The General Data Protection Regulation and Data Protection Acts 1988-2018 apply to the processing of personal data. Docforce is committed to complying with its legal obligations in this regard.
Docforce collects and processes personal data relating to its job applicants and employees in the course of business in a variety of circumstances, e.g. recruitment, training, payment, performance reviews, and to protect the legitimate interests of Docforce.
This policy covers any individual about whom Docforce processes data. This may include current and former employees and job applicants. Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking.
Personal data kept by Docforce shall normally be stored on the personnel file or HR electronic database. In order to ensure the highest levels of confidentiality, highly sensitive data, such as medical information, will be stored in a separate file. Docforce will ensure that only authorised personnel have access to the personnel file.
It may be necessary to store certain other personal data outside the HR department, e.g. salary details will be stored in the payroll department. Docforce managers or supervisors may have access to certain personal data where necessary. Docforce has appropriate security measures in place to protect against unauthorized access.
Collection and storage of data
Docforce processes certain data relevant to the nature of the employment of its employees and, where necessary, to protect its legitimate business interests. We will ensure that personal data will be processed in accordance with the principles of data protection, as described in the GDPR, and EU and US Data Protection Acts .
Personal data is normally obtained directly from the job applicant or employee concerned. Incertain circumstances, it will, however, be necessary to obtain data from third parties, e.g. references from previous employers. Where relevant to the nature of the work, Docforce may make an application to the Garda Vetting Bureau for Garda clearance of an employee, as appropriate according to the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 (Irish Statute)
Personal data collected by Docforce is used for ordinary personnel management purposes. Where there is a need to collect data for another purpose, Docforce shall inform all relevant parties. In cases where it is appropriate to get consent prior to such processing, Docforce will do so.
Job applicants and employees are responsible for ensuring that they inform the HR department of any changes in their personal details, e.g. change of address.. We endeavour to ensure personal data held by Docforce is up to date and accurate.
Retention of data
Docforce is under legal obligation to keep certain data for a specified period of time. In addition, Docforce will need to keep personnel data for a period of time in order to protect its legitimate interests. Recruitment data i.e. resumes/C.V.s and cover letters will be retained for a period of 24 months.
Security and disclosure of data
Docforce will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access.
HR data will only be processed for employment-related purposes and, in general, will not be disclosed to third parties, except where required or authorised by law or with the agreement of the employee. HR files are normally stored in the HR department and employees who have access to these files must ensure that they treat the information contained within them confidentially. Employees working in the payroll department must treat all personal data they receive confidentially and must not disclose it, except in the course of their employment.
Recruitment data i.e. resumes/C.V.s is controlled by Docforce, with access limited to authorised Docforce managers and supervisors, and is processed securely on Amazon Web Services (AWS).
All employees will have access to a certain amount of personal data relating to colleagues, customers and other third parties. Employees must play their part in ensuring its confidentiality. They must adhere to the data protection principles and must not disclose such data, except where necessary in the course of their employment, or in accordance with law. They must not remove or destroy personal data except for lawful reasons.
Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal.
Docforce may receive certain medical information, which will be stored in a secure manner with the utmost regard for the confidentiality of the document. Docforce does not retain medical reports on job applicants who do not become employees for longer than is necessary.
Employees and job applicants are entitled to request data held about them on computer or in relevant filing sets. Docforce will provide this data within one month of receipt of request. There is no charge for requesting this data.
Right to object
Employees and job applicants have the right to object to data processing that is causing them distress. Where such objection is justified, Docforce will cease processing the data unless it has a legitimate interest that prevents this. Docforce will make every effort to alleviate the distress caused to the individual. An objection should be made in writing to firstname.lastname@example.org outlining the data in question and the harm being caused to the employee.
Transmission of data outside the State
As Docforce operates internationally, it may be necessary in the course of business to transfer employee’s personnel data within Docforce and to other group companies in countries outside the European Economic Area, which do not have comparable data protection laws to Ireland. The transfer of such data is necessary for the management and administration of Docforce’s contracts and to facilitate the overall administration of personnel within the group. When this is necessary, Docforce will take steps to ensure that the data has the same level of protection as it does inside the State. Docforce will only transmit to companies that agree to guarantee this level of protection.
This policy will be reviewed from time to time to take into account changes in the law and the experience of the policy in practice. This was last reviewed and updated in June 2018.