Privacy Policy – Client employees

In accordance with the General Data Protection Regulations (GDPR), Graphite HRM has implemented this privacy notice to inform you, our client’s employee, about how we may manage and process your personal data. This notice applies to all current and former employees of our clients, including contract or temporary workers.

Graphite HRM (“Graphite”) is committed to protecting your privacy by ensuring that any personal data we obtain is used lawfully and transparently. We comply with the seven principles of the GDPR for the duration of any data processing we do.

This Privacy Notice explains:

  • Who we are
  • Personal data we collect
  • Our legal basis for processing
  • Who we may share information with and why
  • Where we may transfer data to
  • How we keep information secure and deal with security incidents
  • How long we may keep your data for
  • Your data privacy rights
  • How to contact our DPO and the ICO

If you are a client looking for further information on how we handle your data, please click here.

Who is Graphite?

Graphite HRM specialises in the provision of HR consultancy services to businesses within Northern Ireland and The Republic of Ireland.

When providing these services, we take our responsibilities regarding data protection very seriously and are bound by all applicable data protection laws in respect of the handling, processing and collection of data. All employees who handle personal and business data are fully trained to ensure that the data is processed in line with the General Data Protection Regulations 2018 (GDPR) as well as The Data Protection Act 2018 (DPA 2018).

When delivering our professional services such as employment consultancy services we are the Data Controller for any personal data that your employer may supply to us.

Personal data we collect

The type and frequency of any personal data collected will always depend on how our website and services are used.

Personal Data provided to us:

We use electronic contact forms and chat facilities across our websites. These forms will prompt users to input basic contact details so we can generate service quotes, provide newsletter updates and respond to enquiries. You may also provide data when corresponding with us by phone, email, letter or social media or when you meet with our onsite HR services via webcam or in person. It is important that the personal data we hold about you is accurate and current. You should keep us informed if your personal data changes during your relationship with us.

Personal Data provided to us from your employer or other third parties:

We may receive information about you and your employment history from your employer so that we can provide them with the services they have opted for. Data provided to us would relate to your key employment information such as name, age, salary, length of service, gender, job title, job descriptions, employment contracts, employee handbooks, wider conditions of employment, details of formal and informal procedures, annual leave and sick/emergency leave records. We may also receive data about you from specific third parties affiliated with your employer such as business partners, other staff members, colleagues or witnesses, government organisations or councils

Personal Data collected by us:
In some cases, we may ask to verify your identity in limited circumstances by requesting valid photographic identification. Depending on the nature of the business relationship we have with your employer, we may approach with questions relating to your job role on occasion and as a result we may collect additional data from you as part of that process. This is so we can carry out obligations on behalf of your employer within the field of employment. We may also process data that is already made public, or that you have made public yourself.
Special Categories of Data:
Due to the nature of the service we provided, there may be instances where we need to process Special Category Data provided by you or your employer when we are introduce to assist with an issue or query brought to us. Special category data is a more sensitive type of data which reveals insights about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation. We may also process data that relates to criminal and/or civil offences as well as child data in some very limited circumstances, usually in connection with Legal advice, dispute resolution or Employee Assistance programs. Sensitive data collection will only take place where it is applicable to the provision of the services that we are contracted to provide, and we will not over collect this category of data in any circumstances. The fundamental rights of data subjects are always assessed to ensure that the processing is fair, transparent and lawful.
Online Identifiers:
When you visit our website, a record of your device’s IP address is retained which is used anonymously in order to determine website and page visitors. For more information on how we use online identifiers or cookies please visit our cookies policy.

Our legal basis for processing

Before processing any personal data passed to us from your employer or by you, we ensure that at least one lawful basis under GDPR is met. We will not disclose personal data for any purpose other than what data was originally collected for; unless there is an overriding legal basis that enables this processing.

We may also process your personal data in the following circumstances:

To Perform services under the Contract we have with your Employer:

We process information in order to support and maintain our existing or potential contractual relationships with your employer/ex-employer under the lawful basis ‘performance of a contract’. We may process personal data in order to provide various supporting client services and to make improvements to our website. We record all calls made to our staff members including internal, inbound or outbound calls. The lawful basis which we often rely on to process data for the duration of servicing on your employers account is under our ‘legitimate interests’. As part of our ‘legitimate interests’, we may also need to work with third parties in the delivery of the services we provide to your employer. Where necessary, we may need to process data that is in the ‘public interest’.

