Updated: August 19th 2019
In our everyday business Doyles Bakery makes use of a variety of data about identifiable individuals:
- Identity Data (Name)
- Contact Data (Postal address, email address, telephone number)
- Technical Data (Includes any communication that you send to us through contact forms, website, email, text, letter or social media)
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. This information helps improve and personalise how you use our online services. We use Google Analytics which relates to browser type, location and demographics and this data is anonymous. For further information refer to Doyles Bakery Cookies Policy.
HOW WE USE YOUR PERSONAL DATA
We will only use and retain your personal data for as long as is necessary for the purpose(s) specified and to comply with the law. We will not, without your consent, supply your data to any third party except where such a transfer is a necessary part of the activities that we undertake. Processors acting on our behalf only process your data in accordance with instructions from us and to comply with data protection laws and any other appropriate confidentiality and security measures.
Principles Relating to Processing of Personal Data
There are several fundamental principles upon which the GDPR is based.
These are as follows:
Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the individual.
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of individuals.
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate measures.
Doyles Bakery as controller is responsible for compliance with the above. Doyles Bakery will ensure that it complies with all of these principles both in the processing it currently carries out and as part of the introduction of new methods of processing.
RIGHTS OF THE INDIVIDUAL
An individual has rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within Doyles Bakery that allow the required action to be taken within the timescales stated by GDPR.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it and to satisfy legal, accounting or reporting requirements and in accordance with Doyles Bakery Data Retention Policy.
Doyles Bakery have appropriate security measures, to prevent personal data from being accidently lost, altered, disclosed, used or accessed in an unauthorised way.
Access is limited to specific employees.
Doyles Bakery is responsible for identifying records that have met their required purpose and retention period and for supervising their destruction.
Where a breach is known to have occurred which is likely to result in a risk to your rights and freedoms we will notify you without delay and notify the Data Protection Commissioner where we are legally required to do so, and where feasible, within 72 hours in accordance with Doyles Bakery Data Breach Notification Policy.
Unit 2 Cookstown Industrial Estate
Telephone (01) 4608400
Data Protection Commissioner
Data Protection Commission
Co Laois R32 AP23
Lo Call: 1890 252 231