As this policy refers to ‘we’, ‘our’, or, ‘us’ it is to denote Innovapeak, trading as Safefood 360° and any wholly owned subsidiaries. The headquarters of the company are in Dublin, Ireland, however, the company operates from multiple offices and areas globally. Address information for these offices are available on the Contact us page of the website.
Safefood 360 is an online food safety management system which stores food safety information about a company or individual (Site) as provided or entered by that company or individual. Safefood 360 will store information that is entered by you, or automatically imported on your instruction. The Data entered, or imported on instruction, by you remains your property and Safefood 360 will not use nor make available for use any of this information without your permission.
Under EU data protection law (including the General Data Protection Regulation 2016/679 (henceforth, GDPR), we are a ‘data controller’ of your personal information.
The type of personal information we collect
For marketing purposes we collect certain personal information about visitors and users of our sites. We collect personal information directly when you provide it to us, and automatically as you navigate through our Sites.
This information includes things like: email address, IP address, company name, and other contact details. This information may also contain information that you submit to us, such as the challenges your business is facing and the solutions that we offer that you are interested in learning more about.
Personal information we collect about you from others
On occasions, we may collect certain elements or categories of personal information about you from other sources. In particular these can be from two main sources:
A – Third party service providers (such as Google or Facebook) which may provide information about you when you connect, like, engage or link with our content and the provider sends us information such as your profile information from that service. This information can vary and is controlled by that service provider and is authorized by you via your privacy settings from that service provider; and/or
B – Third party sources / and or partners globally. Here, we receive additional information about you (to the extent permitted by applicable law in the EU), such as demographic data.
How we use personal information
Cases where we will use your personal information are:
A – Where it is necessary for purposes which are in our, or third parties’, legitimate interest. These include:
- Maintaining and operating our Sites
- Providing you with the services described on our sites
- Verifying your identity when you sign in to any of our sites
- Updating you with news and information about our Site and services. E.g., notifying you of changes to our Site, disruptions or updates
- Conducting analysis of the site to ascertain how the site, content, and services of the site can be improved
- Communicating with you by responding to comments, queries or other methods where a clear communication channel is being opened, such as a survey or questionnaire.
- Improving our product, services, and offerings of the site
- Providing general administrative and performance functions, as well as activities
- Where we are required to share your data by competent authorities
B – Where you have given us consent to do so
- Sending or providing you with marketing information about content, product or services which we feel may interest you
C – If required to do so by law and to responses by government, law enforcement agencies or other competent authorities conducting an investigation
Where/ When we disclose your personal information
When legitimate need arises we may share your personal information with the following:
- Subcontractors and service providers who assist us with the ways we use personal information (as detailed above). In particular, these include: website hosting providers which are located in EU and US; technical and customer support services located in the EU and US; marketing and analytics services which are located in the EU and US. Our subcontractors and service providers may also transfer and access such information from other countries from where they have operations.
- Our professional counsel and advisers, such as lawyers, accountants, and business advisers, which are located all in Ireland and the EU.
Where/When we transfer and/or store your personal information
Your data will be processed within Ireland, the US and UK, however, most processing will be performed centrally from our HQ in Ireland. The recipients above that we rely on are from these three countries, Canada or the larger EU as well. This is done on the basis that your consent to this policy acknowledges that we take care to work with subcontractors and service providers who we believe maintain the required standard of GDPR and general data security compliance.
How your information is secured
Your personal information is maintained on and stored on secure services managed by us and our service providers. Personal information that is stored and transmitted internally is protected by security measures, including password authentication, two-factor authentication, and/or data encryption.
How you can access your personal information
You have the right to make a request to us at any stage to access personal information we hold about you and to request corrections of any errors in that data. You may request that your information be deleted and ensure you will not be further contacted from the company unless you specify as and when, and sign up to receive our communications and materials again in line with GDPR compliance.
Marketing uses of your data
- Where we have your consent to do so (such as subscribing to our email lists or stating an interest in receiving offers and information from us), we will send you marketing communications by email about content, resources, product or services that we feel may be of interest to You. You have the right to opt out of these communications at any stage if you would not like to receive them. This can be done by using the ‘unsubscribe’ feature in the email communication.
