Privacy Policy

Introduction

This Privacy Notice provides information about personal data collected by, or provided to, RW Pierce
for the purpose of providing our business services.
At all times when dealing with personal information, we will ensure to uphold all obligations under
current data protection legislation (the General Data Protection Regulation 2016/679 (“GDPR”), the
Irish Data Protection Act 2018, the UK Data Protection Act 2018).
Should you require further details about our processing please use the contact details below.

Scope

This notice relates to both our UK and Irish companies which are as follows:

RW Pierce operates in Ireland as:

RW Pierce (Ireland) Limited
K1, M7 Business Park,
Naas, Co Kildare
W91 WD53

+353 (0) 45 895 000
info@rwpierce.ie

RW Pierce operates in the UK as:

RW Pierce (NI) Limited
17 Dargan Crescent
Belfast, Co Antrim
BT3 9RP

+44 (0)28 9037 2504
info@rwpierce.ie

RWP as a Data Controller and Data Processor

In certain cases when processing personal data, RWP is a Data Controller, but in all cases when
processing data under instructions from our clients, we are acting as a Data Processor.
Examples of RWP as a Data Processor include when we provide specialist data processing, mail
production and document hosting for banking, government and SME clients or carry out processing in
relation to our Holmes Analytical Software service.
When acting as a Data Processor, RWP will only do so under contract which will include a Data
Processing Agreement that outlines our obligations and includes all clauses as required under Article
28 GDPR.

How We Collect Personal Data

In most cases we will collect personal information directly from you when you contact us by phone,
email or any other channels such as in person at events. You may also contact us through our website
or send us a CV or complete a job application where relevant.
We do not usually collect personal data from third party sources. However, we may connect with
clients and contacts via social media networks e.g. LinkedIn. In those circumstances we may have
access to your publicly available details from that source. We do not download that data or integrate
it with our systems.

Cookies

When you visit our website, we may automatically collect technical data about your computer
equipment, browsing actions and preferences. In order to ensure our website functions correctly we
must use certain necessary cookies. Any other tracking cookies will be based on you consenting to the
use of such cookies.
If you follow a link to another website from our website, we are not responsible for the cookies or
content of this third-party site. We advise you to read the Privacy Notice and cookies information on
any websites you visit.

Principles of Processing Personal Data

All data processed by RWP is done so in line with the principles of data processing, these are:

• • lawfulness, fairness and transparency – we will always process data lawfully and never
    in a way that would not be expected. We will always be clear, open and honest about how
    the data is used.

  • purpose limitation – we will only use personal data for specific purposes which will be
    clearly defined.

  • data minimisation – we will only collect the minimum amount of data required to carry
    out our services.

  • accuracy – will we always try to ensure the accuracy of data.

  • storage limitation – we apply retention periods to all data.

  • integrity and confidentiality – RWP have appropriate technical and organisational
    measures in place to protect the data we collect, process and store.

  • accountability – we are responsible for and will be able to demonstrate compliance with
    the above principles.

Lawfulness of Processing

As a Data Controller, RWP will determine the appropriate lawful basis for all processing of personal
data. Where we act as a Data Processor, it will be the obligation of the Data Controller to ensure a
clear lawful basis has been defined for the processing of personal data by RWP.
Below are examples only relating to RWP as a Data Controller:

Purpose/Activity

Data Types

Lawful Basis

To administer our relationship with our clients which

will include:

• establishing the initial relationship, quoting for
  our services and contacting you regarding
  queries

• communicating with you regarding services we
  are providing to you

• processing payment for our services

• providing you with updates of service we feel
  may be of interest to you provided you have not
  opted out of receiving such communications

Identity details, Contact

details,

Marketing and

Communications

Performance of a contract

Necessary for our

legitimate interests

To carry out any recruitment campaigns, shortlist

candidate, contact candidates, carry out interviews and

any follow up communications

Identity details, Contact

details, CV or job

application details

Necessary for our

legitimate interests

To maintain and administer our website which will

include:

• improvements to the functionality

• troubleshooting

• data analysis

• research, statistical and survey purposes

• ensuring the security of our website

• measuring effectiveness

• making suggestions and recommendations to
  you and other users of our website about
  services that may be of interest

Identity details, Contact

details, Marketing and

communications,

Cookies on your

computer,

Technical information

eg. IP address, browser

Necessary for our

legitimate interestsTo comply with a legal

obligation

Consent

Rights of Individuals

We are responsible for ensuring that processing does not infringe on your rights as laid down in data
protection legislation. It is important to note that these are not absolute rights and certain restrictions
and exemptions may apply. These rights are:

• The right to access the personal data we hold about you.

• The right to request that we rectify any inaccurate personal data about you.

• The right to request that we erase any personal data we hold about you.

• The right to object to us processing personal data about you such for direct marketing
  purposes.

• The right to ask us to provide your personal data to you in a portable format or, where
  technically feasible, for us to port that personal data to another provider.

• The right to request a restriction of the processing of your personal data.

• The right not to be subject to automated decision making, including profiling.

In any instances where we process your personal data based on your consent, you have the right to
withdraw consent at any time.
You also have the right to make a complaint to the relevant supervisory authority with regard to the
processing of your personal data by us at RWP, this can be done via the following:
IRL: The Data Protection Commission www.dataprotection.ie
UK: The Information Commissioners Office www.ico.org.uk

Data Sharing and Transfers

We may share your personal data internally within the RWP UK and Irish companies. We may also
share your personal data with third parties such as:

• With IT cloud service providers

• Professional service providers such as, legal, accounting, insurance or business advisors

All such parties are bound by a duty of confidentiality and engaged under contract. Where we engage
any other parties to process data on our behalf, we will ensure a Data Processing Agreement is in
place.
In any instances where we transfer personal data, we will ensure appropriate security measures are in
place such as encryption.
For our Irish clients, all data is stored on our systems located in Kildare with backups to the cloud in
data centres located in Ireland or Frankfurt. Data for our UK clients is stored in Belfast. We do not
transfer data of our Irish clients outside of the EU.

Security of Personal Data

RWP will always ensure the ensures the confidentiality, integrity, availability, and resilience of
personal data when in use, transit and storage. We are obliged to protect the data from inadvertent
destruction, amendment, loss, disclosure, corruption, or unlawful processing.
We operate physical, technology and human controls to secure data. These controls are operated
under our Information Security Management System (certified to ISO27001 since 2008).

Data Retention

Personal data collected from clients through the provision of our services will be stored for the
duration of the relationship with a client plus 10 years. Generally, we will store employment data for
the duration of the employment plus 7 years. This is in line with the legal time frame for breach of
contract cases. However, shorter retention periods apply to specific employment data, and we will
adhere to statutory retention periods where applicable.
Where we act as a Data Processor, personal data will be stored as per the instructions of the Data
Controller.

Data Protection Officer (DPO)

We have appointed a DPO who assists us with all our compliance measures under data protection
legislation. The contact details for our DPO is dpo@rwpierce.ie.

Updates

From time to time, we may amend and update this Privacy Notice. Please review this notice each time
you use our website or our services. This notice was last updated in March 2023.