Purpose of this policy
This policy applies where we are acting as a data controller with respect to the personal data of our site users and customers. In other words, we determine the purposes and means of the processing of that personal data.
We aim to only process personal data that we obtain directly from you, and where you have affirmatively consented to us doing so. If we receive your personal data from a third party or any source that is not you, we will not retain it.
Categories of personal data collected
General Website Use
Elements of personal data collected while browsing our website:
- Online visitor browsing history of our site and associated meta-data (such as IP address)
Elements of personal data we may process by using any of our ‘Contact’ forms:
- Your name
- Email address
- Postal address
- Company details
Career and Contract Position Applications
If you apply for a job or submit your CV to us online, in addition to the above we may collect the following:
- Records of official identification (Drivers licence number, Passport Number)
- PPS numbers, details of previous P60s or P45s etc
- Current occupation and grade
- Precious employment history
- Education and training details
Purposes for, and legal basis by which personal data is processed
General Website Use
The legal basis for this processing is legitimate interests, namely monitoring and improving our website and services, the proper administration of our website and business to support the future development and prosperity of the company, and to protect the intellectual property rights of the company and any services or products it delivers, creates, acquires or owns.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We will not disclose your personal data to any 3rd parties without your express consent. Without your consent to share your data, your data will only be processed by members of our company (including our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
The legal basis for this processing is consent. We use the data collected for email a contact purposes, so we can respond to your enquiry. We may send emails with product or service related information to the email addresses that we have collected. We only send emails to those who have given their consent by opting-in on our "Demo Request form" or to those who have given their consent to be contacted when submitting a ‘contact’ form
Data may also be collected for service enhancement, research, product development, systems integrity, HR matters, advertising and marketing.
Career and Contract Position Applications
The legal basis for this processing is consent. We use the data collected from career application to assess your suitability for the advertised roles. You may be contacted directly by phone or email to confirm the details provided.
Due to the nature of this type of data, we may disclose your data (with your consent) to our clients who are using our professional services to fill the roles and positions advertised. This is done insofar as reasonably necessary for the purposes of fulfilling the advertised roles.
Milestone Solutions have summarised the rights you have under European data protection law. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Your principal rights under data protection law are:
- A person’s right to have their data processed in accordance with the Data Protection Acts
- A person’s right to have their personal information obtained and processed fairly, kept securely and not illegitimately disclosed to others
- A person’s right to be informed and to know the identity of the data controller and their intended purpose for obtaining the person’s personal information
- A person’s right of access to request a copy of their personal information
- A person’s right to rectification or erasure of personal information, or to have it corrected or deleted if inaccurate
- A person’s right to prevent or block thier personal information being used for certain purposes
- A person’s right to object to stop some specific uses their personal information
- A person’s right to have their name removed from a direct marketing list to stop unwanted mail
- A person’s right to not be forced into accessing personal information for a prospective employment, secondment or placement opportunity
- A person’s right to opt-out of automated decision making and instead to have human input in the making of important decisions relating to them
- A person’s rights under Data Protection and Privacy in Telecommunications Regulations to prevent their phone directory entry or other contact details from being used for direct marketing purposes
There are some circumstances where your wishes and requests cannot be guaranteed. Again, you should read the relevant laws and guidance from the regulatory authorities. Typical reasons for not being able to comply to your request would be in relation to compliance with a legal obligation, the exercise or defense and/or legal or litigious claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.
Typical retention periods currently range from 1 to 10 years. Data will be retained for no longer than is necessary for the purpose for which it was collected in the first place.
Notwithstanding the other provisions of this policy, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
All personal data will only be used for the purposes for which it was originally collected.
The personal data collected for a reason will be limited to what is necessary for the purposes for which it is processed.
Procedures are in place to ensure personal data is kept up to date and accurate and where a correction is required, the necessary changes are made without delay.
We have assessed the risks involved in processing personal data and have put internal measures in place to mitigate against them. SSL encryption is used on all our public facing websites. All non-public internal sites are protected by secured firewalls. The company also has robust backup and recovery procedures in place.
Data Storage location and International transfer of your personal data
The hosting facilities for our website are situated in the Republic of Ireland.
All internal business and storage systems in use are also based in Ireland, or the EU in general. While not absolutely guaranteed, insofar as is reasonably possible, all data covered by this policy is stored in EU facilities. All vendors and suppliers of our internal and cloud-based IT service providers have been assessed and are fully committed to the principles set out in the GDPR or equivalent ‘adequate’ systems.
Due to the nature of our global business, we also operate outside the EU, namely in the Americas. Occasionally some of our data is stored in US based facilities. Where this is the case, we aim to ensure any IT vendors or solution providers we use are complaint to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. The European Commission has made an "adequacy decision" with respect to Privacy Shield. Transfers to non-EU facilities will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email or through private messaging systems.
Do customers if the company have control over their personal data, and if so, what kind of control they have?
Yes, customers of Milestone Solutions' do have control over their personal data. Any customer can request at any time to be made aware of all of the information that we have collected relating to that person. Information on this customer can be deleted upon request. If you have any questions about this Policy, our practices related to this Site, or if you would like to have us remove your information from our database please feel free to contact us at the following: