An Post GeoDirectory DAC are committed to safeguarding the privacy of our website and application visitors and service users.
Personal Data means any information that APG has or obtains or which you provide to us, such as your name, email address and telephone number(s) from which you can be directly or indirectly personally identified, and may include information such as location information, identification, account numbers, IP addresses and online identifiers, depending on the services which we provide to you and the manner in which we interact, and includes personal data as described in the Data Protection Legislation (as defined below).
We will handle your Personal Data in accordance with Data Protection Legislation. Data Protection Legislation means the Data Protection Acts 1988 and 2003 and Directive 45/46/EC, any other law or regulation relating to the processing of Personal Data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (E-Privacy Regulations), as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (GDPR) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).
How we collect your Personal Data
We will obtain your Personal Data directly from you, such as when you complete an application form for one of our services or where you enter your details into our online forms or you send us a communication. We may collect your personal information while monitoring our technology tools and services.
Why we use and hold your Personal Data
We collect information from you as necessary in the course of providing our service and operating our websites and applications.
We use that information:
a) for the purposes of performing any contracts you have entered into with APG;
b) to provide and improve our websites and applications, including auditing and monitoring its use;
c) to manage and administer our relationship with you;
d) to send you updates, publications and details of events;
e) to process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping;
f) for such purposes as you have consented, such as for marketing (see Marketing Preferences below);
g) to provide and improve our services;
h) for such other purposes as were notified to you at the time you provide the information to us.
Legal Basis for Processing
The legal bases upon which any Personal Data which we collect from you, or that you provide to us, is processed are as follows:
a) for the purposes of performing a contract you have entered into with APG;
b) to process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with correspondents;
c) for compliance with our legal obligations;
d) where you have given us your express consent;
e) where our use is for a legitimate purpose of APG, including but not limited to:
i) day to day operational and business purposes, including board and group reporting and management purposes;
ii) to provide information requested by you and respond to communications from correspondents;
iii) to contact you for administration reasons related to our services or to invite you to participate in surveys about our services (for which participation is always voluntary);
iv) to send you information with respect to our services, activities or online content or updates, publications and details of events;
v) to fulfil our legal, regulatory and risk management obligations;
vi) the proper administration of our websites, applications, services and business;
vii) for the purposes of managing our contracts and relationships with our customers, suppliers, service providers, vendors and other commercial partners;
viii) taking advice from our external legal and other advisors;
ix) to help us improve our services and systems, and to improve your experience on our web and online services;
x) to undertake market research, statistical and product development analyses;
f) where necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
When we disclose your Personal Data
We will not disclose your Personal Data except as outlined above and / or as follows:
(a) where the disclosure is necessary to enable us to carry out our obligations under any agreement we have with you;
(b) to verify the authenticity of documentation provided to us;
(c) to anyone providing a service to us or acting as our agents, which may include our shareholders or third party service providers, on the understanding that they will keep the Personal Data confidential;
(d) where we need to share your Personal Data with our shareholders, our auditors and our legal and other advisors;
(e) to any (or any proposed) assignee, transferee, or successor in title to the whole or any relevant part of our business, and their respective officers, employees, agents and advisers; and
(f) where we reasonably believe that you are or may be in breach of any applicable laws, for example on hate speech, we may disclose your personal information to relevant third parties, including law enforcement agencies or your internet service provider, subject to such disclosure being permitted under applicable laws, including Data Protection Legislation; and
(g) if the disclosure is required by law or regulation, or court or administrative order having force of law.
We will not otherwise share your Personal Data with any third party unless we receive your prior written consent to do so.
Other Recipients of your Personal Data
In any case where we are acting on our own behalf and we share your Personal Data with a third party data controller, in accordance with the above section, (including, as appropriate, counterparties to transactions on your accounts), the use by that third party of the Personal Data will be subject to the third party’s own privacy policies.
International Transfers of Personal Data
Without prejudice to the foregoing, it is specifically acknowledged that APG may transfer your Personal Data to Salesforce (a Customer Relationship Management platform provider based in the United States of America).
Retention of Personal Data
We are obliged to retain certain customer information to ensure accuracy, to help maintain quality of service and for compliance with legal obligations, fraud prevention, to resolve disputes, to enforce our agreements, to support business operations and legitimate business purposes.
Your Personal Data will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance. Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
A cookie is a small piece of information which is transferred to your computer’s hard disk from a website. Cookies can store information about your preferences and other information which you need when you visit a website.
Your rights in relation to your Personal Data
Updating and correcting your Personal Data
If we hold incorrect Personal Data about you, you have the right to have the data amended. While we will use reasonable efforts to keep your Personal Data up to date, you will need to notify us without delay in the event of any change in your personal circumstances, so that we can keep the Personal Data up to date. It is your responsibility that all of the Personal Data provided to us is accurate and complete.
You can update your Personal Data by writing to An Post GeoDirectory DAC, Room 3A, GPO, O’Connell Street, Dublin 1 together with:
1. Your name and address.
2. A description of the specific Personal Data you wish to have rectified.
Right of erasure
You have the right in some circumstances to have your Personal Data, which we hold, erased. If you request an erasure of your Personal Data, all your data will be erased subject to the following important notice.
