Back to top

Jerus Data Protection Privacy Policy

Who are we

Jerus Data Protection Ltd. is a Data Protection consultancy based in Ireland, helping our clients to demonstrate accountability through their data protection programmes.

Purposes for processing

We process data about people for the following purposes:

  • Sales and marketing
  • Executing projects
  • Delivering training, (either directly or through partners)
  • General office administration and accounting
  • HR administration, including payroll and recruitment
  • Management of sub-contractors

Categories of information processed

Sales and Marketing
  • Contact names
  • Telephone numbers (landline and mobile)
  • Social media identifiers (e.g. twitter accounts)
  • email addresses
  • Postal addresses
Projects
  • Contact names (for project stakeholders, participants)
  • Email addresses
  • Contact phone numbers
  • Account names and handles
General office admin and accounting
  • Contact names
  • Contact details (e.g. address, email address, telephone number)
  • Tax identifiers (e.g. Irish PPS Number for employees or VAT number for subcontractors)
  • Time sheets
  • Data associated with accounts receivable or accounts payable.
HR administration and management of sub-contractors
  • Contact Names
  • Contact details (address, email, phone number)
  • PPSN (for employees)
  • Attendance records/time sheets
  • Training records
  • Sick certs and data relating to occupational health
  • CVs
Health and safety
  • Occupational health data
  • Accident reports, including details of injuries and contact information for injured parties or witnesses
Website performance management and security
  • IP Addresses (in server log files)

Cookies and Similar technologies​

See Cookie Policy.

Grounds for Processing

We process data provided by you on one of the following grounds, depending on how or why you are interacting with us:

Sales and Marketing
  • Consent
  • Legitimate Interest
    • It is in the legitimate interest of a company to engage in marketing to promote its products or services
Projects
  • Necessary for the execution of a contract
  • Legitimate interest
    • It is necessary to be able to contact project stakeholders to deliver projects we are contracted to deliver
General office admin and accounting
  • Legitimate interest
    • It is in the legitimate interest of the organisation to process information for administration and compliance with accounting requirements
  • Statutory obligations
  • Necessary for the execution of a contract
HR administration and management of sub-contractors
  • Statutory obligations
  • Legitimate interest
    • It is in the legitimate interest of the organisation to manage staff efficiently and effectively and ensure compliance with duties of care and other obligations
  • Necessary for the execution of a contract
  • Necessary for obligations arising relating to employment, taxation, and social security law
Health and safety
  • Legitimate interest
    • It is in the legitimate interest of the organisation to process data about health and safety issue for the purposes of seeking legal advice, defending claims and supporting insurance risk assessment
  • Necessary for obligations arising relating to employment, taxation, and social security law
  • Statutory obligations

Categories of Recipients

For many of our processing activities, we are required to disclose data to 3rd parties who are not data processors acting on our behalf or data controllers on whose behalf we are working.

Categories of recipients include:

  • Tax authorities (e.g. Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)

Cross-border data transfers

We may, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365, and similar tools.

Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of

  • An Adequacy Decision from the European Commission.
  • Model Contract Clauses

In exceptional circumstances, we will rely on the consent of the data subject or the necessity of the processing for the conclusion/performance of a contract with the data subject.

On a case by case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.

Data Retention

We retain personal data about individuals for a range of periods. The basis for our retention periods is based on:

  • Statutory obligations
  • Contractual obligations
  • Quality assurance standard obligations provided by our training partners or accrediting bodies.
  • For reasonable periods after the conclusion of engagements for QA and risk management purposes.

On a case by case basis, records may be retained for longer when required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of “hold” process, the ongoing retention will be reviewed on an annual basis.

Your Rights

  • For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
  • For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a specific purpose may prevent us from executing a contract or delivering a service to you.
  • You have the right to request
    • A copy of data we hold about you (Right of Access)
    • That any error in data we hold about you is corrected (Right of Rectification)
    • That data we hold about you be erased unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
    • That we refrain from processing data for a specific purpose (Right to Restrict processing)
  • You have the right to complain to the Irish Data Protection Commissioner (www.dataprotection.ie), and to seek compensation through the Courts.

Contacting Us

Alternatively, if you have a specific data protection query you can email dp@jerus.ie.