The General Data Protection Regulation (GDPR) come into force on the 25th May 2018 and provides one framework data protection law for Europe, representing a significant harmonisation of data protection requirements and standards across the EU.
Who we are and what we do?
Midwest Corporate Services Limited of Suite A2, No. 1 Charlotte Quay, Limerick, V94TW5E are company formation agents and providers of independent company secretarial services to individuals, businesses and other service providers and hold a large depository of client personal data as well as employee data. As such, we have a duty to comply with the GDPR provisions whenever we process your personal data.
What is the purpose of this statement?
This Data Protection Compliance and Privacy Statement is in compliance with the data protection standards and obligations as set out in both the GDPR to inform you, amongst other things, about the reasons for us collecting your personal data, the specific uses it will be put to, your rights in relation to your personal data and how long we will retain your personal data.
What personal data we collect?
We require certain personal information from you, as the data subject, in order to be able to enter into a contract with you and to provide you with our services. We will indicate to you what personal data is required in order to enter into the contract with you. If you do not provide the information, we will not be able to provide you with our services. We are also required to obtain and process certain personal data from you as may be required by our legitimate interests and/or by law.
We are committed to ensuring that all personal data retained by us is up to date and accurate and to implement any necessary changes without delay. In order to ensure that your personal data is up to date and accurate, we may contact you advising of details of your personal data retained and asking you to verify its’ accuracy. We further rely on you to advise us of any changes to your personal data held by Midwest Corporate Services Limited to allow us fulfil our obligations.
What do we do with your personal data and the legal basis for processing your data?
Under data protection law we are required to ensure that there is an appropriate legal basis for the processing of your personal data, and we are required to let you know what that legal basis is.
We process your personal data in order for the performance of a contract providing you, or on your behalf, our services and to assist us in the operation of our business. There may also be limited circumstances where our legal basis for processing is your consent (where we have sought it and you have provided it to us), in which case you can withdraw your consent at any time.
For potential, current and past clients of Midwest Corporate Services Ltd., we may further process your data:
• In order to market the services of Midwest Corporate Services Limited and Irish Mortgage & Insurance Brokerage Alliance Ltd. T/A IMBA, T/A Lifecover4U, which may be of interest and benefit to you.
• To provide you with relevant information of developments, news,
updates and events relating to industry matters to which you have subscribed.
Information obtained from third parties acting on your behalf.
Where personal data have not been obtained from you directly, we will provide you with the identity and contact details of the third party who provided us with your personal data and the categories of personal data obtained including any publicly accessed data.
Who do we share your personal data with?
Service Providers – We rely on trusted third parties to help us run our business and to provide us with specialised services. These include legal advisors, accountants, financial advisors and consultants, IT support services and practice management system provider. Where our service providers have access to your personal data, we ensure they are subject to the appropriate safeguards. They may only process this data for the purpose of providing us with their services, and no other purposes.
Regulators – In certain circumstances we are obliged to provide information to a regulator or certain law enforcement agencies. This may be in the form, for example, of an audit by Revenue.
Transfers outside of the European Economic Area (EEA)
In the exceptional circumstance that may require us to transfer your personal data outside of the EEA to a country which is not recognised by the European Commission as providing an equivalent level of protection for personal data as is provided for in the EEA, please rest assured that we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under applicable data protection law. This may mean that we enter into contracts in the form approved by the European Commission, or we ensure that the company to which we transfer your personal data has agreed to abide by the approved transfer mechanism, such as the EU-US Privacy Shield framework.
Retention of personal data
Midwest Corporate Services Limited will retain your personal data for the duration of the engagement of our services on your behalf and in accordance with requirements under law and/or any regulating authorities’ policies. This statement operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. As we work in a highly regulated industry, we may have certain statutory and regulatory obligations to retain personal data for set periods of time, most notably, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 requires that customer due diligence records are maintained for five years after the end of the relevant business relationship.
You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data:
• Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• Right to rectification – you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten
• Right to restriction of processing or to object or withdraw consent to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object or withdraw your consent to our processing of your personal data for particular purposes.
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
In order to exercise any of the above rights, please contact us using the contact details set out below.
Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
Questions and Complaints
If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:
Post: John McShane
Midwest Corporate Services Limited
No. 1 Charlotte Quay
Tel: 061 – 404864
You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found on the dataprotection.ie website, or you can call the Data Protection Commission on 1890 252 231.