Data Protection Statement
This Data Protection Statement is effective as and from 25 May 2018
This statement describes how we process your personal information. Please take the time to read it carefully. You have a number of rights in relation to your information including the right to object to the processing of your personal information where that processing is carried out for our legitimate interests.
In this statement, we use the terms “we” and “our” to refer to Mazars.
1. Who we are and how to contact us.
Mazars is a professional services firm specialising in audit & assurance, tax, corporate finance, consultancy and outsourcing services. We are registered to carry on audit work and authorised to carry on investment business by the Institute of Chartered Accountants in Ireland. We are supervised by the Irish Auditing and Accounting Supervisory Authority (IAASA) and by Chartered Accountants Regulatory Board (CARB).
We have a Privacy Officer who is responsible for overseeing questions in relation to this data protection statement and our approach to privacy. If you have any questions about this data protection statement, including any request to exercise your professional rights, please contact the Privacy Officer using the details set out below:
Harcourt Centre, Block 3
2. The purpose and professional basis for processing your information.
We collect your information for a number of purposes and rely on a number of different professional bases to use your personal information.
a) To enter into and perform a contract with you
When we are engaged to carry out professional services it is necessary to collect personal information from you in order to seek and receive your instructions in relation to those professional services and to carry out those professional services.
b) To comply with our professional obligations
We are required to process your personal information to comply with certain professional obligations to which we are subject, including:
• Providing information to An Garda Siochana, the Revenue Commissioners and other enforcement agencies under various pieces of legislation which apply to us.
• To verify your personal information provided to us and to meet our professional and compliance obligations, including detecting and preventing money laundering, tax avoidance and financing of terrorism.
c) For our legitimate business interests
Where we process your information for our legitimate interests, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms.
We may use your personal information to manage our everyday business needs including accounting, internal reporting needs, market research, to progress and respond to professional queries, to ensure appropriate IT security and to prevent fraud, in our legitimate interest. Our legitimate interest is the effective management of our business.
We may use your personal information to update you on professional developments, firm developments or to invite you to events that we feel may interest you in our legitimate interest. Our legitimate interest is to connect with our clients and to update our clients on services which we provide.
d) For the establishment, exercise or defence of legal claims
We sometimes process your personal information, including sensitive personal information, such as information concerning health, trade union membership and criminal convictions/offences where it is necessary for the establishment, exercise or defence of legal claims.
We will, in certain circumstances, rely on your explicit consent to process your personal data, including, sensitive personal data. This consent can be withdrawn at any time by using the contact details of the Privacy Officer set out above.
3. Consequences of failing to provide information
Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide that data when requested we may not be able to perform the contract we have or are trying to enter in to with you. For example, we may require certain information from you in order to fulfil our requirements under both Irish and European Anti-Money Laundering Legislation before carrying out certain professional services. As such we may not be able to carry out those professional services absent that information but we will notify you of this at the time if this is the case.
4. Categories of Data Subjects
Personal data we process for our own purpose and on your behalf may include but may not be limited to your client and prospect data, your staff data, your contractor data, your supplier data and data of children. Categories of data subjects will, where we act as the data processor, be determined by you and as contemplated by our engagement terms and provision of our professional services.
5. Types of Information we collect and some examples of how we use it
We may collect, use, store and transfer different kinds of personal information about you as follows and use it for a variety of different purposes and across various professional services we provide to you
Example of how we use it
Address, email address, telephone numbers
Name, date of birth, PPSN, marital status, nationality, driving licence, passport
Occupation and income details such as employer name, employment status, your salary, other incomes & benefits, expenses.
Information concerning marital and family status.
Bank Account Statements
Creditors & Suppliers Listings
Interactions with our staff and partners
Information on your trade union membership, health insurance membership, criminal offences/convictions
Images from CCTV camera in an around the Mazars premises
We use this information to perform our professional services as instructed, to send you marketing information about events, updates and services and to respond to your queries.
We use this information to perform our professional services as instructed and to verify your identify and to comply with our obligations under anti-money laundering legislation
We use this information to perform our professional services as instructed and for future employment with the firm where applicable.
We use this information to perform our professional services as instructed
We use this information to keep a record of your interactions with us, to monitor and train our staff or to provide you with professional services.
