Privacy Policy in respect of formal insolvency and Court appointments

Last updated 25 October 2022

Interpath (Ireland) Limited (trading as “Interpath Advisory”) is dedicated to protecting the
confidentiality and privacy of information entrusted to us in accordance with the General Data
Protection Regulation (EU) 2016 (GDPR), the ePrivacy Regulations 2011 and the Irish Data Protection
Act 2018. Please read this Privacy Notice to learn about your rights, what information we collect,
how we use and protect it.

This website is operated by Interpath (Ireland) Limited (“Interpath Advisory”, “we” or “us”), an Irish
limited company with registered number 713472.

Why is there a Privacy Policy exclusively for Insolvency and Court Appointments?

This Privacy Policy applies exclusively to formal Insolvency and Court appointments where
Interpath (Ireland) Limited staff have been appointed in a personal capacity to act as the
Officeholder in the insolvency of a company or individual, or similar procedure under relevant
Irish insolvency legislation and other applicable laws and legislation. It is important to note that
the Officeholder accepts such an appointment in a personal capacity. Interpath (Ireland) Limited
does not itself accept insolvency appointments.

This Privacy Policy does not apply to any other interactions you may have with Interpath (Ireland)
Limited. For details of the policy relating to Interpath (Ireland) Limited, please see here.

Who is processing your personal data?

Licenced insolvency practitioners are appointed in a personal capacity to act as Officeholders in
the insolvency of a company or individual. When appointed in this capacity, it is the relevant
Officeholders, not Interpath (Ireland) Limited, who determine the purpose and means in respect
of personal data they process in the exercise of their duties as Officeholders.

However, Officeholders do not determine the purpose and means for personal data processed by
the insolvent company/individual before the insolvency appointment. Instead, Officeholders act
as agents for the insolvent entity. It is the entity that controls the purpose and means for any
personal data processed prior to its insolvency.

The Officeholders only handle your data for the purposes of administering the insolvent estate.
Their overriding obligations will generally be dictated by insolvency legislation in the first instance
and, where this conflicts with an individual’s specific data requirements, the Officeholders will be
obliged to fulfil their duties under the insolvency legislation.

Who can you contact for privacy questions or concerns?

Whilst this document provides the specific detail of the Officeholder’s Privacy Policy, it is
important to note at the outset that, given the Officeholder’s legal obligations to process data to
fulfil their role and duties under insolvency legislation, there may be some instances where the
Officeholders are unable to comply with your requests in relation to your data.

If you have questions or comments about this Privacy Policy or how the Officeholders handle
personal data, please email dataprivacy@interpathadvisory.ie or direct your correspondence to
the specific Officeholders of the relevant insolvency appointment, c/o Interpath (Ireland) Limited,
Data Protection and Privacy Office, 10 Fleet Place, London, EC4M 7RB, UK. The Officeholders will
aim to respond within 30 days from the date they receive privacy-related communications.

If you are not satisfied with the response you may also contact the Data Protection Commission
by post at Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 or by email
at info@dataprotection.ie to report concerns you may have about our data handling practices.

How do the Officeholders collect personal data?

Company/Individual Data – Upon appointment, the Officeholders have statutory obligations to
collect and store certain of the insolvent entity’s pre-appointment records. Such records will be
recovered directly from the company/individual to assist the Officeholders with a number of
matters including, but not limited to, the identification of company assets, investigation of conduct
prior to appointment and the agreement of claims, including those of employees and the relevant
tax authorities where applicable. Some of the data retained and stored will clearly include
personal data.

The Officeholder’s duty to collect records does not extend to all records and you should be aware
that the Officeholders will only collect the records that they need to fulfil their statutory and
regulatory obligations.

Any records that the Officeholders do not require for a particular purpose will be securely
destroyed. Those records that they do retain will be held securely.

Practitioner Data – As the Officeholders administer the appointment they will create their own
records, referred to as Practitioner Data. Given the nature of the work being undertaken, there will
be personal data collected, processed, and held, particularly in relation to employees and
creditors and the agreement and processing of their claims.

  • Ordinary course of business - Records may be generated from ongoing trading of the
    business, with data being received by the Officeholders as agents for the company in the
    ordinary course of business.
  • Directly from the company/individual - Some of the company/individual records created
    above may be interrogated or processed to enable the Officeholders to pursue assets,
    investigate transactions or agree claims.
  • Directly from individuals - Individuals may provide their personal data when they engage
    with the Officeholders. The majority of data provided by individuals is likely to come from
    employees or other individual creditors and will relate to their employment with the
    entity or claims against it. The Officeholders may also receive data from interested parties
    where they are seeking to sell the business or assets.
  • Public sources - Personal data may be obtained from public registers (such as Companies
    House), news articles, sanctions lists, government intelligence and crime prevention
    agencies and Internet searches.

