Purpose
This policy outlines the manner in which personal data of visitors to Keppel Data Centres Ireland (“the Company”) will be handled and processed as required by the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 (DPA2018).
What information we collect and process
In acting as a Data Controller, the Company needs to keep and process information about you for normal security access purposes. The information we hold, and process will be for management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively. If you do not provide this data, we may be unable in some circumstances to comply with our obligations in which case, we will have to inform you about the implications of that decision.
The legal grounds we use for processing personal data
The GDPR requires us to set out in this notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:
Data Sharing
The Keppel Data Centre Operations team will issue the access lists for client facilities to the clients on a monthly basis for confirmation of the validity of the list. All lists will be locked and password protected.
Protection of your personal data
We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include, education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a 'need to know' basis, technological security measures, including fire walls, encryption and anti-virus software; and physical security measures.
Data Retention
Subject to your rights, we will ordinarily process your personal data throughout the course of our relationship with you and will then retain it for a period after you cease to have a relationship with us. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. In determining the appropriate retention period for different types of personal data, the amount, nature, and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means are considered.
Your Rights
Under the (GDPR) and the (DPA 18) you have a number of rights with regard to your personal data. You have the right to request from us:
Data Controller
The controller of data for the purposes of the GDPR and DPA 2018: