Introduction

Contracting PLUS takes the safeguarding of personal information very seriously. The office of the Data Protection Commissioner outlines eight principles of data processing which are binding on all organisations who handle personal data. The eight principles:

  • Obtain and process information fairly
  • Keep it only for one or more specified, explicit and lawful purposes
  • Use and disclose it only in ways compatible with these purposes
  • Keep it safe and secure
  • Keep it accurate, complete and up-to-date
  • Ensure that it is adequate, relevant and not excessive
  • Retain it for no longer than is necessary for the purpose or purposes
  • Give a copy of his/her personal data to an individual, on request

This policy describes how Contracting PLUS adheres to those principles.



Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.

Data Protection Policy

Contracting PLUS shall perform its responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:


Principle 1-Obtain and process information fairly
Our data collection process aims to be open and transparent at all times. At the time we collect information about individuals, they are made aware of how that information will be used.

Examples include:
  • for assessment of application for service,
  • for planning service delivery,
  • for provision of information.

Principle 2- Keep it only for one or more specified, explicit and lawful purposes
Contracting PLUS recognizes the need to hold personal data about individuals. Depending on the solution offerred, Contracting PLUS may require information for some or all of the following purposes:
  • General Personal Details for communications
  • Identity/address validation.
  • Work status validation.
  • Company Account Setup and relevant applications (Form A1, 12A, TR2, B10, etc)
  • Administration of contractors contract.
  • Processing of Tax, VAT, PAYE and Income Tax returns.
  • Payment Setup and processing
  • Information mailings

Principle 3 - Use and disclose only in ways compatible with these purposes
Contracting PLUS holds and processes information about clients and agencies for all necessary and customary business purposes, such as:
  • Identity management i.e. your personal/working situation and validation of your work status.
  • Pay and review compensation
  • Contract Management.
  • Agency Management.
  • Provide and administer benefits.
  • Comply with applicable taxation or other legal obligations
  • Protect the rights, interests, or property of the Company.
  • Facilitate compliance with Company policies, industry standards, and legal requirements.

Disclosers
Contracting PLUS, as a rule do not disclose any information on our clients or agencies to third parties, but when necessary may make such data available to its advisors and regulatory authorities (including the Revenue Commissioners).
If disclosure of personal data to a third party is required which exceeds the terms of the provision within the consent declaration on the Contracting PLUS info pack/application form, consent will always be sought in such cases.
There are special circumstances under which disclosure of personal data to third parties is allowed. These are provided for under the Data Protection legislation and are:
  • As ordered by the Gardai, or army personnel
  • For the purpose of investigating an offence
  • To prevent urgent injury or damage to person or property
  • Under a court order or other rule of law
  • Required for the purposes of obtaining legal advice or for legal proceedings in which the person making the disclosure is a party or a witness
  • Made at the request of and with the consent of the subject of the data

Principle 4 -Keep it safe and secure
Contracting PLUS’ most important concern is the protection and reliability of customer data. Contracting PLUS use a mixture of Private and Public cloud infrastructure providers to ensure customer data is secure and available at all times. All our Cloud Providers are located within the EU and adhere to the highest compliancy standards including the following certifications/regulations:

- DoD SRG, FedRAMP, FIPS, IRAP, ISO 9001, ISO 27001, ISO 27017, ISO 27018, MLPS Level 3, MTCS, PCI DSS Level 1, SEC Rule 17-a-4(f), SOC 1, SOC 2, SOC 3

- EU Data Protection Directive, HIPAA

All client data is regularly backed up with robust disaster recovery procedures in place.

In addition, Contracting PLUS use a number of third-party web based systems for uses such as Survey gathering, Newsletter generation, etc where the data gathered may reside outside of the EU jurisdiction. To comply with Data Protection Legislation, the countries must be considered as offering an adequate level of protection in accordance with Article 25 of the Data Protection Directive. In these cases the third-party companies reside in the US and are therefore approved/governed under the EU-U.S. Privacy Shield Framework.

Principle 5 - Keep it accurate, complete and up-to-date
Contracting PLUS adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date. Contracting PLUS account managers are responsible for ensuring the accuracy of client’s data and through the provision of online tools as well as regular communications, strive to maintain high data accuracy levels.

