McMahon’s Building Providers is committed to protecting your privacy and giving you the safest online experience. This Privacy Policy applies to the McMahon’s website and governs data collection and usage. By using the McMahon’s website, you are consenting to the data practices described in this statement.
McMahon’s website collects personally identifiable information, such as your e-mail address, name, home or work address or telephone number. McMahon’s also collects anonymous demographic information, which is not unique to you, such as your Eircode, age, preferences, interests and favourites.
There is also information about your computer hardware and software that is automatically collected by McMahons. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by McMahon’s for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the McMahon’s website.
McMahon’s collects and uses your personal information to operate the McMahon website and deliver the services you have requested online. McMahon’s also uses your personally identifiable information to inform you of other products or services available from our website. From time to time McMahon’s may contact you via surveys to conduct market research about your opinion of our current online services.
McMahon’s does not sell, rent or lease its customer lists to third parties. McMahon’s may, from time to time, contact you about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is never transferred to the third parties. McMahon’s as part of offering you fulfilment and other services may share data with trusted partners to help us arrange for courier deliveries, perform statistical analysis, send you email and provide customer support. All such third parties are prohibited from using your personal information except to provide these services to McMahon’s, and they are required to maintain the confidentiality of all personal information.
McMahon’s website uses "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programmes on your computer.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise McMahon’s pages, or register on McMahon’s site or services, a cookie helps McMahon’s to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the McMahon site, the information you previously provided can be retrieved, so you can easily use the McMahon services that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the online features of the McMahon websites.
The table below lists the cookies we collect and what information they store.
|
COOKIE NAME |
COOKIE Description |
|---|---|
|
CART |
The association with your shopping cart. |
|
CATEGORY_INFO |
Stores the category info on the page, that allows to display pages more quickly. |
|
COMPARE |
The items that you have in the Compare Products list. |
|
CURRENCY |
Your preferred currency |
|
CUSTOMER |
An encrypted version of your customer id with the store. |
|
CUSTOMER_AUTH |
An indicator if you are currently logged into the store. |
|
CUSTOMER_INFO |
An encrypted version of the customer group you belong to. |
|
CUSTOMER_SEGMENT_IDS |
Stores the Customer Segment ID |
|
EXTERNAL_NO_CACHE |
A flag, which indicates whether caching is disabled or not. |
|
FRONTEND |
You sesssion ID on the server. |
|
GUEST-VIEW |
Allows guests to edit their orders. |
|
LAST_CATEGORY |
The last category you visited. |
|
LAST_PRODUCT |
The most recent product you have viewed. |
|
NEWMESSAGE |
Indicates whether a new message has been received. |
|
NO_CACHE |
Indicates whether it is allowed to use cache. |
|
PERSISTENT_SHOPPING_CART |
A link to information about your cart and viewing history if you have asked the site. |
|
POLL |
The ID of any polls you have recently voted in. |
|
POLLN |
Information on what polls you have voted on. |
|
RECENTLYCOMPARED |
The items that you have recently compared. |
|
STF |
Information on products you have emailed to friends. |
|
STORE |
The store view or language you have selected. |
|
USER_ALLOWED_SAVE_COOKIE |
Indicates whether a customer allowed to use cookies. |
|
VIEWED_PRODUCT_IDS |
The products that you have recently viewed. |
|
WISHLIST |
An encrypted list of products added to your Wishlist. |
|
WISHLIST_CNT |
The number of items in your Wishlist. |
McMahon’s secures your personal information from unauthorised access, use or disclosure. McMahon’s secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (e.g. credit card number) is transmitted to other websites, it is protected through the use of encryption, for example the Secure Socket Layer (SSL) protocol.
McMahon’s will occasionally update this Statement of Privacy to reflect company and customer feedback. McMahon’s encourages you to periodically review this statement to keep informed of how McMahon’s is protecting your information.
This privacy notice is provided by Derevoya Holdings Ltd., as an organisation on its own, or for any of the individual companies which make up the members of the Derevoya Holdings Ltd group, here after we will refer to this as the “Group”. This includes any references we make to "we", "us", and "our" in this Privacy Notice, and to any individual member company named in the job vacancy.
The privacy notice describes the ways in which we and the processes we have put in place, all work together to protect the Personal Data of candidates and eventual team members (collectively called, "Applicants") who submit applications for consideration of a shared vacancy, and as such are processed by us. We do so in accordance with all Applicable Data Protection Law. We are committed to being upfront and transparent about how we both collect and use your personal data, and ensuring this meets our data protection obligations across the island of Ireland, north and south.
