Your privacy is important to Comerford Foley. This privacy statement sets out how we will protect your data, in line with current Irish and EU legislation, through appropriate organisation and technical security measures/processes. It also describes your rights in relation to that data.
Comerford Foley reserves the right to make changes to this statement, as necessary. When we do so, we will make previous versions available, on request, so you can see what these changes look like. If any such changes alter key aspects of the notice or its meaning, we will notify you of those changes in advance. We encourage you to occasionally review this page for information on our latest practices.
This privacy notice specifically covers e-mail marketing and communications. Should you access our services, we will seek additional explicit consent, usually by means of written communications such as a letter of engagement where the scope and price of the service will be mutually agreed and the purposes for which we collect and process your data will be clearly set out in writing for you. We will also provide you with an appropriate privacy notice.
A full list of your rights under the General Data Protection Regulation (GDPR) is shown below in paragraph 9.
1. How Comerford Foley collects personal data
You can give us your personal data in many ways. For example, when you ask us to provide you with a consulting service or training, to purchase a manual or template document, you may also register through our website to receive our regular technical blogs, sign up to attend a training course or when making enquiries about our services.
When we collect data from you we will ensure it is adequate for the purpose and never excessive. We would like to send you marketing communications to keep you up to date with any updates to the range of services available to you, but we will only do so, if you provide us with your express consent. You can change your mind and opt out of this type of communication at any time, by following the directions included in those communications.
All the personal data we hold about you will be processed by our staff in Ireland and no third parties will have access to your personal data, except where already stated above, unless there is a legal obligation for us to provide them with this.
Should you not opt out, any consent provided will expire automatically after 5 years, unless subsequent consent has been provided in that time.
Data Collection – Client Engagements
We need to know basic personal data to provide you with our services, and to claim our right to be paid in return for our services, under our standard terms of engagement/contract we have with you. If you do not provide this information, then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need to provide and oversee the services that we have agreed to provide.
2. How Comerford Foley uses your personal data
• Marketing - we will only send e-mail electronic communications. We will record your mailing preferences. We will use this information to keep the quantity of communications appropriate and to make sure any communications are as relevant as possible.
• Management reporting and business planning - we may produce internal documents, analysing our interaction with clients, to monitor our own activities.
• Data validation – Comerford Foley always strives for the highest level of accuracy in the data we hold. This includes contacting you directly to check the data we hold is accurate. This minimises the possibility of sending information to you at an incorrect e-mail address.
• Disclosures required by law - the law can require the disclosure of information for various reasons, in such circumstances Comerford Foley must comply with those requests.
While doing business with you, Comerford Foley may share information with carefully selected organisations we engage with to provide certain services. These include:
• Data storage services, (Zinon Cloud) for cloud storage and data management;
• IT providers;
• Financial organisations such as banks and building societies.
Please note that outside of the EU member states, privacy laws may not be equivalent to those provided by the GDPR. In such countries, Comerford Foley and any third party processors will still handle your data as described in this document, ensuring appropriate security measures in line with legislation.
4. Protecting your data
Comerford Foley ensures the highest levels of security, both with technical encryption and passwords and organisational, when collecting and processing data, and when your data is in transit and when at rest on the cloud or on our servers. This is regularly reviewed to ensure those measures remain effective and up-to-date with the latest available technologies.
5. Retention of data
To ensure we can perform our services, we will retain basic data provided to us normally for a minimum of seven years. It is in the legitimate interests of Comerford Foley to be able to do so and to ensure that we can provide support to you for the minimum period allowed under Irish law and regulation. For this reason, we will retain these records only for the period allowed under Irish and EU law and regulation, unless you object or request to engage your right to be forgotten.
When visiting the Comerford Foley website, we may use features which collect your IP address and data on which pages you are visiting on our site.
6. Social media
Depending on your own settings or the policies of social media and messaging services such as, LinkedIn or Twitter, you may be providing Comerford Foley and other organisations, access to certain information. You should check with those services to ensure you are happy with that information being shared.
We do not normally collect information from children. In accordance with local Irish data protection legislation, if and when we collect information from children, we will process that information in an age appropriate manner. If a child is under 16 years of age, we will seek consent from a parent or guardian.
8. Categories of data we collect
• Personal data: name, and title and on occasions date of birth, date of marriage, VAT and PPS numbers;
• Contact data: postal address, email address and telephone numbers.
Current legislation provides the following rights for individuals in relation to their personal data:
• The right to access the personal data we hold on you;
• The right to correct and update the personal data we hold on you;
• The right to have your personal data erased;
• The right to object to processing of your personal data;
• The right to data portability;
• The right to withdraw your consent to the processing at any time for any processing of personal data to which consent was sought;
• The right to object to the processing of personal data where applicable;
• The right to lodge a complaint with the Irish Data Protection Commission.
A cookie is a tiny element of data that a website can send to a visitor’s computer’s browser so that this computer will be recognised by the site on their return. Cookies allow our web server to recognise a computer on connection to the website, which in turn allows the server to make downloading of pages faster than on first viewing. In addition, cookies may also be used by us to establish statistics about the use of the website by Internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, site performance, etc. By collecting and using such data, we hope to improve the quality of the website.
The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above. In any event, such information may not be kept for longer than one year.
Navigation data about site viewers is automatically collected by our servers. If you do not wish to have this navigation data collected, we recommend that you do not use the website. A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on the website. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer’s hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of the website, we recommend that visitors do not block the recording of cookies on their computer.
All Comerford Foley servers and computer systems are protected from outside intrusions. As a result, all data that may be collected about website viewers using cookies will be protected from unauthorised access.
Cookies used on the website are only active for the duration of the visit. Cookies used on this site are not stored on visitor’s computer once you have closed your web browser. Information generated using cookies may be compiled into an aggregate form so that no individual can be identified.
11. Transfer of User Data outside the User Jurisdiction
To provide the website service to you, we may need to transfer User Data to locations outside the jurisdiction in which a visitor is viewing the website (the User Jurisdiction) and process User Data outside the User Jurisdiction. If the User Jurisdiction is within the European Economic Area (the EEA) please note that such transfers and processing of personal data may be in locations outside the EEA. Any data sent or uploaded by users may be accessible in jurisdictions outside the User Jurisdiction (including outside the EEA). The level of data protection offered in such jurisdictions may be less than that offered within the User Jurisdiction or (as the case may be) within the EEA.
User Data may be controlled and processed from time to time, outside the EEA. By continuing to use the website and by providing any personal data (including sensitive personal data) to us via the website or email addresses provided on the website, visitors are consenting to such transfers, provided that they are in accordance with the purposes set out above and elsewhere in this Privacy Notice. Please do not send us any personal data if you do not consent to the transfer of this information to locations outside the User Jurisdiction (including, if applicable, outside the EEA).
There are several places throughout this website that may link to other Websites that do not operate under Comerford Foley’s privacy practices. When visitors link to other Websites, Comerford Foley’s privacy practices no longer apply. We encourage visitors to review each site’s privacy notice before disclosing any personally identifiable information.
If you have any questions regarding this statement or you wish to discuss your data, you can contact Comerford Foley’s Data Protection Representative at firstname.lastname@example.org or by writing to:
Data Protection Representative
Riverstown Business Park