At Sweete Privacy and Data Protection rights are very important to us. Sweete is registered under the Data Protection Act 1998 – 2018 as a data processor and all personal data will be maintained in accordance with the obligations of that Act.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 – 2018 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request and confer on individuals the right to have their personal data amended if found to be incorrect.
This document outlines Sweete’s policy to help ensure that we comply with the Data Protection Acts.
Inquiries about this Data Protection Policy should be made to Data Protection Officer, 3 Harmony Court, Harmony Row, Dublin 2.
This policy is a statement of Sweete’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts and Regulations.
We collect information you provide directly to us, such as when you claim a reward, contact customer support or otherwise interact with us. This information can include Name, Address, Home Phone, Mobile Number, E-mail and other information including customer preferences that will help in the personalisation of the service to the individual.
Data Protection Principles
The following key principles are enshrined in the Irish legislation and are fundamental to the Sweete’s Data Protection policy. In its capacity as Data Processor, Sweete ensures that all data shall:
- ..be obtained and processed fairly and lawfully.
For data to be obtained fairly, the data subject will, at the time the data are being collected, be made aware of:
- The purpose(s) for which the data is being collected
- Any other information that is necessary so that the processing may be fair.
Sweete will meet this obligation in the following way
- Where possible, the informed consent of the Data Subject will be sought before their data is processed;
- Where it is not possible to seek consent, Sweete will ensure that collection of the data is justified under one of the other lawful processing conditions
– legal obligation, contractual necessity, etc.;
- Processing of the personal data will be carried out only as part of Sweete’s lawful activities, and Sweete will safeguard the rights and freedoms of the Data Subject;
- The Data Subject’s data will not be disclosed to a third party other than to a party contracted to Sweete and operating on its behalf.
- ..be obtained only for one or more specified, legitimate purposes.
Sweete will obtain data for purposes which are specific, lawful and clearly stated. A Data Subject will have the right to question the purpose(s) for which Sweete holds their data, and Sweete will be able to clearly state that purpose or purposes.
- .not be further processed in a manner incompatible with the specified purpose(s).
Any use of the data by Sweete will be compatible with the purposes for which the data was acquired.
- .be kept safe and secure.
Sweete will employ high standards of security in order to protect the personal data under its care. Appropriate security measures will be taken to protect against unauthorised access to, or alteration, destruction or disclosure of any personal data held by Sweete in its capacity as Data Processor. Access to and management of staff and customer records is limited to those staff members who have appropriate authorisation and password access.
- .be kept accurate, complete and up-to-date where necessary. Sweete will:
- ensure that administrative and IT validation processes are in place to conduct regular assessments of data accuracy;
- conduct periodic reviews and audits to ensure that relevant data is kept accurate and up-to-date.
- .be adequate, relevant and not excessive in relation to the purpose(s) for which the data were collected and processed.
Sweete will ensure that the data it processes in relation to Data Subjects are relevant to the purposes for which those data are collected. Data which are not relevant to such processing will not be acquired or maintained.
- .not be kept for longer than is necessary to satisfy the specified purpose(s).
Sweete has implemented a data retention policy for all data which it stores.
- .be managed and stored in such a manner that, in the event a Data Subject submits a valid Subject Access Request seeking a copy of their Personal Data, this data can be readily retrieved and provided to them.
Sweete has implemented a Subject Access Request procedure by which to manage such requests in an efficient and timely manner, within the timelines stipulated in the legislation.
Overall responsibility for ensuring compliance with Data Protection Acts rests with Sweete. All employees and contractors of Sweete who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. Sweete’s Data Protection Officer coordinates the provision of support, assistance, advice, and training within Sweete to ensure that the company is in a position to comply with the legislation.
This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.