Insolvency practitioner privacy statement – Tom O’Brien
Insolvency practitioner privacy statement
As an insolvency practitioner, I am dedicated to protecting the confidentiality and privacy of information entrusted to me and I comply with the data protection and information privacy laws of Ireland and the European Union and includes any legislation in force from time to time which implements Directive 95/46/EC or Directive 2002/58/EC of the European Community, the Data Protection Acts 1988 to 2018 (as amended from time to time), and any replacement regulation including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR (collectively referred to as “Data Protection Laws”).
In my personal capacity as an insolvency practitioner, I am a data controller in accordance with applicable data protection law. As a consequence, therefore, I have the authority to determine the purpose and means of the processing of personal data during the course of my appointment as a receiver, examiner, or liquidator in accordance with all applicable laws and legislation. Where Mazars processes personal data in the course of an appointment, it does so as a joint controller.
I am committed to the appropriate protection and use of personal identifiable information (referred to as personal data) that is collected during the course of my work.
Please review this privacy statement to learn more about how I collect, use, share and protect the personal data that I have obtained.
1. How I collect information
During the course of my work, I may obtain information about you, for example:
- where you or your employer engages me to provide insolvency services and also during the provision of those services;
- from the company or sole trader books and records which I collect in order to comply with statutory and regulatory obligations, such as the adjudication on claims, the collection of book debts, or the investigation of possible offences;
- where you have been identified by the company in an insolvency process as a potential stakeholder in insolvency proceedings;
- when you contact me or my team by email, telephone or post for example when you have a query, or providing details of any claim or any information that you may have in relation to an insolvency engagement;
- from third parties and/or publicly available resources, such as your employer, and the Companies Registration Office in Ireland;
- where I am appointed as a receiver over your assets; or
- where you have appointed me as your personal insolvency practitioner.
2. The type of information I collect
The information that I may process includes:
- your name, gender, age and date of birth;
- your contact information, such as, your postal address, e-mail address, phone number and mobile number;
- country of residence;
- family circumstances, including marital status and dependants;
- employment and education details;
- personnel files if you are or were an employee of the company in insolvency;
- your personal public service number in Ireland or national insurance number in the UK, passport number, driver’s licence;
- financial and tax-related information, such as bank account, credit and investment information, loan facilities and tax residency;
- your IP address, your browser type and language, your access times where you access the Mazars website; and
- complaint details, where you make a complaint to me or lodge a complaint with the Data Protection Commission.
The information I collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:
- health, where I collect employment details relating to health of employee of insolvent company, and
- sexual orientation, where you provide me with details of your spouse or partner.
If you fail to provide certain information when requested, such as your contact details, or confirmation of the amount of your claim, it may impact on your right to participate in a dividend distribution.
If you provide me with personal data relating to other people, such as your spouse, dependants, joint account holder or beneficiary, you must first: (a) inform the person about the content of this privacy statement; and (b) obtain any legally required consent from that person to the sharing of their personal data in this manner.
3. Situations in which I will use your Information
I use your personal data to provide insolvency services and for other activities that form part of the operation of the insolvency services. By way of example, the situations in which I may process your personal data are listed below.
- I may process your personal data in the performance of my legal and regulatory obligations under insolvency legislation and companies legislation. In the course of this work, it may be necessary to contact you to request information for one of the following purposes:
- to assist my enquiries and investigations;
- to submit details of you claim to enable you to take part in a dividend distribution or to vote in a decision procedure;
- to prepare statutory documents;
- to adjudicate claims for dividend purposes;
- to progress creditor claims for retention of title;
- to collect rents when carrying out duties as a fixed asset receiver; and
- to liaise with tax authorities.
- I may also process your personal data;
- for administrative, financial accounting, invoicing and risk analysis purposes;
- in compliance with applicable legal, regulatory or professional obligations; and
- to protect our rights and those of entities under an insolvency process.
4. Legal bases for processing of your information
I rely on one or more of the following lawful grounds for processing your information in the course of providing insolvency services and related activities:
- the processing is necessary for compliance with a legal obligation I have under insolvency legislation or companies legislation or other legal obligations, for example, record retention for tax purposes or providing information to a public body or law enforcement agency; or
- the processing is necessary for the purposes of a legitimate interest pursued by me.
In limited circumstances, it may be necessary to process special categories of your personal data, for one of the purposes outlined in section 4, and I will do so on the following bases:
- you have given your consent;
- I am required to do so to comply with one or more legal obligations, such as anti-money laundering obligations;
- I am required to do so to carry out obligations under employment, social security or social protection law;
- it is necessary for the establishment, exercise or defence of legal claims;
- you have made the data manifestly public.
While you have the right to withdraw your consent to processing or object to processing, it may still be lawful to continue processing.
5. Sharing your information
I may share your information with third parties where I have legal grounds to do so or where I have a legitimate interest in doing so. I may share information about you with the following recipients, or categories of recipients:
- members of the Mazars Network;
- individuals, such as your spouse or civil partner, or entities, where you have requested me to share your information;
- competent authorities, such as courts, in compliance with legal or regulatory obligations or requests;
- charge holders;
- service providers handling your information on my behalf;
- third parties, where necessary, in the course of the sale of property or a trading business;
- third parties to whom I disclose information in the course of providing insolvency services for one or more of the purposes outlined in section 3 above.
Where the above recipients of your personal data are based in countries or regions without data protection rules similar to those in effect in the European Economic Region (EEA), adequate safeguards will be put in place to protect your information. Such safeguards may include data transfer agreements based on model clauses approved by the European Commission for transfers of data to such countries.
6. Data security, storage and retention
I have put in place appropriate technical and organisational security policies and procedures to protect your personal data from loss, misuse, alteration or destruction.
Additionally, I aim to ensure that access to your personal data is limited to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Your information is protected by strict security procedures and security features which work to prevent unauthorised access. All reasonable efforts are used to retain information collected from you only for so long as such information is needed in accordance with the purposes for which it was collected or until I am requested to delete it (if earlier).
7. Access to collected information
You have the right to request a copy of personal data that I keep about you, and to have any inaccurate information about you corrected. If you wish to make such a request or you are concerned that any of the information we possess about you is incorrect, please contact firstname.lastname@example.org
8. Right of complaint
You have the right to lodge a complaint with the Data Protection Commissioner, where you have concerns about my use of your information. Further details about this right are available at www.dataprotection.ie.
9. Changes to this policy
I keep this privacy statement under regular review and may modify or amend it from time to time at my discretion. If I make changes, I will record the date of the amendments or modification in the privacy statement. The revised privacy statement will apply to you and your information from that date. I would encourage you to review this privacy statement periodically to check if there are any changes in how your personal data is being treated. This privacy statement was last updated in November 2020.