1.1 The purpose of this Data Protection Policy is to provide for the protection of the rights and privacy of individuals about whom Unijobs processes personal data in accordance with the Data Protection Acts (Data Protection Act 1988 and Data Protection (Amendment) Act 2003).
1.2 Unijobs Ltd (the company) is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Acts and acknowledges the rights that these Acts confer on individuals as well as the responsibilities the Acts place on the company’s permanent employees who process personal data in the course of their duties.
2.1 The Data Protection Acts provide for the collection, processing, retention and eventual destruction of personal data in a responsible and secure way thereby avoiding its misuse.
2.2 Personal Data and Sensitive Personal Data
2.2.1 ‘Personal data’ is data that relates to a living individual who is identifiable either from the data itself or from the data in conjunction with other information held by the Company.
2.2.2 ‘Personal data’ has a very broad-ranging definition and includes, but is not limited to, a person’s name, physiological, economic, cultural, social identity, pseudonyms, occupation, address etc.
2.2.3 The Acts differentiate between ‘personal data’ and ‘sensitive personal data’. ‘Sensitive personal data’ relates to a person’s racial or ethnic origin; political opinions; religious or philosophical beliefs; physical and mental health; sexual life; criminal convictions, the alleged commission of an offence and trade union membership.
2.2.4 For the purposes of this Policy, references to ‘personal data’ are deemed to refer to both ‘personal data’ and ‘sensitive personal data’.
2.2.5 Personal data may be held in either electronic form (e.g. on a computer system, CCTV system) or in hard-copy.
2.3.1 At the time of providing any personal data to the company, individuals must be made aware of the use(s) for which the data is being collected and give their consent to such use(s).
2.4 Personal Data related to Deceased Persons
2.4.1 Best practice requires that where personal data relating to deceased persons is held, this data is retained and processed in the same manner as personal data relating to living individuals.
2.5 Anonymised Personal Data
2.5.1 Personal data collected anonymously or irrevocably anonymised to the extent that the individual cannot be identified from the data is not subject to the requirements of the Data Protection Acts or this Policy.
3.1 In order to fulfil its functions, the company (as ‘data controller’) must collect and process certain personal data about its employees, customers and other individuals who come in contact with the company. Such functions include the recruitment, employment and payment of staff for the provision of recruitment services to our clients, recruitment, appointment and payment of permanent Unijobs employees; compliance with statutory obligations and such other administrative activities required from time to time in fulfilment of the objects of the company.
3.2 All personal data collected and processed by the company must be treated with the highest standards of security and confidentiality in order to comply with the Data Protection Acts.
3.3 Any provision for the company, as a ‘data controller’, to use a third party (known as a ‘data processor’) must be the subject of a written agreement. All proposed agreements between the company and a third party should be developed in consultation with the company’s legal advisors.
4.1 The Data Protection legislation imposes a number of restrictions on how the company may process personal data.
4.2 The company must handle personal data in accordance with the eight stated data protection principles outlined in the Acts as follows:
- Obtain and process the personal data fairly;
- Keep only for one or more specified and lawful purpose(s);
- Use and disclose only in ways compatible with the purpose(s) for which it was initially provided;
- Keep safe and secure;
- Keep accurate, complete and up-to-date;
- Ensure that it is adequate, relevant and not excessive;
- Retain for no longer than is necessary for the specified purpose(s);
- Provide a copy of his/her personal data to an individual, on request.
5.1 This Policy applies to all permanent Unijobs employees working to fulfil the objects of the company and applies to all personal data processed by the company.
5.2 While the company as a whole has the overall responsibility for ensuring compliance with the Data Protection Acts, responsibility for the implementation of this Policy rests with the company’s Chief Executive to ensure good data handling practices are in place in order to uphold the privacy of personal data within their respective areas of responsibility.
5.3 Notwithstanding the foregoing, all permanent employees of the company who collect or use personal data as part of their duties have a responsibility to ensure that they process personal data in accordance with the conditions set down in this Policy, the company’s Data Protection Compliance Regulations, the Data Protection Acts and any other relevant company policies/regulations/procedures.
5.4 Unijobs Data Protection Regulations
5.4.1 In order to assist permanent employees in implementing this Policy, Data Protection Compliance Regulations are available which set out key areas of work at the company where data protection issues may arise and outline best practice in dealing with them.
6.1 A personal data breach may be defined as an incident where unauthorised disclosure, loss, destruction or alteration of personal data occurs through, for example, loss or theft of a portable device, accidental disclosure via email/other electronic system, loss of hard copy records etc.
6.2 In the event of a personal data breach, the Chief Executive of the company must be notified immediately (contact: (061) 234300, Email firstname.lastname@example.org. The Chief Executive will ensure, where appropriate and required, that the data subjects and the Data Protection Commissioner’s Office are notified within a maximum of two days of a breach occurring as required by the Data Protection Commissioner’s ‘Personal Data Security Breach Code of Practice’ (available at www.dataprotection.ie).
6.3 Breaches of the terms and conditions of this Policy and the company’s Data Protection Compliance Regulations could result in major reputational and financial damage to the company and may result in the company’s disciplinary process being invoked.
7.1 Under the Data Protection Acts, data subjects are entitled to make a request for their personal data held by the Company for a fee not in excess of €6.35. Any such requests should be made in writing to: The Chief Executive, Unijobs Ltd, Block 2, International Business Centre, University of Limerick, Limerick.
8.1 This Policy will be reviewed regularly in light of any legislative changes.