For clarity, if you are already a member of the team you will have access to our employee Privacy Policy, which you can access via our HR Policies or can ask your manager or the HR department for a copy.
Your privacy is important to us, and as a team, we are committed to protecting and safeguarding your privacy rights.
Our Privacy Notice, last updated on 28 March 2025, sets out the following information you may find useful:
1. We identify the Data Controller;
2. We share how you can contact our Data Protection Officer ("DPO");
3. We let you know the various sources of Personal Data;
4. We break down what the categories of Personal Data processed are, and the basis and purpose for why we process them;
5. We inform you how long we will retain your Personal Data;
6. We explain in what circumstances we would share your Personal Data with a Third Party, and how we do so;
7. Because we operate across borders, we talk about the International transfers of personal data; and
8. We share your Rights in relation to the Personal Data we have on your behalf.
The data controller for your personal data is Derevoya Holdings Ltd., and our headquarters is based in Ashbourne Hall, Ashbourne Business Park, Dock Road, Limerick. Derevoya Holdings Ltd. ("the Group") has a number of subsidiary Companies, e.g. James McMahon Ltd, BRC McMahon Ltd and Cooper Developments Ltd, and current members of the Group can be found on our website.
We operate as joint controllers in regard to some processing activities relating to the personal data of you as an Applicant. This is sometimes done in conjunction with other members of the Group. For example, if you make a request under Section 8 below, we will work across the group to ensure this is done thoroughly.
The Group has elected to appoint a Data Protection Officer ("DPO") who acts on behalf of all the members of the Group to support the Company's compliance efforts. The DPO does so in respect of the processing of the personal data of applicants, but also team members, customers and suppliers of the various group businesses.
The contact details for our DPO can be found via our HR Department as follows:
While sometimes we have the good fortune of being approached in person, or handed a CV from a family member, in most cases we use a dedicated online Applicant Tracker System (ATS) for recruitment. This is operated by the Group to collect applications and process them against the requirements of vacancies we may have. In doing so we are very conscious of our obligations under the applicable Data Protection Law when managing an applicant’s Personal Data and sharing this information with the relevant hiring and human resources team.
We also use the ATS to structure the information provided, store it, and share it as appropriate within the Group. We can assure you that we don’t use AI or automated processing and profiling to make decisions about our applicants.
In order to reach a wider target audience and promote greater diversity in applicants and team members, our ATS is sometimes linked to online jobs boards, or networking sites, and used internally to apply or refer applicants for roles. Regardless of where the ATS is accessed, the processes and procedures for how your information is stored and shared remain the same.
There are three primary sources for our Applicant Personal Data, and we have listed these below.
The main source of Personal Data is from you, the applicant. This comes to us from a number of difference avenues. It can be directly from you, if you apply through our ATS, email us, write to us by post, or even share information with us verbally. Similarly, if you are referred via a recruitment agency, the same information will be provided on your behalf. Often while reviewing your application we might look for more information and contact you to provide additional contact information, more details on your experience and qualifications, or other data that might help us review your application positively against the role you are interested in.
Other information will automatically be collected when you apply online, such as your IP address or other device identifiers unique to you, we may have access to information collected through cookies on your use of the ATS, your phone carrier (if applicable), what time zone you are in, the operating system and platform and information regarding your use of any of the Group’s ATS.
Some applicants will share information with us that was not requested, or is not permitted, and for this we do not take responsibility. For example, where special categories of personal data are not requested and are not relevant to the vacancy in question, so we will delete this information rather than processing it on our ATS.
As you move through the process and interact with various members of our team, we will naturally generate some information. This can happen when you participate in an interview (electronically or verbally, by telephone, in person and recorded digital interviews and assessments) and through evaluations provided by those who have interviewed you.
Depending on the service provided to us by a third party, we may also be provided with additional information, for example if you were to be referred to us by a company providing recruitment services. They may give an outline of your experience and qualifications in addition to what’s included in your CV or resume. On occasion, we might use a digital platform which is hosted by a third party in order to record an interview, or facilitate assessments or a skills test.
Another important part of the process is a reference check, and so we may receive additional information from those contacts you have authorised us to communicate with. Where required and permitted, or otherwise authorised by applicable laws, the information collected from third parties may include the results of background checks and referencing. To augment the information already received, we may also take information from the public areas of some third-party sites such as professional social networks or social directories (e.g. LinkedIn).
