Cooney Carey’s Privacy Statement refers to our commitment to our compliance to data protection legislation including the Irish Data Protection Acts and the EU General Data Protection Regulation.
We collect and process personal data of you in the course providing our services to you. This personal data includes any offline physical data or online data that makes a person identifiable.
We process data for the following groups of individuals (current and former)
- Job candidates
- Sales Leads
- Outsourced service providers whose personal data is processed by us and
- other parties whose personal data is processed by us.
Depending on whether you are a client of Cooney Carey Consulting Limited or Cooney Carey Accounting Limited, one or both of those companies is the “Data Controller” in respect of any personal data we are the Data Controller of. This Privacy Statement applies to both companies, and collectively refers them as Cooney Carey here
Our postal address is 3rd Floor, The Courtyard, Carmanhall Rd, Sandyford, Dublin 18, D18 YD27
Purpose and legal basis for processing your data
You agree that any data you provide to us will be true, complete and accurate in all respects and you agree to notify us immediately of any changes to it. We will only collect personal information from or about you which is necessary for the following purposes:
- Provide this website to you and response to your queries
- To comply with all relevant law
- To manage the safety and security of you while on our premises
- To facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders
- To investigate, exercise or defend legal claims or other claims of a similar nature;
Sales Leads and Clients
- Provide quality services per our engagement letter
- Data collected as required to prepare or audit the financial position and/or prepare the tax computation and/or as needed for evidence as part of the services provided to our client.
- Opinions and assessments are collected in order to validate our outcomes of each engagement
- Set up and administer your account as a client with us
- To maintain our relationship with you whilst you are a client and investigate any complaints or disputes or accidents
- Contact you for direct marketing purposes, subject to restrictions under the relevant laws, including the right to opt out of such marketing
- Provide you with information relating to our services
- To provide essential communicate with you, including to respond to information requests submitted
- To obtain your feedback on our services
- To obtain credit references, credit checks and for debt collection, fraud detection and prevention and risk management purposes
- Prior to commencing an engagement, we request information about you for compliance and to verify your identity and address.
- To facilitate the operation of the free WIFI service in our office.
Candidates for Jobs
- To select suitable candidates for employment with us
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data. Once consent is obtained, it can be withdrawn at any stage.
We collect your data based on the following legal basis
- Consent – where you have explicitly agreed to us processing your information for a specific reason such as marketing or explicit consent for us to process any special category of data about you
- Contract- where you have entered into an engagement with us and the processing is necessary to perform this engagement
- Compliance – the processing is necessary for compliance with a legal obligation we have such as keeping records for revenue or tax purposes or providing information to a public body or law enforcement agency, we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations; we may be required to process certain data to carry out our obligations under employment, social security or social protection law; the processing is necessary for the establishment, exercise or defence of legal claims
- Legitimate interest –the processing is necessary for the purposes of a legitimate interest pursued by us to safeguard the safety and security of our employees, property, and clients, buildings, information located or stored on the premises, and assets, and those of service providers, consultants, and advisors that assist us in carrying out its functions. To provide our services to you or your clients and other third parties. To ensure that our client services are well-managed or to ensure that complaints are managed effectively, to prevent fraud, to enhance our service offerings and to keep you and your clients informed about the service we are currently providing to you and you clients. To inform recruitment decisions taken about appointments and new hires. To operate our business generally and manage and administer our services to clients, suppliers and potential candidates. From time to time we may conduct customer satisfaction surveys to enhance our service delivery.
Where the lawful basis is a statutory or contractual requirement, the individual is obliged to provide the personal data otherwise we are unable to provide the services outlined in the engagement.
Personal data we hold
Prior to commencing an engagement with Cooney Carey, a client will be provided with an engagement letter which will state the actual personal data processed by use.
