Privacy Policy in respect of formal insolvency and Court appointments

Last updated 25 October 2022

Interpath (Ireland) Limited (trading as “Interpath Advisory”) is dedicated to protecting the confidentiality and privacy of information entrusted to us in accordance with the General Data Protection Regulation (EU) 2016 (GDPR), the ePrivacy Regulations 2011 and the Irish Data Protection Act 2018. Please read this Privacy Notice to learn about your rights, what information we collect, how we use and protect it.

This website is operated by Interpath (Ireland) Limited (“Interpath Advisory”, “we” or “us”), an Irish limited company with registered number 713472.

Why is there a Privacy Policy exclusively for Insolvency and Court Appointments?

This Privacy Policy applies exclusively to formal Insolvency and Court appointments where Interpath (Ireland) Limited staff have been appointed in a personal capacity to act as the Officeholder in the insolvency of a company or individual, or similar procedure under relevant Irish insolvency legislation and other applicable laws and legislation. It is important to note that the Officeholder accepts such an appointment in a personal capacity. Interpath (Ireland) Limited does not itself accept insolvency appointments.

This Privacy Policy does not apply to any other interactions you may have with Interpath (Ireland) Limited. For details of the policy relating to Interpath (Ireland) Limited, please see here.

Who is processing your personal data?

Licenced insolvency practitioners are appointed in a personal capacity to act as Officeholders in the insolvency of a company or individual. When appointed in this capacity, it is the relevant Officeholders, not Interpath (Ireland) Limited, who determine the purpose and means in respect of personal data they process in the exercise of their duties as Officeholders.

However, Officeholders do not determine the purpose and means for personal data processed by the insolvent company/individual before the insolvency appointment. Instead, Officeholders act as agents for the insolvent entity. It is the entity that controls the purpose and means for any personal data processed prior to its insolvency.

The Officeholders only handle your data for the purposes of administering the insolvent estate. Their overriding obligations will generally be dictated by insolvency legislation in the first instance and, where this conflicts with an individual’s specific data requirements, the Officeholders will be obliged to fulfil their duties under the insolvency legislation.

Who can you contact for privacy questions or concerns?

Whilst this document provides the specific detail of the Officeholder’s Privacy Policy, it is important to note at the outset that, given the Officeholder’s legal obligations to process data to fulfil their role and duties under insolvency legislation, there may be some instances where the Officeholders are unable to comply with your requests in relation to your data.

If you have questions or comments about this Privacy Policy or how the Officeholders handle personal data, please email [email protected] or direct your correspondence to the specific Officeholders of the relevant insolvency appointment, c/o Interpath (Ireland) Limited, Data Protection and Privacy Office, 10 Fleet Place, London, EC4M 7RB, UK. The Officeholders will aim to respond within 30 days from the date they receive privacy-related communications.

If you are not satisfied with the response you may also contact the Data Protection Commission by post at Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 or by email at [email protected] to report concerns you may have about our data handling practices.

How do the Officeholders collect personal data?

Company/Individual Data – Upon appointment, the Officeholders have statutory obligations to collect and store certain of the insolvent entity’s pre-appointment records. Such records will be recovered directly from the company/individual to assist the Officeholders with a number of matters including, but not limited to, the identification of company assets, investigation of conduct prior to appointment and the agreement of claims, including those of employees and the relevant tax authorities where applicable. Some of the data retained and stored will clearly include personal data.

The Officeholder’s duty to collect records does not extend to all records and you should be aware that the Officeholders will only collect the records that they need to fulfil their statutory and regulatory obligations.

Any records that the Officeholders do not require for a particular purpose will be securely destroyed. Those records that they do retain will be held securely.

Practitioner Data – As the Officeholders administer the appointment they will create their own records, referred to as Practitioner Data. Given the nature of the work being undertaken, there will be personal data collected, processed, and held, particularly in relation to employees and creditors and the agreement and processing of their claims.