To Defend Legal Issues:

We have a ‘legitimate interest’ to process data which may assist our clients to carry out their duties as your employer. We may also need to share certain details we hold about a person with law enforcement agencies and other regulatory bodies where necessary.

To Process Sensitive Data:
We may need to process more sensitive data from you in order to provide the requested service to our clients to ensure we are giving fair and complaint service. Any data deemed as more sensitive that is provided by you or your employer is given to us lawfully under ‘legitimate interests’. Your employer also has a ‘legal obligation’ to ensure that they are complying with employment and health and safety laws. This may mean they need to outsource HR assistance to ensure that they can meet their legal obligations in their entirety.

Data Sharing and International Transfers

Personal data will only be disclosed on a confidential basis to external service providers so that they can provide services such as financial, technological or administrative assistance. When we share data with an external third party; these operations are governed by a Data Processing Agreement (DPA) and we perform regular due diligence on any external companies we work with to ensure that high levels of data integrity are maintained.

Any transfers taking place outside the EEA are only permitted with the provision of an Adequacy decision, Standard Contractual Clauses (SCC’s) or any other lawful transfer mechanism. This includes an SCC between other companies in our group if they are located outside of the European Economic Area.

Where necessary, we may need to share data with external organisations such as law enforcement, regulatory bodies, fraud prevention agencies, partners or advisors. Before any data is shared, we ensure that all technical and organisational controls are firmly in place and a data protection impact assessment is undertaken, where applicable, if the sharing or transfer is considered high risk. We do not sell your data to any third parties.

Data Storage and Security

We have a dedicated Information Security team who are in place to offer protection across all our networks and IT assets to assist with data security and data loss prevention. All our systems are robustly secured, and we are ISO27001 and Cyber Essentials Plus certified. We also have a specialised Incident Response Team on hand to respond quickly to any data related issues including the prevention and detection of cyber criminals. For our UK and Irish clients, cloud providers we use have servers based within the respective UK and EEA jurisdictions. As a company we promote a ‘paperless’ culture where possible.

Data Retention

Graphite HRM, along with other companies within the Peninsula Group only keep your data for as long as necessary, unless there is an overriding legal ground. We will not retain data if it is deemed unlawful to do so. Data may be held for purposes relating to the establishment, exercise or defence of legal claims which the group or our clients may face. We only keep your data for as long as we need it for, which will be for the duration of your employer’s contract due to the provision of services and for seven years after that contract comes to an end. Some data may be deleted before this time period depending on the category of that data in line with our commercial legitimate interests and retention schedule. Personal data that is no longer necessary is deleted securely in line with the groups Data Disposal Policy.

Your Data Privacy Rights

All data subjects have individual rights. On a case by case basis, you have the following rights in relation to your personal data processed by Graphite HRM:

  • The right to be informed about how your personal data is collected and used
  • The right to request access to a copy of any personal data that we hold about you
  • The right to rectify personal data we may hold which is identified as incorrect or misleading
  • The right to erasure of any personal data; also known as ‘the right to be forgotten’
  • The right to restrict further processing of your personal data
  • The right to data portability where technology allows us to send personal data onto a new controller
  • The right to object to the processing or certain processing activities
  • Rights in relation to automated decision-making including profiling.

As an organisation we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities. Please be aware that your rights of access do not entitle you to physical or digital copies of any documentation we hold.

Queries and Complaints

Graphite HRM has a dedicated representative who can be approached for any questions, comments and requests regarding this privacy policy or our Data Privacy Management System. Frequently asked questions about or GDPR compliance can be accessed here.

Our Group Data Protection officer welcomes communication around our policies and practices and they can be directly contacted on the details below, which are also publicly available on the ICO register. You can also write to us at:

Dublin Office : Block W East Point Business Park, Alfie Byrne Road, East Wall, Dublin 3, Ireland.

Northern Ireland Office : Unit 5, Citylink Business Park, Albert Street, Belfast, BT12 4HQ.

GDPR Oversight Team : GDPR@graphitehrm.com

Data Protection Officer : Peninsula Legal Services Ltd t/a Irwell Law. Email: info@irwell-law.com

If you are unhappy with the response that you receive from us when you exercise your GDPR rights, you have the right to lodge a complaint to the DPC. More guidance about raising a complaint is available on the DPC’s website https://dataprotection.ie/docs/Raise-aConcern/1716.htm.

Additional Information

This version was last updated and reviewed January 2022.

