ABOUT THE FOOD SAFETY COMPANY
The Food Safety Company with the registered address of Little Island Post Office, Castleview, Island Cross, Co. Cork and the company registration number of 451992, (also referred to as “we,” “our,” “us”) is the Data Controller when you provide information to us.
The Food Safety Company are providers of complete training and compliance solutions for the food supply chain. Our team of Food Safety Trainers, Consultants and Auditors have the following functions:
- A source of food safety consultancy services and complimentary services such as nutrition, labelling and health and safety services.
- A full-service food safety training provider offering programmes leading to QQI awards on the National Framework of Qualifications at levels 4, 5 & 6. As well as bespoke food safety training programmes mapped to FSAI levels 1, 2 & 3.
This Privacy Statement defines how we collect, use, share, store, our legal basis, how long we keep your data and outlines your rights. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act, 2018 and other Irish or EU Data Protection legislation.
LEGAL BASIS FOR USING YOUR INFORMATION
All businesses must have a legal reason to use your personal information; if they do not have one, they cannot use your personal data. Several legal grounds enable data processing. Outlined below are the most relevant grounds you should be aware of.
WHEN YOU ARE A CLIENT AND OR TRAINING PARTICIPANT
When you are a visitor or a potential visitor, we will process the following personal data about you:
- Your first name, surname, address, telephone/mobile number and e-mail address;
- A record of the information that you provide to us;
- Conversations you have when you call us;
- When you book to attend and pay for a training course; and
- Home and work address if applicable (to contact you and send your certificate to).
- Next-of-kin (in case anything should happen you while attending a programme).
- When you agree to stand in for a group photograph which we will use on our social media accounts;
- Marketing profiles, including what events and communications we think you might be interested in.
- When you book to attend and pay for a course, we will also ask you for your employment status because if you are unemployed, it may be partially funded by a state body;
- When you complete a feedback form, either manually or online;
- Relevant life, educational and work experience (for access to QQI programmes)
- Assessment evidence, verification reports, external authenticators reports and results.
WHEN YOU HAVE APPLIED FOR A JOB OR YOU WORK WITH US
If you apply for a job that we have advertised, we will gather some of the following information from you to determine your suitability for the role, namely your CV, Cover Letter and Interview Score Sheet. If you are successful and we employ you, we will collect the following additional information:
- PPS Numbers;
- Bank A/C details;
- Leave records (including maternity, paternity and adoptive leave);
- Contract of employment and HR details;
- Voluntary and other deductions for the processing of payroll;
- Salary and other benefits (including in-kind);
- Time and attendance records; &
- Travel, subsistence and other reimbursable expenses
Where you provide information to us about other people coming on a training course, you need to make sure you have their permission to do so.
Lawful basis relied upon: The processing is necessary for the performance of a contract, consent or legitimate interest.
Performance of a contract is where we either have a contract with you or you wish to enter into a contract with us. For example, when you sign up to the Rest Assured Agreement (RAA) as a client. Certified training programmes and as a training provider for learners, client companies and trainers. To administer & record training bookings, attendance, assessment and record academic achievements, also to evaluate learner and trainer feedback. To facilitate quality assurance for The National Hygiene Partnership (NHP), The Food Safety Professionals Association (FSPA), and Environmental Health Association of Ireland (EHAI) requirements. To administer the appeals procedures as a training provider.
There may be situations where we need to use your information to comply with legal obligations. We are required by law to keep your information on file to comply with the Revenue Commissioner, Health and Safety legislation and also for Professional and/or Public Indemnity Insurance purposes.
We process the following data because we have a legitimate interest:
- Keeping your data in our system to keep it secure;
- The date on which you started using our services;
- The date on which you ceased to use our services;
- A record of any complaints or compliments made by you and the action taken in respect of any such complaint or compliments;
- Your email and telephone number in a suppression list so that we do not email or telephone you again by accident;
- We may receive your business contact information directly from you, as a client or from business cards, or we may get your information from third party sources, such as your website or professional network profile;
- The IP address and the MAC address when you visit our website enables us to keep our website secure.
- Students registering for QQI courses will be asked to supply their date of birth and PPS Number in the weeks following registration.
- Students who have registered for QQI courses will need to be registered on the QQI database if they wish to receive their official exam results and QQI certificate awards. In order to register you on the QQI Database, we need to enter your Name, Address, Date of Birth and PPS Number. Without these, we cannot register you with QQI.
