1. Who We Are

 

Rockfort Recruitment Limited

Registered address: 60 Lady’s Cross, Clonakilty, Co. Cork, Ireland

 

You can contact us by post at the above address or by email at:

dave@rockfortrecruitment.com

 

Our data protection representative may be contacted at:

info@rockfortrecruitment.com

 

 

2. Why We Process Your Data, Lawful Bases, and Who We Share It With

 

1. Website Users and Candidates Applying via Our Website

 

For people who view and interact with our website, and for candidates who apply for roles advertised on our website, we process personal data:

• To respond to queries submitted via our “contact us” form
• To receive, review, and assess applications for roles advertised on our website
• To communicate with candidates in relation to their applications and potential opportunities

 

Legal basis:

Processing is carried out on the basis of our legitimate interests in operating our recruitment business and managing recruitment processes, having carried out a balancing assessment to ensure that such interests are not overridden by the rights and freedoms of the data subject. Where applicable, processing may also be necessary to take steps at the request of the data subject prior to entering into a contract.

 

Retention:

We retain this data for 24 months unless a contractual or other relationship is entered into, in which case the data will be retained for the relevant statutory or contractual period.

 

 

1. Job Applicants, Employees and Contractors

 

We process personal data to recruit employees and contractors, assess suitability for roles, and administer employment and contractual relationships.

 

Legal basis:

Processing is necessary for legitimate interests and/or for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.

 

Retention:

Data is retained for 24 months unless a contractual or statutory retention period applies.

 

 

3. Transfers of Data Outside the European Economic Area

 

We may transfer personal data to cloud-based service providers (including Microsoft 365) which may be hosted or accessed outside the European Economic Area. Where personal data is transferred outside the EEA, appropriate safeguards are in place in accordance with applicable data protection law, including the use of standard contractual clauses approved by the European Commission.

 

 

4. Data Retention and Deletion

 

We retain personal data only as long as necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. Upon termination of a client relationship, personal data processed on behalf of that client will be deleted or returned unless retention is required by law.

 

 

5. Personal Data Breaches

 

We implement appropriate technical and organisational security measures to protect personal data. Where we process personal data on behalf of a client, we will notify that client without undue delay, and in any event within seventy-two (72) hours, of becoming aware of a personal data breach involving that client’s personal data.

 

 

6. Your Rights

 

You have rights of access, rectification, erasure, restriction, objection, and data portability under the GDPR, subject to certain conditions and exemptions.

 

To exercise your rights, please contact us using the details above. You also have the right to lodge a complaint with the Irish Data Protection Commission.

 

 

7. Automated Decision-Making and Profiling

 

We do not use automated decision-making or profiling.