As a Data Controller, Investanalitix, "The Company", is required by law to comply with two Irish legislation relating to the processing of Personal Data: The Data Protection Act 1988 (The Principle Act) and The Data Protection (Amendment) Act 2003. This document is The Company's policy in response to these requirements.
In order to carry out its business functions, Investanalitix must collect and process certain non-sensitive personal information. The Company takes the confidentiality of all such information particularly seriously and consequently takes all reasonable steps to comply with the principles of the Data Protection Acts. As such, it aims to collect personal information only in order to meet specific legitimate purposes, and to retain that information only for as long as those purposes remain valid.
Ordinarily, The Company will not pass personal information to any third party, except where required by law, statutory obligations or legitimate business purposes balanced against the rights and interests of the data subject. The Company is committed to ensuring that all employees, registered students, agents, contractors and data processors comply with the Data Protection Acts regarding: 1) The processing and confidentiality of any personal data held by The Company, and 2) The privacy rights of individuals under the legislation.
To comply with the law, Investanalitix will be guided by the following principles:
1. Obtain and process information fairly:
Data will be obtained and processed fairly and lawfully and only when certain conditions are met.
2. Keep data only for one or more specific, explicit and lawful purposes
Data will be obtained for specified, lawful and clearly stated purposes and processed accordingly.
3. Use and disclose only in ways compatible with these purposes
Data will be used and/or disclosed only for the specific purpose for which it was obtained.
4. Keep it safe and secure The Data must be kept safe and secure.
Adequate security structures will be applied to prevent unlawful or inadvertent processing, alteration or loss of the data.
5. Keep it accurate, complete and up-to-date The Data.
Every effort will be made to kept data accurate, complete and up-to-date.
6. Ensure it is adequate, relevant and not excessive
Data obtained will be adequate, relevant to the purpose and not excessive.
7. Retain for no longer than is necessary
Data will be kept only as long as it is necessary for the purpose or purposes for which it was obtained.
8. Give a copy of his/her personal data to that individual, upon request
The Data Subject, the person to whom the information relates, has a Right of Access. Data will be stored and maintained in such a manner as to be able to respond to a Subject's access request in a timely manner.