As discussed above we process different categories of information about you as an applicant, and have varied legal basis for doing this, which depends on the type of data and processing activity involved. This is a list of the typical reasons:
If we move forward to the offer stage, then we process your personal data where necessary for us to carry out our responsibilities under an employment contract which we are discussing and/or negotiating with you;
where necessary for us to pursue our legitimate interests provided that those interests are not overridden by your interests, fundamental rights and freedoms;
where necessary for us to comply with our legal obligations, such as registering your PPS number or National Insurance number for payroll; or
on the basis of your explicit consent.
To the extent not addressed below, we will point out, at the time of data collection, if the processing of your personal data by us is a statutory or contractual requirement. We will also inform you if you are obligated to provide the requested personal data and the possible consequences of your failure to do so. In certain circumstances, we will seek your consent specifically for us to process particular data, and we will request this from you at the point of data collection.
We process your personal data to carry out efficient and effective recruitment activities in order to attract new talent to the Group and its member companies, including permanent and temporary workers, in addition to independent contractors and consultants.
The categories of personal data that we process about you, for the purpose of recruitment, include the following:
|
Categories of personal data: |
We may use your personal data to: |
Our lawful basis for doing so is: |
Our legitimate interests in doing so are to: |
|
Identification data (i.e. name, mobile telephone number, email address) |
Contact you about your application to us |
Performance of contract / take step at your request, before entering a contract |
Allow appropriate assessment of applications and selection of suitable Applicants for roles with us Allow communication between us and you regarding the recruitment process Allow record keeping of our recruitment process If successful in your application, to create your contract and personnel record |
|
CV/Résumé (or profile on professional social networks or websites), details of your qualifications and experience, employment history (including job titles, salary and benefits packages and any relevant working hours), interests, information about your academic history, qualifications, right to work status |
Consider your qualifications, skills and experience to ensure they are suitable for the position |
Performance of contract / take step at your request, before entering a contract |
Allow appropriate assessment of applications and selection of suitable Applicants for roles with us Allow record keeping of our recruitment process If successful in your application, to create your personnel record |
|
Special Category personal data (including genderidentity, sexual orientation, ethnic origin, nationality, citizenship, disability status, civil status, religion or belief) |
This data is only used in aggregated form |
Legal Obligation |
Allow monitoring and measuring of equal opportunities and diversity against our Group diversity and inclusion strategy |
|
Categories of personal data: |
We may use your personal data to: |
Our lawful basis for doing so is: |
Our legitimate interests in doing so are to: |
|
Detailed evidence of your relevant skills and details of your previous experiences and the career choices you have made (usually assessed at a face-to-face or phone interview) |
Consider your suitability for the position |
Performance of contract / take step at your request, before entering a contract |
Allow selection of suitable Applicants for vacancies with us If successful in your application, to create your personnel record |
|
Video recording of your responses to interview questions using our digital assessment platform |
Consider your suitability for the position |
Consent |
N/A |
We request and collect Special Categories of Data and other personal data relevant to diversity reporting and monitoring from our colleagues and Applicants. The provision of such data is optional, with no impact on our consideration of your application. Any data that you choose to provide is used for statistical purposes in line with EU and UK legislation.
We also collect health information necessary to comply with workplace health and safety regulations and equality and employment rights legislation.
The categories of personal data that we may process about you for the above purposes, include the following:
Compliance with Legal and Regulatory Obligations
|
Categories of personal data: |
We may use your personal data to: |
Our lawful bases for doing so are: |
||
|
GDPR Article 6 |
UK Data Protection Act 2018 |
|||
|
Special Categories of Personal Data related to diversity and equality: gender identity, sexual orientation, ethnic origin, nationality, citizenship, disability status, civil status, religion or belief |
Monitor and measure the results of our Group diversity and inclusion strategies Comply with diversity and equality reporting requirements of and other relevant organisations For disability status, to consider whether we need to provide appropriate adjustments during the recruitment process (e.g. for tests or interview) |
Legal obligation |
Carry out our obligations under employment, social security and social protection law UK Data Protection Act 2018 Schedule 1, Part 1, Para 1 |
Equality Act 2010; Employment Rights Act 1996 |
|
Special Caegories of Personal Data: Information concerning health |
To be aware of any medical conditions for Health & Safety reasons; To make reasonable workplace adjustments to enable a disabled person to work |
Legal obligation |
Carry out our obligations under employment, social security and social protection law UK Data Protection Act 2018 Schedule 1, Part 1, Para 1 |
Health and Safety at Work Act 1974; Equality Act 2010; Employment Rights Act 1996 |
|
Criminal Convictions Data: Details of any unspent criminal convictions recorded against your name by the Courts of England and Wales In the UK, this shall be in accordance with the Rehabilitation of Offenders Act 1974 as amended from time to time. This means that you will never be asked to disclose convictions relating to certain offences after seven years. The convictions that are regarded as “spent” after seven years are set out in Section 5 of that Act. Certain minor convictions are regarded as “spent” after shorter periods of time. In Ireland, this shall be in accordance with the Criminal Justice (Spent Convictions and Certain Disclosures) Act 2016).
