CELTONN Limited Personal Data Protection Policy

Introduction

This policy outlines the principles, measures, and practices that CELTONN LIMITED will adhere to in accordance with the General Data Protection Regulation (GDPR) and Irish law. It aims to ensure the protection of personal data, whether internal or provided by customers, by setting a framework for the handling, storage, processing, and security of data. The policy is designed to safeguard the rights and freedoms of data subjects and reflects the company’s commitment to corporate responsibility in data protection.

Scope

This policy applies to:

  • All employees, consultants, contractors, and partners of CELTONN LIMITED.
  • All processes, systems, and software that process personal data.
  • All personal data belonging to employees, customers, vendors, and third-party stakeholders that is handled by the company.
 

Principles of Data Protection

In adherence to GDPR, the following principles will guide the handling of personal data:

  • Lawfulness, Fairness, and Transparency: All processing activities will be conducted lawfully, transparently, and with fairness.
  • Purpose Limitation: Personal data will be collected for specific, explicit, and legitimate purposes and not processed beyond those purposes.
  • Data Minimization: Only the necessary data required to achieve the processing purposes will be collected and retained.
  • Accuracy: Personal data will be kept accurate and up-to-date. Inaccurate data will be promptly rectified or deleted.
  • Storage Limitation: Personal data will not be retained longer than necessary for its intended purposes.
  • Integrity and Confidentiality: Appropriate security measures will be implemented to protect personal data from unauthorized access, alteration, or destruction.
  • Accountability: CELTONN LIMITED will demonstrate compliance with these principles through documentation and proactive measures.
 

Roles and Responsibilities of CELTONN LIMITED

CELTONN LIMITED may act in the role of a data controller or a data processor depending on the nature of its engagement with customers. As a data controller, the company determines the purposes and means of processing personal data. As a data processor, the company processes personal data on behalf of its customers, following their instructions and adhering to the GDPR’s requirements for processors. In either role, the company is committed to maintaining the highest standards of data protection and ensuring compliance with applicable laws.

Responsibilities

Data Protection Officer (DPO)

A Data Protection Officer will be appointed to oversee GDPR compliance. The DPO’s responsibilities include:

  • Monitoring the implementation of GDPR-compliant practices.
  • Providing training and guidance to employees on data protection obligations.
  • Auditing data protection measures and processes.
  • Responding to queries and concerns from data subjects.
Employees

All employees are responsible for:

  • Understanding and adhering to this policy.
  • Reporting any breaches or suspected breaches of personal data to the relevant team or DPO.
  • Participating in data protection training as required.
 

Customer Data Management

Data Collection
  • Customer data will be collected only with explicit consent or where necessary for contractual obligations.
  • A clear privacy notice will be provided to customers detailing the purpose, retention period, and processing of their data.
Data Processing
  • Customer data will only be processed for the purposes explicitly agreed upon.
  • All processing activities will be documented and regularly reviewed for compliance.
Third-Party Vendors
  • All third-party vendors handling customer data on behalf of the company must sign a Data Processing Agreement (DPA).
  • Vendors will be audited to ensure their compliance with GDPR standards.
 

Data Processing Agreements

To ensure legal compliance and mutual accountability, CELTONN LIMITED will establish Data Processing Agreements (DPAs) with its customers and partners where required. These agreements will outline the responsibilities of both parties, including the scope, purpose, and duration of data processing, as well as the security measures and mechanisms for auditing compliance. The company will work transparently with customers to create and maintain such agreements, ensuring alignment with GDPR and Irish law.

Internal Data Management

Employee Data
  • Employee personal data will only be collected and processed for HR purposes, payroll, and legal compliance.
  • Employees will be informed about the processing of their data and their rights as data subjects.
Security Measures

Technical and organizational measures will be implemented to ensure the security of all personal data, including:

  • Encryption of sensitive data.
  • Access control: limiting access to data only to authorized personnel.
  • Regular security audits and penetration testing.
  • Implementation of firewalls and antivirus software.
 

Data Subject Rights

All data subjects whose personal data is processed by CELTONN LIMITED have the following rights:

  • Right to Access: The right to obtain information about personal data held and processed.
  • Right to Rectification: The right to request corrections to inaccurate or incomplete data.
  • Right to Erasure: The right to request deletion of personal data, subject to legal or contractual obligations.
  • Right to Restrict Processing: The right to limit the processing of personal data under certain conditions.
  • Right to Data Portability: The right to receive personal data in a structured, commonly-used format.
  • Right to Object: The right to challenge the processing of personal data for specific purposes, such as direct marketing.

Data subjects wishing to exercise their rights under GDPR, such as accessing, rectifying, or erasing their personal data, or raising concerns about data protection practices, can contact CELTONN LIMITED through the following channels:

  • Email: privacy@comprsa-europe.com
  • Postal Address: Data Protection Officer, CELTONN LIMITED, NovaUCD, Belfield Innovation Centre

The company is committed to responding promptly and effectively to all inquiries, complaints, and requests related to data protection.

Data Breach Management

In the event of a data breach:

  • The breach will be reported to the Irish Data Protection Authority within 72 hours, if required by law.
  • Data subjects affected by the breach will be informed promptly.
  • Measures will be taken to mitigate the impact of the breach and prevent future occurrences.
 

Policy Review and Updates

This policy will be reviewed annually or as required due to changes in legislation, business processes, or any identified gaps in compliance. Updates will be communicated to all employees and relevant stakeholders.

Contact Information

For questions or concerns regarding this policy, please contact our Data Protection Officer at info@celtonn.com.

Conclusion

CELTONN LIMITED is committed to maintaining the highest standards of data protection and privacy for our employees, customers, and partners. By adhering to this GDPR compliance policy, we ensure that personal data is handled responsibly, ethically, and in full compliance with Irish law.