Exertis Ireland data protection and privacy

Exertis Ireland Ltd are committed to doing business with integrity which includes taking good care of the personal information, of our employees, customers and other people, that we use as part of doing business.

The processing of personal information is integral to many of our operations. It ensures that we can meet the expectations of our customers and improve our service to them. Personal information is also essential in how we look after our employees. The people whose information we use trust us to safeguard that information.


The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018.

All defined terms in this GDPR Statement shall have the meaning ascribed to them under the GDPR.

Exertis will in some instances act as a data processor and on some occasions act as a data controller and/or joint data controller. To ensure that there is consistency with regard to the statements it makes in relation to GDPR and to reinforce that Exertis takes its obligations under the legislation very seriously Exertis advises that:

A. When Exertis is acting as a data processor, Exertis will:

  1. not process personal data except on instructions from the data controller; and
  2. agree a data processing agreement with the relevant data controller;
  3. use reasonable endeavours to assist any controller, whose personal data it is processing, in fulfilling its obligations to respond to requests from data subjects;
  4. implement and maintain an information security programme;
  5. ensure that people authorised to process personal data are subject to a duty of confidentiality;
  6. co-operate with Supervisory Authorities;
  7. inform the controller without undue delay after becoming aware of any personal data breach.
  8. not sub contract processing activities without prior written authorisation from the relevant controller; and
  9. put in place adequate processes to ensure that personal data is adequately protected if transferred outside the EU.

B. When Exertis is acting as a data controller, Exertis will:

  1. process personal data in accordance with the principles and grounds for processing set out in the legislation;
  2. provide the necessary information to data subjects when it collects personal data;
  3. put in place processes and procedures to allow data subjects to exercise their data subject rights;
  4. put in place suitable measures to safeguard data subject?s rights where automated decision making is necessary;
  5. embrace the concepts of privacy by design and default;
  6. agree a data processor agreement with any processors;
  7. co-operate with Supervisory Authorities;
  8. implement and maintain an information security programme;
  9. make all notifications required under the legislation upon becoming aware of any personal data breach which requires notification;
  10. where required will carry out Data Protection Impact Assessments;
  11. put in place adequate processes to ensure that personal data is adequately protected if transferred outside the EU.


Our Data Protection Policy can be found here


Our Privacy Statement can be found here. However, you may also receive a more detailed and specific privacy notice from us when you interact with our business for particular purposes, for example setting up a customer account.


If you would like to contact the Director responsible for data protection at Exertis Ireland, please send an email to [email protected].


A Subject Access Request can be initiated by filling out the following form. In line with GDPR, your request will be dealt with within 30 days. Please use the same form to request changes to the information we hold about you.