ecat auditing tool app

Privacy Policy

ECAT Privacy Policy

Updated: 5th August 2022

This privacy policy for ECAT Limited, trading as ECAT, describes the:

  • types of information we collect and how we use the data;
  • steps we take to make sure your data is secure and handled appropriately; and
  • rights you have to your data and how you can manage the data we handle.

In summary:

  • If we do process personal data (e.g. name, email address, phone, IP address, data in your cv), we make sure such processing is in accordance with the General Data Protection Regulation (EU-GDPR), Ireland’s Data Protection Acts 1998-2018, UK Data Protection Act 2018 (UK-GDPR), ePrivacy, and any other applicable regulations.  Processing means doing anything to your personal data.  This can refer to collecting, manipulating, storing, disclosing, or erasing data, among other actions.  We may process anonymised information about how you use our website or interact with our services and use it to help us improve our services. The information we collect may be anonymised and combined with other information about the use of our services.  More about collection and processing here.
  • If we collaborate with third parties and/or make international data transfers (e.g. to data hosting, cloud service applications, our clients), we will review, and to the extent possible confirm, compliance with the EU-GDPR, UK-GDPR and other applicable regulations, including their recognition, if needed, by the EU or UK as having an adequate level of data protection. This includes having appropriate Data Processing Agreements (DPAs), International Data Transfer Agreements (ITDAs) and Standard Contractual Clauses (SCCs) in place as needed.  If we do share your personal data with third parties, we ensure that it is lawful (e.g. through your consent, contract, or based on legitimate interests). More about collaboration with third parties and international transfers here.
  • We use Cookies. This helps us run our website and apps, evaluate site technical performance and working conditions, manage communications with you and provide our services if you work with us.  More about Cookies here and our Cookie consent manager here.
  • To support our commitment to best practice with regard to information and privacy security management, please see the Information Security Policy Statementwhich is based on the requirements of ISO 27001:2013, Clause 5.2; and provides our framework for the management of all organizational data, including personally identifiable information (PII), throughout our organization.

  • You have rights. You can make requests for restriction, erasure, or rectification as well as others. Please contact us at privacy@ecat-group.com.  Also, you can lodge a complaint with a supervisory authority, an independent public authority established by an EU Member State or the UK goverment, if you feel we have not handled your personal data properly. Our supervisory authority is the Data Protection Commission in Ireland, www.dataprotection.ie and the Information Commissioner’s Office in the UK, www.ico.org.uk.  More about your rights here.

For those that have enquired about working with us:

If you contact ECAT about potential employment or for working on a project as a consultant, we will reach out to confirm your permission to retain and process your details.  Your details will always be handled in accordance with privacy regulations.  More about personal details handling here.

For customers working with us:

Our Terms of Service with customers states that you are responsible for keeping your information that is not in the public domain strictly confidential in accordance to GDPR and other applicable regulations; and not publishing or disclosing all or any part of the information to any of its officers or employees who do not have a direct need to be party to the information.  You can review ECAT Online Service Terms here.

  • At ECAT, upholding your rights is important to us. We have written our Privacy Policy to be clear, comprehensive and in plain language. We are committed to protecting your personal information and being open and transparent about how we store and use your data.  ECAT is a versatile and simple to use audit management software. With offices in Ireland, our team has created audit automation to revolutionise your audits, give you better insights into your processes, increase your compliance and improve your business.

  • In this privacy policy, “ECAT”, “we”, “us” and “our” refer to ECAT Limited, trading as ECAT, a company registered in Ireland, No. 512674, with its registered office at ECAT House, Rathcool, Ratoath, Co. Meath, Ireland.

  • We are committed to safeguarding the privacy and personal data of our website visitors, candidates, clients, partners, associates and others. Our privacy programme is governed, in part, by the rules of General Data Protection Regulation (EU-GDPR) and the Data Protection Act of 2018 (UK-GDPR).  We recognise other jurisdictions’ decisions and interpretations, and our programme reflects those requirements if we operate in those areas.  This privacy policy outlines how we collect, manage, use and protect your personal information.

