Privacy Policy

Updates

Our practices as described here now may be changed, but any changes will be posted.  You are encouraged to review this Notice periodically to make sure that you understand how any personal data you provide will be used. We may also email you to let you know if and when we update this Notice to ensure you are informed. 

Any changes to this Privacy Policy and Notice will be posted on the website of the Organisation so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Policy and Notice, or otherwise disclosed to you at the time it was collected, we will notify you of the change, and, where we have based previous or will base the new processing on consent, you will have a choice as to whether or not we use your information in the new manner.

​

​

Why and how do we ensure compliance?

Data Protection and Privacy Law provide rights to individuals with regard to the use of their personal data by organisations, including the Organisation.  EU laws on data protection and privacy govern some activities we engage in with regard to our collection, storage, handling, disclosure and other uses of personal data.  Apart from compliance being an obligation on us, our compliance with the data protection and privacy law helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal data. 

We need to demonstrate accountability for our data protection and privacy obligations. This means that we must be able to show how we comply with the applicable data protection and privacy law, and that we have in fact complied with the laws. We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.

​

​

Who must comply?

All our representatives, which include employees and contractors, are required to comply with our Data Protection and Privacy Policy (which is incorporated into our Information Security ISO27001 Policy and Documentation) which informs this Privacy Policy and Notice when they process personal data on our behalf. We may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document or as explained to you when we collect your data. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with applicable Data Protection and Privacy Law and our Policies. 

​

​

What are the data protection principles and rules?

We aim to comply with the following principles found in Data Protection and Privacy Law: 

Lawfulness, fairness and transparency – personal data must be processed lawfully, fairly and in a transparent manner. 

Purpose Limitation – personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. 

Data minimisation – personal data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed. 

Accuracy – personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted. 

Retention – personal data should be kept in an identifiable format for no longer than is necessary. 

Integrity and confidentiality – personal data should be kept secure. 

Accountability – under the GDPR, we must not only comply with the above six general principles, but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.

​

​

What types of personal data will we process?

 

Regular Personal Data

We will collect personal data with you in accordance with the purposes outlined in this document.  

​

Special Category Personal Data 

We will not collect special category data explicitly from you as a data subject based in the EU.

​

Criminal Conviction Data 

We will not collect criminal conviction data from you.

​

Children’s Personal Data 

Our services are not aimed at children and we will not process the personal data of children unless there are valid grounds or a service agreement in place with a service provider to the child.  You must be at least 18 years old to create an account and engage in activities and transactions on our website, platform, digital and social media. By creating an account or engaging in activities or transactions on our digital and social media, you affirm that you are at least 18 years old and are fully able to enter into and comply with our regular Terms of Use and this Privacy Policy and Notice. If we are notified or learn that a child has submitted personal data to us through our digital or social media without the correct permissions or consents, we will delete such personal data.

​

​

Who has access to or processes personal data?

​

Directors and Employees of the Business

Directors and employees of the Organisation who are bound by confidentiality agreements will process personal data on behalf of the Organisation.

​

Service Providers 

We may use trusted service providers who could be considered data processors, sub-processors or third parties. We need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection.  We require all service providers to have appropriate technical and operational security measures in place to protect your personal data, in line with EU laws on data protection. Any such organisation or individual will have access to personal data needed to perform these functions but may not use it for any other purpose. 

​

We use the following service providers in the course of our business: 

​

IntegrityMeter tests data:

• Data Centre Service Provider based in Ireland

• Data Centre Service Provider based in Israel

• Local Distributors

• Invoicing Provider

 

Commercial website data:

• WIX

• Google Analytics

• Google DoubleClick 

• YouTube

 

This list may be updated from time to time, so we recommend you check this Privacy Policy and Notice periodically.

​

Disclosure

We may disclose your personal data if we are under a duty to disclose in order to comply with any legal obligation, or in order to enforce or apply any contract with the Data Subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or personal data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing. 

 

Other than the above, we will not disclose personal data to any third party without your consent except in incidences where an individual is potentially at risk or where the law requires it.

​

​

Where does your data travel to?

