Why we collect and use personal data
When, and what types of data we collect
How are the data being collected on the website?
How we use the data
For Your Information
Purposes of Processing and Legal Bases for Processing
Legitimate Interests as a Legal Basis
Any other recipients of the personal data
Intended Transfers to non-EU member state or International organisation and details of adequacy decisions and safeguards
The Existence of other Rights
Information Re: Consent
Right to Lodge a complaint with Supervisory Authority
The Nature of the Provision of Personal Data
The Existence of Automated Decision – Making, including Profiling
Links To Other Websites
Changes To Our Policy
GDPR Xpert respects the data protection rights of all its clients and is committed to strictly adhering to all data protection rules and regulations. At the core of our relationship with you (‘the data subject’, i.e., the person whose data is being processed) is complete transparency about what we do with any personal data that you and others provide to us. Therefore, the main purpose of this notice is to inform you in a clear, simple and intelligible manner, which avoids unnecessary legalese, of personal data processing in relation to the operation of the website. This Privacy Notice explains in unambiguous terms, the data we collect and use in connection with the website, and the uses we make of such data, including any disclosures to third parties.
Why we collect and use personal data.
We collect data on our website in order to initiate a business relationship and provide a data protection consultancy service. The personal data are necessary in order to respond to a query and provide additional information if requested. Personal data are also necessary where a contract for services is being considered, prior to contract, and to draw up a contract. Other data are used to improve and develop the website. We may also use data to send you promotional material and our newsletter, subject to your clear preference when we collect your contact details, or at a later stage. You can opt out of promotional and marketing material by e-mailing firstname.lastname@example.org. Our lawful bases for processing the data are outlined below. (see ‘Purposes of Processing and Legal Bases for Processing’.)
When, and what types of data we collect.
How are the data being collected on the website?
How we use the data.
Any data collected directly through the website contact box are used solely to have essential contact information. If you do fill out the contact form you will be made aware that you are consenting to the processing of your data in accordance with GDPR and this Privacy Notice. No analytics data are shared with or pooled with any other organisation, and no data are used to target advertising to you from your visit to the website. Where we intend to use your data for marketing purposes we will inform you at the outset. You can opt out or object to processing for direct marketing purposes by e-mailing, email@example.com
GDPR introduced enhanced rights for the data subjects and these rights extend to ten separate rights for data subjects. More detailed information on your rights is available here.
The exercise of many of the new rights is dependent upon knowledge that the data are being processed in the first place. Therefore, the importance of the Right to Information cannot be understated. Where the personal data are being collected directly from you, we will in accordance with Art. 13 (1) and Art.13 (2) provide information as below.
For Your Information.
Identity of Data Controller.
Data Controller: Patrick Rowland.
Address: 60 Old Burrin, Carlow.
Purposes of Processing and Legal Bases for Processing.
Whether you provide personal data, or just browse the website, Patrick Rowland at Gdprxpert.ie acts as the ‘Data Controller’ for the purposes of GDPR. The lawful basis for data processing at this juncture is your consent. At a later stage, if services are sought by you, the data subject, the lawful basis may become one of contract, and specifically a contract for services. Both of these fall under Art. 6 GDPR. Certain information is necessary prior to entering into a contract for services, even if no contract ever materialises. For example, a quotation for services to be provided may be requested. This is another lawful basis covered under Art. 6 GDPR. If you use our DPO outsourcing service we act as the ‘Data Processor’.
Legitimate Interests as a Legal Basis.
If we, or a third party, are to use ‘legitimate interests’ as a legal basis for processing, we will inform you of those ‘legitimate interests’. For example, it is in the legitimate interest of our business to process information for administration and accounting requirements. We will only use ‘ legitimate interests’ as a solitary basis for processing when under a legal obligation to do so. Processing on the basis of ‘legitimate interests’ means the processing must be ‘necessary’ for the purposes of the ‘legitimate interests’ pursued by GDPRXpert or a third party. Being useful or convenient does not mean processing is ‘necessary’. These ‘legitimate interests’ may be overridden by your rights and interests, but not in all cases. However,in all cases, ‘legitimate interests’ as a lawful basis has to be balanced against all your other rights, and not just your data protection rights.