We use this information to provide our professional services as instructed or for the establishment, exercise or defence of legal claims where applicable
We use these images for security purposes
6. Your information and Third Party Service Providers
Third Party Service Providers: We may share your personal information with or provide access to your personal data to third-party service providers that perform services and functions at our direction and on our behalf such as lawyers, IT service providers, printers, shredding companies, marketing companies who carry out marketing campaigns on our behalf and providers of security and administrative services.
An Garda Síochána, government bodies, or other government officials: we may share your personal information with an Gardaí, or other government bodies or agencies including but not limited to the Revenue Commissioners, where required to do so by law.
Regulatory Authorities: we may share your personal information with our supervisory bodies IAASA, CARB, Irish Tax Institute, Other Regulatory Authorities, where required to do so by law.
Third Parties: We may provide your information to third parties to facilitate your instructions to us, such as lawyers, parties to any professional claim, parties with whom you have a professional issue or complaint and third parties who you instruct us to communicate with on your behalf.
Mazars Group: We may share your information with other Mazars group or Praxity firms in the performance of our professional services as instructed.
7. Duration of Processing
We will process personal data on your behalf for so long as you instruct us to do so. At the cessation of our processing activities on your behalf it is your choice as to what happens to the personal data you have provided to us. We will work with you to carry out your reasonable instructions unless we are required to retain it to comply with legal obligations.
Personal data we collect for our own purposes will be managed in accordance with our Data Retention Policy which reflects current legal obligations.
8. Use of sub-processors
As part of our service delivery, it is necessary for us to use sub-processors.
Our IT support is provided by parties external to Mazars. Some solutions we utilise are cloud-based and our need to rely on those systems varies depending on the services we deliver to you.
All sub-processors are bound by Mazars to provide at least the same level of protection for your data as we do.
9. Data Transfers
Mazar and our subsidiaries and affiliated companies utilise a number of suppliers to provide us with IT and other associated services for the delivery of our business and services to you. In many cases, the suppliers we use will be granted access to the data we are processing in order to provide us with technical assistance. Such processing activities are not directly related to our principal services to you and are considered ancillary to our own internal activities.
As an International firm, our people need to be able to work from anywhere in the world using our IT services. Data may be stored on Mazars encrypted devices and transported with individuals as necessary for the delivery of our services in accordance with the terms and conditions we have agreed with you. We have put in place appropriate technical measures to ensure data remain secure irrespective of where our people deliver our services.
We may process your personal data through any of our other Group member firms worldwide. In the event, this is necessary we will ensure appropriate controls exist in the form of EU standard contractual clauses to protect your data and data subject rights and freedoms.
10. Transfers outside the European Economic Area
We may transfer your personal data outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection and in such circumstances, we take specific steps, in accordance with data protection law to protect your personal information. In particular, for transfers of personal data, outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protection approved by the European Commission or the applicable safeguards under data protection law.
11. Data Security
Mazars has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information. Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, sub-processors and suppliers.
We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us and through our website are protected using encryption technologies to ensure they remain secure.
Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.
12. Your Rights
You have several rights under data protection law in relation to how we use your personal information. You have the right free of charge to;
Request a copy of the personal information we hold about you.
Rectify any inaccurate personal data we hold about you.
Erase personal information we hold about you.
Restrict processing of your personal information.
Object our use of your personal information for our legitimate interests.
Receive your personal information in a structured commonly used and machine readable format.
To have that data transmitted to another data controller.
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details contained in this form. We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further period of two months and we will explain why.
You also have the right to lodge a complaint to the Office of the Data Protection Commission, Canal House, Station Road, Portarlington, co. Laois – email@example.com
13. Contacting you
Fromm time to time we may use the contact details you and your representatives have provided to us to send invitations, marketing materials, updates and other publications and information about our services which we feel may be of interest to you. Should any individual not wish to receive such communications please contact the Privacy Officer at the details set out at 1 above.
Targeted emails from us may include additional data privacy information as required by applicable privacy laws.
14. Changes & Updates to this Statement
We recommend you check this statement on a regular basis to ensure you remain in agreement with the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.
For any enquiries, please contact: