Data Privacy Policy

INTRODUCTION

Raiseaconcern is committed to respecting and protecting your privacy and takes its responsibility regarding the security of information collected very seriously. This policy (together with our General and Website Terms and Conditions) sets out the basis on which any personal data we collect from and about you, or that you provide to us, will be processed by us.

Raise a Concern Limited (trading as Raiseaconcern, Raiseaconcern.com or Raiseaconcern Investigates) is a registered “data processor” of all personal information we collect. Raise a Concern Limited is a company registered in Ireland with registration number 509440.  Its registered office is at Lodge Park, Straffan, Co Kildare.

All personal data we hold is collected and processed in accordance with Irish and EU data protection laws.  

Please read this Privacy Policy carefully.

WHAT IS PERSONAL DATA

Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in or is likely to come into our possession.  There are different ways in which an individual can be considered 'identifiable'.  A person's full name is an obvious likely identifier.  A person can also be identifiable from other information, including a combination of identification elements such as physical characteristics, pseudonyms occupation, address etc.

CONTACT AND OTHER DETAILS

If you have any queries about personal data we may hold about you, please email us at support@raiseaconcern.com; write to Data Privacy Officer, Raiseaconcern, Station House, The Waterways, Sallins, Co Kildare or call us at +353 1 6107929.

SERVICES WE PROVIDE

Where contracted to do so, we provide the following services:

  • We set up and operate Employee Disclosure (Whistleblowing) Schemes.

  • We act as recipient of disclosures about alleged work-related wrongdoing from individuals (‘Disclosers’) within or proper to client organisations that avail of our services.

  • We pass disclosures to Client Organisations and act as a trusted intermediary between Disclosers and Client Organisations, protecting the identity of Disclosers (unless otherwise requested).

  • We provide access to a secure web-based case management system for Client Organisations and (in relation to their specific disclosures only) Disclosers who make disclosures to us on behalf of such Client Organisations.

  • We provide guidance and support through a helpline to Disclosers relating to actual or potential disclosures of alleged work-related wrongdoing to Client Organisations.

  • We provide guidance and support to Client organisations relating to dealing with work-related wrongdoing.

  • We undertake independent investigations of alleged work-related and other wrongdoing.

  • We provide ancillary training, support and related services.

DATA WE COLLECT AND PROCESS

We may collect and process the following data about you:

Information you give us

This is information about you that you give us by corresponding with us, by telephone, e-mail, letter, via a portal on our website, by social media or otherwise or that you give to us in person, where we make a record of it.

It includes the information you supply us with when: (i) you raise a concern with us; (ii) you fill in a form or input information on our website or otherwise make an enquiry of us; (iii) you seek guidance, support or services from us via our helpline, in correspondence, in person or otherwise; (iv) you engage us to provide a service; (v) you use our website; (vi) you send us physical documents;  or (vii) you apply for a position of employment with us.

Information provided by or about third parties

We may also be provided with personal data about you (i) when you are identified in a concern raised with us by another party in relation to a case where we act as recipient of disclosures for a Client Organisation; (ii) when our services are commissioned by a Client Organisation and they provide us with personal data about you, for example where we are contracted to conduct an investigation of workplace or other wrongdoing on behalf of a Client Organisation; (iii) when you are identified by another party either as a possible Respondent, a Witness or an Expert Witness in an investigation of alleged wrongdoing on behalf of a Client Organisation.

In the case of (i) we take steps to ensure that the Client Organisation informs you of the concern raised without undue delay.  In the case of (ii) and (iii) we take steps to ensure that the client organisation or third party has complied with the data protection laws and regulations relevant to that information.  This may include, for example, that the client organisation or other third party has provided you with notice of the collection (and other matters) of the personal data and has obtained any necessary consent for us to process that information or that the client organisation is otherwise permitted or authorised to give us the personal data, as described in this privacy notice.

If any information which you provide to us relates to a third party, by providing us with such personal data you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with the above permissions or are otherwise authorised or permitted to give us this information.

Information we collect about you

We may obtain personal data about you from other sources, such as public registers or other publicly available information.

We may collect, keep a record of and process information about your use of our website including details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.  We use Google Analytics to do this and to learn about our website visitors. All data is anonymised, and we do not match it to usernames, email addresses or other personally identifying information. Visitors can opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

Sensitive Personal Data 

The personal data we collect may include ‘sensitive’ or ‘special categories’ of personal data including data about your dietary requirements, physical or mental health, sexual orientation, ethnicity and racial origin, alleged commission or conviction of criminal offences or other sensitive personal data under applicable data protection laws. 

