This is important; we hope you will take time to read it carefully.
At Synchro, we take the protection of your data seriously. We want you to feel confident that we are keeping your data secure, and that we handle and process it in accordance with current local legislation and the General Data Protection Regulation 2018.
The Site is operated by Synchro (registered in Ireland with company number 504786 and registered address at Block D, Cherrywood Business Park, Loughlinstown, Dublin 18.
Types of Data collected
We want to give our customers the best possible experience. To do so, we need to collect personal data from you for certain processes such as providing a service and when you enquire about our services.
The Personal Data may be freely provided by the User or collected automatically when using this Application.
Failure to provide certain Personal Data may make it impossible for this Application to provide its services. Users are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.
In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
We will transfer your data outside the EEA when we require a Third Party to work on behalf of Synchro, for instance for analytical purposes carried out by the companies listed below.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.
The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.
The use of the collected data
The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Analytics and Interaction with external social networks and platforms. The Personal Data used for each purpose is outlined in the specific sections of this document.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
The services contained in this section enable the Owner to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
Personal Data Collected: Cookies and Usage Data
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
Google+ +1 button and social widgets (Google Inc.)
The Google+ +1 button and social widgets are services allowing interaction with the Google+ social network provided by Google Inc.
Personal Data collected: Cookies and Usage Data
Facebook Like button and social widgets (Facebook, Inc.)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data collected: Cookies and Usage Data
CCTV is located in our stores with images being monitored and recorded for the purpose of crime prevention and for the safety of our staff and the general public. This scheme is operated by Synchro and maintained by Mercury Systems (Eur) Ltd. The principle of transparency means that individuals have a right to be informed about the processing of their personal data; notification of CCTV usage is achieved with easily-read and well-lit signs in prominent positions in our stores. As a person’s image is recorded by our CCTV system, we must provide you with the following information:
Who is the Data Controller and how can I contact them?
Synchro, Block D, Cherrywood Business Park, Loughlinstown, Dublin 18. You can call them on 01-272 7000 or email them at firstname.lastname@example.org
How do I contact your Data Protection Officer?
You can contact our DPO at email@example.com
What are the purposes for which data is processed?
Crime prevention and for the safety of our staff and the general public.
What is the legal basis for the processing?
Legitimate Interest. This is justified on the basis of necessity and proportionality, and is carried out in order to protect our premises and property from crime or damage, and to help ensure the health and safety of staff members and the general public.
Do you share the CCTV footage with any third parties?
Under Section 41 (b) of the Data Protection Act 2018, we fulfil data access requests from An Garda Síochána. We also provide the Merchant Services suppliers with data under PCI DSS (Payment Card Industry Data Security Standard).
What are your security arrangements for the CCTV footage?
All footage is stored in a secure environment with access restricted to authorised personnel only, and held on servers and our internal network which are both fully-encrypted with the most secure protocols and standards.
What are my rights?
You are entitled to be provided with a copy of your personal data being processed. You are entitled to access your own personal data only, but not the personal data (images) of any third parties. A data controller must provide you with a copy of your data within one month of your request, free of charge. This period may be extended by a further two months, if necessary, taking into account the complexity and number of requests. The Data Controller can request further information from you as may be necessary to confirm your identity and to clarify the date and time that recording took place.
You have a right to make a complaint to the Data Protection Commission if you are not satisfied:
- with our response to your request for access
- that our use of CCTV is justified or proportionate in terms of its impact upon you
For further information on your rights, click here
What is your retention period for CCTV footage?
We securely store recordings for a period of 90 days in order to fulfil data access requests from members of the public, An Garda Síochána and the Payment Card Industry (Merchant Services). After this period, all data is purged (permanently erased) from our systems.
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address).
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the bottom of this document.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out below. This Application does not support “Do Not Track” requests.
To determine whether any of the third party services it uses honour the “Do Not Track” requests, please read their privacy policies.
Definitions and Legal References
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
Information collected automatically from this Application (or third party services employed in this Application), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application, which must coincide with or be authorised by the Data Subject, to whom the Personal Data refers.
The legal or natural person to whom the Personal Data refers.
The natural person, legal person, public administration or any other body, association or organisation with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The hardware or software tool by which the Personal Data of the User is collected.
Cookies are small files that are stored on your computer when you visit our website. The cookies hold basic information that shows us if you have visited our site previously, and which pages you visited. This data helps us to provide you with a more personalised service, so for example, the next time you visit our site we can present you with product or service information that you’ve shown an interest in.
Can I enable or disable cookies?
Today most web browsers allow you some control over whether you allow cookies to be collected. You can also easily delete or clear cookies on your browser at any time. This is a handy guide www.allaboutcookies.org which shows you how to see what cookies have been set on your browser and how you can manage them.
This privacy statement has been prepared in fulfilment of the obligations under the following:
- Data Protection Act 2018
- General Data Protection Regulation 2018
- “ePrivacy Regulations” EU Electronic Communications Regulations (2011)
How can I access my data?
Synchro’s Data Protection Officer monitors our compliance with local data protection legislation and GDPR, and will handle all data-related queries. You can contact the Synchro DPO in writing at:
Data Protection Officer, Synchro, Block D, Cherrywood Business Park, Loughlinstown, Dublin 18
or you can email your request to:
Latest update: 25th October 2019