Introduction.
We respect and protect your privacy. In the following, you can read about how we handle your personal data.
This Cummins & Voortman Privacy Policy (‘CVLTD Privacy Policy’) describes the treatment of data provided to us by customers and prospective customers, which gives a customer the possibility to avail of our consultancy services. This Cummins & Voortman Privacy Policy complies with the EU General Data Protection Regulation 2016/679 (‘GDPR’).
Cummins & Voortman Ltd is responsible for collecting, storing and processing your personal data. Cummins & Voortman Ltd is registered in Ireland under registration number 413112 with its registered office at Ballyline via CALLAN, Co. Tipperary, Ireland.
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. With this in mind, this privacy notice is designed to inform you as to why we have some of your personal details, what we do with it, where it is stored and also of your rights.
1. Lawful basis for our data processing
When we process personal data in relation to a contract or a potential contract with you, the lawful basis for the processing is that it is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. If the lawful basis for processing is consent, you have the right to withdraw your consent as mentioned hereafter at any time, but this does not affect the legitimacy of the processing by Cummins & Voortman Ltd prior to your withdrawal of consent. If we share personal data with law enforcement agencies or other governmental bodies, we share your personal data, because we have a legal obligation to do so.
2. Our reason and purpose for collecting personal data
The following are the main categories of data collected by Cummins & Voortman Ltd and the main purposes for collecting the personal data:
2.1 As part of general Cummins & Voortman Ltd business operations
We collect personal data about individuals, customers, suppliers (including third party service providers) and other stakeholders. The data may include an individual’s name, contact details (email and phone numbers) and other information necessary for conducting business with you or your organisation.
2.2 To assist with queries
You may choose to provide us with personal data including your name, e-mail address or other contact details when you contact us by telephone, e-mail, post or by using our digital platforms. This personal data enables us to respond to requests for information on such matters as our consultancy services, to arrange a survey and quote for architectural consultancy services, or to ensure continuity of existing contract. In order for us to assist customers with their inquiry or arrange for services or a quote, the information may be disclosed to construction related companies, relevant contractors or subcontractors.
2.3 Customers and prospective customers
We may collect personal data of customers and prospective customers, including name, contact details, general notes, email, payment details, bank details and other information necessary for us to conduct business with the person or organisation.
2.4 Business development
The personal data you provide to us and personal data collected at our digital platforms will be used to enhance our consumer insight and drive relevant communication and offers across all touch points you may have with us.
2.5 Prospective employees and contractors
When a person applies for a job or enters into a contract with us, we may collect certain information such as name, contact details, information about working history, educational diplomas, relevant record checks and information about professional interests. This may be collected from the person directly, from a recruitment consultant and from the person’s previous employers and others, including references and publicly available sources. This information is used to inform or assist us in the decision as to whether to make the person an offer of employment or engage the person under a contract.
2.6 To comply with the law
We may collect personal data as required or permitted by the law.
Personal as well as non-personal data collected by us is considered confidential and will never be sold or leased to third parties, besides the exceptions mentioned in section 2 and 4.
3. How we collect your personal data
We collect personal data, you provide us, when you request services or information from us, or other activities on our digital platforms, respond to customer surveys, or otherwise interact with us.
3.1 Links to other websites
This website contains links to other websites (such as Facebook, flikr, YouTube) to which this Cummins & Voortman Privacy Policy Notification does not apply. Please note that we do not endorse other websites and their content. We encourage you to read the privacy notifications of each website you visit.
4. Sharing your data with other companies
We will not share your personal data except for a few situations, including when you allow us to share your personal data with third parties, such as directing us to share your personal data with selected parties in order to facilitate the running of the consultancy services.
If we cooperate with external service providers (data processors), we enter into data processor agreement regarding the service providers processing of your personal data.
We have not included a list of all recipients of personal data, only the ones placed outside the EU, please see below in section 4.1. The reason is that these will be determined during the course of the contract.
Recipients outside EU:
4.1 DropBox
We use DropBox, a cloud based data provider, for our cloud based data. All files stored online by Dropbox are encrypted and kept in secure storage servers. Dropbox places the utmost importance on data protection and has a track record of staying ahead of the compliance curve – for example, Dropbox were one of the first cloud service providers to achieve ISO 27018 — the internationally recognised standard for leading practices in cloud privacy and data protection. Dropbox security practices comply with the most widely accepted standards and regulations like ISO 27001, 27017, 27018 and SOC 1, 2, and 3. Independent third-party auditors test our controls and provide their reports and opinions. More information on the standards that
Dropbox complies with and how Dropbox verifies its security practices is available on their compliance web page, https://www.dropbox.com/business/trust/compliance. Under GDPR data can be hosted and processed in non-EU countries. All information we collect is subject to this Privacy Notification. DropBox is subject to EU-US Privacy Shield Frameworks.
5. Your controls and choices
We provide you with the ability to exercise certain controls and choices regarding our collection, use and sharing of your personal data. In accordance with local law, your controls and choices may include:
• You may request access to the personal data which we store on you, to correct inaccurate or incomplete data and in certain circumstances you can ask for the data we store on you to be transferred to another controller, restricted or erased from our records (the rights as a person). You may also object against our processing of your personal data.
• You may exercise your controls and choices, or request access to your personal data, by contacting Customers Services or following instructions provided in communications sent to you. Please be aware that if you do not allow us to collect personal data from you, we may not be able to deliver consultancy services to you. If you have any questions regarding the specific personal data about you that we process or retain, please contact info@cvltd.ie
We will respond to your request to exercise any of your rights within one month, but we have the right to extend this period with two months. If we extend the response period, we inform you within one month from your request.
6. Data security, integrity and retention
The security, integrity and confidentiality of your personal data are extremely important to us. We have implemented technical, administrative and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use and modification. From time to time, we review our security procedures to consider appropriate recent technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.
We will retain your personal data for the length of time needed to fulfil the purposes outlined in this Cummins & Voortman Privacy Policy unless a longer retention period is required or permitted by law. We will routinely refresh the information to ensure we keep it up-to-date.
7. Data transfers, storage and global processing
Wherever your personal data is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal data. Additionally, when using or disclosing personal data transferred from the European Union, we abide by the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, we use standard contract clauses approved by the European Commission, we adopt other means under European Union law for ensuring adequate safeguards, or obtain your consent.
Your personal data are stored on servers located in the European Union and outside of the European Union (see 4.1).
8. Changes to this Cummins & Voortman Privacy Policy
From time to time, we may change this Cummins & Voortman Privacy Policy to accommodate latest technologies, industry practices, regulatory requirements or for other purposes. At all times, we will post the most recent version on our digital platforms. We therefore advise you to read the Privacy Policy regularly. Where required by applicable law, we will obtain your consent.
9. Comments and questions
If you have a comment or question about this Cummins & Voortman Privacy Policy, please contact info@cvltd.ie.
You may file a complaint about the way we process your personal data. You can contact us by using the contact details stated at the end of this Privacy Policy. If a complaint is made, the name and contact details of the complainant must be provided to Cummins & Voortman Ltd. We will investigate the complaint and respond within one month. If you consider that we have failed to resolve the complaint satisfactorily, you may file a complaint to the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32AP23 Ireland, info@dataprotection.ie.