The legal grounds for processing special categories of personal data are set out below.

WHY WE PROCESS YOUR DATA

We process your data in order to:

(i) enable us to supply the service of recipient of disclosures of concerns about work related wrongdoing from Disclosers and others to Client Organisations who have contracted us to provide such a service.  These disclosures may or may not be protected under the Protected Disclosures Act 2014;

(ii) enable us to supply the service of independently investigating allegations of work related and other wrongdoing for Client Organisations who have contracted us to provide such a service;

(iii)  enable us to comply with legal and regulatory obligations to which we are subject.

We provide the services at (i) and (ii) on the explicit understanding that we have the Client Organisations express permission to process this information on their behalf.

HOW WE USE YOUR DATA

Your data may be used by us for the following purposes:

1. providing the service to client organisations of ‘recipient’ or ‘confidential recipient’ on their behalf of disclosures of alleged work-related wrongdoing, whether under the Protected Disclosures Act 2014 or otherwise;

2.  relaying information to Client Organisations in relation to disclosures made to us.  We will not, however, provide the personal data of a Discloser to a Client Organisation (i) without the Discloser’s consent; (ii) unless we are obliged to do so by law or (iii) unless we are obliged to do so by court order;

3.  contacting you in relation to disclosure(s) made by you, or (if you so request) in relation to our services or in order to provide you with guidance about making or dealing with a disclosure in relation to alleged wrongdoing or information about our services generally;

4.  providing the service to client organisations of investigation of allegations of work related or other wrongdoing;

5.  contacting you if we are requested by a client organisation to carry out an investigation of  alleged wrongdoing and we have been provided with confirmation that you have been advised by the party employing us to conduct the workplace investigation, or on their behalf, that you have been named as the person who made the complaint of alleged wrongdoing (‘Complainant’); as a person required to respond to a complaint of alleged wrongdoing (‘Respondent’); are a possible witness to alleged wrongdoing (‘Witness’) or a person who may be in a position to provide information or expert information in relation to a complaint of alleged wrongdoing (‘Expert Witness’);

6.  contacting you if we are requested to carry out an investigation of alleged wrongdoing and we have been provided with your name by a Complainant or Respondent as a possible Witness or Expert Witness to a complaint of alleged wrongdoing;

7.  systems testing, system maintenance and development, research or in order to deal with a dispute or claim. We may perform data profiling based on the data we collect from you for the purpose of statistical analysis.  We will only use this information in aggregate format and in a manner that does not identify you.  We may report suitably anonymised information to Client Organisations to meet their internal reporting (e.g. Board or Management reporting) or external reporting (e.g. under Section 22 Protected Disclosures Act 2014) requirements, or for comparative purposes;

8. reporting your personal data to regulatory or law enforcement agencies where required to do so by regulation or law.  We will also report your personal data to the courts where required to do so by court order;

We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data.

THE LEGAL GROUNDS WE USE FOR PROCESSING PERSONAL DATA

We are required by law to set out in this privacy policy the legal grounds on which we may rely in order to process your personal data. We rely on one or more of the following lawful grounds:

  • you have explicitly agreed to us processing your information for a specific purpose;

  • the processing is necessary to perform the agreement we have with a client organisation or to take steps to enter into an agreement with a client organisation;

  • the processing is necessary for compliance with a legal and/or regulatory obligation we have;

  • to protect your vital interests or those of another person (e.g. in case of a concern about public safety);

  • the processing is necessary for the purposes of a legitimate interest pursued by us, which might include the following:​

            - provision of our services to our clients, to you or to third parties and to ensure that our contracts with 

              client organisations are fulfilled:

            - to prevent fraud or fraudulent misrepresentation;

            - to protect our business interests;

            - to ensure that complaints and complaints of alleged wrongdoing are fully and properly investigated;

            - to evaluate, develop or improve our services and products.

       - to keep you or our clients informed about relevant products and services and to provide you with                         

               information, unless you have indicated at any time that you do not wish us to do so.

To the extent that we process any special categories of data relating to you for any of the purposes outlined within this privacy policy, including our General and Website Terms and Conditions, we will do so because:

  • you have given us explicit consent to process that data;

  • a client organisation has given us explicit consent to process that data and is duly permitted or authorised to do so;

  • we are required by law to process that data in order to ensure we meet legal or regulatory obligations imposed on us;

  • the processing is necessary for the establishment, exercise or defence of legal claims;

  • you have made the data manifestly public.

