Privacy Policy

We know that protecting your privacy and confidentiality of data entrusted to us  is our goal and objective . We take our duty to ensure that your data remains confidential very seriously, and we comply with the applicable provisions governing data protection law. In every undertaking we follow the rule of Confidentiality First. We use suitable technology to to safeguard your data.

  • We promise: Ensuring your privacy and protecting your data is key to our business – it is what we do
  • Your Security: Your data is key to your business – we will protect it like it was our own – it is what the core of our business is
  • No Spam: We only send information that is relevant to you and your business
  • Only What is Needed: We only process the data that is required – no excess
  • It’s Gone when it is No Longer Needed: We securely remove all personal data when it is no longer needed
  • No Surprises: We will be open and clear about all we do with your personal data

About us

DMZ IT is a cyber security consultancy, we protect your information, prevent incidents to occur, detect any attempts to compromise customer data, and respond to security incidents ensuring recovery.

Our office is in Dublin:
The Chase, 1st floor,
Carmanhall Rd,
Sandyford Business Park,
Sandyford, Dublin, D18 Y3X2

Ireland

You can reach us at phone: +353 1  536 3237, e-mail: info@dmzit.com or via our contact page.

What data do we collect, why and how

During course of our business operations and in operating the company we process personal data of clients, their customers, visitors to this website, attendees at events, suppliers, career seekers and our employees.

Sometimes we may collect data automatically (for e.g. when visiting this website):

  • The dates, times and frequency with of access the internet/online services using Company devices or through the Company systems. This can include details of online searches, websites visited and content viewed.
  • Communications which pass through the Company systems. These can be on/from Company devices or personal devices using Company systems.  These include emails are send and receive from and to Company email address or information regarding Company-related social media accounts (including LinkedIn and other platforms).

Bellow are details of the context for which (“Legal Basis“) and why (“Purposes“) we collect, obtain and process Personal Data and describes the third party service providers with whom we may share Personal Data (“Recipients“).

Legal Basis

Performance of a Contract
It is necessary to process Personal Data in order to enter into and perform our contract. We therefore rely on this legal basis to collect and otherwise use Personal Data to enable us to perform our part of our contract and our obligations to our customers.

Legitimate Interests
It is necessary for the purposes of our legitimate business interest to process Personal Data as a business partner. We therefore rely on this legal basis to collect and otherwise use Personal Data. For e.g. as part of a contract.

Compliance with Legal Obligation
It is necessary for us to collect and process Personal Data in order to comply with the legal obligations imposed on us under applicable local law including in the field of employment, social security and social protection law.

Assessment of Work Capacity
It is necessary for us to collect and process Personal Data in order to assess work capacity.

To Defend a Legal Claim
It is necessary for us to collect and process your Personal Data to investigate, establish, exercise or defend legal claims.

Purposes” of collecting data

  • to process your submission, proposals or other documentation
  • to provide products and services to you
  • to ensure the smooth running of our relationship (including all of the activities that need to be undertaken before, during and after engagement).
  • To manage access control systems
  • to protect our property;
  • to assess performance
  • to prevent unauthorised use of our or customer information and/or equipment;
  • to facilitate the acquisition of some or all of the Company or the Company’s assets in the event such is contemplated;
  • To take and maintain photo identification of you/agents/staff for swipe card into and out of profile on the Company’s property and offices work system.
  • To use CCTV or similar equipment around the Company’s property and offices to ensure security of our employees and property;
  • To facilitate the organisation of business and social events;
  • to ensure compliance with our business, tax, social protection, employment and equality obligations.
  • to investigate, establish, exercise or defend a legal claim;
  • to assist the courts in acting in their judicial capacity.

 

Recipients” – With whom we may share your data

Our every business engagement starts and is governed by our Non Disclosure Agreement which prevents us from sharing your personal information without your consent.

During the course of business dealing we may share your data with the following parties:

  • Financial institutions
  • Network providers
  • Training providers
  • Our third party service providers
  • Prospective sellers or buyers of business assets
  • Regulatory authorities
  • Law Enforcement Agencies
  • Public Bodies
  • Insurance providers
  • Medical professionals
  • Occupational health specialists
  • Health and Safety Authorities
  • Legal advisers

On some occasions we may be required to comply with a lawful requests made by law enforcement agencies such as Police, Courts and other regulatory bodies. In such case our policy is to notify data subject prior disclosure unless such notification would be explicitly forbidden by law.

How we protect your data

We care about protecting of information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. These include technical and operational measures to prevent, detect and deal with a suspected data breach.

We are committed to taking reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures for e.g. company have implemented Information Security Management System based on ISO27001:2013.

How we transfer your data

It is necessary sometimes for DMZ IT to share Personal Data with carefully selected third parties, as outlined above.

DMZ IT do not transfer your Personal Data outside the European Economic Area (“EEA“) at the moment. However, if such transfers would be necessary to occur, it is our policy that: a) they do not occur without our prior written authority; and b) that an appropriate transfer agreement or other approved transfer mechanism is put in place to protect your Personal Data.

