Privacy & GDPR Policy

1 General

Marsh Mackey is committed to protecting all personal, special, and criminal categories of data held on you.

As such, we want you, the ‘data subject’, to understand how we collect, use, store, and share your personal data. We also want you understand what rights you can invoke to help you to protect your privacy. In this regard, it is important that you read this Privacy Notice and understand how we use your personal data. Please note that we reserve the right to update this Privacy Notice as required.

1.1 Marsh Mackey Information

Marsh Mackey provides recruitment and accounting services.

Marsh Mackey is committed to protecting the rights and privacy of individuals in accordance with both European Union and Irish data protection legislation. Marsh Mackey shall lawfully and fairly process personal data about candidates, employees, clients, and other stakeholders to achieve its mission and functions.

1.2 Legislation

All personal data processed by Marsh Mackey is done so in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

1.3 Queries and Complaints

If you are unhappy with the way we handle your personal data and wish to complain, or if you simply want further information about the way your personal data will be used, please contact us at the below:

Data Protection Officer

Marsh Mackey Recruitment 

3 Bridge Street, Navan, Co Meath

Telephone: 046 9028205


You have the right to lodge a complaint with the Data Protection Commission. To contact the Data Protection Commission, please use the following details:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, D02 RD28


Telephone: +353 (0)761 104 800 ; Telephone: +353 (0)57 868 4800


1.4 Breaches

Marsh Mackey will take all appropriate technical and organisational steps to safeguard your personal data. In the unlikely event of a data breach, we will contact you in line with our legal obligations.

2 How Do We Collect Information?

We collect personal data to enable the provision of services to support Marsh Mackey’s purpose. The following non-exhaustive methods of data collection are an indication of ways in which we may obtain your information:

Obtain personal data directly from you;

Personal data that we receive from other sources; references etc

It is important that the personal data you provide us is up to date and accurate. As outlined in Section 7.4 of this notice, if personal data we hold on you is inaccurate or incomplete, please contact us and we will update the information.

3 Why do we process your personal data?

We use personal data collected to fulfil our obligations to provide recruitment and Accounting services.

Whether you are looking for a job, replying to a specific listing, creating a profile on our website, providing us with your CV (directly or upon our recruitment or head-hunting process), or contacting us for job information in other ways (electronically, in writing, on our recruitment form, by telephone, etc.), you are providing us with your personal data, which we process throughout the entire process of job placement and when providing our services. All of our services relate to job searching, the recruitment process, head hunting and personal development.

We only process your personal data for legitimate reasons. Unless otherwise specified, we process the personal data of job applicants only with their express consent, or in connection with the performance of the contract concluded with us, as applicable. If we retain your personal data, e.g. due to legal dispute, such processing is based on our legitimate interest. Any transfer of candidates’ personal data to our contractual partners is based on your consent.

4 Who do we share this information with?

We may share personal data with other parties in the course of our duties. When this is done, we adhere to the following principles:

The transfer is based on a legal obligation, the performance of a contract, or explicit consent.

Where data is transferred to another party, we ensure appropriate technical and organisational safeguards are used to protect your personal data.

Where we engage a third party to provide a service to us, we ensure the provider has taken appropriate technical and organisational measures to process, store, and safeguard your personal data.

Marsh Mackey, as a Data Controller, will not sell your data to any third party and will take all appropriate steps to ensure the security of your data in dealings with third parties.

While the parties we engage may change occasionally, we believe it is important you are aware of the types of parties we share data with. The categories and types of third parties outlined below is a non-exhaustive list but provides an indication of the parties we share data with.

4.1 Other Third Bodies

Third parties for the purposes of internal and external audits, carrying out research, general practitioners, and or third parties who may improve our processes and services (such as consultants).

4.2 Government Departments, Bodies or Agencies

Marsh Mackey is legally obligated to share personal data with state actors which is outlined in the Data Protection Act 2018.

Recipients of this data include Government departments, agencies, bodies, investigatory bodies, local authorities, and the Gardaí.

4.3 International Transfers

Where personal data is transferred outside the European Economic Area, Marsh Mackey use safeguards known as Standard Contractual Clauses (SCCs).

5 What Type of Information is Collected?

To fulfil our mandate and perform tasks as outlined in this statement, we need to collect various types of personal data.

While the type of personal data may change occasionally, we believe it is important you are aware of the types of data we gather and use. The following table is a non-exhaustive list and provides an indication of the categories and types of data we use to perform our tasks.

Please note that information listed under one category may be used for the performance of a task or in relation to activities under another heading or as outlined under Section 3.


Type of Data



First name, last name, date of birth, contact details, email address, passport, identification copy, PPS number, pictures, CVs, work position, qualifications, employment history, job interests, transcripts, education, training history, cover letters, salary details, bank details, TAX, VAT details, interviews attended, interview feedback.

