PRIVACY STATEMENT:
Europa International Ltd (“Europa”) is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Europa International Ltd Web site (www.europainternational.ie) and governs data collection and usage. By using the Europa International Ltd website you consent to the data practices described in this statement.
Data Protection Notice
1. Introduction
Europa International Limited as the Data Controller in compliance with Data Protection regulation and as a Trust and Company Service Provider is required to gather and use a variety of information about individuals and businesses through the course of our business. Information gathered includes customers, suppliers, employees and any other person deemed necessary throughout the course of conducting business. This policy exists to greater strengthen the compliance displayed by Europa, showing good practice and process with regards to data protection legislation. It will protect the rights of staff, customers and all other connected parties while being transparent about how individuals’ data is processed and maintained. This policy should also protect Europa from risk of data breach. The organisation should comply with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act 1988, and the Irish Data Protection (Amendment) Act 2003. Along with GDPR regulations being implemented by the EU Data Protection Commission on the 25th May 2018, Europa will adhere to the below broad points throughout with regards to data processing:
• Fair and Lawful Processing
• Obtained only for specific lawful purposes
• To be relevant, adequate and not excessive
• Be kept up to date and accurate
• Retained no longer than is necessary
• Maintained and managed in accordance with data protection rights and regulations
• To be protected appropriately
• Not to be transferred outside of the European Economic Area (EEA), unless the country or territory can be confirmed as having an adequate level of protection
2. Policy Scope
This policy encompasses the Subject Access Request procedure, the Data Retention and Destruction Policy, the Data Retention Periods List and the Data Loss Notification procedure all detailed within. It will cover any and all information or other data held on any identifiable individuals.
This includes:
Names, Dates of Birth, Addresses, Email Addresses, Telephone Numbers, Passport Copies, Proof of Address Copies and any other information relating to any individual.
3. Data Collection
The individual has the right to a full and transparent explanation as to the reason data is being collected and the intended use of the data in question.
Data should only be used within the purposes it was acquired for.
The company will have high standards in all cases when it comes to the protection of data. In tandem with requirements as a trust and corporate service provider, appropriate protection should be put in place to prevent unauthorised access to information in any way takes place.
As a Trust and Company Service Provider we are legally obliged to retain files and personal information throughout an on-going service period and for five years after a client has cancelled services with the company.
As soon as the appropriate retention period has expired, all data should be destroyed and/or put beyond use.
In line with legislation, Europa have established a Subject Data Request process, with further information details below. Requests can be directed to the Data Protection Officer at europa@1mainstreet.ie
4. Data Retention & Destruction
In all cases, personal data will not be held longer than is necessary and when appropriate destroyed in a secure manner. As a Trust and Company Service Provider, we are legally obliged to retain files and personal information throughout an on-going service period and for five years after a client has cancelled services with the company. Files no longer considered on-going clients are transferred to the archive section of our secure file storage area, retained and appropriately disposed of when no longer required. Once a client has left, remaining documents, where appropriate are securely sent to the client. Documents held securely by Europa following the cancellation of services are destroyed using shredding facilities, as below once the tracked time period has expired.
Data is, in all cases to be destroyed in an appropriate manner. All elements of Europa use approved shredding facilities to ensure data integrity. These bins are located through the offices, are locked at all times with access restricted and cleared for on-site shredding once a month. Unless where specifically specified in this policy, data will be retained by Europa for a period of five years following the data being classed as inactive. This is represented by client or enquiry no longer being considered live or on-going. This will be indicated by the cancellation of services either by the client, any element of Europa or if an enquiry received is deemed to be inactive – more than one year old.
5. Personal Information and Third Parties
Europa does not share personal information with third parties in any ancillary way. Information may, however, be shared with a third party in direct connection with a service being provided by a division of the company. In a number of cases, pre-approved agents in various jurisdictions are used to complete company formations, secretarial services and other related activities. In providing personal information in relation to a service, clients should be aware this information may be shared with a third party in direct support of a service being provided by the relevant third party. We are also required to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and inform appropriate law enforcement agencies which may be either within or outside of Ireland.
Third Parties
Europa use several verified third parties for services not managed internally. These services include, payment processing, IT support services data transfer and storage. A full itemised list of the providers that apply to an individual’s data is available on request from the Data Protection Officer. Europa deals with agents both within the EEA and outside of the same. In all cases, agents used by Europa have gone through an internal review process to ensure their business and country’s level of data protection is of the same standard as European GDPR regulation – a contract is signed in all cases with the agent verifying this. In some instances, personal data may be transferred outside of the GDPR compliant European Union to Non-EEA countries. While informed, it should be understood that incorporating in a Non-EEA jurisdiction that personal information will be transferred to third parties in that location when necessary only.