Part I

This is the Privacy Policy of RedZinc Services Ltd. of Guinness Enterprise Centre, Taylor’s Lane, Dublin D08 N9EX , Ireland. The purpose of this Privacy Policy is to ensure individuals and data subjects understand how we process their information. A data subject refers to any individual person who can be identified, directly or indirectly, via data. RedZinc Services Ltd. endeavours to comply with the General Data Protection Regulation (EU) 2016/679 and Data Protection Act 2018 of Ireland and data protection best practices. We process personal data provided to us by individuals, whether it be provided in person, through our website www.redzinc.net any mobile/app services or products such as BlueEye, any form, correspondence, telephone, email, or by any other means, or otherwise processed by us in relation to you, in the manner set out in this policy. By submitting your information to us, and or engaging with our products or services and or by using the website (www.redzinc.net) you consent to the use of your personal information as set out by this Privacy Policy. If you do not agree with the terms of this Privacy Policy please do not use the Website, our products or services or provide us with any personal information or personal data. RedZinc Services Ltd. acts as both a data controller and or a data processor under the circumstances which has an effect on how we process personal data. For example, if you were to contact us to buy a product or service, we would engage with you as a data controller to provide you with our products or services. However, if a third party were to use our services to process your personal data, we may be a data processor under the circumstances (with appropriate safeguards in place and a data processing agreement with the third party who acts as a data controller). These safeguards are described in Part II.

Information collected by us where we act as a data controller.

The information about you that we may collect, use and store (process) includes:

We do not process children’s personal data.

How we use your personal information where we act as a data controller

Note when we act as a data controller this does not include any data when we act as a data processor on the blueeye.video service. We may use your personal information for the purposes of:

  1. Addressing any enquiry requested by you.
  2. Entering into and or completing any sales commercial or business-related requests or transactions requested by you.
  3. Complying with any contractual obligations relating to any accountancy and or payroll agreement that you may enter into.
  4. Setting up, operating and managing any account or line of credit, if applicable.
  5. Setting up, operating and managing any marketing and or advertising services subject to your explicit consent (please see Marketing & Advertising below).
  6. Complying with our legal duties and responsibilities.
  7. Debt collection and the collection of outstanding monies.
  8. Providing, monitoring, reviewing and supporting our online presence via our website and social media (please see our Cookie Policy).
  9. Protecting our vital interests under the circumstances.
  10. Protecting our legitimate interests under the circumstances.

As a data controller, we obtain consent to process personal data by way of notification on our website that requires an explicit acceptance of this Privacy Policy and associated Cookie Policy to use the website. Consent for data processing purposes can also be obtained by way of a physical application form, credit form or other paperwork that refers to our privacy policy on this website and acceptance of same.

For example, anyone who may wish to purchase our products or services will have to fill out an order form of some description. As part of this form, there is a box for the person to tick to consent to the processing of their personal data in accordance with this Privacy Policy.

Data Retention when we act as a data controller

All data processed, where we act as a data controller will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once is it no longer necessary in accordance with our data retention policy. Our standard data retention period is seven years.

We have a reduced data retention period for specified documents that is internal to our company, e.g. the CVs of unsuccessful job applicants are held by the company for six months and are then deleted or destroyed in a secure manner.

Automated Decision Making

RedZinc Services Ltd. does not engage in any automated decision-making processes nor do we use any personal data as a basis for any such automated decisions.

Data Sharing & Transfers of Data when we act as a data controller

RedZinc Services Ltd. may outsource certain business activities (e.g. debt-collection, legal advice, back up services, IT support, etc.) to third parties. If we share personal data in our capacity as a data controller then we will have in place a proper data processing agreement with the data processor (e.g. lawyers, accountants, etc.). We may also have to disclose certain personal data in accordance with any legal obligation imposed on us. Any such disclosure would be in accordance with the law, e.g. disclosed on foot of a court order, child protection concerns, etc. Red Zinc Services Ltd. transfers personal data to the following locations:

1. Within the EU.

Some of our employees are based outside of Ireland but in the EU and work in their own premises, e.g. we have staff who work from home in Spain, UK, etc. We also outsource certain business activities to businesses within the EU, in our capacity as a data controller and or a data processor, depending on the circumstances. In any event, we use the Data Protection Commission’s One Stop Shop Mechanism that permits inter-EU data transfers and we have identified the Irish Data Protection Commission as the proper supervisory authority for all data protection matters.

