Privacy Statement regarding use of Your Personal Data by the European Recycling Platform (Ireland) – Effective from 14th May 2018
European Recycling Platform Ireland DAC (“we”, “us”, “our” or “ERP”) recycles waste electrical and electronic equipment waste. This privacy statement applies to any living individual where their personal data is contained on recycling of the waste electrical and electronic equipment (“Data-Containing Devices”) which are given to us for recycling, whether directly to us or where provided to us by third parties (“you” and “your”).
We do not wish to process your personal data and our preference is that you follow our recommendation and permanently erase all personal data from the Data-Containing Devices before we receive it from you, directly or indirectly.
Where you choose to leave personal data on the Data-Containing Device provided to us this privacy statement is one that we must provide to you in accordance with Irish data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as such laws may be updated from time to time, (“data protection laws”). As we do not know your identity, we cannot deliver this privacy statement to you, and section Article 14(5) of the GDPR allows us to comply with our obligations by making this privacy statement publically available.
ERP is a “controller”. This means that we are responsible for deciding how we hold and use personal data about you. It is important that you read this privacy statement so that you are aware of how and why we are using your personal data.
1. The personal data we collect and use about you
We only process personal data where you choose to provide us with that data via your Data-Containing Device. We would rather not receive any personal data about you. While our recycling operations are not designed to collect or process personal data as their primary function, we may incidentally collect personal data depending on what you choose to give us on Data-Containing Device. As a result, the personal data we collect will be whatever is contained on Data-Containing Devices.
2. How your personal data is collected and used by us
We collect personal data about you directly for rom you when you give us your Data-Containing Device, or we collect personal data about you indirectly when you give your Data-Containing Device to a local authority, retailer or other third party and we collect the Data-Containing Device from them. If someone else drops off a Data-Containing Device containing personal data about you to us or to a third party from which we collect Data-Containing Devices, we will collect that as well.
We collect Data-Containing Devices solely to process them for re-use (by approved and regulated re-use organisations), or for recycling by us and our contractors. Our day to day processes do not include accessing Data-Containing Devices or the personal data contained in them.
Please note that the personal data contained in a Data-Containing Device may include the processing of special categories of personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data containing a natural person’s sex life or sexual orientation.. We do not wish to process any of your special categories of personal data and our preference is that you follow our recommendation and permanently erase all personal data from the Data-Containing Devices before we receive it from you, directly or indirectly.
3. Why we process your personal data
The reasons why we process personal data may be one or more of the following reasons:
- for the performance of a recycling contract to which you are party;
- to comply with our legal obligations, including in respect of our waste recycling activities; and/or
- to pursue legitimate interests of our own or those of third parties, such as for the proper operation and administration of our recycling scheme.
In terms of any special categories of personal data we process because you leave it on your Data-Containing Device, our basis for processing this data is for reasons of a substantial public interest (namely the efficient operation of a waste electronic and electrical equipment recycling scheme), in accordance with Irish and EU laws.
4. Information about other people that you give me
We would rather not receive any personal data about other people from you. Where you ignore our recommendation and provide us with personal data relating to other people, you represent and warrant that you will only do so in accordance with applicable laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this privacy statement and the relevant terms and conditions, and where necessary you will obtain their consent to our use of their information. You will provide anyone that you provide us with personal data about with a copy of this privacy statement. We may notify those individuals that you have provided their details to us and provide them with a copy of this privacy statement (however we are under no obligation to do so).
5. Providing your personal data with others
The Data-Containing Device(s) which contain your personal information will be passed along our chain of recycling contractors in order to be recycled appropriately. These third parties are either legally required to take steps to protect or erase your personal data and /or or similarly bound by contracts with us to do so. These entities do not process on our behalf, but in their own right.
We will only ever deliver your personal data in Data-Containing Devices to third parties for the purposes of operating our recycling scheme. We will share your personal data with third parties where required by law or where we have a legitimate interest in doing so, such as where it is necessary to the proper operation and administration of our recycling scheme and compliance with our legal obligations.
6. Data security
ERP uses a variety of security technologies and operational procedures to help protect your personal information from unauthorised being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to ERP, its agents, contractors and other third parties which have a legitimate role to play in reusing or recycling Data-Containing Devices.
7. How long will we hold and use your personal data for?
We will hold some personal data about you for as long as the Data-Containing Device is held by us, prior to it either being:
- taken by an approved and permitted re-use organisation, in accordance with applicable legal requirements (including data erasure); or
- functionally destroyed and recycled into component parts at our contracted recycling facility.
Your personal data may also be lost if the Data-Containing Device containing it is degraded by conditions to the point that it no longer functions. We do not transport or store Data-Containing Devices in conditions which are appropriate to ensure the long-term viability of data storage.
8. Your rights in connection with the personal data we hold about you
Because our processing of personal data contained in Data-Containing Devices does not require the identification of data subjects, we are not required to either (a) maintain, acquire or process additional information in order to facilitate such identification; nor (b) grant rights of access, rectification, erasure, restriction of processing, or data portability to you. Due to the nature of our scheme and the volume of Data-Containing Devices which we process, it is in any event near-impossible to identify any specific individual from the data we hold even if you provide us with additional information.
9. Changes to this privacy statement
This privacy statement is introduced with effect from 14th May 2018. We reserve the right to change this privacy statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise).
Changes to this privacy statement shall be applicable on the effective date set out in the updated privacy statement. The latest version of this privacy statement will be available to view on the ERP internet site available at https://www.erp-recycling.org/ie/
10. How to contact us
If you have any queries or complaints regarding our use of your personal data or the contents of this privacy statement you may contact us by post at Chief Executive Officer, ERP Ireland, 11 James’s Terrace, Malahide, Co Dublin K36 CV08 or by email at firstname.lastname@example.org.
If you are still dissatisfied with how we have handled your complaint, you may contact the Data Commission’s Office and may lodge a complaint by emailing email@example.com or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois. You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details.