DATA PROTECTION GROUP
At the Data Protection Group, we regard your privacy rights as extremely important and treat them very seriously. This Policy sets out how we collect and process your personal data and tells you what your rights are about the ways we process your personal data. Please read below for details.
We help you understand how the GDPR applies to your organisation and we advise on delivering what’s needed to achieve legal compliance and manage your continuing obligations under the GDPR.
To provide our Data Protection services to you we need to maintain a database of personal data about you, our customer. We maintain that data securely and we never sell your data to anyone else.
This Notice is split under several headings – if you click on a heading you will be taken directly to that section. More detailed information is available in several sections, or on request in some instances:
Who we are and how to contact us
“We” are the Data Protection Group, Propolicies.com, gdprtraining.ie and gdpr.ie, all of which are trading names of GDPR Limited, a company incorporated in Ireland as a limited liability company, having registration number 598036 and having its registered office at 7 Parklands Office Park, Southern Cross Road, Bray, Co. Wicklow
The DATA CONTROLLER for the purposes of the GDPR and the Data Protection Acts 1988 – 2018 is GDPR Limited.
For data protection issues, or to exercise your rights please email us at email@example.com
Or write to us at:
The Data Protection Group
Level 1, The Chase,
T: (+353) 1 685 5025
- What information about me do you collect & use? Where do we get your personal data from?
“Personal data” is data that can identify you, either directly or indirectly, as an identified or identifiable individual.
When you engage with us via the website, by letter, by telephone or personally, we will collect such information as you choose to give us, such as your name, address, contact details and purpose of your enquiry or concern.
We also collect personal data directly when we provide services to you, such as training, consultancy services, data protection audits, remediation services and template or tailored policies relating to your activities.
The personal data we collect from you includes some special categories of data such as health information which is necessary for us to have to provide a safe service to you, for example, that you suffer from reduced mobility or have special dietary requirements when attending training events.
For full details of our cookies and how to opt in/out of their use, see our COOKIES page.
For full details of your rights in connection with the personal data held by us, please ask for our Data Subjects’ Rights Policy by emailing firstname.lastname@example.org
Do we offer our services to children (under 16yr olds)?
No. The services are not directed to children under the age of 16 years and we request that such individuals do not provide personal data to us. We do NOT collect any data from children and if we discover that we inadvertently have such data we will immediately delete it.
How and why do use my personal information?
We will use your information for the purposes as set out in this Notice, in particular:
- To provide our services to you as requested by you.
- To administer our websites and business.
- To promote and organise events, including training events.
- To operate our websites and deliver the services you have requested.
- To fulfil our contractual obligations.
- To inform you of other products or services available from the Data Protection Group and its affiliates.
- To contact you directly or indirectly via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
- To contact you on behalf of external business partners about a particular offering that may be of interest to you (your personal data i.e. e-mail, name, address, telephone number is not transferred to the third party except when requested or authorised by you).
- In addition, The Data Protection Group may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries or other services. Such sharing is subject to the provisions of the GDPR, to include appropriate safeguards. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
- To comply with any Order of a Court of competent jurisdiction.
- To comply with any direction or requirement of a Supervisory Authority.
Do you share my information?
Your data is shared as necessary within the Data Protection Group, and with trusted partners to help us provides our services to you, organise and run training courses, send or receive email or postal mail, provide customer support, arrange for deliveries, perform statistical analysis and ensure your queries and requests are met.
Data is also shared with suppliers and subcontractors for the performance of any contract we enter into with you or with them, for example with our IT service providers, our website host and server provider and our cloud storage providers.
Such sharing takes place only to the extent necessary to perform the services carried out for you or on your behalf, and we require that they comply with applicable data protection law at all times, including the provision of appropriate safeguards in relation to the security and integrity of your data.
All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information in accordance with the GDPR.
In particular, we use third-party providers as follows:
For processing payments, we use Stripe and Paypal. Your financial data is securely collected and processed by them and is not stored or accessed by us. For details of their Privacy Policies see:
We would also share with service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or association, or we sell, liquidate, or transfer all or a portion of our assets.
The Data Protection Group will otherwise disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on GDPR Ltd. or the site; (b) protect and defend the rights or property of GDPR Ltd. and its staff; and, (c) act under exigent circumstances to protect the personal safety of staff or users of GDPR Ltd., or the public.
