Privacy Policy 2019

DATA PROTECTION GROUP
PRIVACY POLICY

At the Data Protection Group, we regard your privacy rights as extremely important and treat them very seriously. This Policy sets out how we collect and process your personal data and tells you what your rights are about the ways we process your personal data. Please read below for details.

We help you understand how the GDPR applies to your organisation and we advise on delivering what's needed to achieve legal compliance and manage your continuing obligations under the GDPR.

To provide our Data Protection services to you we need to maintain a database of personal data about you, our customer. We maintain that data securely and we never sell your data to anyone else.

This Notice is split under several headings – if you click on a heading you will be taken directly to that section. More detailed information is available in several sections, or on request in some instances:


1. Who we are and how to contact us

2. What information about me do you collect and use, and where do you get my personal data from?

3. Do you collect information about children (under 16yr olds)?

4. How and why do you use my personal information?

5. Do you share my information?

6. Is my information sent outside the European Union?

8. What are my rights, and how do I exercise them?

9. Can I stop getting emails and other communications from you?

10. Is my information secure?

11. How long do you keep my information?

12. How do I contact the Data Protection Commission?

 


Who we are and how to contact us

“We” are the Data Protection Group, Propolicies.com, gdprtraining.ie and gdpr.ie, all of which are trading names of GDPR Limited, a company incorporated in Ireland as a limited liability company, having registration number 598036 and having its registered office at 7 Parklands Office Park, Southern Cross Road, Bray, Co. Wicklow

The DATA CONTROLLER for the purposes of the GDPR and the Data Protection Acts 1988 – 2018 is GDPR Limited.

For data protection issues, or to exercise your rights  please email us at info@gdpr.ie

Or write to us at:

The Data Protection Group

Level 1, The Chase,
Carmanhall Road,
Sandyford,
D18 Y3X2,
T: (+353) 1 685 5025

Back To Top

 

  1. What information about me do you collect & use? Where do we get your personal data from?

“Personal data” is data that can identify you, either directly or indirectly, as an identified or identifiable individual.

When you engage with us via the website, by letter, by telephone or personally, we will collect such information as you choose to give us, such as your name, address, contact details and purpose of your enquiry or concern.

We also collect personal data directly when we provide services to you, such as training, consultancy services, data protection audits, remediation services and template or tailored policies relating to your activities.

The personal data we collect from you includes some special categories of data such as health information which is necessary for us to have to provide a safe service to you, for example, that you suffer from reduced mobility or have special dietary requirements when attending training events.

We also use cookies on some of our websites, in respect of which we will always provide a facility to enable you to consent or reject. If you reject all cookies a website may not function properly, and we may not be able to provide services to you. Please see the Cookie Notice on each website.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content.

Please keep in mind that if you directly disclose personal information or sensitive data through social media, this information may be collected and used by others. We have no control over such social media websites, and this Privacy Policy does not apply to such data. You should consult each site’s Privacy Policy for information about their processing.

For full details of our cookies and how to opt in/out of their use, see our COOKIES page.

For full details of your rights in connection with the personal data held by us, please ask for our Data Subjects’ Rights Policy by emailing info@gdpr.ie

Back To Top

 

  1. Do we offer our services to children (under 16yr olds)?

No. The services are not directed to children under the age of 16 years and we request that such individuals do not provide personal data to us.  We do NOT collect any data from children and if we discover that we inadvertently have such data we will immediately delete it.

Back To Top

 

  1. How and why do use my personal information?

We will use your information for the purposes as set out in this Notice, in particular:

  • To provide our services to you as requested by you.
  • To administer our websites and business.
  • To promote and organise events, including training events.
  • To operate our websites and deliver the services you have requested.
  • To fulfil our contractual obligations.
  • To inform you of other products or services available from the Data Protection Group and its affiliates.
  • To contact you directly or indirectly via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
  • To contact you on behalf of external business partners about a particular offering that may be of interest to you (your personal data i.e. e-mail, name, address, telephone number is not transferred to the third party except when requested or authorised by you).
  • In addition, The Data Protection Group may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries or other services. Such sharing is subject to the provisions of the GDPR, to include appropriate safeguards. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
  • To comply with any Order of a Court of competent jurisdiction.
  • To comply with any direction or requirement of a Supervisory Authority.

