your browser and the site.
• The Company do not store any credit card information on its servers.
In terms of local devices, the Company has implemented a range of security measures to protect the information it holds in its records. For example:
• All devices (including backup devices) use disk encryption so data is secure at rest.
• Devices automatically lock after a short period of inactivity to reduce the risk of unauthorised access.
• Devices are ‘patched’ (updated with the latest security updates) on a regular basis.
• Information is backed up.
• All servers (including WiFi) are completely segregated to alleviate the risk of unauthorised access.
Any 3rd party service providers employed to perform certain tasks also commit to implementing appropriate security measures to protect the data that the Company discloses to them.
Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
FOR HOW LONG IS PERSONAL DATA RETAINED?
Different types of personal data are retained for different periods of time.
At a high level, personal data is retained for only as long as the Company has a legitimate basis to retain the data. For example:
• Personal data you provide when signing up for any email marketing lists is retained until such time as you unsubscribe. After you unsubscribe, the Company retains minimal information to ensure it does not forget that you have unsubscribed.
• Email correspondence which is not required to be kept for regulatory reasons will be deleted after a period of 1 year.
DECISIONS BASED ON AUTOMATED PROCESSING
The Company does not make decisions based solely on automated processing that could have legal or otherwise significant effects on you.
YOUR RIGHTS
Under current data protection laws and under GDPR you have certain rights, including:
Right to access – You may request a copy of all personal data held by the Company about you.
Right to rectify – You have the right to ask the Company to correct any inaccuracies in the personal data held about you.
Right to erasure – You have the right to ask that the Company erase any personal data being processed about you.
Please note that the Company may still be legally allowed or obliged to retain your information. For example, as necessary to comply with legal obligations, resolve disputes, enforce agreements, and defend or establish a legal claim.
Right to restrict – In certain circumstances, you have the right to request that the Company restrict the processing of your personal data.
Right to object – In certain circumstances, you have the right to object to the Company processing of your personal data.
Right not to be subjected to automated decision making – You have the right not to be subjected to automated decision making where the decision has legal or significant effects.
Right to withdraw consent – Where the Company is processing your personal data on the basis of your consent, you have the right to withdraw your consent at any time. For example, if the Company are sending you marketing emails, you can withdraw your consent immediately by clicking the UNSUBSCRIBE link in the footer of the email.
HOW TO EXERCISE YOUR RIGHTS
Please contact us at office@spotlightinvestigations.ie and provide as much information as possible to enable the Company to complete your request.
RIGHT TO COMPLAIN
If you believe the Company is breaching your data protection rights, you have the right to complain to the data protection authorities. In Ireland, this is the Office of the Data Protection Commissioner (Click here to visit the ODPC’s website).
CHANGES TO THIS POLICY
Any changes to this Data Protection and Privacy Statement will be posted on this website so you are always aware of the personal data the Company collects, uses, stores, discloses and retains.
If at any time the Company decides to use your personal data in a manner significantly different from that stated in this Data Protection and Privacy Statement or otherwise stated to you at the time it was collected, the Company will notify you by email (if you have given your e-mail details to us).
COOKIES
This site DOES NOT normally or intentionally use cookies, which are tiny files that are normally downloaded to your computer, to improve your experience, but may use Google Analytics, which is one of the most widespread and trusted analytics solution on the web for helping the Company to understand how you use the site and ways that the Company can improve your experience.
For more information on Google Analytics cookies, see the official Google Analytics page.
THIRD-PARTY LINKS
The Company may also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, Twitter, YouTube, LinkedIn, Google+, may set cookies through this site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Occasionally, at the Company’s discretion, it may include or offer third-party products or services on its website. These third-party sites have separate and independent privacy policies. The Company has no responsibility or liability for the content and activities of these linked sites. Nonetheless, the Company seeks to protect the integrity of its site and welcome any feedback about these sites.
ACCESSIBILITY
Access For People Who Require Special Assistance
The role of the Company is to support its clients, contacts and businesses who require assistance when engaging with the services provided by the Company. If you require assistance to access the Company’s services, please contact our MARTIN RYAN on the Office telephone number or martinryan@spotlightinvestigations.ie.
MORE INFORMATION
Hopefully that has clarified things for you but if there is something that you aren’t sure about or are still looking for more information you can contact the Company by email to office@spotlightinvestigations.ie.