We regularly review and monitor regulatory guidance for any industry changes which may impact our business operations or your rights and freedoms.

In this privacy notice, “personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

We are legally known as Graphite HRM,

We form part of a larger group of undertakings known as ‘The Peninsula Group’. Other Companies that sit within our Group of companies within the global group:

Peninsula Business Services (UKI and ROI), Croner (UK), Croner-I (UK), Croner Taxwise (UK), Bright HR (UK), Health Assured (UK), Peninsula Employment Services (Ireland), Graphite HRM (Ireland), Employsure (Australia), Employsure (New Zealand), Peninsula Business Services (Canada).

Copyright © Graphite HRM 2020

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.

Call Us Now
01 886 0350

Email Us
info@graphitehrm.com

Twitter Linkedin-in Facebook-f Instagram Youtube

Graphite HRM
Block W,
East Point Business Park,
Dublin 3,
Ireland
Tel: 01 886 0350

26/27 South Mall,
Cork City,
County Cork,
Ireland
Tel: 01 886 0350

Unit 5,
Citylink Business Park,
Albert Street,
Belfast,
BT12 4HQ,
Northern Ireland
Tel: 028 90 32 5495

Olga Shevchenko

Director/Advocate, Immigration Advice Bureau

Olga Shevchenko specialises in immigration advocacy and consultancy, in particular, employment permit, visas, family reunification, citizenship, etc, for those seeking to visit, reside or invest in Ireland.

Olga provides extensive information, knowledge, and support to her clients, enabling access to positive solutions for people struggling to handle the immigration law.

Minister Neale Richmond

Minister of State, Department of Enterprise, Trade and Employment

Neale Richmond TD was appointed as Minister of State at the Department of Enterprise, Trade and Employment with special responsibility for Employment Affairs and Retail Business and the Department of Social Protection in January 2023.

Much of his work at the Department of Enterprise, Trade and Employment is with businesses, workers, their representative bodies and the State Agencies to ensure that the economic recovery and growth extends to all parts of the country. He works closely with the SME sector, including retail, on building resilience and on the transition to the green and digital economies.

Mark Carpenter

Director of Regulatory & Corporate Affairs, Sky

Mark Carpenter is Director of Regulatory & Corporate Affairs at Sky Ireland. In this role he has responsibility for External and Internal Communications, Public Policy and Regulatory Affairs and the company’s ‘Bigger Picture’ (CSR) programme. He also works closely with Sky Group teams on a variety of matters, in particular our partnerships with domestic broadcasters.

Prior to working at Sky, Mark worked as a Policy Officer in Houses of the Oireachtas and as a Management Consultant at Accenture. He has a BA in History from Oxford University and a PhD in Political Science from Trinity College Dublin.

Nora Cashe

Litigation and Compliance Manager, Peninsula

Nóra studied Law in Griffith College Dublin and qualified as a Barrister in 2008, practising in the area of Criminal law. She is also member of the Irish Employment Law Association.

Nora has extensive experience representing clients at Employment Tribunal hearings, Conciliation / Mediation meetings before both the Workplace Relations Commission and the Labour Court. 

Nóra is a member of the Irish Employment Law Association and engages with the WRC Adjudication Service as part of their stakeholder engagement forum.

Deiric McCann

Managing Director, Genos International Europe

Deiric McCann leads Genos International Europe – The EU division of a world-leading provider of emotional intelligence solutions. 

With over two decades experience at the highest levels of management, Deiric supports clients to develop the resilience, emotional intelligence, psychological safety and engagements of their employees.

Rhiannon Coyne

Senior HR Consultant, Graphite HRM

Rhiannon Coyne is a Senior HR Consultant at Graphite HRM and will be providing an overview of best practice on how to deal with complaints of bullying and harassment in the workplace. 

With a number of recent updates to employment laws, Rhiannon will take a closer look at employment equality and how it is interlinked to Health & Safety and what employers can learn from recent case laws.

David Begg

Chairman, Workplace Relations Commission

David Begg was appointed Chairperson of the Workplace Relations Commission (WRC) in January 2021.

David is also a professor at Maynooth University Institute of Social Sciences. Mr Begg’s extensive history in the trade union movement included leading the ESB Officers Association and Irish Congress of Trade Unions, stepping away from the latter in 2001 to chair international aid agency Concern.

David Begg was also previously a director of the Central Bank of Ireland between 1995 and 2010.