Is my information sent outside the European Union?
In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in other countries may be entitled to access your Personal Data.
What is the legal basis for you collecting and processing my information?
Irish and EU law sets out the grounds upon which data controllers such as the Data Protection Group can rely on to lawfully process personal data.
We rely on the following grounds:
Where you have given us consent to the processing of your personal data for a specific purpose, for example for marketing purposes;
The processing is necessary to fulfil our contract with you.
The processing is necessary for compliance with a legal obligation, for example, to comply with Revenue requirements;
The processing is necessary in order to protect the vital interests of a staff member or another person, for example, an attendee at a training course in a medical emergency;
The processing is necessary for the purposes of the legitimate interests pursued by GDPR Ltd. or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the member, especially a child. Some marketing might take place under this heading, but never to children.
What are my rights, and how do I exercise them?
Below we outline the rights you have in relation to the data we hold about you.
For full details of your rights in connection with your personal data held by us, please ask for our Data Subjects’ Rights Policy by emailing email@example.com
Access – you have the right to find out what data we hold about you, and to get a copy of the data;
Restriction of Processing – you have the right to ask us not to process some data, or not process in a particular way, in certain circumstances;
Right to object – you have the right to object to our processing of your data when we are processing it on the basis of our legitimate interests, for direct marketing purposes, or for statistical purposes;
Right to data portability -if we are processing by automated means your personal information that you gave us, on the basis of your consent or on the basis that it is necessary for the performance of a contract with us, you may ask us to provide the personal information to you in a machine-readable format;
Right of Rectification – if you believe that data we hold about you is inaccurate then you have the right to ask us to change and or correct it;
Right of erasure – in certain circumstances, you have the right to ask us to erase the information we hold about you. This is not an unlimited right, and we can discuss the issue with you if required;
Complaint – you have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights. We would ask that you contact us first at firstname.lastname@example.org or Level 1, The Chase, Carmanhall Road, Sandyford, D18 Y3X2, T: (+353) 1 685 5025 to enable us to try to deal with the matter to your satisfaction.
DATA PROTECTION COMMISSION
Dublin Office Portarlington Office
21 Fitzwilliam Square Canal House
Dublin 2 Station Road
D02 RD28 Portarlington
Ireland R32 AP23
Phone +353 57 868 4800 or +353 761 104 800
LoCall 1 890 25 22 31
Fax +353 57 868 4757
Can I stop getting emails, text messages and other communications from you?
If you no longer wish us to contact you in a particular way, e.g. no longer send you text messages, just advise us of that and we will respect your wishes.
As a customer of GDPR Ltd., it is necessary for us to contact you from time to time in connection with services, for example, to ensure your data is correct, or that your policies or procedures are up-to-date.
If you no longer wish to receive marketing communications by electronic means, just use the opt-out facility in any of our communications, OR advise us at
You may also write to us or telephone us at:
Level 1, The Chase,
T: (+353) 1 685 5025
Is my information secure?
GDPR Ltd. secures your personal information from unauthorised access, use or disclosure using appropriate technical and organisational measures as required under the GDPR.
GDPR Ltd. secures the personal data you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
When personal data is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Documents or copies which are held by GDPR Ltd. are always kept in secure lockable storage and access is restricted to those who require such access.
Data is retained only for as long as is necessary for the purpose for which it was obtained.
How long do you keep my information?
We will keep your data only for as long as it is required by us for the purposes for which we collected it. If you cease to be a customer, your details will be retained only for as long as is required by law, or to comply with any instructions given by you, for example, not to contact you.
Certain data is required by law to be maintained for specific minimum periods and we will retain such personal data for the period mandated by each specific law.
If you would like further information in respect of a particular category of your data, please contact :
or contact us at:
Level 1, The Chase,
T: (+353) 1 685 5025
How do I contact the Data Protection Commission?
You have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights.
We would ask that you contact us first at email@example.com or Level 1, The Chase, Carmanhall Road, Sandyford, D18 Y3X2, T: (+353) 1 685 5025 to enable us to try to deal with the matter to your satisfaction.
If you wish to exercise any of the rights you have in respect of your data,
please ask for our Data Subjects’ Rights Policy by emailing firstname.lastname@example.org and we will help you as much as we can.