Data Protection

Pyrite Resolution Board Privacy Notice 

 

1. Introduction


The Pyrite Resolution Board (PRB) takes your privacy very seriously. This Privacy Notice details how we collect, use and securely store any personal data submitted to us through use of our website.  This document also contains an overview of the various rights you can exercise as a data subject, as well how you can exercise those rights. Please read the following carefully to understand our use of your personal data whilst using our site. The scope of this Privacy Notice applies to https://www.pyriteboard.ie/
 

2. Who we are


The Pyrite Resolution Board was established to procure the remediation of dwellings with damage caused by pyritic heave of hardcore under floor slabs. This remediation is delivered through the Pyrite Remediation Scheme.

Our website gives a brief overview of the Pyrite Remediation Scheme. The full details and terms and conditions are contained in the Pyrite Remediation Scheme document which can be found here.
 
We are a Data Controller as we have the responsibility for deciding how and why your personal data will be used. Under the General Data Protection Regulation (GDPR), we have obligations which we take seriously that include keeping your data safe, up to date and accurate. We will only use your data for the purpose set out below.


3. Our Lawful basis


As a Controller we need a lawful basis for processing your personal data. As a state agency we rely on Public Task under Legislation (The Pyrite Resolution Act 2013) for our primary activities. For secondary tasks we rely on Legitimate Interests. These are two of the six lawful bases under Article 6 of the GDPR.

 
4. Details of the processing we undertake


We collect personal data about you from forms that you may complete or by interactions you have with us in relation to the Pyrite Resolution Scheme we operate. Some personal data is also collected when you visit our website (https://www.pyriteboard.ie) which provides information on the Scheme and about the Board.
 
The PRB may gather personal data necessary for the functioning of the Scheme from you directly but also from your interaction with our Data Processor, the Housing Agency who, subject to the direction of the PRB, implement the programme and remediate dwellings included in the Scheme.

As part of your application to and participation within the Scheme, your personal data that is held by the PRB may be shared with building contractors, consultant engineers and other agents acting on our behalf under contract in delivering the remediation services. Only the minimum personal data necessary will be shared.
 
Our activities as a state agency are subject to scrutiny and therefore your data may also be part of an audit by internal and external auditors. Statistical data about the Scheme may be shared with the Department of Housing, Planning and Local Government.  Where requested, we may share data with elected representatives where they are acting on your behalf.
 
In delivering the Scheme the PRB or the Housing Agency may engage the services of data processors, such as specialist IT companies, but only under contract where they are obliged also to take appropriate care of your data.
 
Personal data provided for the purposes of participating in the Scheme is stored and processed on a database currently hosted in the UK. Email and backup data is hosted on backup servers within the European Economic Area (EEA).


5. Summary of personal data we process and why


The PRB, for the delivery of the Scheme, gathers and processes the following types of personal data.

Personal data Category Purpose How long do we need this data for?
Identification data This data is used to identify you within our database For successful applications, we retain data for the duration of your participation in the scheme and 12 years thereafter.
 
Contact data This data is used to send communications to you about your participation in the Scheme
Location data This data is collected to correctly locate and identify a property
Expenses data Where legitimate expenses have been incurred, these details and the details of the service/goods provider may also be processed.
Financial/banking data This data is used to pay allowable expenses and other such data may be required for assessing your application
Cookies data Cookies are used to provide functionality on the PRB website Please see the Cookies Policy for more details.

6. Security measures and storage of personal data

The transmission of information via the Internet is never 100% secure, however we have taken appropriate information security measures we believe will safeguard any information you submit to us.

We will store your personal data only for as long as necessary for the purposes of providing access to our site and related services to you; as required by law, and for the exercise or defence of legal claims.

7. Your data protection rights

Under data protection law, you have many rights in relation to your personal data and how other people use it. Below we have listed these rights, but you may find out more about your data subject rights by visiting www.dataprotection.ie

  • Access: you have the right to know what personal data belonging to you we process and obtain a copy of any or all of that data, including the purpose for processing, the categories of personal data we process, any recipients of your data, and the rules for determining how long we will retain it. This is known as a Subject Access Request;
  • Rectification: you have the right to request the correction of any inaccurate personal data held by us;
  • Erasure: you have the right to request that we erase personal data that is no longer required for legal, regulatory or justified operational record-keeping purposes;
  • Restrict processing: you have the right to request that we restrict processing where the accuracy of the personal data is contested, the processing is unlawful, or where the personal data and/or evidence of its processing is required by you to establish, exercise or defend legal claims;
  • Data portability: you have the right to receive your personal data in a common, machine-readable format (where you have provided it initially in this format), to facilitate its transfer by you to another controller, where technically feasible and subject to specified conditions;
  • Object to processing: you have the right to object to processing of your data where the legal basis of the processing is carried out in the public interest or the exercise of official authority;
  • Challenge automated decision making: you have the right not to be subject to a decision based solely on automated processing (including profiling).
8. Request access to data held by us

You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. You may request to exercise any of these rights, free of charge by completing the Subject Access Request Form and submitting it to the contact email or postal addresses below.
 
Subject Access Request Form


In order to assist you with the following requests, we may request proof of identification to verify your identity. Any identification collected by the PRB during this process will be immediately destroyed upon verification of identity.

Once your identity is verified, we will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests submitted. We will inform you of any such extension within one month of receipt of your request. We have the right to refuse your request for the reasons set out above, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

9. Data Protection Officer (DPO)

If you have any queries or concerns about how we process your data, or if you wish to exercise any of your rights please contact our Data Protection Officer (DPO) who has been appointed to help ensure your rights are upheld. It is easiest to contact our DPO by email but you can also contact them by telephone or post using the details listed below.

PRB Data Protection Officer

Telephone +353 (0)51 833 958
Email dpo@pyriteboard.ie
Post Data Protection Officer
Pyrite Resolution Board,
53 Mount Street Upper,
Dublin 2

10. Lodging a complaint with the Data Protection Commissioner

If you believe the Pyrite Resolution Board has processed your data incorrectly you are also able to request support from, or submit a complaint to, the Data Protection Commission (DPC). We encourage you to visit their website as they provide useful explanations of your rights and our obligations. The contact details for the Commission are as follows:

Data Protection Commission

Website www.dataprotection.ie
Telephone +353 57 8684800 or
+353 0761 104 800
Email info@dataprotection.ie
Post 21 Fitzwilliam Square
Dublin 2
D02 RD28

Irrespective of whether you make a complaint to the Data Protection Commission or not, you also have the right to go to court to seek an effective judicial remedy where you consider that your rights  under the GDPR or Irish data Protection Legislation have been infringed as a result of the Pyrite Resolution Board or our data processors processing your data in a way that is in not compliant with our obligations.
 
11. Change to this Privacy Notice

We reserve the right to change this Privacy Notice from time to time at our discretion. If we make any changes, we will post those changes here and update the ‘Last Updated’ date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice, we will notify you by means of a prominent notice on our site prior to the change becoming effective.
 
Please review this Privacy Notice periodically for updates.
Last Updated: 08/05/2020