  • “Personal data” that we process means any information that relates to a living, identifiable person, including but limited to names, physical and email addresses, internet identifiers, phone numbers, and other information relating to that person, and either individually or combined can be used to identify that person.

  • “Process” or “Processing” in the context of this policy mean the activities we perform on personal data, such as collection, computing, storage and disposal.

  • This policy applies when we are a data controller, or as a co-controller, or as a processor, as defined in the GDPR, with respect to the personal data of our website visitors, candidates, clients, partners, associates and others. As a data controller, we determine the purpose and means of personal data processing; as a data co-controller we share the determination of the purpose and means of personal data processing with another controller. As a software as a service, we are a processor for data controllers. In our activities as a data processor, we handle personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing.

  • Our personal data processing is consistent with the principles outlined in the EU-GDPR and UK-GDPR:

  • We process personal data lawfully, in a way that you would reasonably expect, and we are open and clear about our personal data processing practices;
  • We will only collect and process personal data that we need to and when it is necessary for processing that is required by our websites, apps and services;
  • We will only collect and process personal data that is optional, such as marketing, after we receive your informed, freely given consent enabled by privacy controls on our websites, apps and services; you can opt out at any time after providing consent;
  • When we do, we will be clear about why and how we are doing so, and for how long we will retain the personal data;
  • We will take steps to ensure the personal data is accurate and provide means to correct inaccuracies; and
  • We implement appropriate, common, technical and organisational controls to safeguard personal data for integrity and confidentiality.
  • Here we describe:

  1. the general categories of personal data that we may process;
  2. the source and specific categories of that data, in case we did not obtain it directly from you;
  3. the purposes for which we may process personal data; and
  4. the legal reasons (known as lawful bases) for processing personal data.

  • We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. This includes:

  1. Direct Interactions: We process personal data you provide directly tous through our website, apps and services. This could happen when you:
  • correspond with us or make an enquiry such as a request for information from our team regarding our products and services;
  • support our work by contributing to our blogs and/or social media postings;
  • visit any of our premises which may employ CCTV surveillance (images on film) for security and safety purposes;
  • participate in any of our events or projects, including opting in (by providing consent) to be filmed, photographed, or recorded during an event or project;
  • enquire about prospective or desired employment;
  • apply for a job or to volunteer as an intern;
  • verify your identity;
  • opt into communications and/ormarketing services (by providing consent); or
  • contact us or become involved with us in any other way not listed above.

We process this information to provide the service or information you have requested. Our lawful basis for processing is legitimate interests (unless it is consent as noted above).

  1. Usage Data: We may process data about your use of our website and services. The usage data may include:

  • IP address;
  • geographical location;
  • browser type and version;
  • operating system;
  • referral source;
  • length of visit;
  • page views;
  • website navigation paths; or
  • information about the timing, frequency and pattern of your service use.

The source of the usage data is our website. We process this information for monitoring and security purposes, and to improve our website and services. Our lawful basis for security-related processing is legitimate interests.  Our lawful basis for the purpose of improving our website and services is consent.

  1. Account and Profile Data: When you provide personal details, such as a cv, or set up a client record with ECAT, we need to store some information to preserve your details. This includes:

  • name;
  • address;
  • telephone number;
  • email address;
  • employment or candidate information

We use account and profile data to:

  • operate our website;
  • provide our services, products or information you have requested;
  • providing you information about our activities and services;
  • keep you updated of our activities, projects and events;
  • respond to your enquiries and complaints;
  • sending you confirmation of your enquiries or submissions;
  • process job applications
  • ensure the security of our website and services;
  • maintain back-ups of our databases; or
  • generally, communicate with you.

Depending upon the nature of the processing, the lawful basis for this processing is either our:

  • legitimate interests (namely the proper administration of our service and business); or
  • contract performance.

  1. Special Category Data: We may request and, if received with your consent or by contract or legal requirement, process information relating to your:

  • health information.

