DATA PRIVACY

To provide our services, we collect and process some of your personal information. This gives you more detail about what we do with it. It also lets you know your rights.

This statement relates to the information we collect and process as the data controller when:

• you engage with us in advance of becoming a client
• you become a client
• we provide our services to you

1. WHAT DO WE USE YOUR PERSONAL INFORMATION FOR?

1.1. Enquiries
Where you have made enquiries about our products and services, including through an e-mail request or by a request that we contact you (whether implied or explicit), we will use the information you provide to us as part of the request, or in subsequent communications only for the purposes of

• providing you with information about our services;
• giving preliminary advice before we are appointed to provide you with our services;
• providing you with proposals for the provision of our services; and
• providing you with further information and/or securing your instructions in connection with your initial enquiry.

In the context of your enquiries, your personal information is processed in this way for our legitimate business interests, which means the interests of Sea Clean Cleaning Solutions Ltd. in conducting and managing our business but, most importantly, to give you the best service and products we can.

How long do we keep this personal information?
If you do not become a client, we will keep this information for a period of one year after the date of your initial enquiry.

1.2. Provision of products and services
The nature of our services is such that in providing them we may process your personal information. This is specifically the case if you are a private client, sole trader or a partnership, where the processing of your personal information is required to provide our services to you.

Unless otherwise stated in this Data Privacy Statement, any personal information (email address and telephone number, address, contact person) provided to us during providing our services to you will be used for:

• the purposes of providing those services to you in accordance with our contract with you;
• meeting our legal obligations, in particular (but not exclusively) to the Revenue Commissioners;
• managing our relationship with you to meet our contractual obligations to you; and
• for our legitimate interests in conducting and managing our business.

How long do we keep this personal information?
Personal information that is provided to, or generated by, us during the provision of our services will be kept for a period of seven years after the end of the financial year in respect of which that personal information relates.

1.3. Products and services information
If you are (or have been) a client, we use your personal information to send you information related to:

• our products and services;
• payments
• invoices

Your personal information is processed in this way for our legitimate business interests, which means the interests of Sea Clean Cleaning Solutions Ltd. in conducting and managing our business but, most importantly, to give you the best service and products we can.

You can at any time object to our processing of your personal information these purposes at any time by writing to us or emailing us at info@seaclean.ie

1.4. Other Uses
Your personal information will also be processed:

• to manage your personal data in accordance with this privacy notice; and
• to comply with our data protection and other legal obligations, including periodically seeking the renewal of consent for the processing of your personal information where required.

2. LEGITIMATE INTERESTS

When we process your personal information for our legitimate interests, we make sure we have considered and balanced the potential impact on you. We will never use your personal information in a way that is detrimental to your interests.

Where we process your personal information for purposes we consider to be in our legitimate interest, you have the right to object to this processing. You may exercise this right by writing to us at our address or by emailing us. If you do object, this may affect our ability to provide our products and services to you.

3. WHO ELSE RECEIVES YOUR PERSONAL INFORMATION

In order to ensure we can meet our obligations to you, our clients and other stakeholders in the most efficient and effective way, we may share your personal information with third parties. The categories of third parties with whom your personal information is shared are detailed below.

Your personal information is not shared with anyone else. It is not transferred outside the European Union (unless otherwise stated).

3.1 Information technology and systems
The following service providers are used by Sea Clean to support its activities:

(i) Planday: Provision of employee scheduling, time and attendance, communication, tasking, and auto-scheduling software. Sea Clean does not collect or process employee location information (required to punch in and off), profile photographs or social media links from the Planday iOS or Android App. Planday is the Data Controller in respect of the Planday iOS or Android App. Their privacy statement can be found at https://www.planday.com/legal/ and it is attached to our Hand-Book.

(ii) Thesaurus Software’s / Bright Pay / Bright Connect / Bright Contracts: Provision and creation of Contracts and Payslips.

(iii) Sage: Accountancy software

These third parties can only use the personal information we share in order to provide their services to us.

3.2 Professional advisers and other service providers
We engage a range of third parties to provide services, advice and products to Sea Clean, to whom we may provide personal information in order that those services, advice or products can be supplied to us:

(i) professional advisers, such as law firms, accountancy firms, insurance brokers and other advisory businesses;
(ii) insurers;
(iii) IT services, backup cloud

3.3 Other third parties
Your personal information may be shared with third parties (such as your bank for the purposes of confirming your employment by us and rates of pay) in accordance with your written and verified instructions.

4. TRANSFER OF PERSONAL INFORMATION OUTSIDE OF THE EUROPEAN UNION

All data, including your personal information, is stored on infrastructure located in EU.
The companies listed below, store the data in servers in EU and in the United States, Canada and Australia.

To provide appropriate safeguards regarding the processing of your personal information in these countries, the relationship between Sea Clean and its service providers is governed by approved standard data protection clauses.

4.1 Backup – Microsoft 365 One Drive
By default, Cloud Backup saves the data in the geography where the data is created. On the cloud side, there are six states of the art data centres around the world – with more to come. The data centres are in the following countries: The Netherlands, United Kingdom, Germany, Canada, USA, Australia
The secure data centre locations are constantly guarded by highly trained security officers around the clock, 365 days a year. Physical security also includes the use of CCTV monitoring. And the centres are kept up and running thanks to backup generators. Data, meanwhile, is stored on redundant arrays in case of a disk failure. And every data centre is either SSAE compliant or ISO certified.
Data centres have the following ISO certifications: ISO 9001 :2008, ISO14001:2004, OHSAS 18001:2007, ISO27001:2005, ISO50001:2011, PCI-DSS Chapter 9.

4.2 Protection from the internet and viruses – SolarWinds®
We have implemented Patch Management Policies to Prevent Cyberattacks and Optimize System Performance. We use SolarWinds® Remote Monitoring & Management (RMM) streamlines patch management by giving us granular control over our patch management policies. With our patch management solution, we reduce the risk of cyberattacks and optimize system performance. As a global company, SolarWinds® operates in over 21 countries and have partnered with top data centre providers in each region, currently operating a point of presence in 15 countries. Their data centres and their associated certifications are shown in the table below.

5. INTERNET AND IT SECURITY

5.1 Encryption of customer data
Encryption is a way of scrambling data to help keep it secure. We often use encryption to protect our customer’ data, for example where is being sent over the internet. We issue clear guidelines written by our security specialists for how our employees should use encryption. We make sure that we properly protect passwords and the keys that can be used to read encrypted data. All mobile devices like laptops and tablets are encrypted. Access to Microsoft Office 365 online services are secured with Two Factor Authentication enabled (passwords and Security PIN on Mobile device).

5.2 Buildings security
We store and process our customers’ data in secure “Data Centres”. These Data Centres are secure, and access is restricted to those with appropriate permission. They are also built to be able to withstand fire, flood, lightning strike, power failures or other similar events. However, as an additional precaution, we often store customers’ data in multiple data centres so that if one is out of action, our products will keep working.
Where we store data in more than one Data Centre, we make sure that the security of each Data Centre is of the same high standard. Office 365 tenants are defaulted to a datacentre geography (Geo) based on the country of the transaction associated with that tenant’s first subscription. The following services are kept in the following locations:

Exchange Online: Austria, Finland, Ireland, Netherlands
OneDrive for Business: Ireland, Netherlands
SharePoint Online: Ireland, Netherlands
Skype for Business: Ireland, Netherlands

Microsoft has robust policies, controls, and systems built into Office 365 to help keep information safe.