As part of our services, we need to obtain and process personal data as required where necessary to provide our services
- Demographic Data names, date of birth, age
- Contact Details business and/or home addresses, phone number, personal or work number, Eircode, age, email address
- Financial Data bank/credit card details
- Know you client, Proof of address/ Anti-money laundering addresses, bank statements, birth certification, identity card, utility bill, Passport number and copy, driver’s licence, electoral register, country of residence, immigration status, marital status
- Other CCTV, Customer Surveys, photographs,
- Digital Identifiers usernames and passwords, IP
- Special Data Data relating to political, religious or, philosophical beliefs, trade union membership, or health
- Government Identifiers Personal public service number, income tax number, VAT number, PPS number, TAIN
- Pension details Employment history, salary details, Dependant details, nominated beneficiaries and emergency contacts
- Taxation services Income tax returns, capital gains tax, capital acquisitions tax, paye/prsi
- Criminal Offences/Convictions Criminal offences, convictions and alleged offences
We also collect any other personal information that you choose to provide to us when you complete our online contact forms or otherwise make contact with us. Any information provided by or about you through our website including comment boxes, forms, links, website usage or any other means.
If any person contacts us via phone, email, post, surveys, through our website or otherwise, we may keep a record of that correspondence.
How we protect your data
We collect this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to Cooney Carey , the following rules apply. Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by Cooney Carey on the basis of either a valid contract, consent, legal compliance or legitimate interest
- Protected against any unauthorised access or illegal processing by internal or external parties.
Our data will not be:
- Communicated to any unauthorised internal or external parties
- Stored for longer than required for the purpose obtained
- Transferred to organisations, states or countries outside the European Economic area without adequate safeguards being put in place as required under Data Protection law.
Our commitment to protect your data:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in data protection and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.)
Keeping your data up to date
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Who we share your data with
Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information where necessary to the following:
- Other employees, Revenue, Social Welfare. Data Protection Commission, outsourced Employment Law advisors, HR Consultants, Recruitment agencies, auditors, pension brokers & trustees, financial institutions, debt collectors, consultants, IT providers, couriers, shredding company, security company, printing company, accountant, insurers, partners, associates, agents or subcontractors and to possible successors to our business
- Transmission of personal data within a group of undertakings for internal administrative purposes including the processing of clients’ or employees’ personal data
Processing your information outside the EEA
Some of the third parties we share your data with may reside outside the European Economic Area (which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in Ireland and include the following data protection transfer mechanisms:
- Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data protection law. Copies of our current Model Clauses are available on request.
- Transfers to countries outside the EEA which have an adequate level of protection as approved by the European Commission (such as the United Kingdom).
- Transfers are permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR. For example, where it is necessary to transfer information to a non-EEA country to perform our contract with you.
How long will we hold your personal data
We will only retain personal data for as long as necessary for the purposes for which it was collected as required by law or regulatory guidance to which we are subject or to defend any legal actions.
Where Cooney Carey is the processor
Where you, as a Data Controller, engage the services of Cooney Carey, we will act as Data Processors on your behalf. In doing so, we will: –
- Only process personal data under the Contract in accordance with your reasonable written instructions and in accordance with applicable Data Protection Legislation
- Adopt appropriate technical and organisational measures against accidental disclosure, loss or destruction of personal data
- Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal data processed on your behalf
- Refer to you any requests, notices or other communication from data subjects, the Office of the Data Protection Commission or any other law enforcement agency relating to personal data processed on your behalf
- Ensure that all Cooney Carey personnel processing personal data are under an obligation of confidentiality
- Make available reasonable information necessary to demonstrate compliance with our Data Protection Obligations
- Make available such information and assistance as is reasonably necessary for you to comply with your obligations to respond to requests for exercising the data subject’s rights, to report personal data breaches and to conduct Data Protection Impact Assessments and Prior Consultation with Data Protection Authorities
- Comply with our obligations to you in respect of sub-processing and Third Country Transfers.
Delete or return all personal data processed on your behalf where there is no legal basis for use to retain this data, upon the termination of any services provided by us to you
We have provided a summary of your rights:
- The right of access to your personal data
- The right to rectification for your personal data
- The right to erasure your personal data in certain circumstances
- The right to restrict processing of your personal data in certain circumstances,
- The right to object your personal data on the basis of our legitimate interests
- The right to data portability where technically feasible.
- The right to lodge a complaint
- The right to withdraw consent
- The right to automated individual decision making