Privacy

This Privacy Notice aims to provide you (the data subject) with information about the processing of your personal data by the Pyrite Resolution Board (PRB). In order to apply, participate and for the PRB to deliver its services effectively, it will be necessary for the PRB to process some of your personal data. This is information which is capable of being used to identify you as an individual, for example your address or telephone number.

Who we are

The Pyrite Resolution Board was established to procure the remediation of dwellings with damage caused by pyritic heave of hardcore under floor slabs. This remediation is delivered through the Pyrite Remediation Scheme.

Our website gives a brief overview of the Pyrite Remediation Scheme. The full details and terms and conditions are contained in the Pyrite Remediation Scheme document which can be found here.

We are a Data Controller as we have the responsibility for deciding how and why your personal data will be used. Under the General Data Protection Regulation (GDPR), we have obligations which we take seriously that include keeping your data safe, up to date and accurate. We will only use your data for the purpose set out below.

Our Lawful basis

As a Controller we need a lawful basis for processing your personal data. As a state agency we rely on Public Task under Legislation (The Pyrite Resolution Act 2013) for our primary activities. For secondary tasks we rely on Legitimate Interests. These are two of the six lawful bases under Article 6 of the GDPR.

Details of the processing we undertake

We collect personal data about you from forms that you may complete or by interactions you have with us in relation to the Pyrite Resolution Scheme we operate. Some personal data is also collected when you visit our website (https://www.pyriteboard.ie) which provides information on the Scheme and about the Board.

The PRB may gather personal data necessary for the functioning of the Scheme from you directly but also from your interaction with our Data Processor, the Housing Agency who, subject to the direction of the PRB, implement the programme and remediate dwellings included in the Scheme.

As part of your application to and participation within the Scheme, your personal data that is held by the PRB may be shared with building contractors, consultant engineers and other agents acting on our behalf under contract in delivering the remediation services. Only the minimum personal data necessary will be shared.

Our activities as a state agency are subject to scrutiny and therefore your data may also be part of an audit by internal and external auditors. Statistical data about the Scheme may be shared with the Department of Housing, Planning and Local Government. Where requested, we may share data with elected representatives where they are acting on your behalf.

In delivering the Scheme the PRB or the Housing Agency may engage the services of data processors, such as specialist IT companies, but only under contract where they are obliged also to take appropriate care of your data.

Personal data provided for the purposes of participating in the Scheme is stored and processed on a database currently hosted in the UK. Email and backup data is hosted on backup servers within the European Economic Area (EEA).

Summary of personal data we process and why

The PRB, for the delivery of the Scheme, gathers and processes the following types of personal data.

Personal data Category	Purpose	How long do we need this data for?
Identification data	This data is used to identify you within our database	For successful applications, we retain data for the duration of your participation in the Scheme and 12 years thereafter.
Contact data	This data is used to send communications to you about your participation in the Scheme
Location data	This data is collected to correctly locate and identify a property
Expenses data	Where legitimate expenses have been incurred, these details and the details of the service/goods provider may also be processed.
Financial/banking data	This data is used to pay allowable expenses and other such data may be required for assessing your application
Cookies data	Cookies are used to provide functionality on the PRB website	Please see the Cookies Policy for more details.

Your data protection rights

Under data protection law, you have many rights in relation to your personal data and how other people use it. Below we have listed these rights, but you may find out more about your data subject rights by visiting www.dataprotection.ie.

Access: you have the right to know what personal data belonging to you we process and obtain a copy of any or all of that data, including the purpose for processing, the categories of personal data we process, any recipients of your data, and the rules for determining how long we will retain it. This is known as a Subject Access Request;
Rectification: you have the right to request the correction of any inaccurate personal data held by us;
Erasure: you have the right to request that we erase personal data that is no longer required for legal, regulatory or justified operational record-keeping purposes;
Restrict processing: you have the right to request that we restrict processing where the accuracy of the personal data is contested, the processing is unlawful, or where the personal data and/or evidence of its processing is required by you to establish, exercise or defend legal claims;
Data portability: you have the right to receive your personal data in a common, machine-readable format (where you have provided it initially in this format), to facilitate its transfer by you to another controller, where technically feasible and subject to specified conditions;
Object to processing: you have the right to object to processing of your data where the legal basis of the processing is carried out in the public interest or the exercise of official authority;
Challenge automated decision making: you have the right not to be subject to a decision based solely on automated processing (including profiling).

If you have any queries or concerns about how we process your data, or if you wish to exercise any of your rights please contact our Data Protection Officer (DPO) who has been appointed to help ensure your rights are upheld. It is easiest to contact our DPO by email but you can also contact them by telephone or post using the details listed below.

PRB Data Protection Officer

Telephone	+353 (0)51 833 958
Email	dpo@pyriteboard.ie
Post	Data Protection Officer Pyrite Resolution Board, 53 Mount Street Upper, Dublin 2

If you believe the Pyrite Resolution Board has processed your data incorrectly you are also able to request support from, or submit a complaint to, the Data Protection Commission (DPC). We encourage you to visit their website as they provide useful explanations of your rights and our obligations. The contact details for the Commission are as follows:

Data Protection Commission

Website	www.dataprotection.ie
Telephone	+353 57 8684800 or +353 0761 104 800
Email	info@dataprotection.ie
Post	21 Fitzwilliam Square Dublin 2 D02 RD28

Irrespective of whether you make a complaint to the Data Protection Commission or not, you also have the right to go to court to seek an effective judicial remedy where you consider that your rights under the GDPR or Irish data Protection Legislation have been infringed as a result of the Pyrite Resolution Board or our data processors processing your data in a way that is in not compliant with our obligations.