We process the following data because we have your consent:
- Training Feedback Form
- Subscribing to our newsletters and social media accounts
On the completion of a course, all participants may be requested to complete a feedback form. The purpose of this is to evaluate the training delivered and to make improvements to course delivery if necessary. On occasion, we may use quotations from our courses on our promotional materials. Such use is always anonymised. If we require a direct quote, we will always contact you for your permission. We retain this information for a year following completion of a course.
Telephone: We have a telephone voice messaging system in the office to record any messages from people who ring when the office is unattended. You may or may not wish to leave a message. Messages are deleted once a member of The Food Safety Company has listened to it and followed up on any information left on the system.
In the course of providing our services, we may process specific sensitive data for instance, in the unfortunate event that you experience an accident or incident we will record your personal data and any health implications. We rely on exceptions contained in Article 9 of the GDPR and the Data Protection Act 2018 to process this information.
WHY DO WE NEED YOUR DATA?
The Food Safety Company need to process personal data about our visitors to provide effective and high-quality service and to fulfill our legal obligations. We will process your data to:
- Provide you with the services or information that you have asked for;
- Keep a record of your relationship with us;
- Send you correspondence and communicate with you;
- Meet our legal obligations;
- Respond to or fulfill any requests, complaints or queries that you may have; and
- Understand how we can improve our services or information;
WHEN AND HOW WE COLLECT YOUR INFORMATION
We may collect information you provide to us directly and indirectly when interacting with our services. This may include such interactions as:
- Make an initial approach to us by email or on the phone; and
- Interact with us by email, text, or on social media;
- From third-parties such as employers or state-funded bodies (i.e., Skillnets, SECAD, etc.)
The Food Safety Company is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not aim our services at children, and we do not knowingly collect any personal data from any person under 16 years of age.
YOUR BUSINESS FINANCE INFORMATION
Processing is necessary for compliance with a legal obligation such as Taxation laws. We collect financial data required to comply with Irish Tax law such as V.A.T. numbers, account details to pay and sending invoices.
USE OF OUR WEBSITE
We process the following data because we have a legitimate interest:
We have a legitimate interest in understanding how our clients and potential clients use our website. This assists us in providing more relevant services and communicating value to our clients.
See the Cookie Notice on our website for more details.
We collect personal information relating to you when you contact us through the contact forms on this website. This information may include your name, email and your phone number. We will only use this information to respond to your request. We will never use this information to market to you unless you have specifically requested us to reach out to you through the contact form.
We use a third-party provider, MailChimp to deliver our newsletter. As a part of MailChimp’s services, it collects statistics around e-mail opening and clicks using industry-standard technologies. If you no longer wish to receive marketing emails or newsletters from us, you have the right to ask us to stop processing your data for direct marketing purposes. Please send an email firstname.lastname@example.org with ‘UNSUBSCRIBE’ in the subject line or click the ‘Unsubscribe’ link in the newsletter email you received from us.
There are some activities where we process personal information with your permission, which you can withdraw at any time, although if you do, we may not be able to provide the product or service you have requested. An example is where we want to use your photograph to promote our business. We would ask your permission first and you can withdraw your consent at any time. We will indicate in this Privacy Statement where we rely on consent.
Where we may rely on consent to use your information, you have the right to revoke that consent for that processing activity at any time. However, we may have the right to rely on an alternative legal basis for the processing activity and will inform you of that.
A withdrawal of consent may still allow the processing of your data if:
- Processing is necessary for the performance of a contract with you.
- Processing is necessary for compliance with a legal obligation.
- Processing is necessary to protect your vital interest or that of another person.
- Processing is necessary for the performance of a task carried out in the public interest.
- Processing is necessary for the legitimate interests pursued by the controller or a third party; except where such interests are overridden by your interests or fundamental rights and freedoms.
We want to send you information about our services, training and events from time-to-time which may be of interest to you. If you have consented to receive such marketing information, you may opt-out later. You have a right at any time to ask us not to contact you for marketing purposes.
In addition to sending you information about the services you use, and where we have your permission, we may send you direct marketing communications about our services, events and offers.
Direct marketing communications may be sent by post, email, telephone, social media (such as Facebook, LinkedIn and Twitter), messages including push notifications to your mobile devices, and via other electronic means such as when you visit our website.