In certain circumstances, it may still be lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

WHO WE SHARE YOUR DATA WITH

We may share certain data with our client organisations based on the authorisations we hold.

Where necessary, we may share your information with trusted third parties such as our agents, contractors or partners in connection with services that these individuals or entities perform for us. These include but are not limited to providers of archiving services, information technology management services, data storage, data backup and continuity management services, data interrogation or recovery services, legal services, financial services, third party experts including in such areas as fraud and forensics, accountants, financial and tax advisors or external auditors.

We may disclose your data in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

We may disclose or share your data in order to comply with any legal obligation or in order to enforce or apply our Website and General Terms and Conditions.

Our agents, contractors or partners are restricted from using your data in any way other than to provide services to us. Raiseaconcern requires that all such agents, contractors or partners enter into contractual guarantees to observe security and privacy obligations in accordance with data protection law.

COOKIES AND SITE TRACKING

Our website uses cookies to enable us to improve our service to you and to provide certain features that you may find useful (click here for Raiseaconcern’s Cookie Policy).

Cookies are small text files that are transferred to your computer's hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site; thus enabling us to understand better the products and services that will be most suitable to you. A cookie contains your contact information and information to allow us to identify your computer when you browse through various pages on our website. Most web browsers automatically accept cookies, but, if you wish, you can change these browser settings by accepting, rejecting and deleting cookies. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to change these settings, you may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on your computers.

For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org.

DATA SECURITY

We take our data security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness. We review our data security measures and procedures regularly.

We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage.

The data which you or others provide to us by way of disclosure on our web portal is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information so that it can be securely transferred over the Internet. 

We do not take payments via our website.

Unfortunately, the transmission of information by means of the internet, including through e-mail, by telephone or by post is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us by any such means and any such transmission is at your own risk.

DATA RETENTION

It is our aim to only hold your data for as long as required for the purposes set out above or as required for us to comply with any legal or regulatory obligations to which we are subject. We regularly review our files to check that information is accurate, up to date and still required.

We hold your personal data on our systems for the longest of the following periods:

  • for as long as is necessary to allow us to provide the relevant activity or service; or

  • any retention period that is required by law; or

  • the end of the period in which litigation or investigations might arise in respect of the services.

When we no longer need your personal data, we will securely delete or destroy it.

MARKETING

We do not use your personal data for marketing purposes and do not share it with third parties or others for this purpose.

WHERE WE STORE YOUR INFORMATION

We store your information in different places. Physical files are stored in our offices and in our archives. Physical files may be transported on a temporary basis by our staff to locations outside of our offices, when the need arises.  Electronic files are stored on our secure servers and in the cloud. We may transfer your data to, and store it at, a destination outside of the European Economic Area. Whenever we transfer your data in such a way, we will ensure appropriate safeguards are in place. You may contact us via e-mail, letter or telephone in case you wish to find out more or to obtain a copy of the appropriate safeguards.

YOUR RIGHTS

You have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.       

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

  • Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  This will not affect the lawfulness of our processing before the withdrawal.

You also have the right to lodge a complaint with the Data Protection Commissioner at any time regarding our compliance with data protection law.

If you want to exercise any of these rights, then please contact us at support@raiseaconcern.com or send a written request to Data Privacy Officer, Raiseaconcern, Lodge Park, Straffan, Co. Kildare.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is to prevent impersonation, to ensure that we are dealing with you and to ensure that your personal information is not disclosed to any person who has no right to receive it.

You may exercise your rights by contacting us at the postal address, e-mail address or telephone number provided above.

LINKS TO OTHER WEBSITES

The inclusion of a link on our website to other websites or the communication of a link to another by any other means does not imply endorsement of the linked website by us. We are not responsible for the content or privacy practices of other websites and despite being accessed from a link provided by us, they are not covered by this policy. Any external links to other websites that we publish on our website or otherwise advise you of are clearly identifiable as such.

Once you have used a link to leave our website, we do not have any control over that other website. You should exercise caution and look at the privacy statement applicable to the website in question.

CHANGES TO PRIVACY STATEMENT

We may amend or update this privacy statement from time to time and will publish such amended or updated version on our website, as appropriate.

Where we amend or update this privacy statement we will update the revision date at the end of this page. The new amended or updated policy will apply from that revision date. We encourage you, therefore, to periodically review this notice about how we are protecting your information.

Policy effective from 25 May 2018

 

This project has been supported by Kildare Local Enterprise Office which is co-funded by the Irish Government and the European Union under Ireland's EU Structural Funds Programmes 2007 - 2013.