Codec would like to take this opportunity to advise you of our policies and your rights under GDPR in relation to your data and please do not hesitate to contact us if you have any queries.
We may use your personal information to update you on product updates, newsletters, invitations to events and information which may interest you. Where we do so, Codec-dss Limited is the data controller. Our contact details are as follows: Codec, Hyde House, 65 Adelaide Road, Dublin 2.
Where we use your information for this purpose we do so in our legitimate interest to connect with our customers and potential customers. You have the right to object to this at any time.
We may share your personal information with third party service provides that perform services and functions on our behalf such as our accountants, IT service providers, printers, and other business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administration services.
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
We may transfer your personal data outside of the European Economic Area. These countries do not always afford an equivalent level of privacy protection and in such circumstances we will take specific steps, in accordance with data protection law, to protect your personal information.
You have several rights under data protection law in relation to how we use your personal information. You have the right, free of charge, to:
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details set out above. We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will explain why.
You also have the right to lodge a complaint to the office of the Data Protection Commission.
You have a right to be given a copy of your Personal Data held by Codec or a member of the Codec Group of companies on request, subject to certain exceptions.
There is no particular form that you must use for your request. However, we recommend that you provide as much detail as possible in your correspondence with us so that we can deal with your query promptly and efficiently. You may find it helpful to complete the Access Request Form , however it is not mandatory to do so.
You may be asked to provide proof of identification and / or additional information in order to validate your identity when making such a request. Please note that we have the right to require that you identify yourself before we will respond to any access request.
If you make a request by email, the information requested will be provided to you in electronic form (where possible), unless you request otherwise. If you wish to receive the information in a particular format (eg, paper copy or electronic where possible) this should be stated in your request.
You can send your request to:
Once we have received your request and are satisfied as to your identity, address and / or email address (as relevant) we will respond to you within one month. This period may be extended in exceptional circumstances and we will inform you within one month where the extended period applies to you, along with an explanation of the reasons for the extension.
Our obligations in relation to access requests vary depending on whether we act as a controller or a processor in relation to your Personal Data.
Where we act as a controller in relation to your Personal Data, Codec will process your access request. Where Codec acts as a processor, we will pass your request to the controller who will process your request.
For information in relation to your other rights under applicable data protection laws see our Website Privacy Statement.
If you are not satisfied with the outcome of your access request you have the right to lodge a complaint to the Data Protection Commission at firstname.lastname@example.org.
The aim of this top-level Policy is to define the purpose, direction, principles and basic rules for information security management.
This Policy is applied to the entire Information Security Management System (ISMS), as defined in the ISMS Scope Document.
Users of this document are all employees of the company, as well as relevant external parties.
Confidentiality – characteristic of the information by which it is available only to authorized persons or systems.
Integrity – characteristic of the information by which it is changed only by authorized persons or systems in an allowed way.
Availability – characteristic of the information by which it can be accessed by authorized persons when it is needed.
Information security – preservation of confidentiality, integrity and availability of information.
Information Security Management System – part of overall management processes that takes care of planning, implementing, maintaining, reviewing, and improving the information security.
General objectives for the information security management system is to create a better market image and reduce the damage caused by potential incidents. We have defined a set of measurable service and security objectives aligned to our strategy and risks and these are documented within our Scope Document.
We will measure the fulfillment of all the objectives; the measurement will be performed at least once a year and will analyze and evaluate the measurement results and report them as input materials for the Management review.
This Policy and the entire ISMS is be compliant with legal and regulatory requirements relevant to the organization in the field of information security, as well as with contractual obligations.
A detailed list of all our interested parties and our compliance obligations to them has been documented within our Scope Document.
The process of selecting the controls is defined in the Risk Assessment Process.
The selected controls and their implementation status are listed in the Statement of Applicability.
Business continuity management is prescribed in the Business Continuity Management Policy.
Responsibilities for the ISMS are the following:
Information Security Officer must ensure that all employees of the company, as well as appropriate external parties are familiar with this Policy. External party communication is done through the NDA process.
Senior Management ensure that ISMS implementation and continual improvement will be supported with adequate resources in order to achieve all objectives set in this Policy, as well as satisfy all identified requirements.
This document is valid as of March 12th, 2019.