Special data revealing racial or ethnic origin, VISA, and data concerning health. Garda Vetting and International Police clearance.


First name, last name, date of birth, address, contact details, email address, family details, financial, tax, pension, remuneration details, performance, visual images details, employee ID, CCTV footage, lifestyle and social circumstances, education, and training details.

Special data revealing racial or ethnic origin and data concerning health.

Other Stakeholders

First name, last name, address, contact details, email address, PPS number, job title, CCTV footage, financial details, technical data includes IP address, browser history, and survey responses.

Special data revealing racial or ethnic origin and data concerning health.

6 How Long Do We Retain Information?

We have developed a record retention schedule for all the personal data we hold. Each retention period varies dependent on the nature and the purpose of the processing.

The main factors which determine retention periods are as follows:

How long it is required to perform the task;

Any legal requirements to hold onto the data;

Any pending legal actions.

7 What Are Your Rights?

As a data subject, you will have the following rights as outlined in this section. However, restrictions may apply in certain situations.

7.1 Where do I send requests?

Please send all your requests to the contact details provided in Section (1), with as much detail as possible about your requirements to allow us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes.

7.2 How long will a request take?

Upon receipt of a request, we will have 30 days to provide an answer with an extension of two further months if required. If we require more time to deal with your request, we will notify you of the delay and the reasons behind it within 30 days of the receipt of the request. If we refuse your request, we will also notify you within 30 days of the receipt of the request accompanied by the reasons for the refusal.

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider these to be unjustified or excessive, we may charge a reasonable fee (also applicable for multiple copies) or refuse the request.

You are entitled to contact the Data Protection Commission if we refuse your request.

7.3 Right of Access

You have a right to know what personal data we hold on you, why we hold the data, and how we are processing your personal data.

When submitting your request, please provide us with information to help verify your identity and as much detail as possible to help us understand the information you wish to access (i.e. date range, subject of the request) and email

Please note that an access request is free of charge, however, where we determine a request to be unjustified or excessive, we may charge you a reasonable fee.

7.4 Right to Rectification

You have a right to request that our information held on you is up to date and accurate.

Where information is inaccurate or incomplete, we encourage you to contact us to have this information rectified. Upon receipt of request, we will ensure that the personal data is rectified and as up to date as is reasonably possible.

7.5 Right to be Forgotten

You have the right to seek the erasure of your personal data in the following circumstances:

  • The personal data is no longer required for the purposes for which is was obtained;
  • Where data is being processed on the basis of consent, you withdraw consent to the processing and no other lawful basis exists;
  • The personal data is being unlawfully processed;
  • You object to the processing of personal data and there are no overriding legitimate grounds for the processing;
  • Your personal data requires deletion in line with legal requirements.

However, we will be unable to fulfil an erasure request if the processing of personal data is necessary for the following:

  • Exercising the right of freedom of expression and information;
  • Compliance with a legal obligation or for the performance of a task carried out in public interest;
  • Reasons of public interest in the area of public health;
  • Archiving or statistical purposes in the public interest;
  • The establishment, exercise, or defence of legal claims;

Please note that the where the legal basis for our processing of personal data is on the basis of a legal obligation, some processing in relation to your data may not be subject to the right to erasure.

To determine your request for erasure, we will carry out an assessment of the justification for the retaining your personal data where a legal requirement applies and contact you if we are unable to fulfil your request.

Please be aware that in some circumstances we may need to retain some information to ensure all of your preferences are properly respected. For example, we cannot erase all information about you where you have also asked us not to send you marketing material. Otherwise, we would delete your preference not to receive marketing material.

7.6 Right to Restriction

You have the right to restrict the extent of personal data processed by the us in circumstances where:

  • You believe the personal data is not accurate (restriction period will exist until we update your information);
  • The processing of the personal data is unlawful, but you wish to restrict the processing of data rather than erase it;
  • Where the personal data is no longer required by us, but you require retention of the information for the establishment, exercise, or defence of a legal claim;
  • You have a pending objection to the processing of the personal data;

When processing is restricted, your personal data will only be processed: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of other people; or for reasons important to public interest.

We will contact you confirm where the request for restriction is fulfilled and will only lift the restriction after we have informed you that we are doing so.

7.7 Right to Data Portability

You have the right to the provision of all personal data held in relation to you in a structured, commonly used and machine-readable format where:

  • Processing is completed on the basis a contract;
  • Processing is completed based on consent by the you;
  • Processing is carried out by automated means.

You may also request that we send this personal data to another data controller where technically feasible.

7.8 Right to Object

You have the right to object to the processing of your personal data; however, the processing must have been undertaken on the basis of public interest or legitimate interest by us.

If you wish to object to the processing of data, please contact us with your request. We will then stop the processing of personal data unless it is required for legal proceedings.