2. Outside of the EU

In our capacity as a data controller, we may outsource certain business activities to businesses outside the EU and in particular to the United States. In such cases we ensure that GDPR protections still apply to all data by various mechanisms as identified under Chapter 5 of GDPR, including but not limited to, EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions. As such, your rights under GDPR are maintained and your personal data remains secure.

For example, if you give us your explicit consent, we may use Mailchimp to send you marketing emails but Mailchimp uses Standard Contractual Clauses and has an EU-US Privacy Shield Framework in place to ensure GDPR compliance. For Mailchip’s data protection practices please see their privacy policy available at www.mailchimp.com.

For more information about international transfers of data, the One Stop Shop Mechanism, EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions, please visit the Irish Data Protection Commission’s website at www.dataprotection.ie.

Data Processing Agreements when we act as a data controller

We have appropriate data processing agreements and or terms of business in place where we engage with a data processor our capacity as a data controller. We also have appropriate data processing agreements in place where we engage a data sub-processor in our capacity as a data processor on behalf of a data controller. For more information on appropriate data processing agreements, please visit the Data Protection Commission’s website at www.dataprotection.ie.

Marketing & Advertising when we act as a data controller

We do not use data when we act as a data processor for the purposes of marketing and advertising. Data used in our service BlueEye.video is not used for marketing and advertising. We may, from time-to-time, engage in marketing and or advertising campaigns, and we may use promotional emails, text messages and or phone calls to people who have consented to being contacted for marketing and advertising purposes. Subject to your explicit consent, we may use your personal information for the purpose of:

  1. Marketing and Advertising promotions.
  2. Providing you with information about our products and services.
  3. Carrying out any service user, membership or volunteer research, survey and analysis.
  4. Commercial activities, including brand or event awareness, participation and product or service launches.

At some interactions with us you may be asked to consent to your data being used for marketing purposes. In such cases, consent will require positive action on your part. For example, on an enquiry form you would have to tick a box stating that you consent to your data being processed for marketing and advertising purposes in according with this privacy policy in order to receive personalised targeted marketing emails, text messages and or phone calls. At times, we may host or organise events in which data subjects may interact with us faceto-face, e.g. at trade shows, talks, presentations, etc. In such cases, we may verbally ask if you consent to your data being processed for marking and advertising purposes subject to this policy. We may also announce that photographs may be taken for social medical purposes but please refer to the social media section below. We may use Mailchimp for our email marketing who are GDPR compliant by way of an EU-US Privacy Shield. Please note that if you do not consent to your email being used for marketing purposes then we do not contact you by email for marketing or advertising purposes and the privacy shield stated here is not applicable. For more information on Privacy Shield please see the Data Protection Commission’s website www.dataprotection.ie and Mailchimp at About Mailchimp EU swiss privacy shield and the GDPR. We are committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing processes; you will only ever have the option of ‘opting in’ if you’d like to be included. We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed. You are free to withdraw consent for any marketing matters at any time you want.

Social media when we act as a data controller

We do not use data when we act as a data processor for the purposes of social media. Data used in our service BlueEye.video is not used for social media. RedZinc Services Ltd. engages in a number of social media services and we strive to uphold privacy rights online. However, sometimes members of the public may post something objectionable and beyond our control to our social media pages/forums. In such cases, we will act to rectify any difficulties as soon as we are notified or become aware of the problem. We do not provide a continuous monitoring of social media sites/forums so there may be a slight delay from the initial post to when become aware of a problem.

We may hold marketing and fundraising events in which service users, clients, visitors, employees or members of the public may be present. Sometimes we may wish to take a photograph at such events to promote our brand or event on social media. In such cases, it is our policy for our photographer/social media handler to announce their presence and provide additional instructions and assistance. However, we do not have any control over private individuals or their personal social media accounts, as such we cannot stop or prevent private individuals from posting materials to their own personal social media accounts that others may find objectionable.

For information relating to social media usages, cookies or widgets, please see our Cookie Policy.

We welcome enquires and communications from clients and prospective clients through social media however users are bound by the privacy policy of the respective social media organisation (e.g. Facebook, LinkedIn, etc.). We cannot be held liable for any act or omission of the social media organisation nor can we ensure that any communication through social media is encrypted or secure in anyway.

Part II

Information collected by us where we act as a data processor:

In this case we act as a data processor related to the service on the blueeye.video website.