- You also have the choice about cookies, as described below in the next section. You can modify your browser preferences which will allow you the choice to accept all cookies, be notified when cookies are set up (installed), or to reject all cookies.
The purpose of these cookies are to enhance your experience on our site and provide additional functionality that means you don’t need to re-enter your details each time you engage with our sites, or try to access the content or materials we offer.
When you visit our site there is certain information recorded which is often generally anonymous and does not reveal your identity to us. However, once you request more information from us and provide us with your contact details, we may be able to associate these histories together. These details include:
- Your IP address
- The date and time of your visit to our site
- The length of your session on the site
- The pages and resources you have accessed on the site
- The number of times you access our site within any month
- The file URL you visited and information related to it
- The website which referred you to our site
- Your device information such as operating system and dimensions of the screen on the device.
These cookies also allow us to gather relevant data that helps us serve marketing and advertising content relevant to your interests. We may use third party advertising or services to serve you ads based on your prior visit to our sites or relevant on-site messaging and content. This would include seeing content specific to your visit (or more generally) on another site, usually in the Google Display Network, after you have visited our site.
You may opt out of third party advertising cookies at any time by visiting the Network Advertising Institute.
If you prefer to change your browser settings, you can do this by the following links:
How long will your information be retained
We reserve and protect your personal information for as long as it is necessary to provide you with the services and offerings you request, and to comply with legal obligations. If you no longer wish for us to use your personal information or to provide you with our content, offerings, or offers, you can request we erase your personal information.
When we must update this policy
We will need to change this policy occasionally to ensure it remains up to date with the latest legal requirements that will affect our holding of your data, as well as any changes to our privacy management practices.
When we do change the policy, you will be notified of these changes, where required. A copy of the latest version of this policy shall always be available on this page.
How you can contact us
If you would like to contact us or have any questions about the privacy practices, or the manner in which way we manage your personal information, please contact us in writing at Safefood 360°, Unit 2-50, Rosemount Business Park, Ballycoolin, Dublin 11, or through our dedicated email [email protected]
Safefood 360 stores food safety information about a company or individual (Site) as provided or entered by that company or individual. Safefood 360 will store information that is entered by You, or automatically imported on Your instruction. The Data entered, or imported on instruction, by You remains Your property and Safefood 360 will not use nor make available for use any of this information without Your permission.
The Data entered, or imported on instruction, by You is stored securely in a database and is only accessible to any person You have authorized to use the Service. It is Your responsibility to keep Your password safe. Safefood 360, Safefood 360’s staff and Safefood 360’s partners do not have access to Your password and are therefore unable to access Your Organisation’s account or Data without receiving an invitation to do so from You.
Access to the Data may be permanently deleted by Safefood 360 30 days after You stop paying for the Service or at Your request.
Safefood 360′s servers have SSL Certificates issued by leading certificate authorities so all Data transferred between users and the Service is encrypted. However, the Internet is not in itself a secure environment. Users should only enter, or instruct the importation of, Data to the database within a secure environment. This means that Your browser must support the encryption security used in connection with the Service.
Safefood 360 stores your Data in the location Safefood 360 considers will give You the most efficient access from wherever in the world You may be. Access and storage controls via the Service are however administered by Safefood 360 in Ireland as the custodian of that Data. Where You access or input Data from somewhere other than the country where the Data is stored or to be stored, You consent to that Data being transferred from one country to the other (including via any intermediate country) as a function of transmission across the internet.
The Data entered, or imported on instruction, by You is stored securely in a database and is only accessible to any person You have authorized to use the Service. Safefood 360 will never access the details of any transaction entered and stored in the Service. Safefood 360 will never access system usage history for a specific identifiable user, except where granted permission by that person to assist with resolution of a system issue or error.
Safefood 360 staff and key commercial partners can access non-identifying and aggregated usage information and transaction volumes in order to better understand how our customers are using the Service so we can improve the system design and where appropriate have the system prompt users with suggestions on ways to improve their own use of the system. All aggregated usage information is stored in a secure data warehouse facility.
Use and storage of your personal information
When you supply any personal information to Safefood 360 (e.g. for request for information) we have legal obligations towards you in the way we use that data. We must collect the information fairly, that is, we must explain how we will use it and will tell you if we want to pass the information on to anyone else.
In general, any information you provide to Safefood 360 will only be used within Safefood 360. Your information will be disclosed where we are obliged or permitted by law.
Third Party Services
The Service may contain links enabling the electronic transfer of data with third-party applications. Safefood 360 takes no responsibility for the privacy practices or content of these applications.
Safefood 360 reserves the right to change this policy at any time and any amended policy is effective upon the posting on this website.
Privacy Notice for Job Applicants
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
A. DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we comply with the relevant GDPR procedures for international transferring of personal data.
B. TYPES OF DATA HELD
We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy and we also hold the data within our computer systems, for example, recruitment logs.
Specifically, we hold the following types of data:
a) personal details such as name, address, phone numbers;
b) name and contact details of your next of kin;
c) your photograph;
d) your gender, civil status, information of any disability you have or other medical information;
e) right to work documentation;
f) information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
g) references from former employers;
h) details on your education and employment history etc;
i) driving licence;
j) criminal convictions.
C. COLLECTING YOUR DATA
You provide several pieces of data to us directly during the recruitment exercise. In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.
Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.
D. LAWFUL BASIS FOR PROCESSING
The law on data protection allows us to process your data for certain reasons only.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
|Activity Requiring Your Data||Lawful Basis|
|Carrying out checks in relation to your right to work in the Republic of Ireland||Legal obligation|
|Making reasonable adjustments for disabled employees||Legal obligation|
|Making recruitment decisions in relation to both initial and subsequent employment e.g. promotion||Our legitimate interests|
|Making decisions about salary and other benefits||Our legitimate interests|
|Making decisions about contractual benefits to provide to you||Our legitimate interests|
|Assessing training needs||Our legitimate interests|
|Dealing with legal claims made against us||Our legitimate interests|
|Preventing fraud||Our legitimate interests|
E. SPECIAL CATEGORIES OF DATA
Special categories of data are data relating to your:
b) sex life
c) sexual orientation
e) ethnic origin
f) political opinion
h) trade union membership
i) genetic and biometric data.
We carry out processing activities using special category data:
a) for the purposes of equal opportunities monitoring
b) to determine reasonable adjustments.
Most commonly, we will process special categories of data when the following applies:
a) you have given explicit consent to the processing
b) we must process the data in order to carry out our legal obligations
c) we must process data for reasons of substantial public interest
d) you have already made the data public.
F. FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.
G. CRIMINAL CONVICTION DATA
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of legitimate interests to process this data.
H. WHO WE SHARE YOUR DATA WITH
Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.
Data is shared with third parties for the following reasons:
a) the administration of payroll
b) the administration of health insurance
c) the administration of pension scheme
d) storage of files and documentation.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
We do not share your data with bodies outside of the European Economic Area.
I. PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
J. RETENTION PERIODS
We only keep your data for as long as we need it for, which, in relation to unsuccessful candidates, is six months to a year.
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months once the recruitment exercise ends.
If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for nine months once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.
K. AUTOMATED DECISION MAKING
Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
L. YOUR RIGHTS
You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data;
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact our appointed person who will handle issues in relation to data protection activities.
M. MAKING A COMPLAINT
If you think your data rights have been breached, you are able to raise a complaint with the Office of the Data Protection Commissioner. You can contact the ODPC at Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois or by telephone on +353 57 8684800 or +353 (0)761 104 800 or Lo Call 1890 252 231 or email [email protected].
N. DATA PROTECTION COMPLIANCE
Our appointed person in respect of our data protection activities is the Operations Manager:
Name: Vivienne Li
The Operations Manager shall notify other Compliance Team members of any requests or issues in relation to data protection activities and together, the team will determine the appropriate course of action.