We process the personal data of EU data subjects on our Irish server.  Data does not travel outside of Ireland during the regular course of business.  For the short-term future, secure, encrypted backups are transferred to our Israeli server for storage while we set up a second location in Ireland.  Israel enjoys an adequacy decision from the EU Commission therefore this data transfer is as if it happens within the EU.

​

Cookie Transfers

Depending on your choice of cookies: 

• Five statistics cookies send data to the USA – considered adequate.

• Fourteen marketing cookies send data to the USA – considered adequate.

​

International Transfers 

If we transfer your personal data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. 

2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. 

3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

​

​

Automated Decision Making and Profiling

According to Article 22(1) of the GDPR, the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.  Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention. As profiling can use automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.  

Our platform is designed to create customised reports based on inputs that you provide.  Our platform is designed in such a way that a human being is required to analyse and finalise reports. As such, our platform does not fall into the scope of Article 22(1) of the GDPR. 

​

​

Security

Our ISMS is certified under ISO27001.  We may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our business.  We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. We take appropriate security measures against unlawful or unauthorised processing of personal data, and against accidental loss of, or damage to, personal data. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques. We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.  Personal data will only be transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves. We maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows: 

​

Confidentiality means that only people who are authorised to use the data can access it. 

​

Integrity means that personal data should be accurate and suitable for the purpose for which it is processed. 

​

Availability means that authorised users should be able to access the data if they need it for authorised purposes.

​

​

Data Retention

We have a documented data retention schedule. Generally, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and for up to three (3) years afterwards or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.

​

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

​

​

Marketing

We do not use your test data for marketing purposes.

​

We may use your personal data from website statistics to form a view on what we think you may want or need, or what may be of interest to you, but this would be more of a general view rather than a personalised, specific view. This is how we decide which products, services and offers may be relevant for you in relation to how other users utilise our products and services.

​

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.  Where appropriate, you will be asked whether you wish to receive any marketing communications from us. 

​

We will not share your personal data, and especially not any test data, with any third party for marketing purposes. You may object to direct marketing by using the contact details herein to opt-out or make use of the opt-out links on communications.

​

​

Cookies and Other Technical personal data

We encourage you to learn about cookies and how to control them in the following site or similar ones: https://www.allaboutcookies.org

​

Cookies 

Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. Most web browsers automatically accept cookies, but if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. 

​

Our website service provider serves cookies that are considered to be functionality and strictly necessary cookies.  If you wish to block these cookies, please make use of the information above to do so. At this stage we are unable to offer the option of requesting your consent for these cookies due to technological limitations, however, we are monitoring this situation and will update functionality, consent mechanisms and this Notice as the situation changes.

​

Technical personal data 

Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. We may gather technical information for security reasons. We will make no attempt to identify individual visitors, or to associate the technical details listed below with any individual. We will only use the technical information for statistical and other administrative purposes. 

​

We may collect this technical information from you when you visit our website and accept cookies. This information may include standard information from you (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our website (such as the web pages viewed, and links clicked). We do note that your IP address is considered personal data under the GDPR. 

​

Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. Whilst we do not access this information regularly, the technical information may be used to inform our security measures, to allow us to improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes. The information we receive depends upon what you do when visiting our site: 

• The IP address you are using. 

• The date and time you access our site. 

• The pages you have accessed, and the documents downloaded. 

• The previous Internet address from which you linked directly to our site.

• The user agent used to access our site.

​

​

Sale of Business

Situations may arise where it is necessary to transfer information (including your personal data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of the Organisation provided that the third party agrees to adhere to the terms of the Privacy Policy and Notice and provided that the third party only uses your personal data for the purposes that you provided it to us. The personal data transferred will be limited to that which is absolutely necessary. Where we are able to do so, you will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out where applicable.

​

​

Information on Consent

By consenting, where this is the appropriate grounds, to our processing your personal data in line with this Privacy Policy and Notice you are giving us permission to process your personal data specifically for the purposes identified. 

​

You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of personal data relating to you. If you have any queries relating to withdrawing your consent, please contact our Data Protection Coordinator using the contact details set out below. 

​

Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.

​

​

Details of data processing activities