Privacy Policy
1. Introduction
Iregan Advisors is committed to protecting and respecting your data privacy. This Data Protection Policy tells you about your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose your personal data relating to your interactions with us.
2. Personal Data that we may collect from you
“Personal Data” means any information about an individual from which that person can be identified. We may collect and process any type of personal data that you provide to us during the course of your interactions with us.
You may have provided some of your personal data to us such as when you visited our website and completed a contact form. Categories of such personal data include names, addresses, contact information and other information that is relevant to the provision of our services.
We will tell you when we ask for personal data in order to fulfil a contractual requirement or to perform our functions or to comply with our legal obligations.
If you do not provide us with your personal data we may not be able to provide you with our services or respond to questions you submit via our website.
3. How we use Personal Data
We will only use your personal data for the purposes and legal bases set out below.
a. Before we engage you as a Client
Purposes for Processing
We may initially gather personal data from you in order to:
-
- Contact you regarding relevant services;
-
- Register you as a new client;
-
- Notify you about changes to our Data Protection Notice.
Legal Basis for Processing
-
- The processing is necessary to perform a contract or enter into a contract with you;
-
- The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how website users use our services) provided such interests are not overridden by your interests and rights.
b. After we engage you as a Client
Purposes for Processing
To manage our relationship with you as a business client we may gather personal data which may include:
-
- Information and records relating to your business, some of which may constitute personal identifiable data;
-
- Reviewing information on business performance including the performance of individuals;
-
- Reviewing information on technology and data processes which may include the data of employees and customers;
-
- Reviewing the efficiency of process workflows which may include the data of employees and customers;
-
- Processing necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in us;
-
- To comply with our regulatory (for example disclosing tax data to the office of the revenue commissioners) and professional requirements;
-
- To prevent and detect fraud, money laundering or other offences;
-
- To exercise our right to defend, respond or conduct legal proceedings;
-
- The processing is necessary for us to comply with legal and regulatory obligations;
-
- To contact clients regarding business opportunities;
-
- To contact you regarding the services provided by us.
Legal Basis for Processing
-
- Where your consent is not required and you have not objected, the use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests.
4. Retention of your Personal Data
We will store your personal data only for as long as necessary and for the purpose(s) for which it was originally obtained.
The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods.
5. Disclosure of your Personal Data
Our management consulting services are highly confidential to every client with whom we work. Our services are also subject to contractual obligations governing confidentiality and non-disclosure.
Therefore, we will not disclose your personal data to third parties without your prior and explicit consent, except where disclosure is required by law or by regulation or in other exceptional circumstances.
It may be necessary to disclose Personal Data to third parties who are engaged by us in the course of providing services to you, for example IT Service Providers, Specialist Advisors etc. In such an event we will advise you of same and seek your consent prior to disclosing the data to these parties.
It may occasionally be necessary for information to be disclosed to, or inspected by, service providers or other parties such as IT Service Providers, Auditors, Revenue Commissioners, Insurance Brokers, etc. In such an event we will advise you of same and seek your consent prior to disclosing the data to these parties.
6. Your Rights
You have legal rights in relation to your Personal Data under relevant privacy and data protection laws, which may be subject to certain limitations and restrictions.
We will respond to any valid Data Subject Access Requests within one month, unless it is particularly complicated in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay.
You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.
| Your Right | What this Means |
| Right to withdraw consent | If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent. |
| Right of Access | You can request a copy of the personal data we hold about you. |
| Right to Rectification | You have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete. |
| Right to Erasure (‘Right to be Forgotten’) | You have the right to request that your personal data be deleted in certain circumstances including: The personal data is no longer needed for the purpose for which it was collected You withdraw your consent (where the processing was based on consent) You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below) The personal data have been unlawfully processed; To comply with a legal obligation. However, this right does not apply where, for example, the processing is necessary: To comply with a legal obligation For the establishment, exercise or defence of legal claims |
| Right to Restriction of Processing | You can ask that we restrict your personal data (i.e., keep but not use) where: The accuracy of the personal data is contested The processing is unlawful but you do not want it erased We no longer need the personal data but you require it for the establishment, exercise or defence of legal claims You have objected to the processing and verification as to our overriding legitimate grounds is pending We can continue to use your personal data: Where we have your consent to do so For the establishment, exercise or defence of legal claims To protect the rights of another For reasons of important public interest |
| Right to Data Portability | Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where: The processing is carried out by automated means; and The processing is based on your consent or on the performance of a contract with you. |
| Right to Object | You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests, for the performance of a task carried out in the public interest or in the exercise of our official authority. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes. |
| Automated Decision-Making | You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is: Necessary for entering into a contract, or for performing a contract with you Based on your explicit consent – which you may withdraw at any time Is authorised by EU or Member State law. Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward. |
| Right to Complain | You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. |
7. Security and storage of Personal Data
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use.
As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation.
We will continue to revise policies and implement additional security features as new technologies become available.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
8. Changes to this Policy
We reserve the right to change this Data Protection Policy from time to time at our sole discretion. If we make any changes, we will post those changes here.
However, if we make material changes to this Data Protection Notice we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review the Data Protection Notice whenever you access or use this website.
9. Contact Us
Questions, comments, requests and complaints regarding this Data Protection Notice and the personal data we hold are welcome and should be addressed to the Data Protection Officer:
Data Protection Officer,
Iregan Advisors
hello@ireganadvisors.com