MCHALE PRIVACY STATEMENT / 16-1-2019
1. About Us
We are McHale Engineering ULC (“McHale”), a leading international manufacturer of specialist agricultural farm machinery based in Ireland. We specialise in balers, combined baler wrappers, bale-wrappers, cutting, and handling equipment.
This Privacy Statement covers how we process Personal Data where we are controllers for the purposes of the GDPR.
Please contact us if you have any questions about this Privacy Statement or the Personal Data we hold about you:
- by email at:firstname.lastname@example.org
- or write to us at: McHale, Castlebar Road, Ballinrobe, Co. Mayo, F31 K138 Ireland
2. About You
This Privacy Statement applies to individuals whose Personal Data we process in order to operate our business.
2.1 This Privacy Statement applies to the following individuals:
- visitors to our website;
- business contact details of our distribution partners, dealerships and suppliers;
- buyers of McHale machinery;
- those applying for jobs at McHale
- those that we contact in relation to our products and services; and
- attendees at our events/exhibitions
3. Categories of Personal Data
This section explains the categories of Personal Data that we process.
The Personal Data we process falls into 6 main headings:
- Contact & Identity Data
- Contact and purchase information
- Communications Data
- Financial Data
- Recruitment Data
- Web Data
3.1 We require certain Personal Data in order to provide our services to you and to operate our business.
|Personal Data Type||Description|
|Contact & Identity Data||Name, Address, Email, Phone Number, company and department.|
|Contact and purchase information||Name, Home Address, Email, Phone Number, serial number of equipment|
|Communications Data||Personal Data included in communications with us over email, phone or letter.|
|Financial Data||Payment details for online orders|
|Recruitment Data||Identity data, CV data, references and application data|
|Web Data||Data on the type of device you are using, the device IP address, operating system, referral source, length of your visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This information is collected at an aggregate level and your identity data is not stored as part of this technical data.|
4. Our Purposes for Processing
All processing of Personal Data must have an identified purpose. Here we explain our purpose for processing your Personal Data.
|Type of Personal Data||Purpose|
Contact & Identity Data
Name, business address, email address, phone number, company and department.
· in order to contact you in connection with our products and services;
· to contact you for the purposes of payments to and from you;
· to contact you in connection with any job position we may have advertised;
· to notify you of any updates to this Privacy Statement;
· for customer relationship management and support;
· to fulfil our legal and contractual obligations to you;
· to provide you with information about our events; and
· to deliver and organise seminars, events and product training.
Contact and purchase information
Name, Home Address, Email, Phone Number, serial number of equipment
· to send you relevant information about our products and services or similar communications (where you have purchased a McHale product or you have subscribed)
· to contact you directly in the case of a product safety recall
Personal Data included in communications with us over email, phone or letter
|· for communications between us in connection with our products/services or for our exhibitions, seminars, events and training.|
|· to process payments to and from our business.|
Contact & Identity data, CV data, references and application data
· to contact you in connection with any job position we may have open;
· to fulfil the recruitment needs of the business;
· to arrange interviews and follow up communications with you; and
· to check your suitability for any positions we may have.
· to improve the performance of our website
· to gather analytics about website interactions to enable us to offer more relevant information and services.
5. Lawfulness of Processing
All processing of Personal Data under the GDPR must be lawful. Processing will only be lawful if we have a legal basis for processing.
Here we provide further information about the legal grounds we have for processing Personal Data.
Processing is lawful if it is necessary for the performance of a contract.
We undertake the following processing under this heading:
- in order to contact you prior to entering into the contract with you;
- in order to contact you in connection with our products/services under the contract;
- to contact you re payments to and from you;
- to manage the service we provide to you; and
- to process payments to and from our business.
Where we process Personal Data with your consent, we will ensure that consent is specific, informed and unambiguous. You may withdraw consent for processing by sending an email to email@example.com
We sometimes process Personal Data on the basis of consent where we send you product/service information or forward your contact details to dealerships where you have requested us to do so.
5.3 LEGITIMATE INTERESTS
We will only process Personal Data under this legal ground where we have assessed and verified that the legitimate interest pursued does not override your rights to privacy. Our legitimate interests include:
- our interest in providing the best service we can to our customers and growing our business
- our interest in conducting research and analytics on our products and services so that we can understand which services are most popular on our website
- our interest in obtaining payment for products and services provided
- our interest in protecting our intellectual property rights
- our interest in promoting and developing our business
- our interest in recruiting the best possible talent for our business
- our interest in ensuring the safety of our products
- our interest in ensuring the safety and security of users of our website and our products and services
5.4 COMPLIANCE WITH LEGAL OBLIGATIONS
We will process Personal Data where we have a legal obligation to do so.