We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our services.
You will be able to opt-out of direct marketing by following the instructions in the communications you receive or changing your device settings.
LINKED SERVICES, THIRD-PARTY SITES AND CONTENT
In some of our articles, eLearning platform, and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. The Food Safety Company does not accept any responsibility or liability for other sites’ Privacy Notices/Statements or Privacy Policies. If you access other websites using the links provided, please read their policies before submitting any personal information.
Our website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from The Food Safety Company website through these services, you should review the ‘Privacy Statement/Notice’ of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.
HOW WE PROTECT YOUR DATA
Access to our online databases is password protected and all our computers are also password protected. We restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. All our documentation and records are securely stored on site.
Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website, or to our office via e-mail, and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your personal data arising from such risks. Please also note that our website contains hyperlinks to websites owned and operated by third parties, and use of these is at your own risk (see ‘Third Party Websites’).
In instances where our business is subject to a re-organisation, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of The Food Safety Company.
DISCLOSURES REQUIRED BY LAW
Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.
RETAINING YOUR DATA
We shall keep your information for as long as necessary for the uses set out in this Privacy Statement or while there is a legitimate business reason for doing so.
We hold your data:
- For enquires – 6 months, just in case you have forgotten something and come back to us.
- For marketing – until you withdraw consent or until we see that you are no longer opening the emails. We review our consents every year.
- Accident/incident Reports – kept for 10 years
- After ceasing to be a client – 7 years.
- QQI Training Attendance Sheets and Certificates – from the date when you complete the course + 1 year
- Soft copies of the attendance sheets are retained for 7 years.
- Training provided via Grant Aid Funding – 7 Years from when the training was completed.
- Unsuccessful candidates (Interview Score Sheets, C.V and Cover Letters, Application Forms, Job Specification and Job Description) – 1 year from the date that the position is filled.
- All other data is held as per our Retention Schedule; please feel free to contact us for more information at email@example.com.
Where you ask for your account to be closed, we will do this as soon as possible subject to any terms and conditions relating to the account. Your information will be retained to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.
YOUR RIGHTS UNDER THE GDPR & THE DATA PROTECTION ACT, 2018
You have rights in respect of our processing of your personal data which are:
- To access your personal data and information about our handling of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- We no longer need it;
- If we are processing your personal data by consent and you withdraw that consent;
- If we no longer have a legitimate ground to process your personal data; or
- We are processing your personal data unlawfully
- To object to our processing if it is by a legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us at firstname.lastname@example.org.
WHO DO WE SHARE YOUR INFORMATION WITH?
In the course of providing our Services, we share information with various third parties, including tutors, external authenticators and external evaluators reviewing assessments and centre procedures. We will share your data with funding bodies who may have sponsored the programme or your attendance at the training programme. When your employer pays for your training course, they will receive copies of your attendance and training certificate. We will share your personal data with the Environmental Health Association of Ireland (EHAI), Quality & Qualifications Ireland (QQI) and/or The National Hygiene Partnership (NHP) to facilitate the transfer and progression to further education, to prove your attendance or for licensing purposes.
If you decide to avail of our online courses, you will be redirected to Shopify to make payments to access these courses and modules.
DATA TRANSFERS OUTSIDE OF THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
When we transfer your personal data out of the European Economic Area (EEA), we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
CHANGES TO OUR PRIVACY STATEMENT
We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review. This policy was last updated in January 2019.
COMPLAINTS, QUESTIONS AND ASSISTANCE
If you have any comments, concerns or complaints about our uses of your information, we would ask that you contact us first, so that we can try and resolve the matter.
You are encouraged to raise any issues with Mary Daly or Mairead McCarthy:
Post: Little Island Post Office, Castleview, Island Cross, Co. Cork
Telephone: +353 (0)21 435 5917
COMPLAINING TO THE DATA PROTECTION COMMISSION (DPC)
Where we are unable to help, you can complain to the Data Protection Commission (DPC) in Ireland or the Statutory Authority in your country of residence, who will be able to liaise with the Data Protection Commission.
The Data Protection Commission (DPC) can be contacted at:
Post: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, Ireland, R32 AP23.
Telephone: +353 (0)57 868 4800
Telephone: +353 (0)76 110 4800
Lo-Call Number: 1890 252 231