Privacy & Data
Protection Policy

ODS, Dundrum, Co. Tipperary are a company with over 60 years’ experience in the fabrication and erection of a wide range of structural steel buildings for the agricultural, industrial and commercial sectors. We have established a first-class reputation within this industry through a balance of competitive prices, commitment to quality, customer satisfaction and proven capabilities. and Privacy and Data Protection Rights are very important to us.

In the course of our work with you, you give us information about yourself – we respect your trust in us to use, store and share your information in accordance with new laws – including GDPR related legislation. In this Privacy Policy, we explain how we collect personal information about you, how we use it and how you can engage with us about it.

Please be assured that the personal information you provide to us will only be used to ensure that you receive the best service possible, that your data will be held legally, securely and in a compliant manner and that your information can only be assessed by those who specifically require it for the delivery of our services.

Enquiries about this Data Protection Policy should be made to: ODS , Dundrum, Co. Tipperary Email to DPO@ODwyerSteel.ie ; Phone to 062 71102

When this notice mentions “we” or “us”, we mean ODS Engineering and includes all staff employed by the company.

Richard Walsh as Managing Director has overall responsibility for Data Protection within the Company and may be contacted by email or phone on the details given above, by calling to the office, or by writing to him at our office address. Calls can also be addressed to Richard Walsh who is the acting Privacy Officer for the company.

So that we can deliver our core area of business to you with the detail of customisation and service required, we must gather and use personal information about you. If you do not provide the personal information, we may be unable to provide the quality of service you seek.

We collect and use personal data information to provide the following services:

• The provision of Customer Service, Enquiry Responses, Quotations and other follow up Information on your request
• Customisation and Tailoring of the provision of Structural Steel to you
• For the customised drafting of plans for your facility and to locate your organisation for design & delivery
• To Identify you as the legitimate point of contact for your organisation
• To manage vendor accounts and for accounting (payment) purposes
• To comply with Regulations and Statutory Obligations for Accounting/Revenue/Criminal Justice
• To provide personnel, payroll and pension administration services in connection with our employees
• To get and retain Clear and Opt-In Consent for further marketing follow up
• For provision of the enforcement of legal rights for the protection of both our interests
• For provision of Billing, Payment, Remittance or receipt/payment of money on your behalf

When you visit our website cookies are present to store statistical details (See cookie section)

• Google Analytics identity general data on what pages users access and long they stay
• You might submit payment through our 3rd party PCI compliant vendor – AIB Merchant Services
• Contact Us Form on website
• Newsletter Sign Up Form on website

When you interact with us on requirements for Structural Steel provision details noted when you make enquiry by face to face calls, phone, email or via website

• Forms used as part of your use of the above services
• Details required relating to contractual obligations
• Photography may be taken at company events but any use is consent based

When you provide us with consent to send you regular updates

• Email Consent
• Newsletter Sign Up Form
• Hardcopy Written Consent (Forms)

When you visit or engage with our Social Media platforms

• Engagement (Likes/Comments/Competitions on Facebook/Twitter/LinkedIn

• First Name, Last Name
• Contact information including email address and telephone number
• Company Role if Applicable
• Company or Home Address and Billing address
• Newsletter subscription (only if you have opted-in)
• Transaction data (services purchased, order value, order time and date)
• Any relevant detail required in order to prepare plans for your facility
• Banking Details (but we do not store sensitive payment data)
• Cookies (please refer to Cookie Policy section)
• Google Analytics (no personally identifiable information is passed on – all information is anonymised)

Our website use ‘cookie’ technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or apps. They help us make the sites work better for you.

The only function of cookies associated with our website is to track hits so as to monitor the parts of the site which are of most interest to visitors and to enable adjustments to be made to suit those requirements. No information is retained for any other purpose.

[Note: You can change the settings on your browser to refuse all cookies. However, you should note that disabling cookies may result in some parts of the site not working efficiently or in slower downloads].

Our website use ‘cookie’ technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or apps. They help us make the sites work better for you.