5.3 Backup copies of customer data
We regularly make backup copies of our customer data so that if the original data is lost or damaged, we can replace it using the copy. We store the copies securely, taking the same care over them as we do over the original data. We use Microsoft Office 365 subscription and all the data are stored in Microsoft OneDrive. Apart of this all the data are backed up every day and we keep 28 of restore points of the data.
By default, Cloud Backup saves the data in the geography where the data is created. On the cloud side, there are six states of the art data centres around the world – with more to come. The data centres are in the following countries: The Netherlands, United Kingdom, Germany, Canada, USA, Australia
The secure data centre locations are constantly guarded by highly trained security officers around the clock, 365 days a year. Physical security also includes the use of CCTV monitoring. And the centres are kept up and running thanks to backup generators. Data, meanwhile, is stored on redundant arrays in case of a disk failure. And every data centre is either SSAE compliant or ISO certified.
Data centres have the following ISO certifications: ISO 9001 :2008, ISO14001:2004, OHSAS 18001:2007, ISO27001:2005, ISO50001:2011, PCI-DSS Chapter 9.

5.4 Finding and fixing security problems
We use tools to scan computer hardware and software on a regular basis to look for weaknesses that could potentially lead to security problems. If we find these weaknesses, we fix them, on a priority basis. We make sure we test the fixes so that they don’t cause new problems.
Despite adopting industry best practises, security problems can still happen. When they do, we have clear internal processes to ensure problems are quickly reported and handled by the relevant people. After a problem is fixed we learn from what happened to try to stop it from happening again.

5.5 Protection from the internet and viruses
We use a variety of software and hardware tools to make sure that unauthorised people cannot access our customers’ data over the internet or get any kind of access to our computers.
We keep our computer systems up-to-date and run anti-virus software on them to prevent them becoming infected by computer viruses or other harmful software.
We have implemented Patch Management Policies to Prevent Cyberattacks and Optimize System Performance. We use SolarWinds® Remote Monitoring & Management (RMM) streamline patch management by giving us granular control over our patch management policies. With our patch management solution, we reduce the risk of cyber attacks and optimize system performance. Whether we want to automate the entire process, or we want to manually approve or deny patches, SolarWinds RMM gives us this option. This system also has built-in managed antivirus which helps to keep both known and emerging malware off workstations and servers. Our antivirus feature not only stays up to date with the latest threats using traditional signature-based protection but also protects against new viruses using sophisticated heuristic checks and behavioural scanning. With new threats created each day, we can protect ourselves by using these proactive methods to help ensure rock solid malware protection.

5.6 Manage and Secure Smartphones and Tablets
At present, we need to account for mobile devices and on-the-go employees. This means we need solid mobile device management software that lets them be more productive by using their preferred devices — while keeping the network safe and secure.
The system we use allows us to easily manage and secure mobile devices. Our mobile device management feature is scalable, easy to configure, and easy to manage. It makes device management more efficient and helps us to reduce risk with fast, automated setup and maintenance of our mobile fleet. And by combining mobile device management with the other features, we can conveniently oversee multiple types of devices from a single web-based console.

6. WHAT ARE YOUR RIGHTS?

6.1. Right to withdraw consent
You can withdraw your consent to our processing of your personal information at any time. Write to us at our address or email us. Once your request has been verified, we will stop our processing within one working day. This only applies in respect of processing where your consent has been provided, for instance, receiving products and services information.

6.2. Accessing, deleting, rectifying and moving your personal information
You have the right to:

• access your personal information;
• require us to delete it;
• rectify any personal information we hold that is incorrect; and/or
• have your personal information transmitted to another data controller.

If you want to exercise these rights, please let us know in writing. You will need to provide sufficient information to verify and complete your request. We will complete your request within thirty days, subject to any legal or other requirements that requires us not to complete your request, in which case we shall inform you of this where we are permitted to do so.

6.3. Lodging a complaint
You can at any time complain about our processing of your personal information with your local data protection authority. Sea Clean Cleaning Solutions Ltd. supervisory authority is:

Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois, Ireland

www.dataprotection.ie

7. HOW DO YOU CONTACT US?

The data controller is

Sea Clean Cleaning Solutions Ltd.

You can write to us at:

Sea Clean Cleaning Solutions Ltd.
Homefarm House
Drumcondra
Dublin 9
Ireland

You can email us at:

info@seaclean.ie