Data Protection Policy
ScreenForge Ltd trading as Yeco | Safeguarding Personal Information
If you have a question regarding our data protection policy or you wish to make an access request please use the contact form on the About page.
If you wish to access general information about data protection in Ireland, please follow this link to the office of the Data Protection Commissioner.
ScreenForge Ltd, trading as Yeco, is registered as a Data Controller with the Data Protection Commissioner and our details may be found by searching the public registry on the website of the Data Protection Commissioner.
The Purpose of this Document
This policy describes how ScreenForge Ltd (trading as Yeco) meets its obligations to individuals and the law regarding the safeguarding of personal data. The policy addresses the core principles set out by the Office for Data Protection for compliance and good practice within the current Data Protection Legislation (the Data Protection Acts of 1988 and 2003).
This document is for all ScreenForge Ltd staff and data subjects.
The date from which the Data Protection Policy will apply is 1st January, 2016, which is the date of adoption by the Directors of ScreenForge Ltd.
Reviewing and evaluation of the Policy
The Policy will be reviewed and evaluated annually. Ongoing review and
evaluation will take cognisance of changing information or guidelines, legislation and feedback staff and clients.
The office of the Data Protection Commissioner outlines eight principles of data processing which are binding on all organisations who handle personal data. This policy describes how ScreenForge Ltd adheres to those principles.
The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons controlling and processing personal data. ScreenForge Ltd has key responsibilities in relation to the information that it keeps on computer or in structured manual files about individuals. The company undertakes to execute its responsibilities in accordance with the eight Data Protection Principles as outlined below:
#1 – Obtain and Process Information fairly
ScreenForge Ltd will ensure that data subjects are aware, at the time the personal data is being collected, of:
The name of the data controller;
The purpose in collecting the data;
The persons or categories of persons to whom the data may be disclosed;
Whether replies to questions asked are obligatory and the consequences of not providing replies to those questions;
The existence of the right of access to their Personal Data;
The right to rectify their data if it is inaccurate or has been processed unfairly;
Any other information that is necessary in order to ensure that the data processing is fair, and to ensure the data subject has all of the necessary information with regards to how their data will be processed.
The above will be achieved by adopting appropriate data protection notices at the point of data capture, through means of signature of indication on purchasing ScreenForge Ltd products. It is important to note that ScreenForge Ltd will not be obtaining any Sensitive Personal Data form data subjects.
#2 – Keep it only for one or more specified, explicit and lawful purposes
ScreenForge Ltd will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes. Management and staff will be made aware of the purpose for which data is kept and ensure that it is not used for any purpose which may be incompatible with the original purpose.
#3 – Use and disclose it only in ways compatible with these purposes
ScreenForge Ltd will only use and disclose personal data in ways that are necessary for the purpose/s or compatible with the purpose/s for which it collects and keeps the data. ScreenForge Ltd will ensure that all staff, involved in the processing of personal data, is aware of the purpose of collecting such data and use/process the data only for that specific purpose or compatible purpose/s.
ScreenForge Ltd takes all reasonable steps, as required by law, to ensure the safety, privacy and integrity of the information and, where appropriate, enters into contracts with such third parties to protect the privacy and integrity of any information
#4 – Keep it safe and secure
ScreenForge Ltd stores all personal information in controlled access databases on the “cloud”, which complies with Section 2C (3) of the Data Protection Acts. The “cloud” provider will only processes the data subjects information in accordance with Screenforge Ltd’s instructions, and the company ensures to take all measures to keep the data secure. ScreenForge Ltd are responsible for taking reasonable steps to ensure compliance with the “cloud” provider.
#5 – Keep it accurate and up-to-date
ScreenForge Ltd has procedures in place to ensure that personal data is accurate and kept up to date. For example, when a person unsubscribes from any email list their details will be deleted from the list completely.
#6 – It must be adequate, relevant and not excessive
Personal data held by ScreenForge Ltd will be adequate, relevant and not excessive in relation to the purpose(s) for which it is kept. Periodic checking of files will be made to ensure that the aforementioned is upheld.
#7 – Retain it no longer than is necessary for the specified purpose or purposes
ScreenForge Ltd will have a defined policy on retention periods for personal data and appropriate procedures in place to implement such a policy. In setting retention periods for different sets of data, regard will be taken of the relevant legislative and taxation requirements, the possibility of litigation, the requirement to keep an archive for historical purposes and the retention periods laid down by funding agencies.
#8 – Give a copy of his/her personal data to any individual, on request
Data subjects have the right to periodically review, update and/or correct the information held about them. On making an access request, any individual about whom ScreenForge Ltd keeps personal data is entitled to:
A copy of the data which is kept about him/her
Know the purpose(s) for processing his/her data
Know the identity of those to whom the data is disclosed
Know the source of the data, unless it is contrary to public interest
Know the logic involved in automated decisions
A copy of any data held in the form of opinions, except where such opinions were given in confidence.
To make an access request, an individual must
Apply in writing to the Company Directors
Give any details which might be needed to help identify him/her
Handling access requests
Requests for copies of an individuals personal data will be handled in the following manner:
A member of the Administration Centre staff will be nominated as the coordinator, who will be responsible for handling all access requests.
The coordinator will check the validity of the access request, check that sufficient information has been provided to definitively identify the individual and that sufficient information to locate the data has been supplied.
The coordinator will log the date of receipt of the valid request and keep a note of all steps taken to locate and collate the data.
The coordinator will ensure that the information is supplied promptly and within 40 days of receiving the request or, in respect of the examination of data, within 60 days of receiving the request or 60 days of first publication of the results (whichever is the later).
If data relating to a third party is involved, it will not be disclosed without the consent of the third party.
The coordinator will ensure that the information is provided in a form that is clear to the ordinary person.
The individual will be informed within 40 days of the request if no information is held on them.