What categories of personal data do the Officeholders collect?

As noted above, the Officeholders may obtain the following categories of personal data about
individuals through direct interactions as they trade the business or administer the insolvent
estate.

Personal data - The data that the Officeholders collect will vary depending on the insolvency
process being administered but below is a list of personal data which is commonly collected to
conduct their business activities:

  • Contact details (e.g., name, company name, job title, work and mobile telephone numbers,
    work and personal email and postal address);
  • Family and dependant details when administering a personal insolvency estate (e.g.,
    names and dates of birth); and
  • Financial information (e.g., taxes, payroll, pensions, assets, bank details, claim details).

If you give the Officeholder information about someone else, or someone gives us information
about you, the Officeholder may add it to any personal information the Officeholder already holds
and will use it in the ways described in this Privacy Notice. Before you disclose information to the
Officeholder about another person, you should be sure that you have their agreement to do so.
You should also show them this Privacy Notice. You need to ensure they confirm that they know
you are sharing their personal information with us for the purposes described in this Privacy
Notice.

Sensitive personal data – The Officeholders typically do not collect sensitive or special categories
of personal data about individuals. When they do need to process sensitive personal data, they
have a legal obligation to do so, and this would be obtained directly from the entity’s records or
the individual. Examples of sensitive personal data the Officeholders may obtain include:

  • Personal identification documents that may reveal race or ethnic origin, and possibly
    biometric data of private individuals, beneficial owners of corporate entities, or
    applicants;
  • Details of trade union membership, particularly when dealing with employees of an
    insolvent entity;
  • Adverse information about potential or existing clients and applicants that may reveal
    criminal convictions or offences information;
  • Information the client provided to the Officeholders in the course of a professional
    engagement; and
  • Health data where the processing is necessary to assess, monitor and control spread of
    infectious diseases and to provide a safe working environment.

What lawful reasons do the Officeholders have for processing personal data?

The Officeholders have an obligation to process personal data which flows from their role and
duties as Officeholders, as set out in the relevant Irish insolvency legislation and other applicable
laws and legislation.

On the whole, the Officeholders are, therefore, relying on “legal obligation” as the lawful reason
to process personal data. This allows them to process personal data in order to meet their legal
and regulatory obligations, as set out in the insolvency legislation.

It is important to be aware that the Officeholders only process personal data for the purpose of
administering the insolvent estate. Their overriding obligations will generally be dictated by
insolvency legislation in the first instance. Where this conflicts with individual’s specific data
requirements, the Officeholders will be obliged to fulfil their duties under the insolvency
legislation.

Why do the Officeholders need personal data?

The Officeholders only collect such personal data as they require to exercise their duties in
relation to the relevant appointment. The purposes of use typically include:

  • Providing professional advice and services as Officeholders to administer the estates of
    insolvent companies and individuals. The Officeholder’s duties and obligations are clearly
    defined within legislation and are wide-ranging in scope;
  • The administration of an estate may include the ongoing trading of that entity, and the
    obvious implications that will have for processing personal data;
  • Administering, maintaining and ensuring the security of their information systems,
    applications and websites;
  • Authenticating registered users to certain areas of their sites; and
  • Complying with legal and regulatory obligations relating to anti-money laundering,
    terrorist financing, fraud and other forms of financial crime.
  • Compiling health and safety data (directly or indirectly) following an incident or accident.
    Indirect data can take many forms including an incident report, first aider report, witness
    statements and CCTV footage.
  • Collecting health data where the processing is necessary to assess, monitor and control
    spread of infectious diseases and to provide a safe working environment.

Do the Officeholders share personal data with third parties?

The Officeholders may occasionally share personal data with trusted third parties to help them
deliver efficient and quality services. These recipients are contractually bound to safeguard the
data the Officeholders entrust to them. The Officeholders may engage with several or all of the
following categories of recipients to assist them with the administration of an insolvent estate:

  • Professional advisers, including lawyers, agents, payroll providers and insurers;
  • Parties that support the Officeholders as they provide their services (e.g., providers of
    telecommunication systems, mailroom support, IT system support, archiving services,
    document production services and cloud-based software services);
  • Parties that support us with anti-money laundering, client conflicts and independence
    checks.
  • Health government bodies and external service providers (health, facilities and estate
    management) to assess, monitor and control the spread of infectious diseases.
  • Law enforcement or other Government and regulatory agencies (e.g., HMRC) or to other
    third parties as required by, and in accordance with, applicable law or regulation;
  • Interested third parties where, as part of their role, the Officeholders are selling the
    business or assets of a company, including any databases or customer lists. Any such sale
    would be governed by appropriate confidentiality and a contract for sale; and
  • Payment services providers.

