KDC - Visitor Management System

Purpose
This policy outlines the manner in which personal data of visitors to Keppel Data Centres Ireland (“the Company”) will be handled and processed as required by the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 (DPA2018).

What information we collect and process
In acting as a Data Controller, the Company needs to keep and process information about you for normal security access purposes. The information we hold, and process will be for management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively. If you do not provide this data, we may be unable in some circumstances to comply with our obligations in which case, we will have to inform you about the implications of that decision.

- Proof of Identity - All resources accessing the Data Centre must present valid government issued photo ID (Passport or Driver’s License, PSC) to the Keppel Data Centre Security team upon arrival. This applies to both Permanent and Visitor access. Access to the data centre without will be denied. No copies are taken or retained.
- The online Visitor Access Form requires the following personal data:
  - The name of the visitor and the company (name) they represent,
  - Visitor contact email address
  - Contact number
  - The purpose of the visit.
- Health & Safety online induction training – we will require you to complete an online health and safety induction when visiting our site and will process your name and email address for this purpose
- Surveillance - All Visitors are subject to CCTV surveillance while on the Premises. All data protection laws in relation to images will be complied with.

The legal grounds we use for processing personal data
The GDPR requires us to set out in this notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

Performance of a contract: the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
Compliance with a legal obligation: the processing is necessary for compliance with a legal obligation we have such as carrying out anti-money laundering due diligence, or
Legitimate Interest: the processing is necessary for the purposes of a legitimate interest pursued by us, which might be, to prevent fraud, to protect our business interests, to evaluate, develop or improve our services or products;

Data Sharing
The Keppel Data Centre Operations team will issue the access lists for client facilities to the clients on a monthly basis for confirmation of the validity of the list. All lists will be locked and password protected.

Protection of your personal data
We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include, education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a 'need to know' basis, technological security measures, including fire walls, encryption and anti-virus software; and physical security measures.

Data Retention
Subject to your rights, we will ordinarily process your personal data throughout the course of our relationship with you and will then retain it for a period after you cease to have a relationship with us. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. In determining the appropriate retention period for different types of personal data, the amount, nature, and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means are considered.

Your Rights
Under the (GDPR) and the (DPA 18) you have a number of rights with regard to your personal data. You have the right to request from us:

access to your personal data
rectification of your personal data where it is incorrect
erasure of your personal data in certain circumstances,
The right to restrict processing, object to processing as well as the right to data portability in certain circumstances.

If you have provided consent for the processing of your personal data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Data Protection Commission if you believe that we have not complied with the requirements of the GDPR or DPA2018 with regard to your personal data.

Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland: Phone:
+353 578 684 800
+353 761 104 800
: Email:
info@dataprotection.ie

Data Controller
The controller of data for the purposes of the GDPR and DPA 2018:

: You can write to us at the following address:
1) KDCR Ireland Limited: 1) KDCR Ireland Limited at 4033 Citywest Avenue, Citywest Business Park, Dublin 24
2) KDCR Ireland 2 Limited: 2) KDCR Ireland 2 Limited at Unit B10 IDA Business and Technology Park, Ballycoolin, Dublin 15; Alternatively, you can send an email to: data.protection.ie@keppeldc.com

If you wish to exercise any of your rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Back to Login