button1-projectconsultingbutton2-changemanagementbutton3-managedservices

The Project Foundry Privacy Notice

1. Scope

This privacy notice applies to all natural persons whose personal data is collected, in line with the requirements of the EU General Data Protection Regulation.

2. Responsibilities

The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to The Project Foundry Ltd. collecting / processing their personal data.

All Employees/Staff of The Project Foundry Ltd. who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent, to the processing of their data, where required, is secured.

3. Privacy Notice

Who are we?

THE PROJECT FOUNDRY BEGAN WITH A SIMPLE MANTRA: KEEP IT SIMPLE. WE BELIEVE THAT PROJECT MANAGEMENT DOESN’T NEED TO BE DIFFICULT OR COMPLICATED. IN FACT, THE POWER OF SIMPLICITY IS KEY TO PROJECT SUCCESS.

Keeping it simple makes things easier for our customers, so we will continue to espouse it. Simplicity, clarity and honesty and this goes for our product, our publications, our people and our company. It’s who we are.

The Project Foundry offers a comprehensive range of programme management and project management services including, but not limited to:

  • Project Management As A Service
  • VPMO
  • Enterprise VPMO
  • Professional Services Bank
  • Programme Management
  • Change Management
  • Purposes for Processing

We process data about people for the following purposes:

  • Sales and Marketing
  • Executing Projects
  • Delivering training
  • General office administration and accounting
  • HR administration, including payroll and recruitment
  • Management of contractors

 

Categories of Information Processed

Processing Purpose Category of Information Processed
Project Management, Programme Management and Associated Services
  • Contact names
  • Date of Birth
  • Telephone numbers (land line and mobile)
  • Social Media Identifiers (e.g. twitter accounts)
  • email addresses
  • Postal Addresses
Delivering Training
  • Student names
  • email addresses
  • Exam scripts / assignments

 

General office administration and accounting
  • Contact names
  • Contact details (e.g. address, email address, telephone number)
  • Tax identifiers (e.g. Irish PPS Number for employees or VAT number for subcontractors
  • Timesheets
  • Data associated with accounts receivable or accounts payable.
HR administration and management of sub-contractors
  • Contact Names
  • Contact details (address, email, phone number)
  • PPSN (for employees)
  • Attendance records/time sheets
  • Training records
  • Sick certs and data relating to occupational health
  • CVs
Health and Safety
  • Occupational health data
  • Accident reports, including details of injuries and contact information for injured parties or witnesses

 

Cookies and Similar Technologies

What are cookies?

A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site. More sophisticated cookies allow you to do other things, like create accounts on a site or use an online shop.

Non-essential cookies

Google Analytics cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Third party cookies

Instagram and Twitter cookies are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (e.g. to share or tweet a piece of information), they will place cookies on your computer. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.

We embed videos on our site using YouTube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to YouTube first in order to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies; to find out more please visit YouTube’s privacy policy.

Can I refuse cookies?

Yes. You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting you will be unable to use certain parts of our site and it may not work smoothly.

Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.

For more information on cookies see the All About Cookies website.

 

Grounds for Processing

Processing Activity Processing Conditions Relied On
Project Management, Programme Management and Associated Services
  • Necessary for execution of contract
  • Legitimate interest (It is necessary to be able to contact relevant persons to deliver project and programme management services we are contracted to deliver)
Delivering Training
  • Necessary for execution of contract
  • Consent
  • Legitimate interest (It is necessary to contact students / potential students to deliver training programs we are contracted to deliver)
General office administration and accounting
  • Legitimate Interest (It is in the legitimate interest of the organisation to process information for administration and compliance with accounting requirements)
  • Statutory Obligations
  • Necessary for execution of contractual obligations
HR administration and management of sub-contractors
  • Statutory obligations (e.g. payment of payroll taxes etc.)
  • Legitimate Interests (It is in the interests of the organisation to efficiently and effectively manage staff and ensure compliance with duties of care and other obligations.)
  • Necessary for the execution of contractual obligations
  • Necessary for obligations arising in the area of employment, taxation, and social security law
Health and Safety
  • Legitimate Interests (It is in the legitimate of the organisation to process data about health and safety issues for the purposes of seeking legal advice, defending claims, and supporting insurance risk assessment)
  • Necessary for obligations arising under employment law and social security legislation
  • Statutory obligations

 

Categories of Recipients

For many of our processing activities, we are required to disclose data to 3rd parties who are not data processors acting on our behalf or data controllers on whose behalf we are working.

Categories of recipients include:

  • Tax authorities (e.g. Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
  • Standards bodies or bodies accrediting certifications taught or examined by The Project Foundry

Cross-Border Data Transfers

The Project Foundry may, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365, and similar tools.

Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data based on:

  • EU/US Privacy Shield
  • Model Contract Clauses
  • An Adequacy Decision from the European Commission.

In exceptional circumstances we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into (e.g. transferring data to a US-based accrediting body for certifications so that a client can receive their accreditation).

On a case by case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.

Data Retention

The Project Foundry retains personal data about individuals for a range of periods. The basis for our retention periods is based on:

  • Statutory obligations
  • Contractual obligations
  • Quality assurance standard obligations provided by our training partners or accrediting bodies.
  • For reasonable periods after the conclusion of engagements for QA and risk management purposes.

On a case by case basis, records may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of “hold” process, the ongoing retention will be reviewed on an annual basis.

Your Rights

For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.

For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.

You have the right to request:

  • A copy of data we hold about you (Right of Access)
  • That any error in data we hold about you is corrected (Right of Rectification)
  • That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
  • That we refrain from processing data for a specific purpose (Right to Restrict processing)

You have the right to complain to the Irish Data Protection Commissioner, and to seek compensation through the Courts.

Legal Disclosure

We reserve the right to disclose your personal data as required by applicable law and when we believe that disclosure is necessary to protect our rights and / or to comply with a judicial proceeding, court order, or other legal process served on us. Your personal data will also be shared between our Group Companies for the activities permitted under this Policy.

In the event The Project Foundry goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account and personal data will likely be among the assets transferred. You will be notified via declan@theprojectfoundry.com and via a prominent notice on our Website of any such change in ownership or control. We may also disclose your personal information to any other third party but only with your prior consent.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by The Project Foundry Ltd., or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and The Project Foundry Data Compliance Manager.

The details for each of these contacts are:

 

Supervisory Authority Contact Details The Project Foundry Ltd. Data Compliance Manager
Contact Name: Helen Dixon – Commissioner Stuart Anderson
Address Line 1: Canal House 20 Clanwilliam Terrace
Address Line 2: Station Road
Town / City: Portarlington Dublin 2
Eircode: R32 AP23 D02E426
County: Co. Laois Dublin
Country: Ireland Ireland
Email: info@dataprotection.ie stuart@xpertdpo.com
Telephone: +353 (0)761 104 800 +353 (0) 1 4452218