For over 50 years, we have provided Security Print to banking, government and SME clients.
Security, integrity and confidentiality have been core to our business and remain crucial.
This statement provides information about personal data collected by, or provided to, RW Pierce for the purpose of providing our business services.
Who we are?
RW Pierce operates in Ireland as:
RW Pierce (Ireland) Limited
K1, M7 Business Park,
Naas, Co Kildare
And, in the United Kingdom as:
RW Pierce (NI) Limited
17 Dargan Crescent
Belfast, Co Antrim
For the purposes of data protection legislation:
RW Pierce is a Data Controller, where:
- we collect/use personal data to comply with legal and taxation requirements.
- we engage RW Pierce Group Limited (of 17 Dargan Crescent, Belfast, Co Antrim, BT3 9RP) to provide finance & HR services.
RW Pierce is a Data Processor, where:
- we process personal data on behalf of 3rd Party Data Controllers.
- we provide specialist data processing, mail production & document hosting for banking, government and SME clients.
What information do we collect?
As a Data Controller – we collect/use personal data to comply with legal and taxation requirements, including:
- Business to Business trading (e.g. contact details & trading history).
- providing employment (e.g. personal identity & employment history).
As a Data Processor – we retain data processed (for a limited time):
- as evidence of accurate processing (i.e. our duty of care)
- to facilitate the respective Data Controller’s legal duty under GDPR.
How do we use personal information?
As a Data Controller, we use:
Personal data relating to trading for
- Provision goods and services
- Meeting legal obligations (e.g. prevention of fraud)
Personal data relating to employment for
- Meeting legal obligations (e.g. prevention of fraud)
As a Data Processor, we:
- Undertake specialist data processing, mail production & document hosting for banking, government and SME clients.
- Provide evidence of services provided
What legal basis do we have for processing your personal data?
As a Data Controller we have legal basis for processing your personal data through:
Trading, this includes:
- Contractual agreement to supply goods and services
- Preventing illegal activities (e.g. money laundering)
Employment, this includes:
- Contracts of employment
- Vital records (e.g. emergency contact details… etc)
- Legal obligation (e.g. taxation & vetting…etc)
As a Data Processor, we have legal basis for processing your data under:
- Our contracted obligations with Data Controller.
When do we share personal data?
As a Data Controller, we share:
- Personal data relating to trading, with Pierce-Group Limited, as part of outsourced finance services.
- Personal data relating to employment with Pierce-Group Limited, as part of outsourced HR services.
Personal Data is NOT disclosed to any other 3rd parties, except under statutory requirement.
As a Data Processor, we do NOT share:
- Personal data with any other 3rd parties, unless with the explicit instruction of the respective Data Controller.
Where do we store and process personal data?
All personal data is stored and processed within Ireland and Northern Ireland.
How do we secure personal data?
We operate physical, technology and human controls to secure data.
We manage these controls through our ISO27001 certified Information Security Management System.
Our Information Security Management System includes industry best practices to:
- protect data against accidental loss
- prevent unauthorised access, use, destruction or disclosure
- ensure business continuity and disaster recovery
- restrict access to personal information
- conduct privacy impact assessments
- train staff and contractors on data security
- manage third party risks, through use of contracts and security reviews
How long do we keep your personal data for?
As a Data Controller, we retain:
- Trading data, for up to 25 years – for purposes of fraud prevention.
- Employment data, for up to 50 years after end of employment – for legal protection.
As a Data Processor, we retain client data in accordance with each client’s contractual terms. By default:
- Our ‘standard’ data-processing terms involve 30 day retention – for purpose of investigating any reported errors.
- Our ‘Mailsync’ (Mailroom Management System) involve 1 year retention – for the purpose of providing GDPR traceability.
Your rights in relation to personal data
If your personal data is held or processed by RW Pierce, you have certain rights in relation to that data, which are outlined below. The scope of these rights may be subject to restrictions or exceptions provided for under data protection and other legislation.
You may exercise your rights by contacting our Acting Data Protection Officer by e-mail: firstname.lastname@example.org or by post (to either address, above)
You have the following rights:
- The right to access to a copy of personal information which we hold about you, as well as information about how it us used.
- The right to have inaccurate, incomplete or not up-to-date information rectified.
- The right to request restriction of the processing of your information in certain circumstances. Where this right is exercised, RW Pierce is still permitted to store your personal data, but other use of the data is prohibited, save in certain limited circumstances
- The right to to lodge a complaint with the Data Protection Commission (in Ireland) or Information Commissioner’s Office (in UK)
Please note that:
- We may require further information from you, before we can consider/respond to your request.
- Where we act as a Data Processor, we will direct your request to the respective Data Owner.
Our websites use cookie technology to facilitate the intended functionality of our website and Mailsync platforms. Further information is available on the ‘cookie information’ page on each platform.
Linking to other websites / third party content
Links to 3rd party external sites and resources from our website, are provided in good faith. These links do not necessarily constitute endorsement, and we cannot take any responsibility for the content (or information contained within) any linked website.