• Ordinary course of business - Records may be generated from ongoing trading of the business, with data being received by the Officeholders as agents for the company in the ordinary course of business.
• Directly from the company/individual - Some of the company/individual records created above may be interrogated or processed to enable the Officeholders to pursue assets, investigate transactions or agree claims.
• Directly from individuals - Individuals may provide their personal data when they engage with the Officeholders. The majority of data provided by individuals is likely to come from employees or other individual creditors and will relate to their employment with the entity or claims against it. The Officeholders may also receive data from interested parties where they are seeking to sell the business or assets.
• Public sources - Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, government intelligence and crime prevention agencies and Internet searches.

What categories of personal data do the Officeholders collect?

As noted above, the Officeholders may obtain the following categories of personal data about individuals through direct interactions as they trade the business or administer the insolvent estate.

Personal data - The data that the Officeholders collect will vary depending on the insolvency process being administered but below is a list of personal data which is commonly collected to conduct their business activities:

• Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address);
• Family and dependant details when administering a personal insolvency estate (e.g., names and dates of birth); and
• Financial information (e.g., taxes, payroll, pensions, assets, bank details, claim details).

If you give the Officeholder information about someone else, or someone gives us information about you, the Officeholder may add it to any personal information the Officeholder already holds and will use it in the ways described in this Privacy Notice. Before you disclose information to the Officeholder about another person, you should be sure that you have their agreement to do so. You should also show them this Privacy Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Privacy Notice.

Sensitive personal data – The Officeholders typically do not collect sensitive or special categories
of personal data about individuals. When they do need to process sensitive personal data, they
have a legal obligation to do so, and this would be obtained directly from the entity’s records or
the individual. Examples of sensitive personal data the Officeholders may obtain include:

• Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants;
• Details of trade union membership, particularly when dealing with employees of an insolvent entity;
• Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information;
• Information the client provided to the Officeholders in the course of a professional engagement; and
• Health data where the processing is necessary to assess, monitor and control spread of infectious diseases and to provide a safe working environment.

What lawful reasons do the Officeholders have for processing personal data?

The Officeholders have an obligation to process personal data which flows from their role and duties as Officeholders, as set out in the relevant Irish insolvency legislation and other applicable laws and legislation.

On the whole, the Officeholders are, therefore, relying on “legal obligation” as the lawful reason to process personal data. This allows them to process personal data in order to meet their legal and regulatory obligations, as set out in the insolvency legislation.

It is important to be aware that the Officeholders only process personal data for the purpose of administering the insolvent estate. Their overriding obligations will generally be dictated by insolvency legislation in the first instance. Where this conflicts with individual’s specific data requirements, the Officeholders will be obliged to fulfil their duties under the insolvency legislation.

Why do the Officeholders need personal data?

The Officeholders only collect such personal data as they require to exercise their duties in relation to the relevant appointment. The purposes of use typically include:

• Providing professional advice and services as Officeholders to administer the estates of insolvent companies and individuals. The Officeholder’s duties and obligations are clearly defined within legislation and are wide-ranging in scope;
• The administration of an estate may include the ongoing trading of that entity, and the obvious implications that will have for processing personal data;
• Administering, maintaining and ensuring the security of their information systems, applications and websites;
• Authenticating registered users to certain areas of their sites; and
• Complying with legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud and other forms of financial crime.
• Compiling health and safety data (directly or indirectly) following an incident or accident. Indirect data can take many forms including an incident report, first aider report, witness statements and CCTV footage.
• Collecting health data where the processing is necessary to assess, monitor and control spread of infectious diseases and to provide a safe working environment.

Do the Officeholders share personal data with third parties?

The Officeholders may occasionally share personal data with trusted third parties to help them deliver efficient and quality services. These recipients are contractually bound to safeguard the data the Officeholders entrust to them. The Officeholders may engage with several or all of the following categories of recipients to assist them with the administration of an insolvent estate:

• Professional advisers, including lawyers, agents, payroll providers and insurers;
• Parties that support the Officeholders as they provide their services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services);
• Parties that support us with anti-money laundering, client conflicts and independence checks.
• Health government bodies and external service providers (health, facilities and estate management) to assess, monitor and control the spread of infectious diseases.
• Law enforcement or other Government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation;
• Interested third parties where, as part of their role, the Officeholders are selling the business or assets of a company, including any databases or customer lists. Any such sale would be governed by appropriate confidentiality and a contract for sale; and
• Payment services providers.