Do the Officeholders transfer your personal data outside the European Economic Area?

The Officeholders store personal data on servers located in the European Economic Area (EEA).

Depending upon the nature of the insolvency process and the location of the insolvent entity, the
Officeholders may transfer personal data to reputable third-party organisations situated inside or
outside the EEA when the Officeholders have a business reason to engage these organisations. We
only transfer your data outside the EEA where we are satisfied that the transfer complies with data
protection law and appropriate safeguards are in place if required (including that each such
organisation to which we may transfer data outside the EEA is required to safeguard personal data
under appropriate contractual obligations including standard contractual clauses under Article
46.2 of the GDPR (and the equivalent standard contractual clauses for the UK, where appropriate)
or an adequacy decision under Article 45 for the GDPR.).

What are my data protection rights?

Your data protection rights are highlighted here. To submit a data request please send an email
to dataprivacy@interpathadvisory.ie quoting the name of the specific Officeholders and the
relevant insolvency appointment.

  • Access - As detailed within this Privacy Policy, to enable the Officeholders to administer
    the insolvent estate, they have a legal obligation to process your personal data. You can
    ask the Officeholders to verify whether they are processing personal data about you, and
    if so, to provide you with more specific information.
  • Correction - You can ask Officeholders to correct records held by them if you believe they
    contain incorrect or incomplete information about you.
  • Erasure - Given the Officeholders legal obligation to process your personal data to satisfy
    their legislative and regulatory requirements, in the majority of cases the Officeholders
    are unable to erase (delete) your personal data whilst the insolvent estate is being
    administered. Once the administration of the estate is complete, and the relevant period
    for retention of data has expired, the Officeholders will take steps to delete your data.

No fee is required to make a request unless your request is clearly unfounded or excessive. As
already advised, depending on the circumstances, the Officeholders may be unable to comply with
your request based on other lawful grounds, particularly in relation to their legal obligation to
administer the insolvent estate. Officeholders will respond to your request within one (1) month.
That period may be extended by two further months where necessary, taking into account the
complexity and number of requests. Officeholders will inform you of any such extension within
one month of receipt of your request. Please note you have a right to lodge a complaint with the
Irish Data Protection Commission, or any other competent data protection supervisory authority.

The Officeholders may need to request specific information from you to help them confirm your
identity and ensure your right to access the information or to exercise any of your other rights.
This helps them to ensure that personal data is not disclosed to any person who has no right to
receive it.

What about personal data security?

Any records that the Officeholders retain will be held securely. The Officeholders have put
appropriate technical and organisational security policies and procedures in place to protect
personal data (including sensitive personal data) from loss, misuse, alteration, or destruction.
They aim to ensure that access to your personal data is limited only to those who need to access
it. Those individuals who have access to the data are required to maintain the confidentiality of
such information.

If you have access to parts of the Officeholder’s websites or use their services, you remain
responsible for keeping your user ID and password confidential. Please be aware that the
transmission of data via the internet is not completely secure. Whilst the Officeholders do their
best to try to protect the security of your personal data, they cannot ensure or guarantee the
security of your data transmitted to their site; any transmission is at your own risk.

How long do the Officeholders retain personal data?

The Officeholders retain personal data to provide their services, stay in contact with you and to
comply with applicable laws, regulations, and professional obligations that they are subject to. All
personal data will be held throughout the duration of the insolvency process, unless there are
specific reasons identified why certain data is no longer needed.

The Officeholders’ records destruction policy varies depending upon the data that is held:

  • For Company/Individual Data – The Officeholders will retain these records for the
    duration of the insolvency process. Once they have ceased to act, the data will be securely
    destroyed generally 12 months after ceasing to act or dissolution of the company.
  • For Practitioner Data – The Officeholders will retain these records for the duration of the
    insolvency process. Once they have ceased to act the Practitioner data will be securely
    destroyed generally six years after ceasing to act or dissolution of the company.

Any records that the Officeholders do not require for a specific purpose will be securely destroyed.
The Officeholders will dispose of personal data in a secure manner when they no longer need it.

Does this website use cookies?

This website may use cookies. Where cookies are used, you can view a statement explaining the
use of cookies within the disclaimer on the website. To learn more, please refer to the cookie
policy.

Do the Officeholders link to other websites?

The Officeholder’s websites may contain links to other sites, including sites maintained by third
parties that are not governed by this Privacy Policy. Please review the destination websites’
privacy policies before submitting personal data on those sites. Whilst the Officeholders try to
link only to sites that share their high standards and respect for privacy, they are not responsible
for the content, security, or privacy practices employed by other sites.

Do the Officeholders change this Privacy Policy?

The Officeholders regularly review this Privacy Policy and will post any updates to it on this
webpage. This Privacy Policy was created on 12th July 2022.