SIRO DAC PRIVACY STATEMENT

1. Introduction and Scope

At SIRO we know that your privacy is important to you. This privacy statement describes the types of information we collect and use, who that information relates to, how and why we use such information, who we share it with and your legal rights. When we talk about information in this Notice, we mean any information relating to you, either directly or indirectly. The purpose of this Privacy Statement is to inform you why and how SIRO DAC (referred to in this privacy statement as “SIRO”, “we”, “our” or “us”) handles personal information in connection with your use of our website or our provision of products, services or related offerings.

2. Who is responsible for your information?

SIRO is responsible for your information and is the data controller for the purposes of this Notice. SIRO is located at the Herbert Building, The Park, Carrickmines, Dublin 18. If you want to get in touch and seek to exercise your rights described below, please contact us at info@siro.ie.

3. Who does this Privacy Statement apply to?

This Privacy Statement applies to you if you are one of the following types of persons:

(a) Visitor/user of our website – Individuals that are visitors to or users of our website (www.siro.ie).

(b) Operator Business Contacts – Individuals who are employed or otherwise engaged by operators who interact with us in the course of our business.

(c) Other Relevant Individuals – Individuals who do not belong to the above categories but who interact with us in connection with the services provided by us. Depending on the circumstances, such individuals can include, without limitation, the following:

(i) individuals who work for other entities that interact with us in connection with the services we provide to operators;

(ii) individuals who work for entities that provide goods and services to us; and

(iii) individuals with whom we have no business relationship.

Nothing in this Privacy Statement creates any new relationship between you and us or alters any existing relationship between you and us. Nothing in this Privacy Statement affects any right you have under any applicable law, including Regulation (EU) 2016/679 (the General Data Protection Regulation, or “GDPR”) and any other data protection law (including Ireland’s Data Protection Act 2018) that applies to you.

This Privacy Statement will be reviewed from time to time to take into account changes in the law and the experience of the Privacy Statement in practice.

4. What sort of personal data about me does SIRO process?

The types of personal data which we process will vary significantly depending on various factors including the nature of your relationship with us and the nature of the services we are asked to perform.

The personal information we obtain can be grouped into the following categories:

(a) Information about your device and about your visits to and use of the website including IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;

(b) Information provided when you subscribe to our website services and ezine, or that you may send us via our website, email address, contact centre or our business premises, for example when you make an enquiry;

(c) For business contacts who work with one of our operators, we hold basic contact details such as name, email address and eircode query when a search is carried out;

(e) For homeowners, we hold information that you may provide to our build contractor(s), for example, when they attend a premises to carry out build façade works.

We may also obtain some information relating to you from trusted third
parties such as our operators and our build providers. We carry out due diligence and have contracts in place with such third parties to ensure they have obtained your information lawfully and can pass it on to us to use.

We will collect your personal data only where we are legally permitted to do so, and so to the extent it is appropriate and necessary for one or more of the purposes described below in this Privacy Statement.

5. Why does SIRO collect my personal data?

We handle your personal data to manage our relationship with you appropriately, effectively and lawfully. At the same time, it enables us to run our business. The personal data will be used for one or more of the following purposes:

(a) Service Delivery – To facilitate the provision of our services.

(b) Service Development -To improve our existing services and identify and develop new services.

(c) Service Marketing -To promote the services we offer and related services offered by us.

(d) Business Administration -To facilitate the effective management and administration of our organisation, including in relation to matters such as business planning, budgeting and forecasting, as well as enforcement of our terms of engagement with relevant parties.

(e) Legal and Regulatory Compliance -To ensure our compliance with all relevant legal and regulatory requirements that our organisation may be subject to.

6. Use of personal Data

We may disclose personal data about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this Privacy Statement.

We may also disclose your personal data:

(a) To authorised third parties that provide essential support to our network, such as (where relevant) our build contractors, our site service providers, our operators, our network integrators, our approved third party internet service providers (“trusted partners”);

(b) To the extent that we are required to do so by law, including by regulators, courts or law enforcement agencies or in connection with any legal proceedings or prospective legal proceedings in order to establish, exercise or defend our legal rights;

(c) For the purposes of fraud prevention; and

(d) To the purchaser (or prospective purchaser) of an asset that we are (or are contemplating) selling.

7. What are the legal justifications for processing your personal data?

When handling your personal data, we rely on the following legal justifications for doing so (in accordance with GDPR Article 6):