Principle 6 - Ensure it is adequate, relevant and not excessive
Contracting PLUS collect and maintain sufficient information for the declared purpose in order to provide a fair and comprehensive service to each person.
We only hold that information which is adequate and relevant to the purpose it serves. If we are in receipt of personal data we ensure that the information is retained according to the company’s data retention policy.
All records of staff client interactions are maintained in a professional manner are done so with the expectation that the information can be shared with the person served

Principle 7 - Retain for no longer than is necessary
For Active contractors Contracting PLUS deletes permanently the following classes of information where the information in question is over seven years old post the end of the accounting year end (end Dec for Ire, end Apr for UK). This may include but not limited to:
  • Contractor expenses (both electronic and paper)
  • Contractor payslips (both electronic and paper)
  • Contractor/Agency invoices (both electronic and paper)
  • Contractor timesheets (both electronic and paper)
  • Contractor P60’s (both electronic and paper)
  • Submitted Tax returns information on our portal.
  • Any other paper based information received > 7 years old
For In-active contractors Contracting PLUS deletes permanently all classes of information (electronic and paper) where the information in question is over seven years old post the inactivity date of the contractor. The only information that will be retained for in-active contractors will be basic contact information (i.e. name, email address, employment sector, etc) for the potential future provision of services.

Principle 8 - Give a copy of his/ her personal data to that individual, on request
Contracting PLUS adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.

Procedures and Guidelines
Contracting PLUS is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

In accordance with the Data Protection Access Act individuals may make a request from Contracting PLUS for the following:
A. Right to establish existence of personal data (section 3 Data Protection Acts).
Under section 3 of the Data Protection Acts an individual may write to us asking whether we keep any personal data on him or her. Where we hold such personal data on you, we shall respond within 21 days of receipt of the request, giving you a description of the data we hold on you and the purposes for which it is kept.

You do not have to pay a fee for making a request of this type under section 3 of the Data Protection Acts. Please make your request in writing to us at:

Data Protection Co-Ordinator,
Contracting PLUS,
Unit 26J, Block 6500
Cork Airport Business Park
Cork, Ireland
stating that you are making your request under section 3 of the Data Protection Acts. Please note that before we respond to your request we may require that you provide us with satisfactory evidence of your identity and address. We do not accept section 3 requests via telephone, email or text message.

B. Making an Access Request (section 4 of the Data Protection Acts).
Under section 4 of the Data Protection Acts, you may receive a copy of your personal data held by Contracting PLUS upon written request, subject to payment of a fee of €6.35.

In order to respond to your section 4 request we ask you to download the Access Request Form.

  • Please complete, sign and date the form and be specific as possible about the information you wish to access.
  • Attach a photocopy of your proof of identity and address, to the Access Request Form.
  • Enclose a cheque or postal money order payable to Contracting PLUS Ltd in the amount of €6.35 and:
  • Post the Access Request Form to: Data Protection Co-Ordinator, Contracting PLUS, Unit 26J, Block 6500, Cork Airport Business Park, Cork, Ireland
  • If you cannot download the Access Request Form from the internet please write to us requesting a form from: Data Protection Co-Ordinator, Contracting PLUS, Unit 26J, Block 6500, Cork Airport Business Park, Cork, Ireland and we shall send you a copy by return post. Use of the Access Request Form is not mandatory. Completing the Access Request Form should enable us to process your section 4 request more efficiently.

Please note that we reserve the right not to process and release data requested where you have not complied with the requirements of section 4 of the Data Protection Acts including where:

  • You have not paid the prescribed fee of €6.35. All payments should be made by cheque or postal money order made payable to 'Contracting PLUS Ltd';
  • Your request is not made in writing. We do not accept access requests via telephone, email or text message.

Note on Cookies:
Cookies are small amounts of information which we may store on your computer. Cookies make it easier for you to log on to and use the Website during future visits. They also allow us to monitor Website traffic and to in future personalise the content of the Website for you.

Review
This “Data Protection and Retention Policy” will be reviewed regularly in light of any legislative or other relevant developments.