Data Protection Statement
Scope
We respect the right to privacy of individual’s and to the protection of personal information. The purpose of this page is to provide information related to the processing of personal data by Turas Nua as a Data Processor and Intreo Partner of the Department of Social Protection (DSP). This Statement applies to the National Employment Service (NES) and Local Area Employment Service (LAES) programmes.
Data Controller
The Department of Social Protection (DSP) on whose behalf we process Client data is the Data Controller and is responsible to the Data Protection Commissioner for the security of your data. A ‘data controller’ means “the natural or legal person, public authority, agency, or other body which, alone or in conjunction with others determines the purposes and means of the processing of personal data”.
Data Processor
Turas Nua is the Data Processor we act as an agent of the Department with regard to the processing of personal data collected under the National Employment Services and Local Area Employment Services programmes. A data processor means “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
Turas Nua complies with the principles of the General Data Protection Regulations and Irish Data Protection Acts 1988 - 2018. We also comply with the instructions of the Data Controller (DSP) in relation to the processing of Client personal data.
Data Shared With Turas Nua
The Department (DSP) provide Turas Nua with personal data at the time of referral to the program. The data categories that may be shared include the following:-
- Name
- Address
- Gender
- Date of birth
- Contact details.
- Your Personal Public Service Number (PPSN)
- Visual images which are used for identification purposes.
- The Intreo Centre where you are registered.
- Your curriculum vitae (if available)
Turas Nua collects additional data while you are on program with us, this may include the following:-
- Data relating to your employment history.
- Education, training, qualifications
- Data relating to any change of your circumstances, such as change of address.
- Special category data such as health data
- Data that identifies any barriers to employment you may have such as skills gaps, training needs, this is done through a questionnaire called Catalyst.
- Data relating to any courses you attend or may wish to attend.
We will also collect data that is provided by you on our website contact form i.e., name, email phone number. This data is stored securely and retained for a 12 month period.
Data Processing
We will process the information you give us and information that is provided to us about you by DSP fairly and lawfully, and we shall ensure that this data is adequate, relevant and limited to what is necessary for the purposes for which the data is processed in accordance with the GDPR and Irish Data Protection Acts 1988 – 2018 for the purposes of :-
· Providing you with advice and professional services as an employment agency and trainer. This may include data that helps us to identify any barriers to employment you may be facing, which may include some special category data, *(see special category data), building your c.v., job applications, participation in training courses either internal or external.
o The Intreo Centre where you are registered.
o Data relating to your employment history.
o Data relating to changes to your unemployment claim such as a change of circumstance, or a change of claim status.
*Special category data is defined as “data relating to racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, biometric or genetic data, data concerning health, sex life or sexual orientation”. Such processing is prohibited unless it meets the requirement of GDPR Article 9, 2 (b) “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorized by a Union or Member State law or a collective agreement pursuant to Member State law providing for the fundamental rights and the interests of the data subject”.
Lawful/Legal Basis for Processing
The main legislation under which personal data is legally processed is the Social Welfare Consolidation Act 2005, as amended. This legal basis applies to the processing of data by Turas Nua as an agent of the DSP. Processing under this legal basis does not require the consent of the data subject.
Health Data
Clients referred to an employment activation program are asked to provide specific consent in relation to the processing of health data:-
1. Consent to process health data as per GDPR Art. 9.2(a)
General health questions (special category) may be asked as part of the completion of a questionnaire which helps us to identify any barriers to employment you may have. You will be asked by your Caseworker if you wish to complete these questions, it is not mandatory for you to provide this data, by answering these questions you are consenting to the use of this data.
Where consent is the lawful basis relied upon for processing, you have the right to revoke this consent as freely as it was given without detriment or sanction. You may revoke consent in writing or email to the Data Protection Officer at the address listed below.
Approvals
To assist you on your journey to employment, we ask for your approval to send your cv to prospective employers. We will not send your c.v. to any employer without your knowledge and agreement.
In addition, if you get a job, we ask for your approval to contact you or your employer to verify your continued employment*. You can let us know at any time if you change your mind by speaking to your caseworker or you can write to us @hello@turasnua.ie
*This provides the lawful basis for employers as data controllers to confirm your continued employment.
Data Security
Turas Nua have implemented appropriate technical and organisational measures to ensure a very high level of security and encryption for the personal data that we hold. We use industry standard technologies and security measures to safeguard your information, and we keep strict security monitoring standards to ensure the confidentiality and integrity of the data and to protect the data against accidental loss, destruction, or damage. This data protection policy is supported by our Information Security policies, and ongoing employee training and awareness programs.
Sharing of Data
We will only disclose your information with the Department of Employment Affairs & Social Protection, and where necessary only relevant information may be shared with organisation’s who provide services to allow us to fulfil our obligations, and with whom written legal agreements containing the legal data protection clauses are in place. Generally, these types of organisations are:-
- Training partners
- Accreditors
- Employers and prospective employers where you have consented.
- Market research organisations who conduct Client satisfaction surveys on our behalf, will if necessary, be provided with limited personal data only if you consent to such processing.
- Where we are required by law or law enforcement agencies, judicial bodies, government authorities or regulatory bodies.
Transfer of Data
Turas Nua shall not permit any party to process (including holding, rendering, transferring or storing) any personal data outside of the European Economic Area (EEA is the EU 27 plus Iceland, Norway and Liechtenstein), nor shall we permit any party, to process (including holding, rendering, transferring or storing) any unencrypted Personal data outside Ireland. The EU Data Protection Commission has agreed an ‘Adequacy Decision’ regarding the processing of data in the U.K.
Data Retention
Turas Nua shall act only on the instructions of the Data Controller (DSP) in relation to the retention of the data that we hold. We will only hold the data as long as is necessary in accordance with GDPR Article 5 1(e) i.e., “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are being processed”. We shall comply with data retention periods as determined by the data controller i.e., for a minimum of 6 months after the end of program. The maximum data retention period of the DSP is 7 years. It may be necessary for the DSP to retain certain employment related data for the purposes of administration and determination of pension data (please refer to the DSP for further information). We shall act on the instruction of the Data Controller to either delete, destroy, or return the data to the Data Controller when the data is no longer required by Turas Nua for the purpose for which it was collected, or when Turas Nua reaches the end of the contract term as required. We may retain anonymised data i.e., data that does not make an individual identifiable, for analytical purposes.
Rights of the Data Subject
1. Right of Access.
You have the right to request a copy of the information we hold about you. We will provide the information as required in GDPR Article 12 (1) in a concise, transparent, intelligible, and easily accessible form. To obtain a copy of this personal information, you can email or write to us at at the address listed below. As an agent and Data Processor of DSP, Turas Nua is required to provide the requested data to the Data Controller, we will gather the data you requested and send it to (DSP), who will then fulfil the data subject access request in accordance with the provisions of GDPR Article 15 ‘Right of Access by the data subject’. Your written authorization is required when another party makes a request on your behalf. The DSP will require proof of identity prior to release of the data file.
2. Right to have inaccuracies corrected.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You can do this during an appointment with your caseworker, or you can email or write to us at the address listed below. You should also notify the Data Controller of any amendments you may require by contacting your local Intreo office.
3. Right to the erasure of personal data.
Turas Nua cannot erase your data unless we are instructed to do so by the Data Controller. We will comply with any instruction received from DSP to erase your personal data from our systems. Please refer to the Data Controller website Section 10.3 for further information on this right (see address below).
4. Right to object to processing of personal data.
Turas Nua will respond to any instruction received from the Data Controller in relation to the exercise of this right. Please refer to the DSP website Section 10.4 for further information on this right (see address below)
5. Right to object to automated decision making.
An automated decision is a decision which is made entirely by a computer system, without the intervention of a person. Turas Nua systems do not use automated processes to make decisions about our clients without the intervention of a caseworker.
6. Right to data portability.
Data subjects (Clients) have the right to request their data from one controller so that it can be given to another controller (company). Turas Nua will act on the instructions of the Data Controller in relation to this right. Please refer to the Data Controller website Section 10.5 for further information on this right. (See address below)
7. Right to be notified of a data breach.
Turas Nua will without undue delay notify the Data Controller (DSP) when we reasonably believe that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data processed by Turas Nua. We will investigate the Incident, take necessary steps to eliminate or contain the impact of the Incident and keep the Data Controller advised of the status of the Incident and all related matters. The Department will write out to you to confirm what happened and which of your data was affected. They will also inform the Office of the Data Protection Commission, if it is determined that the breach is of high risk to the fundamental rights and freedom of the data subject.
Right To Complain
As well as the rights detailed above, you also have the right to complain if you feel that your personal data has been illegally accessed, please contact:-
Turas Nua Data Protection Officer – see contact details listed below.
The Data Protection Officer of the Data Controller - see contact details listed below.
Your local Intreo office.
You also have the right to complain to the Supervisory Authority at the Office of the Data Protection Commissioner (ODPC) – see contact details listed below
Turas Nua Data Protection Training and Awareness
In addition to the technical and organisational security measures we have in place, every Turas Nua staff member completes data protection training at induction. Data protection training is further enhanced by the completion by all staff of a data protection training module and assessment which is completed on an annual basis. Data protection is supported through ongoing reviews of all our office locations, and by Data Champions who help to ensure that staff remain vigilant on a day-to-day basis with regard to the protection of the personal data that we hold. Turas Nua employees participate in an annual information security awareness campaign.
Changes to our privacy policy
Turas Nua keeps our privacy policy under regular review, any updates made are placed on this web page.
Further information on your data protection rights can be found on the Data Protection Commission website www.dataprotection.ie and also on the Department of Social Protection website.
Contact Details
Data Controller
Department of Social Protection.
www.welfare.ie
dpo@welfare.ie
Data Processor
Turas Nua Limited
Email: dpo@turasnua.ie
Post: DPO, Benamore Business Park, Roscrea, Co. Tipperary E53 WK12
Supervisory Authority
Office of the Data Protection Commission
Email:info@dataprotection.ie
Helpdesk: (01) 765 01 00
or
1800 437 437
www.dataprotection.ie https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/18.htm.
Contact
Benamore Business Park, Dublin Road,
Roscrea, County Tipperary
Turas Nua Limited. Registered Office: Benamore Business Park, Dublin Road, Roscrea, Co. Tipperary. Registered in Ireland No 539368
© 2024 Turas Nua All rights reserved | Sitemap | Cookies Policy | Data Protection Statement | EmployabilityData Protection Statement | Powered 🧡 by Shazamme