Prompt Payment Code - Data Protection Statement
Your privacy is important to us, and we are fully committed to keeping your personal information safe. This data protection statement is intended to provide you with information about the personal information we collect about you and how that information is used and shared. It also sets out your privacy rights. Please take a moment to familiarise yourself with our privacy practices so that you are fully aware of how and why we are using your personal data.
1. Data Controller
The Minister for Enterprise, Trade and Employment (the “Department”) is the Data Controller for the Prompt Payment Code.
This means that we have certain responsibilities when we process or “use” your Personal Data. Part of these responsibilities include that we provide you with information about your personal data. This information is set out in this Data Protection Statement.
2. Our Data Protection Officer
We have appointed a Data Protection Officer, Ms. Celyna Coughlan for you to contact if you have any questions regarding this data protection statement, our privacy practices or if you wish to exercise your data rights. Our Data Protection Officer can be reached by e-mail at: dataprotection@enterprise.gov.ie. We value your opinions. Should you have any questions or comments related to this data protection statement, please contact us at: dataprotection@enterprise.gov.ie.
3. What is the Prompt Payment Code?
The Prompt Payment Code is an initiative developed by business for business, with the aim of improving cashflow between business and moving towards a culture of providing “payment certainty”.
The Code is supported by the Department and by our partners, the Irish Small and Medium Enterprises Association (ISME), the Small Firms Association (SFA), the Irish Business and Employers Confederation (IBEC), Chambers Ireland and The Banking & Payments Federation Ireland (BPFI).
A signatory to the Prompt Payments Code pledges to:
Pay suppliers on time
- Within the terms agreed at the outset of the contract, or 30 days, in accordance with legislation.
- Without attempting to change payment terms retrospectively.
- Without changing practice on length of payment for smaller companies on unreasonable grounds.
Give clear guidance to suppliers
- Provide suppliers with clear and easily accessible guidance on payment procedures.
- Advise them promptly if there is any reason why an invoice will not be paid to the agreed terms.
- Ensure there is a system for dealing with complaints and disputes which is communicated to suppliers.
A signatory to the Prompt Payments Code agrees to encourage good practice by requesting that lead suppliers encourage adoption of the Code throughout their own supply chains.
4. Information we may receive in relation to the Prompt Payment Code
In the context of the Prompt Payment Code, the Department of Enterprise, Trade and Employment will receive information that has been provided by you when you complete the Application Form. This personal data will include information such as your name, contact details, and e-mail address.
The reason we require this information is set out in Paragraph 5 below.
5. Why are we using your personal data?
We will use your personal data in order to communicate with you in relation to the application made by your organisation to become a signatory to the Prompt Payments Code. The data you provide will also be used to communicate with you regarding any clarification we may require in respect of the information you have provided to us in the application form or to inform your organisation about any future developments or updates in respect of the Code. The Department of Enterprise, Trade and Employment needs to process your personal data as set out in Paragraph 4 above. It is for this purpose that the Department of Enterprise, Trade and Employment will process or “use” your personal data.
6. What is our legal basis for using your personal data?
We are required by data protection law to indicate to you the legal basis which relates to our use of your personal data. This is:
- Article 6(1)(a) GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
You should be made aware however that if you do not provide your consent, we will be unable to process your application to become a signatory to the Prompt Payment Code.
It is important to note that you can withdraw your consent at any time by e-mailing us at: promptpayment@enterprise.gov.ie
This will lead to the suspension of your organisation as a signatory to the Prompt Payments Code.
7. Who has access to the data?
Staff in the Department of Enterprise, Trade and Employment with responsibility for processing applications to become a signatory to the Prompt Payment Code.
The processing of personal information will be undertaken by a limited number of staff in the Department of Enterprise, Trade and Employment for the purposes of processing applications to become a signatory to the Prompt Payments Code and for all necessary follow-up and communication with you in this context.
Your personal data may also be shared by us with third parties to meet our legal obligations, applicable regulation, or other lawful requests.
8. Data storage and retention
The Department of Enterprise, Trade and Employment stores your personal data securely and will not retain or use your personal information for any longer than is necessary.
The personal information provided by you will be retained securely by the Department of Enterprise, Trade and Employment for a period of seven years or until:
- we receive written confirmation from you that you no longer represent your organisation in its capacity as a signatory to the Prompt Payments Code; or
- you inform us that your organisation no longer wants to be a signatory to the Prompt Payments Code.
All personal data will be securely destructed in line with our records management processes.
9. International transfers
We do not transfer your personal data outside the European Economic Area (EEA).
10. Your data rights
You have certain rights under data-protection law in relation to how we use your personal information. You have the right, free of charge, to:
- Request a copy of the personal information we hold about you. You can do this by completing a Subject Access Request (SAR) form. A copy of the form is available here.
- *Rectify any inaccurate personal information we hold about you. If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information.
- Restrict processing of your personal information in certain limited circumstances (e.g., if you have contested the accuracy of your personal data, for a period enabling us to verify accuracy).
- Not be subject to a decision which is based solely on automated processing where that decision produces a legal effect on you or otherwise significantly affects you. We do not make automated decisions of this nature.
We may take measures to verify your identity. We will do this by reference to copies of acceptable identification documentation supplied by you.
11. Making a complaint
In the first instance, we would ask you to contact us directly if you have concerns about how we process your personal data. You can do this by e-mailing us at: dataprotection@enterprise.gov.ie.
You can also Make a Complaint with the Data Protection Commission (DPC) if you have concerns about how we process your personal data.
12. Changes to this data protection statement
We may update this data protection statement from time to time. If we make changes, we will notify you prior to the changes taking effect by posting a statement on our website.
June 2022