Data Protection Statement

Personal Data” means data which identifies a person or could identify a person, such as their name, contact details and financial data. It applies to Personal Data that we process in connection with your relationship with us as a client, supplier, partner, consultant, investor, visitor to our website or prospective employee.

Every individual has a right to understand how their Personal Data is being used and to exercise control over it using rights which are set out in law under the General Data Protection Regulation (“GDPR”). 

Our Data Protection Statement seeks to ensure that you know:

Our Data Protection Statement seeks to ensure that you know:

This Data Protection Statement provides information about what Personal Data we collect, what we use it for, why we collect your Personal Data and what our legal basis is, who we share it with and how long we retain it.  We also provide detailed information about your rights in relation to your Personal Data.              

If you have further questions, please get in touch with us at: dataprotection@fortus.ie

You have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR.

The contact details for the Data Protection Commission (DPC) in Ireland are:

Online Form:    https://forms.dataprotection.ie/contact

Address:           21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel:                   +353 578 684 800 or +353 761 104 800

You will be notified of any material changes to our Data Protection Statement.

 

FORTUS

DATA PROTECTION STATEMENT

Effective Date: November 2020

CONTACT DETAILS

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:

Data Protection

Unit 15 Park West Road

Park West Industrial Park

Dublin 12

Email: dataprotection@fortus.ie

Telephone: (01) 9123456

CONTACT DETAILS

1.    ABOUT FORTUS

This Data Protection Statement applies to the following services offered by Fortus Ireland Limited.

Fortus is the largest privately owned B2B security distribution company across Ireland and the UK within the key industry verticals of CCTV, Intruder, Access & Fire products. We are registered in the Republic of Ireland as Fortus Ireland Limited (594855).

In order to provide our services and manage our business, we need to process Personal Data. We are committed to protecting the rights and personal data of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”). 

2.    THE PURPOSE OF OUR DATA PROTECTION STATEMENT

This Data Protection Statement describes our approach to data protection and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that personal data for the purposes of the GDPR.  Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

The protection of your personal data is important to us and we are committed to protecting and safeguarding your rights.

Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.    WHO THIS DATA PROTECTION STATEMENT APPLIES TO

This Data Protection Statement provides specific information relating to the data subjects whose Personal Data we process:

  • business contact details including those of our customers, suppliers, partners, shareholders, and business prospects “Business Contacts”;
  • users/visitors to our Website “Website Users”; and
  • prospective employees /those applying for jobs at Fortus “Candidates”; and
  • members of the public who pass by and/or visit Fortus offices and whose images are captured on CCTV “Visitors”;

4.    CATEGORIES OF PERSONAL DATA

We process the following categories of Personal Data.  For each category we have included an example of the type of Personal Data that maybe part of that category:

Personal Data Category

Description

Identification Data

may include a person’s name, date of birth, driver’s license and passport information.

Contact Data

may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)

Communication Data

 

may include phone calls, email and hard copy correspondence.

Marketing Data

may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Employment Data

may include information about your employment status, your job role and your employment history.

Financial Data

may include payment related information or bank account details and financial data received as part of the services that we provide.

Web Data

may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

Special Category Recruitment Data

If we interact with you for the purposes of a job with the Company, we may collect Recruitment Data that is of a special category per the GDPR definition: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or data relating to health. We will only source this data with the explicit consent of Candidates.

Social media data

We receive Personal Data about Website Users when they follow social media links on our website.

CCTV Data

We operate CCTV cameras at some of our premises. If you pass by and/or visit some of Fortus premises, your image may be recorded on CCTV

 

5.    OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

All processing of Personal Data must be lawful. Processing will only be lawful if we have a legal basis for processing. When the Company processes Personal Data it is generally on one of the following legal basis:

Contract

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.

For instance, we process information about our supplier’s employees as part of the business contracts with our suppliers.

Legitimate Interest

At times we will need to process your Personal Data to pursue our legitimate business interests, for example  to provide information to you, for administrative purposes, to collect debts owing to us, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights. 

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

Where we carry out marketing activities based on legitimate interests you will always have an option to opt-out of receiving marketing communications.

If do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprotection@fortus.ie and we will review our processing activities.

Consent

For certain processing activities we may rely on your consent. For example, we will get your consent to receive marketing communications from us.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at dataprotection@fortus.ie

Legal Obligation

If we have a legal obligation to process personal data, such as the payment of taxes, we will process personal data on this legal ground.

Special Category Recruitment Data

When we process special category recruitment data such as your health data, we require your explicit consent to do so. We will explain the purpose for processing at the time we collect the data and provide you with suitable information to fully inform your consent.

6.    OUR PROCESSING ACTIVITIES

We use Personal Data to provide you with our services and to assist us in the operation of the company. Under data protection law, we must ensure that the purpose of processing is clear.

We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing:

Purpose of Processing

Categories of Personal Data

Lawful Basis

To carry out our business relationship with our suppliers and customers

  • To offer project consultancy services
  • To process client product orders and returns
  • To complete product delivery to client locations
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest

Managing payments and administration of contracts including:

  • To carry out due diligence on suppliers prior to entering into a contract
  • to process payments to and from our business
  • to fulfil our legal/contractual obligations
  • to manage/respond to complaints/issues

·     Contact Data

·     Communication Data

·    Financial Data

·       Contract

·       Legitimate Interest

·       Legal Requirement

Recruiting staff including:

·       to interview the Candidate

·       to manage our database of Candidates

·       to contact you in connection with any job position we may have open

·       to check your suitability for the role

·       to fulfil the recruitment needs of the business.

  • Identification Data
  • Contact Data
  • Communications Data
  • Recruitment Data
  • Web Data
  • Special Category Recruitment Data

·       Legitimate Interests

·       Consent

·       Contract

Marketing and Sales activities:

·       to send newsletters and other information that may be of interest

·       to inform you of new products, special offers, product training webinars that might be of interest

·       to respond to any requests from you

·       Contact Data

·       CommunicationData

·       Marketing Data

·       Web Data

·       Legitimate Interests

·       Consent

Ensuring security of the Fortus premises

CCTV Data

·       Legitimate Interests

Website delivery including:

·     to manage and respond to web forms

·     to promote our products and services

·     to administer the Website

·     for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes

to ensure the safety and security of our website and our services.

 

·       Web Data

·       Contact Data

·       Legitimate Interests

·       Consent

Social Media Account Management including:

·     To market our services to you through social media interactions

To respond to enquiries about our services

·       Contact Data

·       Correspondence data

·       Social media data

·     Consent

·     Legitimate Interest

·        

Management of Corporate Affairs

·     to take minutes at board meetings

·     to contact shareholders/investors

·     to enter into partnerships and other commercial relations

·     to undertake appropriate due diligence

·     Identification Data

·     Contact Data

·     Communication Data

·       Financial Data

·     Contract

·     Legitimate Interest

·       Legal Obligation

 

7.    SOURCES OF PERSONAL DATA

BUSINESS CONTACT PERSONAL DATA

We collect Business Contact Personal Data from our business contacts including – suppliers, customers, consultants, shareholders and business prospects.

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the business relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected indirectly from a website or from a third party.

 CANDIDATE PERSONAL DATA

We will only ever source Personal Data in a way that would be generally expected.

We receive Personal Data relating to Candidates from a variety of sources. The primary source is from Candidates directly. Examples of the sources of Personal Data of Candidates are as follows:

  • the Candidate may send their CV to us with the intention of registering with us to be informed of potential job vacancies;
  • the Candidate may apply directly to a position advertised on our website;
  • the Candidates details may be provided by a member of staff or third party by way of referral; and

the Candidates details may be provided by a recruitment agency

 WEBSITE USERS PERSONAL DATA

We may collect Website User information from all visitors to our web site in order to improve our services and develop the Websites.