The special category data may be processed for the purpose of providing you with the necessary support and assistance during pre-application or candidate submission processing, job acceptance or post acceptance activities. Before collecting any special category data about you, we will make it clear what information we are collecting and why we need it.  You may provide us with health information to process a request, such as leave request or medical insurance processing. The lawful basis for this processing is either consent or contract performance.

  1. Children’s Data: We do not actively collect information from children (under 18s). We follow the Council of Europe’s Strategy for the Rights of the Child and comply with the UK Children’s Code. Where required, we will always ask for consent from a parent or guardian to collect information about children under the age of majority or age described in regulations in a jurisdiction where data is being sought. Our services and products are not knowingly directed at, nor do we knowingly collect any information from persons under the age of thirteen (13). If you are under 13 years old, please do not use this website or its applications. If you learn that your child has provided us with personal data without your consent, please contact us at privacy@ecat-group.com.

  • Additionally, we may process any of your personal data identified in this policy where necessary for:

  • the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The lawful basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights or the legal rights of others; or
  • the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional The lawful basis for this processing is our legitimate interests, namely the proper protection of our business against risks;
  • compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  • We will not sell your details to any third parties, but we may sometimes receive details from our trusted service providers who are authorised to act on our behalf and partner organisations who work on our behalf, or whom we work with in partnership to deliver our services.

  • We may also use companies to deliver services and process your data on our behalf, including the delivery of postal mail, sending emails and text messages, processing payment or bank details, details for pension contribution purposes, and analysing data trends anonymously to assist us in offering better services.

  • We may disclose your personal data to contracted third party data processors, acting on our instruction under contract and under the same purposes, and on the lawful bases, set out in this privacy policy.

  • Financial transactions relating to our services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, if any, and dealing with complaints and queries relating to such transactions and protecting us from fraudulent transactions.

  • We do not participate in programmes offered by, nor disclose personal data to, third-party suppliers of goods and services for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services. If we enter into such programmes, we will update this policy and not include you unless you provide consent to opt into marketing and communications from those third parties. Each such third party would act as a data controller in relation to the personal data that we supply to it; and upon contacting you, each such third party would supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data.

  • We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person (for example to government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant and lawful request in writing). We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
  • ECAT is an Irish company, operating and processing data in Ireland from sources in the EU/EEA countries, UK and select other countries.

  • ECAT may work with trusted contractors or suppliers who are authorised to act on our behalf and partner organisations who work on our behalf, to fulfil various requirements. We also may collaborate with parties and partners in other countries. Service agreements with these parties also employ IDTAs, SCCs and TOMs as required.

  • We perform international data transfers in compliance with the EU and UK rules for those transfers, including technical and organisational safeguards for the protection of personal data.

  • We rely on the European Commission’s and UK ICO’s recognition that some countries outside the EU and UK, respectively, offer an adequate level of data protection (an adequacy decision). For the USA, we rely on the March 2022 Trans-Atlantic Data Privacy Framework between the EU and USA, where Privacy Shield principles apply.

  • For the other countries not covered by the EU and UK adequacy decisions, we employ additional safeguards to protect international data transfers, including the use of ITDAs, SCCs and TOMs, for data transfers to data controllers or (sub-)processors.

  • You may request more information about the safeguards that we have in place for the transfer of personal data by contacting us at our support team at ECAT by emailing privacy@ecat-group.com.
  • We keep personal data that we process for any purpose or purposes for the least amount of time that is necessary. For example, we will keep a record of client details for a period of up to seven years after the close of the contact for financial reporting purposes; your professional details for at least as long as you remain a candidate for an active job search or project, unless you withdraw your candidacy; personal details for marketing for no more than one year, unless you opt to extend the marketing consent.

  • In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the maximum period of retention based on our legitimate needs to retain

  • Additionally, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural

  • Where possible, we may keep your records up to date using publicly available, professionally accessible, or by-invitation sources. For example, we may use LinkedIn, Facebook, and other social networks’ tools as well as personal invite features. Also, we process changes to your details when you provide them to us. We do not mass-harvest information (also known as scraping) from those sources.