6. Sharing your Personal Data
In order to provide our products and services we will need to share your Personal Data with third parties.
Any transfer of Personal Data will only be undertaken in compliance with the GDPR. In this section we provide information on the categories of recipients of the Personal Data we process.
6.1 Business Partners, Customers & Service Providers
Will receive your Personal Data if:
- you have requested us to refer your details on;
- if we are collaborating on an event, training, conference or similar activity;
- in connection with, or during the negotiation of any investment, merger or sale of the business;
- we engage with marketing partners to market our products/services;
- we engage data analytics providers to develop our website;
- we need to engage with consultants, lawyers, accountants, insurers and other professional service providers; and
- if we require help to deliver our services to you including for example:
- CRM application suppliers;
- payment processors and facilitators; and
- IT and Cloud solution providers including back up and hosting of Personal Data.
6.2 Law Enforcement Officers, Data Protection Commission, Government Officials or similar parties
Will receive your Personal Data:
- if required by applicable law, regulation, operating agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns;
- if this is necessary for the purpose of enforcing the terms of any contract that we have entered into with you;
- in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
- to protect our rights, property, or safety, or that of you or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention.
Cookies help us improve the products and services that we offer you.
Cookies enable us to store information about your preferences and therefore customise the website according to your individual interests. They are also used to monitor which parts of the website are the most popular to its visitors.
8. Security Measures
We are committed to protecting the security of your Personal Data.
We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Privacy Statement and the relevant law.
Your Personal Data is held on secure servers. The nature of the internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
We only keep your data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.
We retain certain transaction information for a period of 7 years for the purposes of regulatory, tax, insurance or other requirements.
We retain certain machine specific information including purchaser details for a period of 20 years to assist in the event of a product safety recall.
You can request to have your Personal Data deleted. McHale will then delete Personal Data that it is not required to retain. We will restrict internal access to Personal Data that we are required to retain.
10. Your Rights
You have a number of rights to control the Personal Data we use and how we use it.
There are certain exemptions to these rights. We will always communicate with you and let you know if you seek to exercise your rights and a legal exemption applies.
10.1 RIGHT OF ACCESS
You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data if this would adversely affect the rights and freedoms of others.
10.2 RIGHT OF CORRECTION
If we have Personal Data about you that you believe to be inaccurate, you have the right to request correction of your Personal Data.
10.3 RIGHT TO BE FORGOTTEN
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
- your Personal Data is no longer needed for the purpose that it was collected in the first place;
- you have removed your consent for us to use your Personal Data (where there is no other legal reason for us to use it);
- there is no legal reason for the use of your Personal Data; or
- deleting the Personal Data is a legal requirement.
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
10.4 RIGHT OF RESTRICTION
You have the right to ask us to restrict what we use your Personal Data for where:
- the accuracy of the Personal Data is being reviewed;
- processing is unlawful but you want us to restrict use rather than erase the information altogether;
- you require the Personal Data for the purposes of a legal claim;
- verification of the legitimate interest ground for processing is pending
When Personal Data is restricted, it cannot be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it is for important public interests.
10.5 RIGHT TO DATA PORTABILITY
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we’re using your personal information under the lawful grounds of consent or pursuant to a contract and the processing is automated and not manual. It does not apply where it would adversely affect the rights and freedoms of others.
10.6 RIGHT TO OBJECT
You have the right to object to the processing of your Personal Data where processing is:
- on the grounds of public interest or legitimate interest including profiling based on these grounds; or
- for direct marketing purposes.
10.7 RIGHTS RE AUTOMATED PROCESSING
You have the right not to be subject to a decision based solely on automated processing, including profiling which has legal effects on you. This right shall not apply where the processing:
- is necessary for a contract you have entered into;
- is undertaken with your consent; or
- is authorised by law.
10.8 RIGHT TO MAKE COMPLAINTS
You have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR.
The contact details for the Data Commission in Ireland are:
Address: Canal House, Station Road, Portarlington, R32 AP23, County Laois
Tel Lo Call: 1890 252 231
11. Changes to This Statement
We will post any changes on the Website and when doing so will change the updated date at the top of this Privacy Statement.
In some cases, we may provide you with additional notice of changes to this Privacy Statement, such as via email.
We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material