Processing purpose	Legal justification for processing
Operation of our website(s): operation and management of our website; providing content to you; displaying advertising and other information to you; and communicating and interacting with you via our website.	The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Operator, vendor and business partner on-boarding: on-boarding new operators, vendors and business partners; and compliance with our internal compliance requirements, policies and procedures.	The processing is necessary for compliance with a legal obligation; orThe processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; orWe have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); orWe have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Provision  of  products  and  services  to you: administering relationships and related services; performance of tasks necessary for the provision of the requested services; communicating with you in relation to those services.	The processing is necessary for compliance with a legal obligation; orThe processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Marketing: communicating with you via any means (including via email,or social media, post or in person) subject to ensuring that such communications are provided to you in compliance with applicable law; and maintaining and updating your contact information where appropriate.	We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
IT operations: management of our communications systems; operation of IT security; and IT security audits.	The processing is necessary for compliance with a legal obligation; or The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms).
Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations.	The processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); or The processing is necessary to protect the vital interests of any individual.
Financial management: sales; finance; corporate audit; and vendor management	The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by  your interests or fundamental rights and freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Research: conducting market or customer satisfaction research; and engaging with you for the purposes of obtaining your views on our products and services.	We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Security: physical security of our premises (including records of visits to our premises and CCTV recordings); and electronic security (including login records and access details, where you access our electronic systems).	The processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms).
Improving our products and services: identifying issues with existing products and services; planning improvements to existing products and services; and creating new products and services.	The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the processing for the purpose of on- boarding new operators (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Risk Management: Audit,  compliance, controls and other risk management.	The processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the processing.
Legal compliance: compliance with our legal and regulatory obligations under applicable law.	The processing is necessary for compliance with a legal obligation.
Legal proceedings: establishing, exercising and defending legal rights.	The processing is necessary for compliance with a legal obligation.

8. Visiting our premises in person

Upon signing in when visiting our premises, we will process your personal data for the purpose of site security and fire safety. The legal basis for this processing is that it is necessary for compliance with health and safety.

We will store personal data relating to your visit for 12 months, or longer if required in relation to a legal claim. We will share your personal data with other third parties only to the extent that the disclosure is reasonably necessary for the purposes of investigating incidents occurring on our premises.

9.  Marketing emails and the SIRO Ezine

As a wholesale fibre network provider, we may periodically send updates on our build programme which you may find interesting and relevant, using the contact details which you have provided when subscribing to the SIRO ezine.

In practice, you will usually either expressly agree in advance to our use
of your personal data for marketing purposes, or we will provide you with an opportunity to opt- out of the use of your personal data for marketing purposes.

Please follow the “Unsubscribe” or opt-out process in any of our communications or email info@siro.ie  at any time with “Unsubscribe” in the subject line if you do not wish to receive such information.

10. Retaining your personal data

We will retain your personal data for as long as we are obliged under relevant legislation. We securely erase it once no longer needed.

11. Security of your personal data

We are committed to ensuring that your personal data is secure. We have put in place appropriate technical and organisational measures to safeguard and secure your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

You are responsible for keeping your password and user details for any restricted areas of our websites (such as the operator portal) confidential and for implementing your own security measures to protect your information, network and devices. We will not ask you for your password (except when you log in to the website).

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted us and any such transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that the Website may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal data arising from such risks.

12. How we use cookies

We use cookies in a number of ways on our website, which include improving user experience of our website or online services and remembering information about your preferences. You have choices about how you want cookies to be used. For further information about how we use cookies and how to update your preferences, see our Cookies Policy.

13. What rights do I have in respect of my personal data?

Under the GDPR, you have certain legal rights in respect of your personal data handled by us. These include the following:

The Right to be Informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this privacy statement.

The Right of Access – You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Statement).This is so you are aware and can check that we are using your information in accordance with data protection law.

The Right to Rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.

The Right to Erasure – This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

The Right to Restrict Processing – You have rights to “block” or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

The Right to Data Portability – You have rights to obtain and reuse your personal data for your own purposes across different services. E.g., if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between one provider’s IT systems and another’s safely and securely, without affecting its usability. However, we consider this right would only have very limited application in respect of the type of data that we would typically hold.

The Right to Object – You have the right to object to certain types of processing that is based on legitimate interests. Where you object, we may continue to process your information where we can show compelling legitimate grounds for the processing, which override your rights and interests or where we need to use your information to bring or defend legal claims. However, if you object to direct marketing, we will stop this as soon as possible (although there may sometimes be a short delay while your request is processed).

The rights you have in respect of your personal data are not absolute and are subject to a range of legal conditions and exceptions. If and to the extent a relevant legal condition or exemption applies, we reserve the right not to accede to your request. Additionally, while the rights you have can normally be exercised free of charge, the law allows us to chare you in certain limited circumstances. In such case, we reserve the right to charge you a fee for processing your request.

14. Who can I contact about by Personal Data?

If you would like to exercise any of the rights you have in respect of your personal data or if you have any question or concern regarding the way in which we handle your personal data, please contact our data protection officer in the first instance. If you have a complaint regarding the way in which we handle your personal data, please also contact our data protection officer in the first instance. Our data protection officer details are as follows:

Attention: Data Protection Officer / General Counsel

Email: info@siro.ie

Address: The Herbert Building, The Park, Carrickmines, Dublin 18

We will endeavour to respond satisfactorily to any request, query or complaint you may have in respect of your personal data, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the data protection authority of Ireland:

Data Protection Commission

Address: 21 Fitzwilliam Square South, Dublin 2, Ireland D02 RD28

Website: www.dataprotection.ie

15. Version Control

This Privacy Statement was last revised on 17 May 2023. We may revise this Privacy Statement from time to time to reflect changes in law or changes in how we run our business, but where such revision becomes necessary in the future, we will bring them to your attention to the extent it is practicable to do so.