(last amended 15 December 2021)
We will advise you in our communications with you of the specific company within AS Agency that is making decisions about the use of your personal information. This may be:
It is important that you read and retain this policy (and any updated version of it), together with any other privacy policies we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
The Data Protection Officer (“DPO”) helps to ensure that AS Agency complies with the data protection law and has responsibility for the data protection compliance of the companies set out above.
Please contact us if you have any queries or concerns about how your personal information is used or managed.
You have the right to complain to the Information Commissioner, which you can do by contacting the Information Commissioner’s Office (ICO) directly. Full contact details, including a helpline number, can be found on the ICO website (www.ico.org.uk). This website also has useful information on your rights and our obligations. However, please raise any concerns or issues with us first so that we may deal with this as quickly as possible for you.
Data protection principles
We will comply with data protection law (and any applicable Irish data protection legislation). This states that the personal information we hold about you must be:
What kind of personal information do you hold about me?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal information that we collect about you depends on the particular activities carried out. This may include your:
How do we collect your personal information?
We may collect personal information:
Special categories of personal information
Certain categories of personal data are considered by the law to be “special categories of personal data” and are subject to additional safeguards. We do not process any such categories of personal data in connection with the relationship between us.
How do we use your personal information?
We will use the personal information in the provision of services, including for the necessary administration of the relationship with our customer (whether public or privately funded) and our suppliers (and prospective customers and suppliers), and to comply with requirements that we are required to undertake.
Our legal basis for processing personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why. We will only use your personal information when the law allows us to.
Most commonly, we will use your personal information in the following circumstances:
We may also use your personal data in the following situations, which are likely to be less common:
If we ask for your consent we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to use your personal data you have the right to withdraw it at any time by contacting our DPO (contact details found at the top of this document).
Purpose 1: entering in to and performing our contractual obligations – including submitting requests for proposals, negotiating contracts, placing orders, invoicing, settling invoices, updating SAP, emailing internally and externally, vetting third parties, dealing with complaints
Legal bases for using personal data:
Purpose 2: Managing our business - maintaining business and accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax, financial, legal, or public relations advice), IT systems (e.g. document filing and storage, account management systems, growth management tools) and complying with legal or regulatory obligations
Legal bases for using personal data:
Purpose 3: providing improved quality services and conducting customer satisfaction surveys
We want to improve our services for our customers and will use your personal information to contact you to gather your thoughts.
Legal bases for using your personal data:
Purpose 4: advising you of other services offered by AS Agency (“Marketing”)
We collect personal data in our contact relationship management system (if you give us a copy of your business card we will include your details on this system). As a business, we need to carry out marketing to our business contacts, but we will only send you information about products or services which may be of interest to you. This includes, but is not limited to, newsletters, news updates, product updates, articles, case studies and offers.
Personal data will be used to provide you with Marketing information that you ask for, or that we think are relevant to you. Marketing emails will be sent using Mailchimp (a cloud-based solution that is hosted on a secure network, that is fully maintained, monitored and kept updated with your preferences).
We record and retain your marketing preferences to help ensure that you only receive the marketing that you have confirmed that you wish to receive.
If at any time you no longer wish to receive marketing emails sent by us you can click on the “unsubscribe” link that appears in all our emails, otherwise you can contact the DPO to update your preferences.
We may also provide your personal data to market research agencies to collect your feedback which will be used to better develop products and services for you.
Who is my personal information shared with?
We will share your personal information with third parties where we are under a legal or regulatory obligation or where it is necessary to administer the working relationship with you.
We may share personal information with:
In respect of all disclosures of personal information, we will only share the personal information which is necessary for the particular purpose for which it is provided, or where we have another legitimate interest in doing so, and we will ensure that the personal data is appropriately protected.
How long will you keep my data for?
We will keep personal data only for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. Normally, our retention period for personal data collected for this purpose is a minimum of 6 years after the end of the period that we are providing services. Any personal data that we have from you solely for the purposes of your receiving Marketing information will not be used once you have asked us to stop providing these to you (except to the extent that it is necessary to stop you receiving the Marketing information).
It is very important that the personal information that we hold about you is accurate and current. Please tell us if your personal information changes during your relationship with us.
We have put in place appropriate physical, technological and organisational security measures to prevent your personal data from being accidentally lost, altered, disclosed used or accessed in an unauthorised way. In addition, we limit access to your personal data to those of our people and other third parties who have a business need to know it. They will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place procedures to deal with any suspected data security breach and will notify you and the ICO of a suspected breach where we are legally required to do so.
International data transfers
We (or third parties acting on our behalf (including suppliers) pursuant to the terms of contractual documentation with us) may store or process information that we collect about you in countries inside and outside the European Economic Area ("EEA"). For example, we use growth management tool software (Align) which may capture a limited amount of personal data which is transferred to the USA. Personal data may be transferred outside of the EEA by data processors acting on our behalf. For example, our marketing emails which we send to you (using Mailchimp) involves data transfer to the USA. Where a transfer of your personal information is made outside of the EEA to countries not considered adequate by the European Commission, we will take the required steps to ensure that your personal data is adequately protected. This would include by use of the Standard Contractual Clauses or Binding Corporate Rules adopted by the European Commission to protect personal data.
Under certain circumstances, you have the right by law to request:
Links from our website
Our website may, from time to time, contain links to and from the websites of third parties that we permit to make such links. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies and that we do not accept any responsibility or liability for these notices or policies. We recommend that you check these privacy notices or policies before you submit any personal data to these websites.