1.0 Introduction & General Terms
2.0 Definitions
3.0 Personal Data Collected by WIN
4.0 Legal Basis for Processing Personal Data
5.0 Finding Out What Personal Data Is Held
6.0 Contacting a Registered User
7.0 Sharing of Personal Data
8.0 Length of Storage and Otherwise Processing of Personal Data
9.0 Rectifying or Erasing Personal Data
10.0 Automated Decision Making
11.0 Security of Personal Data
12.0 Making a Complaint or Objecting to the Processing of Personal Data
13.0 Changes to the WIN Data Protection Policy
14.0 General Data Protection Regulation (GDPR) EU 2016/679
1.0 Introduction & General Terms
Workplace Instructor Network (WIN) is committed to protecting personal data for those using and engaging with Workplace Instructor Network (WIN) and want the service to be a safe and positive experience for all. In order to provide the Workplace Instructor Network service, it is necessary to collect and otherwise process certain personal data. This Data Protection Policy relates to the processing of any such personal data by Workplace Instructor Network (WIN) through the provision of the Workplace Instructor Network service. This data protection policy was updated on 20th May 2018.
If you have any questions about this policy or wish to contact Workplace Instructor Network (WIN) in relation to privacy or data protection, please email info@winireland.ie or write to:
Workplace Instructor Network (WIN)
Unit 2 Lyncon Court
Blanchardstown Industrial Park
Blanchardstown
Dublin D15 FP20
Ireland
2.0 Definitions For the purposes of this Policy:
2.1 ‘WIN’ means Workplace Instructor Network (WIN), a body corporate under Irish law, with registered offices at Unit 2 Lyncon Court, Snugborough Business, Blanchardstown Industrial Park, Blanchardstown, Dublin 15, Ireland;
2.2 ‘WIN service’ means the service offered by Workplace Instructor Network (WIN), designed to provide access to a network of certified instructors for workplace-based training;
2.3 ‘registered user’ means any natural or legal person, public authority, agency or another body registered with WIN to use the WIN service for any reason; 2.4 ‘public user’ means any means any natural or legal person, public authority, agency or another body not registered with WIN, that uses the WIN service for any reason;
2.4 ‘personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.5 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.6 ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
2.7 ‘third party’ means a natural or legal person, public authority, agency or body other than the registered user, WIN and persons who, under the direct authority of WIN, are authorised to process personal data;
2.8 ‘consent’ means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2.9 ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3.0 Personal Data Collected by WIN
WIN will collect and otherwise process some or all of the following personal data in the provision of the WIN service: 3.1 registered user full name, contact address, email address, photograph, telephone number, mobile telephone number, organisation, access level, date added and date updated. 3.2 public user No personal data will be collected or otherwise processed from a public user.
4.0 Legal Basis for Processing Personal Data
WIN collects and otherwise processes personal data with the consent of the registered user, in accordance with Article 7 of the General Data Protection Regulation (GDPR) EU 2016/679. This will be obtained through a written statement, including by electronic means. The registered user shall have the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5.0 Finding Out What Personal Data Is Held
In accordance with Article 15 of the GDPR EU 2016/679, a registered user may request a copy of personal data undergoing processing. This can be obtained by writing to WIN using the contact details in Section 1.0 of this policy. Registered users will be required to prove their identity with either a SafeTrack Card, Driving Licence or Passport before such requests are fulfilled.
6.0 Contacting a Registered User
6.1 WIN may contact a registered user:
i. In relation to any service or activity in the provision of the WIN service;
ii. In relation to any correspondence WIN receives from that registered user or to any comment or complaint made about WIN;
iii. To invite a registered user to participate in surveys about WIN services and
iv. To update a registered user on any changes to WIN policies or practices.
6.2 WIN will never contact a registered user to request an account password or other login details. Registered users are advised to be cautious about receiving e-mails or telephone calls claiming to be from WIN.
6.3 WIN will only send marketing e-mails or materials where the registered user has agreed to this. This consent will be separate to that given to store and otherwise process personal data.
7.0 Sharing of Personal Data
7.1 Personal data will only be shared with a third party with the consent of the registered user or where otherwise provided for by Article 6 of the GDPR EU 2016/679. Consent will be obtained from the registered user by a written statement, including by electronic means.
7.2 Registered users should be aware that by giving consent to share personal data with a third party, that such data may be stored or otherwise processed by that third party and may result in that personal data travelling outside the European Union.
8.0 Length of Storage and Otherwise Processing of Personal Data
Personal data will be stored and otherwise processed for a period of 5 years from the date of registration or date added. After this period the registered user will be given the opportunity to renew consent to store and otherwise process their personal date for a further 5 years. Should the registered user not wish to or fail to renew consent their personal data will be deleted immediately. Any remaining data is anonymised for analytical purposes.
9.0 Rectifying or Erasing Personal Data
9.1 Registered users can rectify inaccurate or incomplete data by writing to WIN through the contact details in Section 1.0 of this policy.
9.2 Registered users can delete their WIN account at any time. Registered users wishing to delete their account can do so by writing to WIN through the contact details in Section 1.0 of this Policy. Personal data will be deleted immediately with any remaining data anonymised for analytical purposes. Where a WIN account is deleted the registered user will no longer access to WIN services or benefits, other than those available to a public user.
10.0 Automated Decision Making
WIN does not use any form of automatic decision making or profiling in relation to the WIN service.
11.0 Security of Personal Data
11.1 WIN makes every effort, including appropriate technical and organisational measures, to safeguard personal data and are legally obliged to use such data in line with all applicable laws concerning the protection of personal data, including the GDPR EU 2016/679. No web-based activity can be completely secure; if a registered user has any concerns that their account could have been compromised they should contact WIN immediately.
11.2 Where a personal data breach occurs WIN shall, in accordance with Article 34 of the GDPR EU 2016/679, communicate the personal data breach to the registered user and, in accordance with Article 33 of the same regulation, communicate the personal data breach to the Office of the Data Protection Commissioner.
12.0 Making a Complaint or Objecting to Processing of Personal Data
If a registered user has a concern about an infringement or wishes to make a complaint or objection in relation to the processing of their personal data, they should contact WIN through the contact details in Section 1.0 of this Policy. If the registered user is not satisfied with the response from WIN on the matter, they may lodge a complaint with the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland. Full details on the modalities for the exercise of the rights of the user may be found in Article 12 of the GDPR EU 2016/679.
13.0 Changes to the WIN Data Protection Policy
The WIN Data Protection Policy may be updated from time to time. If material changes affect how personal data is processed, then such changes will be outlined to the registered user and renewed consent will be sought.
14.0 General Data Protection Regulation (GDPR) EU 2016/679
For the full text of the GDPR EU 2016/679, including all rights and restrictions contained within it, contact Directorate-General for Justice and Consumers, European Commission, 1049 Bruxelles/Brussel, Belgium or the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.