Krisolis Privacy Statement

Introduction

Krisolis, 28 – 32 Pembroke Street Upper, Dublin 2 D02 EK84, has created this notice to outline the manner in which personal data will be handled and processed in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

This Privacy Statement (together with our Terms and any other documents referred to) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Questions, comments, and requests regarding this Privacy Statement are welcomed and should be addressed to info@krisolis.ie for the attention of Nina Copeland.

Purpose of Data Collection and Lawful Basis

Processing necessary for the performance of a contract to which the data subject is a party: in acting as a Data Processor Krisolis needs to keep and process a limited amount of your personal data, name, job role and email address, training records and feedback, in order to fulfil our obligations arising from any contracts where your employer has engaged us to provide training, mentoring or consultancy services directly to you.

Where you have consented, Krisolis may collect information from you relating to any special needs or dietary requirements that we may need to accommodate for face-to-face training. This information is used for these purposes only and is not retained on our systems.

Where you have consented, Krisolis may contact you by email in relation to relevant events or initiatives, you can unsubscribe from such communications at any time.

You have a right to withdraw your consent at any time and we will respect that right should you exercise it; however, you should be aware that we may not be able to provide services to you.

If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

Disclosure of your information

Where Krisolis engages the services of third parties, such services are covered by an appropriate contract, and any data acquired in the course of such services is processed in compliance with the GDPR.

Krisolis will only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

Do we transfer your information outside of EEA?

In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards including standard contractual clauses to ensure the security of your data.

Current Third-Party Providers

Name Purpose of Processing Location

Administrate Administration of Learning Management System UK

Sendgrid Email processing from our Learning Management System US

Your rights as an individual

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA2018) you have a number of rights with regard to your personal data:

The right to access your personal data.

if your personal data is inaccurate or incomplete, you have the right to have the data rectified without undue delay.

the erasure of your personal data or the right to be forgotten – the right to be forgotten is not an absolute right will not apply where processing is necessary for:

Compliance with a legal obligation.

Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Establishment, exercise or defence of legal claims.

the right to restrict processing, object to processing as well as the right to data portability in certain circumstances.

If you have provided consent for the processing of your personal data, you have the right (in certain circumstances) to withdraw consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

If you if you believe that we have not complied with the requirements of the GDPR or DPA 18, you have the right to lodge a complaint with the Irish Data Protection Supervisory Authority. The Data Protection Commission can be contacted at:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Telephone: 578 6848 00 / 761 104 800

Website: dataprotection.ie

If you wish to exercise any of your rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Any request to access personal data will be dealt with free of charge unless it is considered excessive in which case, we may charge a reasonable fee.

Data retention

Subject to your rights, we will ordinarily process your personal data throughout the course of your relationship with us and will delete it in accordance with the agreement we have entered into with your employer.

Data Security

We use a range of physical, electronic, and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a ‘need to know’ basis, technological security measures, including fire walls, encryption, and anti-virus software.

All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Changes to this statement

We reserve the right to change this statement at any time by notifying users of the existence

of a revised statement.

May 2021