Privacy Notice

 

1. Introduction
This Privacy Notice aims to provide you (the data subject) with information about the processing of your personal data by the Pyrite Resolution Board (PRB). In order to apply, participate and for the PRB to deliver its services effectively, it will be necessary for the PRB to process some of your personal data. This is information that is capable of being used to identify you as an individual, for example, your address or telephone number.

2. Who we are
The Pyrite Resolution Board was established to procure the remediation of dwellings with damage caused by pyritic heave of hardcore under floor slabs. This remediation is delivered through the Pyrite Remediation Scheme.

We are a Data Controller as we have the responsibility for deciding how and why your personal data will be used under the applicable EU data protection laws.

Our website gives a brief overview of the Pyrite Remediation Scheme. The full details and terms and conditions are contained in the Pyrite Remediation Scheme document which can be found on our website https://www.pyriteboard.ie
 
3. Our Lawful basis
As Controller, we need a lawful basis for processing your personal data. As a state agency, we rely on Public Task under Section 9 (1) (a) of the Pyrite Resolution Act 2013.
 
4. Details of the processing we undertake
We collect personal data about you from forms that you may complete or by interactions you have with us in relation to the Pyrite Resolution Scheme we operate. Some personal data is also collected when you visit our website (https://www.pyriteboard.ie) which provides information on the Scheme and about the Board.

The PRB may gather personal data necessary for the functioning of the Scheme from you directly but also from your interaction with our Data Processor, the Housing Agency who, subject to the direction of the PRB, implement the programme and remediate dwellings included in the Scheme.

As part of your application to and participation within the Scheme, your personal data that is held by the PRB may be shared with building contractors, consultant engineers and other agents acting on our behalf under contract in delivering the remediation services. Only the minimum personal data necessary will be shared.

Our activities as a state agency are subject to scrutiny and therefore your data may also be part of an audit by internal and external auditors. Statistical data about the Scheme may be shared with the Department of Housing, Local Government and Heritage.  Where requested, we may share data with elected representatives where they are acting on your behalf.

In delivering the Scheme the PRB or the Housing Agency may engage the services of data processors, such as specialist IT companies, but only under contract where they are obliged also to take appropriate care of your data.

Personal data provided for the purposes of participating in the Scheme is stored and processed on a database hosted in the Republic of Ireland. Email and backup data is hosted on backup servers within the European Economic Area (EEA).
 
5. Summary of personal data we process and why
The PRB, for the delivery of the Scheme, gathers and processes the following types of personal data.

Personal Data Category

Purpose

How long do we need this data for?

Identification data

This data is used to identify you within our database

For successful applications, we retain data for the duration of your participation in the Scheme and 12 years thereafter.
 
Data in relation to unsuccessful applications is retained for 1 year and 28 days.
 
Financial records and expenses data are retained for 6 years + year of service.
 

Contact data

This data is used to send communications to you about your participation in the Scheme

Location data

This data is collected to correctly locate and identify a property

Expenses data

Where legitimate expenses have been incurred, these details and the details of the service/goods provider may also be processed.

Financial/banking data

This data is used to pay allowable expenses and other such data may be required for assessing your application

Cookie data

Cookies are used to provide functionality on the PRB website

Please see the Cookies Policy for more details.


6. Security measures and storage of personal data
The transmission of information via the Internet is never 100% secure, however, we have taken appropriate information security measures we believe will safeguard any information you submit to us.

We will store your personal data only for as long as necessary for the purposes of providing access to our site and related services to you; as required by law, and for the exercise or defence of legal claims.
 
7. Your data protection rights
Under data protection law, you have many rights in relation to your personal data and how other people use it. Below we have listed these rights, but you may find out more about your data subject rights by visiting www.dataprotection.ie.

  • Access: you have the right to know what personal data belonging to you we process and obtain a copy of any or all of that data, including the purpose for processing, the categories of personal data we process, any recipients of your data, and the rules for determining how long we will retain it. This is known as a Subject Access Request;

  • To be Informed: The right to be provided with concise, intelligible, easily accessible, and free of charge information about the processing activity;

  • Rectification: you have the right to request the correction of any inaccurate personal data held by us;

  • Erasure: you have the right to request that we erase personal data that is no longer required for legal, regulatory or justified operational record-keeping purposes;

  • Restrict processing: you have the right to request that we restrict processing where the accuracy of the personal data is contested, the processing is unlawful, or where the personal data and/or evidence of its processing is required by you to establish, exercise or defend legal claims;

  • Data portability: you have the right to receive your personal data in a common, machine-readable format (where you have provided it initially in this format), to facilitate its transfer by you to another controller, where technically feasible and subject to specified conditions;

  • Object to processing: you have the right to object to the processing of your data where the legal basis of the processing is carried out in the public interest or the exercise of official authority;

  • Challenge automated decision making: you have the right not to be subject to a decision based solely on automated processing (including profiling).

8. Data Subject Rights
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to the processing of your personal data, as well as the right to data portability. You may request to exercise any of these rights by contacting the PRB Data Protection Officer (DPO). The contact details of which are provided in Section 9.

Where you are submitting a Subject Access Request, we would ask that you attach a Subject Access Request form linked below in PDF and Word format.

Subject Access Request Form

In order to assist you with requests, we may request proof of identification to verify your identity. Any identification collected by the PRB during this process will be immediately destroyed upon verification of identity.

Once your identity is verified, we will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests submitted. We will inform you of any such extension within one month of receipt of your request. We have the right to refuse your request for the reasons set out above, or if it is manifestly unfounded or excessive.

9. Data Protection Officer (DPO)
If you have any queries or concerns about how we process your data, or if you wish to exercise any of your rights, please contact our Data Protection Officer (DPO) who has been appointed to help ensure your rights are upheld. It is easiest to contact our DPO by email but you can also contact them by telephone or post using the details listed below.

PRB Data Protection Officer

Email

dpo@pyriteboard.ie

Post

Data Protection Officer
Pyrite Resolution Board,
53 Mount Street Upper,
Dublin 2, D02 KT73

Telephone

+353 (0)51 833 958


10. Lodging a complaint with the Data Protection Commissioner
If you believe the Pyrite Resolution Board has processed your data incorrectly, we would encourage you to contact us in the first instance so that we may remedy this issue for you. However, you are also entitled  to submit a complaint to, the Data Protection Commission (DPC). Further information on data protection and how to contact the DPC are available at www.dataprotection.ie.

Data Protection Commission

Website

www.dataprotection.ie

Email

info@dataprotection.ie

Post

21 Fitzwilliam Square
Dublin 2
D02 RD28


11. Change to this Privacy Notice
We reserve the right to change this Privacy Notice from time to time at our discretion. If we make any changes, we will post those changes here and update the ‘Last Updated’ date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice, we will notify you by means of a prominent notice on our site prior to the change becoming effective.
 
Please review this Privacy Notice periodically for updates.
Last Updated: 10/09/2024