Where we transfer data to our third party service providers we do so on the basis of the Model Contractual Clauses which are a form of data processing contract approved by the European Commission.  You can find a copy of these clauses here. If you would like to find out more about any such transfers, please contact us using any of the above methods.

Data Retention

Except for the purposes of complying with our legal obligations or for operational reasons, DMZ IT will not retain your Personal Data for longer than is necessary. Any Personal Data that we consider to be no longer needed shall be deleted securely.

To determine the appropriate retention period, we act under our clients’ instructions as a Data Processor. Where we are the Data Controller, we consider the potential risk of harm from unauthorised processing or disclosure of the personal data. We also consider the purposes for which it was collected and whether we can achieve the same goal through other means.

If you want to learn more about our specific retention periods for your personal data established in our retention policy, you may contact us at info@dmzit.com or using our contact page.

Upon expiry of the applicable retention period we will securely return it to data subject if requested, however, normally we destroy your personal data in accordance with applicable laws and regulations – in such case destruction will ensure that data is put beyond recovery.

Your rights

You can exercise those rights by submitting your request to:

DMZ IT
The Chase, 1st floor,
Carmanhall Rd,
Sandyford Business Park,
Sandyford, Dublin, D18 Y3X2

Ireland

You can reach us at phone: +353 1  536 3237, e-mail: info@dmzit.com or via our contact page.

  • You have the right to request a copy of the Personal Data held by us about you and to access the following information in relation to the processing of your Personal Data:
    • the purposes of processing;
    • the categories of Personal Data concerned;
    • the recipients of your Personal Data;
    • the period for which your Personal Data will be stored;
    • the existence of your right to lodge a complaint with the Data Protection Commission or equivalent body; and
    • the source of your Personal Data;
  • Where you exercise your right of access, we may request proof of identity to ensure we are dealing with the correct person.
  • We will only charge you for making such an access request where we feel your request is unjustified or excessive
  • Youhavethe right to request that we amend any inaccurate Personal Datathat we have about you.
  • You have the right to ask us to erase your Personal Data where:
    • it is no longer necessary to perform the contract;
    • you withdraw your consent and there is no other legal basis permitting us to process your Personal Data;
    • you object and we have no overriding legitimate grounds;
    • your Personal Data have been unlawfully processed; or
    • it must be erased to comply with a legal obligation.
  • Please note that erasure may not be complete or immediate to the extent that some of your Personal Data is necessary for the performance of your contract of employment with the Company or in order to comply with other legal requirements e.g. tax compliance
  • You havethe right to ask us to restrict processing your Personal Datain the following situations:
    • where you contest the accuracy of your Personal Data;
    • where the processing is unlawful and you do not want us to delete your Personal Data;
    • where we no longer need your Personal Datafor the purposes of processing but you require the data in relation to a legal claim; or
    • where you have objected to us processing your Personal Data pending verification as to whether or not our legitimate interests override your interests or in connection with legal proceedings.
  • When you exercise this right we may only store your Personal Data.and may not further process the data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest.
  • You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible. This right only arises where:
    • we process your Personal Data with your consent or where it is necessary to perform our contract with you; and
    • the processing is carried out by automated means (in other words it does not apply to manual files).
  • You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.
  • You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • We may not be able to comply with this request where the processing is necessary to enter or perform our contract with you or when the processing is authorised under a law to which we are subject. However, you are entitled to have a person from our teamto review the decision so that you can query it and set out your point of view to us.
  • If you previously provided explicit consent in this regard, you have the right at any stage to withdraw your consent to any future decision-making based solely on automated processing by contacting us using means stated in this policy

Changes to this policy

We will make changes to this statement from time to time, particularly when we change how we use your information, and change our technology, services and products. You can always find an up-to-date version of this notice on our website at www.dmzit.com.

Our approach to cyber security

As a cyber security service provider, we understand the risks associated with the processing of data.

Approach – We endeavour to use appropriate technical and physical security measures to protect your personal data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access. Our service providers are also selected carefully and required to use appropriate protective measures. When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

Limitations – As effective as modern security practices are, no physical or electronic security system is entirely secure. No data transmission over the Internet can be guaranteed to be 100% secure or confidential. Although we will do our best to protect your data, we cannot guarantee the security or confidentiality of your data transmitted to our site. Any transmission of data is at your own risk. Once we receive your data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available. In the unlikely event that there is an interception or unauthorised access to your personal data, we will not be liable or responsible for any resulting misuse of your personal information.

Safeguards – DMZ IT uses a variety of safeguards, personnel and processes that form defence in depth controls to protect your data. DMZ IT continuously evaluates our security posture to further enhance the security and confidentiality of your data. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Terms and definitions – all other terms and definitions described in this policy are understood as described article 4 of GDPR which is accessible here.