Data Protection Statement

Last updated: 18 April 2024

This data protection statement will be reviewed from time to time to take into account changes in the law and the experience of the notice in practice.

Who are we?

Data Protection City is a trading name of Bizoneo, a division of Wandsoft Limited. Our office is located Unit 1B Robinhood Ind Estate Dublin 12 - Ireland.

Data Protection City is also an alliance of data protection professionals providing consultancy services.

Wandsoft Limited is incorporated in Ireland since 2001, number 343136. Registered Address: Unit 3, Grange Road Retail Park - Grange Road - Rathfarnham - Dublin 16 - Ireland

About this data protection statement

We have created this data protection statement as the controller of personal data for visitors to this website. This statement aims to inform people dealing with us about the information we collect and process in connection with such interaction.

This statement sets out an explanation of what personal data we process, why we process personal data, with whom personal data is shared and a description of your rights with respect to personal data.

What personal data do we process?

We need to keep and process certain information about you to manage our business, to comply with our legal obligations and, where necessary, to protect our legitimate business interests. We will collect and process information from you during your visit on this website, during our contractual relationship and following the termination of our contractual relationship.

Personal data is normally obtained directly from you.

Please note that we provide business services. We do not target children and while we recognise a child can browse our website or submit an enquiry, we do not target nor knowingly process children data on this website or to run our business. Data-controllers who avail of our services may process children data and it is their responsibility to inform you of such processing. In such case, we process data on instructions from such data-controllers.

The categories of personal data we process and the lawful basis for doing so are set out in more detail below.

How do we use your personal data?

The information we hold and process will be used for management and administrative purposes. We keep it and use it to enable us to run our business, manage our contractual relationship with you effectively, lawfully and appropriately and protect your rights and interests. This includes using your information to enable us to manage contracts, comply with legal obligations, pursue our legitimate interests and protect ourselves in the event of legal proceedings against the company.

The uses we make of each category of your personal data, together with the lawful basis we rely on for those uses are set out in more details below.

Where there is a need to process your data for a purpose other than those set out in the appendix or otherwise outlined to you, we will inform you of this and if required, seek your consent.

How is your personal data shared?

Your personal data may be disclosed to third parties where we are legally obliged to do so or where our contract requires or permits us to do so. For example, we pass on certain information to our accountant to fulfil our legal obligations.

More detailed information on how we share your personal data is set out below.

Transfer of personal data outside the EEA

Our data-centres are located in Ireland, so your personal data will not be transferred outside the EEA..

Retention of personal data

Any personal data processed about you on this website is retained in accordance to our record retention policy explained in each process below.

Declining to provide your personal data

In some cases, you may decline to provide us with your personal data. If we believe that we require relevant information to effectively and properly manage our contractual relationship, we may not be able to continue our relationship with you.

Profiling and automated decision making

You will not be subject to automated decision making or profiling.

Your rights under data protection law

You have the following rights under data protection law:

Information Request: the right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data;
Update Data: the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete;
Data Deletion: the right, in certain circumstances, to request that we erase your personal data;
Restrict Processing Object to Processing: the right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or object to our use of your personal data or the way in which we process it;
Data Portability: the right, in certain circumstances, to transfer your personal data to another organisation;
Review Automated Decisions: the right to object to automated decision making and/or profiling; and
File a Complaint: the right to complain to the Data Protection Commissioner.

Please note that your ability to exercise these rights may be subject to certain conditions.

Please use our contact form.

Details of Processing Activities

Visitor to the website

Profiling: No

Data shared: No

Transfer outside the EEA: No

Processing of special categories of data: No

Processing of children data: No

Processing of criminal data: No

Encryption of data in transit: Yes

Encryption of data at rest: Yes

Lawful basis:

Legitimate interest

Personal data processed

When you browse this website, we collect the following data:

Your IP address,
The page viewed
The time the page was viewed
The browser you used to view the page.
We do not cross reference the log with the enquiry, but we reserve the right to do so should we be concerned about the security of our operations.
The personal data is stored in Ireland.

Lawful basis: Legitimate interest of the controller for security purposes.

When you open a link to a 3rd party website from our website, we collect the following data:

your country (we do not store the IP address),
the time,
the link you clicked (to gauge the interest of material posted)
your browser type (eg Chrome. Firefox, Safari...)

Lawful basis: Legitimate interest.This helps our marketing team gauge the popularity of material we would refer to. We have no way to identify you

Retention period

Log files are kept for a maximum of 6 months.

Security measures in place

The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

We use encryption at rest.

Our servers are located in ISO 27001 accredited data-centres in Ireland.

Sharing of personal data

The information is normally only used by our staff.

When you use Ask a DPO

Profiling: No

Data shared: No

Transfer outside the EEA: No

Processing of special categories of data: No

Processing of children data: No

Processing of criminal data: No

Encryption of data in transit: Yes

Encryption of data at rest: Yes

Lawful basis:

Legitimate interest

Personal data processed

We collect

your name, email address so we can confirm you are a real person (we will send an email you will need to confirm);
your country so we can better answer your query and we can better understand our audience;
comments supplied in the form, so our team can reply to your query;
the time of the enquiry, so we can measure our response time dealing with your enquiry;

We will create an account through which we will answer your query.

One purpose of "Ask a DPO" is to built a community and knowledge base for peers. Your query and our answer will be made available to members. We will ensure your name or email don't appear and remove any piece of information in your query that may identify you, unless you ask us to leave the information.

Lawful basis: Contract or Legitimate interest depending on the request and our relationship.

Retention period

We will retain your query with our reply for as long as it is relevant.

Security measures in place

The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

We use encryption at rest.

Our servers are located in ISO 27001 accredited data-centres in Ireland.

Sharing of personal data

As we are a group of partners, the information may be shared where relevant between us.

As stated previously, one purpose of "Ask a DPO" is to built a community and knowledge base for peers. Your query and our answer will be made available to members. We will ensure your name or email don't appear and remove any piece of information in your query that may identify you, unless you ask us to leave the information

When you make an enquiry on our website

Profiling: No

Data shared: No

Transfer outside the EEA: No

Processing of special categories of data: No

Processing of children data: No

Processing of criminal data: No

Encryption of data in transit: Yes

Encryption of data at rest: Yes

Lawful basis:

Legitimate interest

Personal data processed

We collect

your name, email address, phone, so we can contact you;
comments supplied in the form. so our team can easily refer to your query;
the time of the enquiry, so we can measure our response time dealing with your enquiry;
country, to measure our marketing efforts;

Lawful basis: Contract or Legitimate interest depending on the request and our relationship.

Retention period

We will retain your details and query for the length of time required to handle you query.

Security measures in place

The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

We use encryption at rest.

Our servers are located in ISO 27001 accredited data-centres in Ireland.

Sharing of personal data

As we are a group of partners, the information will be shared where relevant between us. We don't share personal data to third parties.

When you become a client

Profiling: No

Data shared: Yes

Transfer outside the EEA: No

Processing of special categories of data: No

Processing of children data: No

Processing of criminal data: No

Encryption of data in transit: Yes

Encryption of data at rest: Yes

Lawful basis:

Legal requirements

Contractual requirements

Data required by law to provide a paid service

Invoice address
Service purchased
We keep these for a period specified by the Irish Revenue Commissioners services (6 years + current financial year)
Please note that invoice will have the main contact name to ease dispatching in your organisation. It can be removed and then the invoice doesn't contain personal data.
If you pay by credit card:
- Your credit card details are processed secuerly by Stripe , We do not have access to your card details. Our accounts department has access to the card holder's name, the last 4 digits of the card number and the card expiry date (this is allowed by the PCI/DSS standard).
- If you are subscribing to a recurrent paid service, we may use Stripe to store the card so we can easily renew your order. You can also choose to pay by bank transfer.

If -sadly- you don't become a client, we will anonymise your personal data.

Lawful bases: Legal (for accounts information) and Contract.

To comply with Irish legal obligations, we keep invoices for 6 years + current financial year.

Security measures in place

The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

We use encryption at rest.

Our servers are located in ISO 27001 accredited data-centres in Ireland.

Sharing of data

We will transfer the information to our appointed accountants so they can perform our mandatory accounts return.
If required, we will transfer some of the personal data to the Revenue Commissioners and legal advisors.
If you pay by credit card:
- We use the services of Stripe that may send data outside the EEA;
- To avoid data to be sent outside the EEA due to credit card processing, you can pay by bank transfer.
- Some data will be shared with our bank