Any other recipients of the personal data.
There are occasions when engaged in processing we are required to disclose data to third parties who are neither data processors acting on our behalf, nor data controllers on whose behalf we are working. Such recipients of data include The Revenue Commissioners and law enforcement authorities, where needed for the investigation, detection, prosecution or prevention of criminal offences. We may also disclose personal data in connection with our lawful purposes to third parties who provide services to us in connection with the website, such as IT service providers and analytic service providers
Intended Transfers to non-EU member state or International organisation and details of adequacy decisions and safeguards.
Where you provide us with personal data but no further relationship develops, we will archive your data 1 year from the first contact, and delete the data 1 year later.
Where you used our services at some point in time, but there has been no contact for 2 years, we will then archive your data. We will delete no later than 6 years after the end of the last service, unless otherwise stated in a contract with us, or we are under a legal obligation to extend this period. Where we change our retention periods you will be informed, and at least given the criteria for these changed retention periods. For example, a change in Revenue or tax law may take place with retention periods at the discretion of others.
GDPR Xpert is committed to protecting your personal data and operates and uses appropriate technical and physical measures to protect your data. These measures are in place to protect your data from loss or alteration, accidental or unlawful destruction, and from any unauthorised disclosure or access. Data will only be stored on mobile devices that are encrypted. The effectiveness of technical and physical measures is regularly tested and assessed.
The Existence of other Rights.
At the time the data is collected from you, you must be made aware of the existence of the following rights:
Right of Access: You have the right to request a copy of your data and confirmation whether data concerning you is being processed;
Right to Rectification: you have the right to have any inaccurate data corrected and any incomplete information made complete;
Right to Erasure: You have the right to request us to delete any personal data we hold about you;
Right to Restrict Processing: You have the right to request that we no longer process your data for particular reasons;
Right to Object: You have the right to object to processing of your data for particular purposes;
Right to Data Portability; You have the right to request us to provide you, or a third party, with a copy of your data, in a structured, commonly used and machine readable format
If you wish to exercise any of these rights, please contact firstname.lastname@example.org
Information Re: Consent.
Where processing is based on consent you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on that consent before the withdrawal. Silence, pre-ticked boxes or inactivity cannot constitute consent. On this website any request for consent will be clearly distinguishable from other matters contained on the website.
Right to Lodge a complaint with Supervisory Authority.
You have the right to lodge a complaint to the Office of the Data Protection Commission here.
Data Protection Commission,
Phone: +353 (0)761 104800 | +353 (0)57 868 4800
21 Fitzwilliam Square South,
The Nature of the Provision of Personal Data.
What we are referring to here is whether the provision of the data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. Where processing activities are based on either statutory or contractual requirement, you may ask for your data not to be processed for that purpose. However, in some cases, our statutory obligations may outweigh your right. You are not obliged to provide the personal data, but no relationship can commence, no contract can be drawn up or no service delivered without your personal data being made available to us.
The Existence of Automated Decision – Making, including Profiling.
Your data is not used for either of the above.
We use Google Analytics to track our websites visitor history. Our Google Analytics tracks visitor demographic, time spent on site and page visited. It does not track any private information such as your name, email, phone number, address or financial information.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Google Analytics provides us with the website statistics and their tracking cookies are explained in detail here.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To view how to manage your cookies in, for example, Google Chrome, simply click here. For further information on managing cookies in your own particular browser, go to the Settings or Help function in the browser.
Links to other websites.
Our website may contain links to enable you to visit other websites of interest easily. We only provide links to websites we have adjudged to be reputable. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
All information on these pages is provided by GDPRXpert and is believed to be correct as at the time of issue. GDPRXpert accept no liability for any inaccuracies or any loss or damage arising from the use or reliance on information obtained from the website.