Do the Officeholders transfer your personal data outside the European Economic Area?

The Officeholders store personal data on servers located in the European Economic Area (EEA).

Depending upon the nature of the insolvency process and the location of the insolvent entity, the Officeholders may transfer personal data to reputable third-party organisations situated inside or outside the EEA when the Officeholders have a business reason to engage these organisations. We only transfer your data outside the EEA where we are satisfied that the transfer complies with data protection law and appropriate safeguards are in place if required (including that each such organisation to which we may transfer data outside the EEA is required to safeguard personal data under appropriate contractual obligations including standard contractual clauses under Article 46.2 of the GDPR (and the equivalent standard contractual clauses for the UK, where appropriate) or an adequacy decision under Article 45 for the GDPR.).

What are my data protection rights?

Your data protection rights are highlighted here. To submit a data request please send an email to [email protected] quoting the name of the specific Officeholders and the relevant insolvency appointment.

• Access - As detailed within this Privacy Policy, to enable the Officeholders to administer the insolvent estate, they have a legal obligation to process your personal data. You can ask the Officeholders to verify whether they are processing personal data about you, and if so, to provide you with more specific information.
• Correction - You can ask Officeholders to correct records held by them if you believe they contain incorrect or incomplete information about you. Erasure - Given the Officeholders legal obligation to process your personal data to satisfy their legislative and regulatory requirements, in the majority of cases the Officeholders
  are unable to erase (delete) your personal data whilst the insolvent estate is being administered. Once the administration of the estate is complete, and the relevant period for retention of data has expired, the Officeholders will take steps to delete your data.

No fee is required to make a request unless your request is clearly unfounded or excessive. As already advised, depending on the circumstances, the Officeholders may be unable to comply with your request based on other lawful grounds, particularly in relation to their legal obligation to administer the insolvent estate. Officeholders will respond to your request within one (1) month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. Officeholders will inform you of any such extension within one month of receipt of your request. Please note you have a right to lodge a complaint with the Irish Data Protection Commission, or any other competent data protection supervisory authority.

The Officeholders may need to request specific information from you to help them confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps them to ensure that personal data is not disclosed to any person who has no right to receive it.

What about personal data security?

Any records that the Officeholders retain will be held securely. The Officeholders have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration, or destruction. They aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.

If you have access to parts of the Officeholder’s websites or use their services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst the Officeholders do their best to try to protect the security of your personal data, they cannot ensure or guarantee the security of your data transmitted to their site; any transmission is at your own risk.

How long do the Officeholders retain personal data?

The Officeholders retain personal data to provide their services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations that they are subject to. All personal data will be held throughout the duration of the insolvency process, unless there are specific reasons identified why certain data is no longer needed.

The Officeholders’ records destruction policy varies depending upon the data that is held:

• For Company/Individual Data – The Officeholders will retain these records for the duration of the insolvency process. Once they have ceased to act, the data will be securely destroyed generally 12 months after ceasing to act or dissolution of the company.
• For Practitioner Data – The Officeholders will retain these records for the duration of the insolvency process. Once they have ceased to act the Practitioner data will be securely destroyed generally six years after ceasing to act or dissolution of the company.

Any records that the Officeholders do not require for a specific purpose will be securely destroyed. The Officeholders will dispose of personal data in a secure manner when they no longer need it.

Does this website use cookies?

This website may use cookies. Where cookies are used, you can view a statement explaining the use of cookies within the disclaimer on the website. To learn more, please refer to the cookie policy.

Do the Officeholders link to other websites?

The Officeholder’s websites may contain links to other sites, including sites maintained by third parties that are not governed by this Privacy Policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst the Officeholders try to link only to sites that share their high standards and respect for privacy, they are not responsible for the content, security, or privacy practices employed by other sites.

Do the Officeholders change this Privacy Policy?

The Officeholders regularly review this Privacy Policy and will post any updates to it on this webpage. This Privacy Policy was created on 12th July 2022.