This includes:

  • Logfiles of service interactions in order to manage our service delivery and progress users through the service offerings
  • Logfiles of website activity collected for security purposes.
  • Cookies that track website visitors. For more details please refer to our Cookie Statement.

SOCIAL MEDIA USERS PERSONAL DATA

We collect information from you when follow our social media accounts, like, comment or reshare a social media post or when you communicate with us via messaging apps on social media platforms.

CCTV PERSONAL DATA

We may collect CCTV video footage of visitors to our premises.

8.    DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data to third parties as follows:

  • to business partners and subcontractors for the performance of any contract relating to our services, including email, payment processors, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • to analytics and search engine providers that assist us in the improvement and optimisation of the Website.This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
  • if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
  • to protect our rights, property, or safety, or that of our customers or Business Contacts or others. This may include exchanging information with other companies and organisations for the purpose of fraud

When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with their performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services. 

9.    SECURITY MEASURES

We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law.

In particular, we have put in place appropriate physical, technical, and organisational procedures to safeguard and secure the Personal Data we process.

10.TRANSFERS OUTSIDE THE EEA

We will only transfer Personal Data outside the EEA if necessary and with appropriate safeguards in place.

Fortus may transfer limited Personal Data to be processed outside the EEA by our processors. In such cases we use processors who provide sufficient guarantees to ensure the security and protection of your Personal Data.

11.COOKIES

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them. 

Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Statement.

12.THIRD PARTY WEBSITES

Our Websites may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us.  We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

13.RETENTION

We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy is as follows:

Purpose of processing

Categories of Personal Data

Retention Period

Relationship Management

·       Contact Data

·       CommunicationsData

·       Identification Data

Financial Data

Duration of contract plus 7 years

Recruitment

·       Identification Data

·       Contact Data

·       Communications Data

·       Recruitment Data

·       Web Data

Special Category Recruitment Data

Duration of recruitment campaign plus 18 months for unsuccessful candidates.

Employee data retention periods apply for successful candidates.

Marketing & Sales

 

·       Contact Data

·       CommunicationData

·       Marketing Data

·       Web Data

Delete on unsubscribe for marketing communications / 5 Years if inactive subscribers

2 Years after last sales activity for sales data.

Website Delivery

·       Web Data

·       Contact Data

12 months

Security

·       CCTV Data

30/90 days

Management of Corporate Affairs

·     Identification Data

·     Contact Data

·     Communication Data

·     Financial Data

Retention periods may vary per our internal retention policy.

In certain cases, we may retain Personal Data for longer than specified here if required under relevant laws.

14.YOUR RIGHTS UNDER THE GDPR

You have rights under data protection law in relation to how Fortus uses your Personal Data. You may generally access your rights free of charge.

You can ask for access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to all Personal Data we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

You can ask to change Personal Data you think is inaccurate

You should let us know if you disagree with something included in your Personal Data.

We may not always be able to change or remove that information, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.  

You can ask to delete Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where: 

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we cannot delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression 
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims. 

You can ask us to limit what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate information, and have told us of it
  • where we have no legal reason to use that Personal Data, but you want us to restrict what we use it for rather than erase it altogether

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

 You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

15.AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes on our Website and when doing so will change the effective date at the top of this Data Protection Statement.  Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

16.OUR CONTACT INFORMATION

Please contact us if you have any questions about this Data Protection Statement or Personal Data we hold about you:

  • by email at: dataprotection@fortus.ie
  • or write to us at:

Data Protection

Unit 15 Park West Road

Park West Industrial Park

Dublin 12

Email: dataprotection@fortus.ie

Telephone: (01) 9123456

17.SUPERVISORY AUTHORITY

The Data Protection Commission in Ireland may be contacted using the contact details below if you have any concerns or questions about the processing of your Personal Data.

IRELAND – CONTACT DETAILS

Online Form:    https://forms.dataprotection.ie/contact

Address:           21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel:                   +353 578 684 800 or +353 761 104 80