DATA SHARING AGREEMENT

relating to the provision of recruitment services by

Connect Recruitment Resources Ltd

Connect Recruitment Resources Ltd is a provider of services in the field of recruitment; including but not limited to recruitment consultancy, introduction services, provision of labour hire, payroll services and advertising services.

1. INTERPRETATION

1.1 Defined Terms: In this Agreement:

“Data Protection Acts” means the Data Protection Acts 1988 and 2003 as amended, revised, modified or replaced from time to time;

“Data Protection Commissioner” or “DPC” means the data protection authority for the time being in the territory of Ireland;

“Data Protection Directive” means EU Data Protection Directive (95/46/EC of the European Parliament and of the Council of 24 October 1995) on the protection of individuals with regard to the processing of personal data and on the free movement of such data as amended, revised, modified or replaced from time to time;

“Data Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Data.

“Data Subject Access Request” or “DSAR” has the same meaning as the “Right of access” in Section 4 of the Data Protection Acts.

“General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing the Data Protection Directive;

“Shared Data” means the data, including Personal Data to be shared between the Parties under Clause 11 of the Agreement;

“The Recruiter” means Connect Recruitment Resources Ltd.

“Services” means the services provided by the Recruiter; including but not limited to recruitment consultancy, introduction services, provision of labour hire, payroll services and advertising services.

1.2 Construction: In this Agreement, unless the contrary intention is stated, a reference to:

(a) Data Controller, Data Processor, Data Subject, Personal Data, Sensitive Personal Data, Special Categories of Personal Data, processing and appropriate technical and organisational measures shall have the meanings given to them in the DPA, or, following the coming into force of the GDPR, in the GDPR;

1.3 Exercise of powers of control: Where any obligation in this Agreement is expressed to be undertaken or assumed by any party, that obligation is to be construed as requiring the party concerned to exercise all rights and powers of control over the affairs of any other person which it is able to exercise (whether directly or indirectly) in order to secure performance of that obligation by each such person as if that person were bound by that obligation.

11. DATA PROTECTION

11.1 Sharing of Personal Data: This Agreement sets out the framework for the sharing of data, including Personal Data and Sensitive Personal Data or Special Category of Personal Data, between the Parties as Data Controllers. It defines the principles and procedures that the Parties shall adhere to and the responsibilities the Parties owe to each other.

The Recruiter deems this data sharing initiative necessary as part of the provision of services by the recruiter. The aim of the data sharing initiative is to facilitate the provision to the Customer of information on Candidates by the Recruiter in order to enable the Customer to recruit employees as part of the Services.

11.2 Agreed Purposes: The Parties agree to only process Shared Data as described in Clause 11.6 for the following purposes (the “Agreed Purposes”):

(a) to allow the Customer to evaluate and recruit Candidates;

(b) to enable the Recruiter to provide the Services;

11.3 Further processing: The Parties shall not process Shared Data in a way that is incompatible with the purposes described in Clause 11.2.

11.4 General Compliance: Each Party shall ensure compliance with applicable data protection laws at all times during the Term.

11.5 Registration with DPC: If applicable, each Party shall ensure that it has a valid registration with the DPC which covers any data sharing pursuant to this Agreement.

11.6 Types of data: The following types of Personal Data relating to a candidate may be shared between the Parties during the Term of this agreement:

Next of kin (name, relationship and contact number)
Safe Pass Number/ Manual Handling Training / Construction ticket numbers
Reference contacts
Details of previous employment
Nationality (in case a word permit is required)
Contact Details; phone number and email address
PPS Number
Gender
Date of birth
Address
Full Name

1. Sensitive Personal Data and Special Categories of Personal Data: Sensitive Personal Data and Special Categories of Personal Data may be shared between the Parties, if necessary for provision of services

1. No irrelevant or excessive data: The Shared Data must not be irrelevant or excessive with regard to the purposes described in Clause 11.2.

1. Fair and lawful Processing: During the Term each Party shall ensure that it processes the Shared Data fairly and lawfully in accordance with Clause 11.10.

1. Grounds for Processing: Each Party shall ensure that it processes Shared Data on the basis of one or more of the following legal grounds:

1. 1. Data Subject has freely given his or her explicit, specific, unambiguous consent;

1. 1. processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract;

1. 1. processing is necessary for compliance with a legal obligation to which the Parties are subject, other than an obligation imposed by contract;

1. 1. processing is necessary in order to protect the vital interests of the Data Subject;

1. 1. processing is necessary for the purposes of the legitimate interests pursued by the Parties except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the Data Subject.

1. Retention Periods: The Parties shall retain or process Shared Data for the longest of the following retention periods that applies:

1. 1. the period that is necessary to carry out the Agreed Purposes; or

1. 1. any period prescribed by applicable law or by best industry practice.

1. Return/Deletion of Data: The Data Recipient shall ensure that any Shared Data are returned to the Data Discloser or destroyed securely in the following circumstances:

1. 1. on termination of the Agreement;

1. 1. on expiry of the Term of the Agreement;

1. 1. once processing of the Shared Data is no longer necessary for the purposes they were originally shared for, as set out in Clause 11.10;

1. Security and Training: Both Parties shall use appropriate safeguards to protect the Shared Data from misuse and unauthorised access or disclosure, including

1. 1. maintaining adequate physical controls and password protections for any server or system on which the Shared Data is stored;

1. 1. ensuring that data is not stored on any mobile device (for example, a laptop or smartphone) or transmitted electronically unless encrypted; and

1. 1. taking any other measures reasonably necessary to prevent any use or disclosure of the data other than as allowed under this agreement.

1. Data Security Breaches and Reporting Procedures. The Parties undertake to notify any potential or actual losses of the Shared Data to each other as soon as possible and, in any event, within two (2) calendar days of identification of any potential or actual loss to enable the Parties to consider what action is required in order to resolve the issue in accordance with the applicable data protection laws and guidance.

1. Mutual Assistance: The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security breach in an expeditious and compliant manner.

1. Obligation to Inform: In the event of a dispute or claim brought by a data subject or the Data Protection Commissioner concerning the processing of Shared Data against either or both Parties, the Parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

1. Obligation to Abide: Each Party shall abide by a decision of a competent court or of the Data Protection Commissioner which is final and against which no further appeal is possible.

1. Mutual Warranties: Each Party warrants and undertakes that it shall:

1. 1. process the Shared Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments that apply to its personal data processing operations;

1. 1. make available upon request to the Data Subjects who are third party beneficiaries a copy of this Agreement, unless the Clause contains confidential information;

1. 1. respond within a reasonable time and as far as reasonably possible to enquiries from the Data Protection Commissioner in relation to the Shared Data;

1. 1. respond to DSARs and all other requests from Data Subjects in accordance with applicable law;

1. 1. where applicable, maintain registration with all relevant Data Protection Commissioner to process all Shared Data for the Agreed Purpose; and

1. 1. take all appropriate steps to ensure compliance with the security measures set out in Clause 11.13.

Engaging the services provided by Connect Recruitment Resources Ltd is deemed as acceptance of the terms as set out in this Data Sharing Agreement.

Connect Recruitment Resources Ltd 18th May, 2018