 

Back To Top

 

  1. Do you share my information?

Your data is shared as necessary within the Data Protection Group, and with trusted partners to help us provides our services to you, organise and run training courses, send or receive email or postal mail, provide customer support, arrange for deliveries, perform statistical analysis and ensure your queries and requests are met.

We do not sell, rent, or otherwise share personal data with unaffiliated entities for their independent use except as expressly described in this Privacy Policy or with your prior consent.

Data is also shared with suppliers and subcontractors for the performance of any contract we enter into with you or with them, for example with our IT service providers, our website host and server provider and our cloud storage providers.

Such sharing takes place only to the extent necessary to perform the services carried out for you or on your behalf, and we require that they comply with applicable data protection law at all times, including the provision of appropriate safeguards in relation to the security and integrity of your data.

All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information in accordance with the GDPR.

In particular, we use third-party providers as follows:

For processing payments, we use Stripe and Paypal.  Your financial data is securely collected and processed by them and is not stored or accessed by us. For details of their Privacy Policies see:

https://stripe.com/en-IE/privacy   or https://www.paypal.com/ie/webapps/mpp/ua/privacy-full

We would also share with service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or association, or we sell, liquidate, or transfer all or a portion of our assets.

The Data Protection Group will otherwise disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on GDPR Ltd. or the site; (b) protect and defend the rights or property of GDPR Ltd. and its staff; and, (c) act under exigent circumstances to protect the personal safety of  staff or users of GDPR Ltd., or the public.

Back To Top

 

  1. Is my information sent outside the European Union?

We transfer Personal Data that we maintain about you to recipients in countries outside the EEA, including to the United States. In relation to transfers to the United States, we seek to ensure the recipient is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. If that is not applicable, and in relation to other countries, we will take measures to ensure that any such transfers comply with the GDPR and that your Personal Data remains protected to the standards required under the GDPR and as described in this Privacy Policy.  However, please note that data protection laws and standards vary throughout the world, with some countries providing more protection than others.

In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in other countries may be entitled to access your Personal Data.

The information generated by the cookies about your use of our website (including your IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, Google applies the same protections described in their Privacy Policy. They also comply with legal frameworks relating to the transfer of data, such as the EU-US and Swiss-US Privacy Shield Frameworks. For more information on Cookies please see our Cookie Policy.

 

Back To Top

 

 

Irish and EU law sets out the grounds upon which data controllers such as the Data Protection Group can rely on to lawfully process personal data.

We rely on the following grounds:

Where you have given us consent to the processing of your personal data for a specific purpose, for example for marketing purposes;

The processing is necessary to fulfil our contract with you.

The processing is necessary for compliance with a legal obligation, for example, to comply with Revenue requirements;

The processing is necessary in order to protect the vital interests of a staff member or another person, for example, an attendee at a training course in a medical emergency;

The processing is necessary for the purposes of the legitimate interests pursued by GDPR Ltd. or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the member, especially a child.  Some marketing might take place under this heading, but never to children.

 

Back To Top

 

  1. What are my rights, and how do I exercise them?

Below we outline the rights you have in relation to the data we hold about you.

For full details of your rights in connection with your personal data held by us, please ask for our Data Subjects’ Rights Policy by emailing info@gdpr.ie

Access – you have the right to find out what data we hold about you, and to get a copy of the data;

Restriction of Processing – you have the right to ask us not to process some data, or not process in a particular way, in certain circumstances;

Right to object – you have the right to object to our processing of your data when we are processing it on the basis of our legitimate interests, for direct marketing purposes, or for statistical purposes;

Right to data portability -if we are processing by automated means your personal information that you gave us, on the basis of your consent or on the basis that it is necessary for the performance of a contract with us, you may ask us to provide the personal information to you in a machine-readable format;

Right of Rectification – if you believe that data we hold about you is inaccurate then you have the right to ask us to change and or correct it;

Right of erasure – in certain circumstances, you have the right to ask us to erase the information we hold about you. This is not an unlimited right, and we can discuss the issue with you if required;

Complaint – you have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights. We would ask that you contact us first at info@gdpr.ie or Level 1, The Chase, Carmanhall Road, Sandyford, D18 Y3X2, T: (+353) 1 685 5025  to enable us to try to deal with the matter to your satisfaction.

 


Back To Top

 

DATA PROTECTION COMMISSION

Data Protection Commission
Data Protection Commission

 

 

 

 

 

 

 

Dublin Office                                          Portarlington Office 

21 Fitzwilliam Square                                  Canal House

Dublin 2                                                          Station Road
D02 RD28                                                      Portarlington

Ireland                                                             R32 AP23

Phone   +353 57 868 4800    or  +353 761 104 800

LoCall   1 890 25 22 31

Fax +353 57 868 4757

email: info@dataprotection.ie

 

  1. Can I stop getting emails, text messages and other communications from you?

Yes!

If you no longer wish us to contact you in a particular way, e.g. no longer send you text messages, just advise us of that and we will respect your wishes.

As a customer of GDPR Ltd., it is necessary for us to contact you from time to time in connection with services, for example, to ensure your data is correct, or that your policies or procedures are up-to-date.

Back To Top

MARKETING

If you no longer wish to receive marketing communications by electronic means, just use the opt-out facility in any of our communications, OR advise us at

info@gdpr.ie

You may also write to us or telephone us at:

GDPR Ltd.,

Level 1, The Chase,
Carmanhall Road,
Sandyford,
D18 Y3X2,
T: (+353) 1 685 5025

Back To Top

 

  1. Is my information secure?

GDPR Ltd. secures your personal information from unauthorised access, use or disclosure using appropriate technical and organisational measures as required under the GDPR.

GDPR Ltd. secures the personal data you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.

When personal data is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

Documents or copies which are held by GDPR Ltd. are always kept in secure lockable storage and access is restricted to those who require such access.

Data is retained only for as long as is necessary for the purpose for which it was obtained.

Back To Top

  1. How long do you keep my information?

We will keep your data only for as long as it is required by us for the purposes for which we collected it.  If you cease to be a customer, your details will be retained only for as long as is required by law, or to comply with any instructions given by you, for example, not to contact you.

Certain data is required by law to be maintained for specific minimum periods and we will retain such personal data for the period mandated by each specific law.

If  you would like further information in respect of a particular category of your data, please contact :

info@gdpr.ie

or contact us at:

GDPR Ltd.,

Level 1, The Chase,
Carmanhall Road,
Sandyford,
D18 Y3X2,
T: (+353) 1 685 5025

Back To Top

  1. How do I contact the Data Protection Commission?

You have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights.

We would ask that you contact us first at info@gdpr.ie or Level 1, The Chase, Carmanhall Road, Sandyford, D18 Y3X2, T: (+353) 1 685 5025 to enable us to try to deal with the matter to your satisfaction.

If you wish to exercise any of the rights you have in respect of your data, please ask for our Data Subjects’ Rights Policy by emailing info@gdpr.ie and we will help you as much as we can.

Data Protection Commission

Data Protection Commission

Dublin Office                                           Portarlington Office 

21 Fitzwilliam Square                                   Canal House

Dublin 2                                                          Station Road
D02 RD28                                                       Portarlington

Ireland                                                            R32 AP23

 

Phone   +353 57 868 4800    or  +353 761 104 800

LoCall   1 890 25 22 31

Fax +353 57 868 4757

 

email: info@dataprotection.ie
Back To Top