We delete your personal data at the end of a retention period, or earlier if we can. For example, if you request data be deleted and removal from marketing, we will do so before our stated retention period; but if you request professional data to be removed before the end of our legal obligation to our customer where you work, then we may not be able to do so.
  • Your principal rights under the GDPR are the:

    1. right to access;
    2. right to rectification;
    3. right to erasure;
    4. right to restrict processing;
    5. right to object to processing;
    6. right to data portability; and
    7. right to complain to a supervisory authority.

    • You have the right to confirmation as to whether we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

    • You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you

    • In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal

    • In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

    • You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the lawful basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

    • You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

    • You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

    • To the extent that the legal basis for our processing of your personal data is:

    • consent; or
    • that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and

    such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

    • If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged

    • To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the

    • We may withhold personal information that you request to the extent permitted by law.

    • We may withhold personal information that you request if the requests are deemed vexatious, manifestly unfounded, excessive or repetitive.

    • You may instruct us at any time not to process your personal information for marketing purposes.

    • You may exercise any of your rights in relation to your personal data by written notice to us by contacting our support team at ECAT by emailing privacy@ecat-group.com.
    • What is a cookie:

    Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.

    Cookies are useful because they allow a website to recognise a user’s device, preferences and generally help to improve your online experience.

    Cookies may either be “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

    Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

    Please be aware that some areas of our website may not function if your web browser does not accept certain cookies.

    You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu.

    • We use cookies for the following purposes and periods of time:

    Strictly Necessary: These are always present
    Cookie NameLifespanOwner and Purpose
    consent_obj30 daysecat-group.com

    This cookie is used to remember a website visitor’s consent to cookie types.
       
     
    Statistics: These are not set until you provide consent
    _ga2 years.ecat-group.com

    Tracks user behaviour on website.
    _gat_gtag_UA_x8 minutes.ecat-group.com

    Tracks user visits on website.
    _gidsession.ecat-group.com

    Identifies website users by assigning a random number.

    Marketing: These are not set until you provide consent
    AnalyticsSyncHistory29 days.linkedin.com

    Used in connection with data-synchronization with third-party analysis service.
    UserMatchHistory29 days.linkedin.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor.
    bcookie2 years.linkedin.com To enable LinkedIn functionalities on the page.
    bscookie2 years.linkedin.com Tracking the use of embedded services.
    li_sugr2 months.linkedin.com Used to make a probabilistic match of a user.
    lidcsession.linkedin.com Tracking the use of embedded services.
    langsession.linkedin.com Used to store the language preferences of a user.
    langsession.ads.linkedin.com Used to store the language preferences of a user.
    U2 months.adsymptotic.com Browser Identifier for users outside the Designated Countries.
     

    • Managing your cookies:

    By using our website, you agree that we can place the strictly necessary cookies on your device. If you want to restrict or block any of the third-party cookies that we do not control, you should do this through the web browser settings for each browser you use, and on each device you use to access the internet.

    You can manage your cookie consent settings here: Manage Consent

    For cookies we can’t control, here are links to managing those cookies for common browsers:

    1. Chrome: https://support.google.com/chrome/answer/95647?hl=en
    2. Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
    3. Opera: http://www.opera.com/help/tutorials/security/cookies/
    4. Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage- cookies
    5. Safari: https://support.apple.com/kb/PH21411
    6. Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

    • If you block all or some cookies, you will not be able to use all the features on our website, some functions may not operate as intended, and may not be able to provide details to register your interest for a job or other career services.
    • We may update this policy from time to time by publishing a new version on our

    • We may notify you of changes to this policy by email or through the private messaging system on our website, apps or services.

    See for yourself

    Find out how you can save up to 60% in review time, increase operational efficiency by up to 30%, cut costs, improve compliance, strengthen operations and gain a competitive edge.

    Contact Us
    Free demo
    Privacy Policy | Manage Consent | Information Security