As a version of our product and services are specifically designed for, and used by, medical professionals for medical treatment or provision of medical advice or services to a patient, via online or real-time consultations, we process the video and audio of such consultations (with encryption methods in place) which may, depending on the circumstances, include all the special categories of personal data, that are processed on behalf of the data controller in the provision or medical assistance or aid. Likewise, another version of our product and services are specifically designed for, and used by, law enforcement professionals for the prevention of crime, prosecution of offences and related issues under the Law Enforcement Directive, by way of a ‘body camera’ that an authorised law enforcement officer may wear in the performance of their duties. As such, we may process video and audio of personal data relating to the prevention of crime, prosecution of offences and related issues under the Law Enforcement Directive via the authorised law enforcement officer’s body cam (with encryption methods in place).

Whilst we have an appropriate data processing agreement in place with each data controller, it is the responsibility of the data controller to comply with the principles of data protection, GDPR (EU) 2016/679, the Law Enforcement Directive and the Data Protections Act 2018 of Ireland, with particular regard to lawful, fair and transparent processing of personal data and informing data subjects of their lawful basis for processing data and the use of a data processor with appropriate safeguards in place.

Data Retention when we act as a data processor

All data processed, where we act as a data controller will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once is it no longer necessary in accordance with our data retention policy.

Data Sharing & Transfers of Data when we act as a data processor

If we share personal data in our capacity as a data processor, acting on behalf of a data controller, then we will put in place a proper data processing agreement between us as a data processor and the third party as a sub-processer, in order to protect the data controller / processor relationship we have in place with the data controller and to ensure ongoing compliance with GDPR (EU) 2016/679 and the Data Protection Act 2018 of Ireland. We may also have to disclose certain personal data to the data controller in order to ensure the data controller complies with a legal obligation (e.g. court order, child protection concerns, etc.).

In our capacity as data processor, we may outsource certain data sub-processing activities to businesses and or data sub-processors located outside the EU and in particular to the United States.

In such cases we ensure that GDPR protections still apply to all data by various mechanism as identified under Chapter 5 of GDPR, including but not limited to, EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions. As such, your rights under GDPR are maintained and your personal data remains secure.

For example, in order to provide our services to our clients, we use Amazon Infrastructure (AMS Global Cloud Infrastructure) which identifies the data controller (applicable sub-processor in this instance) as Amazon Web Services EMEA SARL, 38 Avenue John F. Kenney, L-18500, Luxembourg, which is the authorised representative of Amazon Webs Services, a subsidiary of Amazon.com Inc, that has an active Swiss-US and EU-US privacy shield with US Department of Commerce.

Any data protections issues relating to the privacy shield in place with Amazon Infrastructure (AMS Global Cloud Infrastructure) can be addressed to William Way, Associate General Counsel – Privacy, Amazon.com, Inc. 2010 Seventh Avenue, Seattle, Washington 98121 or privacyshield@amazon.com.

Data Processing Agreements when we act as a data processor

We have appropriate data processing agreements in place where we engage a data subprocessor in our capacity as a data processor on behalf of a data controller.

Part III

Information Storage

We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, where applicable, to include two step authentication, and, where applicable, any physical data records will be kept in an appropriately secure environment with physical locks and restricted access.

We have a general data retention policy that relates to the retention of relevant data for seven years but we identify specific categories of personal data that are retained for lesser periods. Personal data that is no longer required will be destroyed and or deleted in secure manner.

We do not record or process personal data that is not required or not necessary for any of our stated purposes.

For the avoidance of any doubt, we do not record or store any video or audio that is processed through our products or services.

Requesting your data

Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.

If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:

Data Protection
RedZinc Services Ltd.
Guinness Enterprise Centre
Taylor’s Lane
Dublin D08 N9EX
Ireland

Or by email to dataprotection@redzinc.net

In order to process your request, we may request that you send us a copy of your identification (passport, driver’s licence, etc.). The reason we ask for personal identification is to ensure that you are the correct person making the request for your personal data.

Unfortunately, verbal access requests cannot be entertained.

In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you notify us first of any issue so that we may help resolve it as quickly as possible.

Rectifying mistakes

You have the right to rectify any incorrect or inaccurate personal data at no cost to you. If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above address or email dataprotection@redzinc.net

Queries or complaints

If you have any queries or complaints regarding our Privacy Policy or any data protection matter, please let us know by writing to the above address or email dataprotection@redzinc.net Individuals have the right to refer any matter to the Data Protection Commission by contacting them at www.dataprotection.ie. or by writing to:

Data Protection Commission Office of the Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland

If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our website.

Any changes will become effective upon posting the revised Privacy Policy on our website. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, notice on the Website or any other agreed communications channels.