The only function of cookies associated with our website is to track hits so as to monitor the parts of the site which are of most interest to visitors and to enable adjustments to be made to suit those requirements. No information is retained for any other purpose.

[Note: You can change the settings on your browser to refuse all cookies. However, you should note that disabling cookies may result in some parts of the site not working efficiently or in slower downloads].

For further information about cookies and how to control their use, please visit the following third party educational resources: http://www.allaboutcookies.org and http://www.youronlinechoices.eu

The policy of ODS is not to Share your Personal Data with 3rd Parties.

However – from time to time – we may be required to pass your data to 3rd parties as outlined below.

Please note – this will be clarified to you at the time that the data is collected and will either be done so as to provide you with a better service – or because it is legally required to do so.

• Specific employees will have access to your personal details to provide you with the appropriate Quotes, Plans, Delivery or Service
• Our Delivery Employees or Delivery Contractor may receive your data to contact you or deliver orders
• Revenue Commissioners may receive details for tax compliance reasons
• Our Accountants may receive details for Payment, Accounting, Audit and Regulatory purposes

We expect and actively require any Third Parties with whom we work to be compliant with their legal obligations under Data Protection.

It is our policy to require all contractors or those who may come into contact with any Personal Data we hold to show GDPR compliance via self assessment and audit though our Supplier Data Protection Checklist / Data Processing Agreement. We will store this checklist for the duration of our working relationship with that 3rd party (+ 12 months)

We take appropriate measures under the laws that apply, to ensure your data is safe.

IT

• Emails & other Electronic Data is stored in secure cloud system
• Our CRM/Database a Cloud Based secure application
• AntiVirus Software is used on all IT Systems
• It is our policy that personal data is not held on pcs or laptops (Cloud only)
• A Firewall assists against Network Intrusion
• WiFi is secure

Document Storage

• Documents are stored in a locked office in individual covered files
• Data is managed safely and not left in areas where non relevant employees can access
• Any data which might be viewed as in any way sensitive is stored in locked cabinets in the office of the Director

Printing

• There is a policy of printing as little personal data as possible but where such data is printed – it is printed to an individual rather than to a network printer so access to the printed material is restricted to the directors and not printed to an area where non staff members could access this information
• Any information sent to a network printer is protected via password and pin printing is enabled to ensure that information sent t o t he printer is only available to the relevant person.

CCTV

• We do record and retain CCTV footage at entry/exit points and also on the outside of the building.
• CCTV is monitored for the purposes of Health & Safety, Security Monitoring & to highlight any potential criminal behaviour.
• We retain such data for 3 months but we do reserve the right where we identify an item of potential concern – to extend the retention of such data for a period of up to 2 years – to protect the rights of the Company, Employees or Visitors/Contractors.
• We have signage to indicate that we are recording data via CCTV both internally & externally and we are committed to complying with CCTV data access requests.

Data Disposal

• Although ODS does not hold sensitive data, it is our policy shred all documentation via the use of GDPR Compliant internal shredders & safety/securely dispose of the Personal Data we hold to ensure compliance – see section on data disposal.

Calls relating to Personal Data

• If you contact us about your information, we may need to ask you to identify yourself and furnish proof of identity – this is to help protect your information.

General Data Retention Policy (Clients)

• We retain general client data for a period of 6 years

General Data Retention Policy (Contractors/Vendors)

• We retain personal data of the above for the duration of working relationship (+12 months)

General Data Retention Policy (Employees)

• We retain personal data of the above (Employment Contracts) for the duration of working relationship (+12 months)

Legal Obligations

• Non National Employees (5 Years) & Revenue (7 years)

CCTV Footage

• We retain such data for 3 months but we do reserve the right where we identify an item of potential concern – to extend the retention of such data for a period of up to 2 years – to protect the rights of the Company, Employees or Visitors/Contractors.

To use your information lawfully, we rely on one or more of the following legal bases:

• Performance of a contract
• Legal obligation
• Protecting the vital interests of you or others
• Public interest
• Our legitimate interests
• Your consent

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations.

If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our services.

Once the period of stated storage is complete, or based on a Request to delete personal data (presuming we have no legal or statutory obligation to retain it) – it is our policy to have your personal date securely disposed of through the use of internal shredders which are compliant to GDPR.

Data will be securely deleted from the following media:

• Paper Based Files (Shredding)
• CRM & Database Systems (Deletion or Redaction)
• CCCTV (Deletion)
• Electronic Storage – including Hard Disks, External Hard Drives, Memory Sticks & Email (Deletion or Secure Destruction)
• BackUp Data will be deleted also in relation to these files

Sometimes we need your consent to use your personal information.

With direct marketing for example, we need your consent to make you aware of services which may be of interest to you.

We may do this by phone, post, email, text or through other digital media.

It is our policy to keep, in as far as is possible, a documented record of this consent.

Often, at the end of a job or piece of work for you, we contact you to give and get feedback.

We will generally provide options at this point in relation to how you might provide consent or otherwise for us to contact you with updates, marketing material and other promotions.

The Privacy Officer will conduct regular inspections and maintain a systematic audit schedule to monitor compliance and will actively record and report any Breaches in relation to Data Protection. Any employee, client or 3rd party can alert the Privacy Officer to the breach, who will update the Breach Log before identifying the breach type and evaluate any risk associated with the breach.

Where there is a possibility of risk, and where the personal data breached is neither Encrypted or Anonymised, the Privacy Officer will report the breach to the DPC, and depending on the severity/urgency of the risk – may also notify the data subject. This will be done as soon as possible – and within the required 72 hour limit.

Training sessions have been completed with all staff in relation to GDPR  All future induction sessions with include
a specific session on data protection.

You can exercise your rights by contacting us on
ODS, Dundrum, Co. Tipperary
Email to DPO@ODwyerSteel.ie
Phone to 062 71102.

Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information. Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people without consent. (See Sharing of Data for further details)

We generally do not charge you when you contact us to ask about your information. However, if requests are deemed excessive or manifestly unfounded, we may charge a reasonable fee to cover the additional administrative costs or choose to refuse the requests.

The following section details your information rights and how we can help ensure that you are aware of these rights, how you can exercise these rights and how we intend to deliver on your requests.

If you want to update or correct any of your personal details, please contact us at on ODS,
Dundrum, Co. Tipperary – Email to DPO@ODwyerSteel.ie ; Phone to 062 71102

1. You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information.
2. You can change your mind wherever you have given us your consent, such as for direct marketing or processing your information and we will remove your personal data from our documentation and systems.
3. You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where;
   • The personal data is inaccurate and you request restriction while we verify the accuracy
   • The processing of your personal data is unlawful
   • You oppose the erasure of the data, requesting restriction of processing instead
   • You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing
   • You disagree with the legitimate interest legal basis and processing is restricted until the legitimate basis is verified
4. You may ask us to delete your personal information or we may delete your personal information under the following conditions:
   • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
   • You withdraw your consent where there is no other legal ground for the processing.
   • You withdraw your consent for direct marketing purposes.
   • You withdraw your consent for processing a child’s data & there is no other legal ground for the processing.
   • You object to automated decision making.
   • The personal data have been unlawfully processed.
   • The personal data has to be erased for compliance with a legal obligation.
   • You declare to us that you are no longer a client of ours.

If you have a complaint about the use of your personal information, please let a member of staff in our Office know, giving them the opportunity to put things right as quickly as possible.

If you wish to make a complaint you may do so in person, by phone, in writing and by email. We will fully investigate all the complaints we receive. We ask that you supply as much information as possible to help us resolve your complaint quickly.

You can also contact the Office of the Data Protection Commissioner in Ireland on the below details:

Visit their website www.dataprotection.ie.
Email info@dataprotection.ie
Phone on +353 (0)57 8684800 or +353 (0)761 104 800
Write to Data Protection Office, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square, Dublin 2, D02 RD28, Ireland