|
Consider your suitability for a particular position |
Legal Interests |
UK Data Protection Act 2018 Schedule 1, Part 2, Para 12 and Schedule 1, Part 3, Para 36 |
To screen for the conduct and integrity of certain colleagues involved in the Finance department or persons involved in dealing with large sums of cash Where you may be driving vehicles, we may ask you to disclose any previous driving convictions |
|
Credit Checks: Publicly available information related to financial integrity, including County Court Judgements (CCJ’s), Bankruptcy, Bankruptcy Restriction Orders, Individual Voluntary Arrangements, Fast Track Voluntary Arrangements, Debt Relief Orders, Debt Restriction Orders, Decrees, Sequestration Orders, Notices of Correction |
To manage business risk |
Legal Interests |
N/A |
To screen for the conduct and integrity of certain employees in the Finance department |
We retain your personal data for only the period required as per this Privacy Notice, or as required by our various legal obligations. We do so to enable us to establish, exercise or defend potential legal claims or to pursue our legitimate interests.
It is our general policy to retain potential personnel records until the end of our recruitment process regarding your application, extended to cover the relevant statutory period or for the duration of any relevant legal proceedings. More specifically, your personal data will be retained as follows:
If you submit your own personal data and are an unsuccessful Applicant:
If you apply via a third-party staffing or recruitment company and are an unsucessful Applicant:
The ways in which we share personal data relating to you as an Applicant, among other members of the Group and also with trusted third parties are set out below.
Relevant personal data of Applicants may be shared with authorised Company personnel, including selected interviewers and, where relevant to a particular Applicant, other authorised personnel from other members of the Group, who will be on the island of Ireland, either north or south, and who are involved in administering hiring in a fair and coordinated manner across all of our Group.
For all our hires. we use:
We also share the personal data of Applicants with trusted service providers (processors) in compliance with our own contractual arrangements with them. Such contracts include appropriate safeguards to protect any personal data that we share with them. The data recipients may include, for example, IT service providers, insurance providers (e.g. for a driving position), lawyers.
Due to the nature of the operations of our Group, your personal data may be transferred to and shared with authorised personnel of other members of the Group where we have offices in both the EU and UK. For example, our head office is based in Limerick, however we also recruit for and support our teams in Northern Ireland.
Some of the third parties with which we may share your personal data may be located outside the EU/EEA or UK. Unless the recipients are located in countries that have been deemed adequate by the European Commission or UK Parliament, we will put in place data transfer agreements based on the applicable EU Standard Contractual Clauses or rely on other available data transfer mechanisms (e.g., Binding Corporate Rules or approved Certifications or Codes of Conduct) to protect personal data that is transferred to recipients outside the EU or the UK. In exceptional cases, we may rely on statutory derogations for international data transfers.
The Applicable Data Protection Laws provide certain rights to data subjects in relation to their personal data. These include the rights to:
In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to achieve the purposes identified in Section 4 of this Privacy Notice in relation to your potential employment or partnership with us.
To assist us in complying with our obligation to maintain the accuracy of your personal data, please notify us in writing of any changes to your personal data by updating your information using the Applicant Tracking System or contacting the HR Team. Where you have notified us or we otherwise become aware of an inaccuracy in your information, we will take appropriate steps to rectify the inaccuracy.
Should an Applicant wish to exercise any of the rights set out above, please email [email protected].
You have the right to make a complaint at any time to the relevant supervisory authority, who upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance at [email protected].
|
Applicable Data Protection Law |
means the GDPR, the UK GDPR, the UK Data Protection Act 2018 and any national laws governing the protection of personal data as many be amended from time to time. |
|
Applicant |
as defined in the Introduction to this Privacy Notice. |
|
Colleagues |
includes full-time employees, part-time employees, temporary employees, reinstated employees, rehired employees and retired and former employees. |
|
GDPR |
means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). |
|
Personal Data |
means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
|
Special Categories of Personal Data |
means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data (for the purpose of uniquely identifying a natural person), data concerning health or data concerning a natural person's sex life or sexual orientation. |
|
UK GDPR |
means UK legislation incorporating the provisions of the GDPR into the body of UK law. |
|
Personal Data |
means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
|
Processing |
means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., computers), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
