Data Protection

1. Introduction

1.1 Purpose

For the purposes of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The purpose of our Data Protection Policy is to ensure that Async Technologies Ltd., TireCheck its’ subsidiaries and associates, (herein referred to as ‘we’ or ‘us’);

  • comply with data protection law and follow good practice.
  • protect the rights of customers, partners and staff.
  • store and process individuals’ data in a transparent manner.
  • protect from the risks of a data breach.

Our Data Protection Policy refers to our commitment to treat employee, customer and stakeholder personal information and that of other interested parties with the utmost care and confidentiality.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

The CEO Michael O’Dwyer has committed to formulating this policy document and ensuring that it is fully adhered to in accordance with GDPR 2016/679 and any other legal obligations.

1.2 General Data Protection Law

The General Data Protection Regulation 2016/679 describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. The General Data Protection Regulation is underpinned by eight important principles requiring that personal data:

  1. Be processed fairly and lawfully.
  2. Be obtained only for specific, lawful purposes.
  3. Be adequate, relevant and not excessive.
  4. Be accurate and kept up to date.
  5. Not be held for longer than necessary.
  6. Processed in accordance with the rights of data subjects.
  7. Be protected in appropriate ways.
  8. Not be transferred outside the EU, unless that country or territory also ensures adequate levels of protection.

1.3 General Data Protection Law

Our data protection policy sets out how personal data is stored and protected in both manual and automated form. This policy extends to the personal data of all employees of Async Technologies Ltd and TireCheck, together with personal data for any other stakeholder such as job candidates, customers, and suppliers.

This policy should be read in conjunction with the associated Subject Access Request procedure, the Data Retention and Destruction Policy, the Data Retention Periods List and the Data Loss Notification procedure.

Our Commitment under Data Protection Principles

Key principles detailed under GDPR, are set out in regulations and under these guidelines, in our capacity as Data Controllers, we are committed to ensuring that all data shall be compliant with the following rules:

Rule 1: Fair obtaining:
  • At the time when we collect information about individuals as employees, they are made aware of the uses for that information through our Induction Training and detailed in the company handbook.
  • Employees are made aware of any disclosures of their data to third parties such as pension providers or health insurers during their orientation phase.
  • We do not disclose employee personal data to any other third parties for any other purposes other than for the explicit purpose of providing the employee with a benefit from the company.
  • We always obtain employee and any individuals’ consent for any secondary uses of their personal data, which might not be obvious to them.
  • Our data-collection practices are open, transparent and up-front and in accordance with statutory and other legal obligations.
  • Potential customer data is obtained only when the person or persons in question explicitly contacts us through one of our website contact pages or a phone call. We do not collect user information in a non-transparent way on our websites.
  • Potential customer data is available to a closed group of individuals in the Async Technologies / TireCheck commercial team and shared only with additional team members with agreement of the individual.
  • Collected contact details for potential customers who have initiated contact with us is not shared with any third parties.
  • Potential supplier or existing supplier contact data is held by Async Technologies / TireCheck is held by TireCheck when an explicit agreement for the supply of goods or services has been accepted.

Rule 2: Purpose specification
  • We keep personal data only for purposes that are specific, lawful and clearly stated to the individual.
  • Our internal HR team are responsible for employee data.
  • The commercial team has responsibility for potential customer data.
  • All team members working with customers and retaining personal data for that customer has responsibility for the protection of that data.
  • The Finance team and the Systems Manager has responsibility for personal data retained on suppliers.

  • Rule 3: Use and disclosure of information
  • Under circumstances laid out by GDPR, we will disclose requested personal data to law enforcement agencies without the consent of the data subject.
  • The Financial Controller, Systems Manager and CEO will ensure the request is legitimate, seeking assistance from the Board and from the company’s legal advisers where necessary.

  • Rule 4: Security
  • Data privacy and security is critical at Async Technologies / TireCheck. We have number of storage security measures in place and these are detailed under our ISO document SO-01 - Information Security Policies and in our GDPR Privacy Policy.
  • Management teams review the above documents bi-annually.

  • Rule 5: Adequate, relevant and not excessive
  • We hold only adequate and relevant data which is applicable to our relationship with the data subject and legitimate for our business needs.

  • Rule 6: Accurate and up-to-date
  • Our data records are as accurate as provided and they are maintained and updated on confirmation from our data subjects.

  • Rule 7: Data Retention
  • Financial records are kept for 7 years in accordance with Irish Tax and Customs requirements.
  • Personal data of employees may form part of these records.
  • Physical records older than 3 years are retained off-site in a secure, alarmed space.
  • Records retained on-site are stored in locked containers accessible only by permitted team members.
  • Electronic records are retained in secure storage on Microsoft Azure shared spaces and are accessible only by permitted team members.
  • Additional information on the retention and management of data in our hosted systems is available in our Privacy Policy.

  • Rule 8: The Right of Access
  • All individuals who are the subject of personal data held by us are entitled to:
    • Ask what information the company holds about them and why.
    • Ask how to gain access to their data.
    • Be informed how to keep their data up to date.
    • Be informed how the company is meeting its data protection obligations.
    • Contact the company requesting this information (ie. make a Subject Access Request).
    • A response from the HR Lead, responsible for handling access requests from employees.
  • The management team including Content & Projects Manager and Systems Manager are responsible for handling access requests from all other data subjects via
  • If we hold any of your personal information and you would like a copy of that information or you wish us to correct any factual inaccuracies in that information, or that all personal information be deleted from our records, please contact our data team on
  • We will make all reasonable efforts to supply, correct and/ or delete that information from our records within a 45 day time period.

  • 3 General Employee Guidelines

    • The only people able to access data covered by this policy are those who need it for their work.
    • Data is not to be shared informally.
    • When access to confidential information is required, employees must request it from their line managers or the relevant data owner in an official request made via JIRA.
    • We provide training to all employees to help them understand their responsibilities when handling data.
    • Employees should keep all data secure, by taking sensible precautions and following the guidelines in our Data Protection Policy, Privacy Policy and Information Security Policies.
    • In particular, strong passwords must be used and should never be shared.
    • Personal data should not be disclosed to unauthorised people, either within the company or externally.
    • Data should be regularly reviewed and updated.
    • If data is found to be out of date or no longer required, it should be deleted and disposed of by the appropriate authorized team member.
    • Employees should request help from their line manager, the HR lead or Financial Controller if they are unsure about any aspect of data protection.

    Policy Updates

    This Data Protection Policy and the use of information that we gather is subject to change from time to time, in accordance with current legislation. It shall be your responsibility to check our website frequently to see recent changes or you may request same from