We will not be required to erase your data where to do so would prevent us from meeting our respective contractual obligations, or where we are required to process (including retaining) your Personal Data in order to comply with a legal obligation, or if the Personal Data is necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
Right of Access
You have a right to be given a copy of your Personal Data on request, subject to certain exceptions, including those referred to below. To request a copy of your Personal Data, please contact the Data Protection Co-Ordinator, An Post GeoDirectory DAC, Room 3A, GPO, O’Connell Street, Dublin 1.
Please note that we have the right to require that you identify yourself before we will respond to any access request. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
There are certain types of data which we are not obliged to disclose to you, which include Personal Data which records our intentions in relation to any negotiations with you where disclosure would bel likely to prejudice those negotiations. We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case if we decide to provide you with the Personal Data requested, we may charge you a reasonable fee to account for administrative costs in doing so), or (ii) we are entitled to do so pursuant to data protection legislation.
Your Other Rights
Restriction of processing
You also have the right, in certain circumstances, to request restriction on the use, of your Personal Data, and to object to certain uses of your Personal Data, in each case subject to the restrictions set out in applicable Data Protection Legislation. You may request that we stop processing your Personal Data temporarily if:
• you do not think that your Personal Data is accurate (but we will start processing again once have checked and confirmed that it is accurate);
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing;
• or you have objected to processing because you believe that your interests should override the basis upon which we process your Personal Data.
If you exercise your right to restrict us from processing your Personal Data, we will continue to process the Personal Data if:
• you consent to such processing:
• the processing is necessary for the exercise or defence of legal claims;
• the processing is necessary for the protection of other individuals or legal persons; or
• the processing is necessary for public interest reasons.
Where we rely on a legitimate purpose of ours or of a third party recipient of the Personal Data, in order to use and disclose Personal Data, you are entitled to object to such use or disclosure of your Personal Data, and if you do so, we will cease to use and process your Personal Data for that purpose, unless we can show there are compelling legitimate reasons for us to continue or we need to use the Personal Data for the purposes of legal claims.
Withdrawal of consent
In any case where we rely on your consent to process your Personal Data (for example with respect to direct marketing or in the use of your location data in our mobile application), you have the right to change your mind and withdraw consent by writing to us at the address set out under “Contact Us” below. Please note that if you withdraw your consent to such processing, it may not be possible for us to provide all or a part of our service to you.
In limited circumstances, you may also have the right to data portability in respect of certain of your Personal Data, which means you can request that we provide it to you in a structured, commonly used and machine-readable format, or transmit it to your third party nominee where this is technically feasible. This only applies to Personal Data that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability only applies where (i) the processing is based on your consent or for the performance of a contract; and (ii) the processing is carried out by automated means.
You may ask us to ensure that we do not make any decision with respect to you based solely on an automated process, and to have any decision reviewed by a member of staff. Profiling may occur in relation to your Personal Data for the purposes of targeted advertising and de-targeting you from specified advertising. This allows us to tailor our advertising to the appropriate customers and helps to minimise the risk of you receiving unwanted advertising. These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law; (ii) necessary for the performance of a contract between you and us; or (iii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.
You have the right to lodge a complaint about our processing of your Personal Data with the Data Protection Commissioner at firstname.lastname@example.org.
How do we protect your personal information
We do our utmost to protect user privacy through the appropriate use of security technology. We restrict access to your Personal Data to employees, contractors and agents who need to know your Personal Data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. However, our website may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including cookies. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of your Personal Data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of any data transmitted to us and any such transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transmission of data over communications networks and facilities, including the internet; or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your Personal Data arising from such risks.
We will notify serious data breaches in respect of your Personal Data to the Data Protection Commissioner without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however it is not necessary to notify the Data Protection Commissioner where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your Personal Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:
• we have implemented appropriate technical and organisational measures that render the Personal Data unintelligible to anyone not authorised to access it, such as encryption; or
• we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
• it would involve disproportionate effort, in which case we may make a public communication instead.
Where you have agreed to receive marketing from APG, and its affiliated companies and/or select third parties, we will use this information to contact you with news and special offers from APG, and its affiliated companies and select third parties where applicable.
We may use and analyse your Personal Data, including transaction data on your accounts, in order to make the marketing materials we send to you more relevant to your interests and requirements. We may also use your Personal Data as part of more general market, statistical and product development analyses in relation to our business generally.
You can object to us analysing your Personal Data in this way by writing to us at the address set out under “Contact Us” below. If you do object to this analysis, the marketing information you receive will not be made more relevant to you.
Your Personal Data will not be given to any third parties for marketing purposes. Where you have opted to receive marketing information, you will always be contacted by APG.
You can change your marketing preferences at any time by contacting us at the address set out under “Contact Us” below.
Each time we send you marketing information, we will give you the option to change your mind about receipt of marketing.
Updates and amendments
Last updated on 25th May 2018.