KYNE is committed to protecting the privacy of individuals we do business with including journalists, media contacts, vendors and third parties, and takes its responsibility regarding the security of personal data very seriously. The purpose of this Policy is to ensure that we are compliant with our obligations under the General Data Protection Regulation (GDPR) when processing personal data of European Economic Area (“EEA”) residents. This Policy sets out what personal data we may collect, how we process it and who we share it with.
What is Personal Data
Personal data is a term used to describe the data relating to an individual held by KYNE from which they are identified or can be identified in conjunction with other information that is in, or is likely to come into, the possession of KYNE. Examples of personal data includes forename, surname and online identifiers e.g. email address.
Special Categories of Personal Data is a term used to describe personal data of a sensitive nature such as data relating to a person’s racial or ethnic origin, political opinions or religious or other philosophical beliefs, physical or mental health, sexual life, criminal convictions, your genetic or biometric data or the alleged commission of an offence and/or trade union membership.
How we Process Personal Data
We may collect personal data either from individuals directly or from a third party vendor. Specifically, we may collect the following: first and last name, email address, phone number, business address, online identifiers for social media, for the purposes of conducting such business as sharing news releases or other information on behalf of our clients or sharing information about our company.
You will be given the opportunity on every e-communication that we send you to indicate that you no longer wish to receive such communications.
We will only process an individual’s personal data where we have a legal basis to do so. In most cases, the legal basis will be:
- To comply with our legal obligations
- For the performance of a contract that we have entered into with the individual
- In pursuit of legitimate interests of the Company and/or to conduct business
- The individual consented to us using their personal data (please note that an individual may withdraw their consent to process their information at any time)
KYNE will not retain personal data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
KYNE applies a data minimisation policy in relation to personal data. This means that we will only collect and process personal data that is adequate, relevant and necessary to achieve our commitments in relation to the purposes stated above and will not process data that is not required or excessive to those purposes.
We follow strict security procedures in the storage and disclosure of personal data, and to protect it against accidental loss, destruction or damage. KYNE protects the confidentiality and integrity of personal data by having appropriate security measures in place including cyber security, securing IT systems and maintaining a high level of confidentiality.
Sharing Personal Data
Personal data may be shared with other companies in the KYNE Group.
KYNE operates business in jurisdictions outside the EEA such as the USA. While countries outside the EEA do not always have strong data protection laws, we require all service providers to process information in a secure manner and in accordance with Irish and EU law on data protection. We utilize standard means under EU law to legitimize data transfers outside the EEA.
KYNE may also share personal data with third parties in circumstances prescribed by law, including:
- Legal and other professional advisers, law courts and law enforcement bodies in all countries we operate in in order to enforce our legal rights;
- Government authorities, law enforcement bodies and regulators.
Personal data will only be provided to such third parties on the strict understanding that it is to be used only for the purposes as set out above, or in accordance with law, and that the data is not to be used for any other purpose and that for the duration of their access to such personal data they shall ensure that adequate security measures are in place to prevent unauthorised access to, or unauthorised alteration, disclosure or destruction of personal data.
In relation to Special Categories of Personal Data or Sensitive Personal Data, personal data will not be transferred outside the EEA without the individual’s explicit consent to the transfer unless one of the other stated conditions under the Data Protection Acts 1988 – 2003 (as amended) and the GDPR and/or any legislation in Ireland implementing GDPR (e.g., relevant contractual provisions are in place or there is a risk of injury or damage to one’s health where consent is not possible).
Data Protection Officer
KYNE has appointed a Data Protection Officer (“DPO”) to oversee compliance with this Policy. You have the right to make a compliant at any time to a supervisory authority i.e., the Data Protection Commissioner or other supervisory authority as appropriate.
Data Privacy Rights of EEA Residents
EEA Residents have certain data privacy rights in relation to their personal data:
- Right to Information: The right to be informed about who is to process your data and how it is to be processed.
- Right of Access: The right to access your personal data and to be provided with a copy of that data on foot of a written request. The Company process a lot of personal data and in order to assist with your request, you must specify the personal data sought by you. The “right of access” is subject to a number of exceptions.
- Right to Rectification: This involves the right to have inaccurate data rectified or corrected. It also includes the right to have incomplete information completed, including by providing a supplementary statement.
- Right to Erasure: The right to erasure may be invoked on the basis that the processing of the data is no longer necessary. However, the request might not be successful if the Company can establish that the processing is necessary for the compliance with a legal obligation or the defence of legal claims or any other basis prescribed by law.
- Right to Restriction: Where data is restricted, such personal data shall usually only be processed with consent. However, the Company might still process the data where it is necessary for the protection of the rights of another natural or legal person.
- Notification of Rectification, Erasure or Restriction: The Company will notify any third party to whom they have disclosed/transferred personal data of any rectification, erasure or restriction. However, this might not be possible where it is impossible or involves a disproportionate effort.
- Data Portability: Requests that the Company transfers one’s personal data to another company, where technically feasible. The Company is obliged to provide this data in a structured, commonly used, machine-readable and inter-operable format.
- Right to Object: The right to object to the processing of personal data on grounds relating to one’s particular situation and at any time. If an objection is made then the Company shall no longer process the data unless it has compelling legitimate grounds for the processing that override the interests, rights and freedoms of the individual or for the establishment, exercise or defence of legal claims.
- Automated Individual Decision-Making, including Profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
To exercise these rights, please contact the Data Protection Officer, KYNE Communications Limited, Iveagh Court, Charlemont Street, Dublin 2 Ireland.
Changes to This Policy
The Company reserves the right to amend this policy at any time.