Folláin.ie Privacy Policy
Last updated: May 2021
At Folláin we are committed to protecting and respecting your privacy.
This Privacy Policy will let you know how we look after your Personal Data with regard to your use of this website and in the context of receiving marketing communications from us. It also informs you as to our obligations and your rights under data protection law.
This Privacy Policy applies to all customers and browsers of the website.
If you are aged 18 or under you should not use this website nor should you provide any personal information to us via the website
DEFINITIONS
In this Privacy Policy the following words have the following meanings:
“Biometric Data“ means any Personal Data relating to the physical, physiological, or behavioural characteristics of an individual which allows their unique identification;
“Data Controller” means the person who or organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, who/which makes independent decisions in relation to the Personal Data and/or who/which otherwise controls that Personal Data;
“Data Processor” means the person who processes Personal Data on behalf of the Data Controller;
“Data Subject” means a natural person whose Personal Data is processed by a Data Controller or Data Processor;
“GDPR” means the EU General Data Protection Regulation (EU Regulation 679/2016);
“Genetic Data” means data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual;
“Goods” and “Services” means all or any of the goods or services provided through the website (and “Goods” and “Services” shall be construed accordingly);
“Sub-Processor” means any person or entity appointed by or on behalf of the Data Processor to process Personal Data on behalf of the Data Controller;
“We”, “Our” or “Folláin” means the company Folláin Teoranta.
The headings below detail an overview of how we collect and process your Personal Data in connection with your use of the website and for marketing purposes:
- Who is responsible for your Personal Data?
- What Personal Data do we collect?
- How do we collect your Personal Data?
- For what purposes do we process your Personal Data and what is our legal basis?
- Do we share your Personal Data with anyone else?
- Keeping your Personal Data secure
- For how long do we keep your Personal Data?
- Your data protection rights
- Contact us
- Updates to this Privacy Policy
Who is responsible for your Personal Data?
- Folláin acts as the Data Controller:
Orders: For the purposes of GDPR, you provide Personal Data relating your orders.
Personal Data is supplied to us by you when you interact with the website as detailed herein and which may be collected, stored and processed as a result of use of the website.
If you have any questions about this policy or about our data protection compliance please contact us.
-
As Data Controller we are:
- informing you of our privacy policy and practices, including, the lawful grounds upon which we process any Personal Data;
- compliant with data protection laws; and
- drawing your attention to this Privacy Policy as well as implementing all the necessary protocols required for our industry
-
We will:
- Process that Personal Data only on your written instructions unless we are required by the laws of any member of the European Union or by the laws of the European Union applicable to us to process Personal Data (“Applicable Laws”);
- Ensure that we have in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, as are appropriate;
- Ensure that our staff who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
- Ensure that where a Sub-Processor is used, we shall:
- Implement a written contract containing the same data protection obligations as set out in this Privacy Policy, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that
the processing will meet the requirements of the Applicable Laws; - Understand that where any Sub-Processor is used on their behalf, that any failure on the part of the Sub-Processor to comply with the Applicable Laws or the relevant data processing agreement, we, as the initial Data Processor, remain fully
liable to you for the performance of the Sub-Processor’s obligations;
- Implement a written contract containing the same data protection obligations as set out in this Privacy Policy, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that
- Not transfer any Personal Data outside of the European Economic Area unless one of the safeguards described in section 6 below is in place;
- Respond to any request from a Data Subject and ensure compliance with our obligations under the data protection laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- Notify the you without undue delay on becoming aware of a Personal Data breach; and
- Maintain complete and accurate records and information to demonstrate our compliance with these obligations.
What Personal Data do we collect?
We may collect, use, store and transfer different kinds of Personal Data about which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth.
- Contact Data includes billing address, delivery address, email address and telephone numbers, next of kin address, phone, email, medical caregiver.
- Financial Data includes payment card details processed through Stripe (where applicable) or other payment card processors.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
How do we collect Personal Data?
We collect Personal Data as follows:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms on our website or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- make an enquiry with regard to our services;
- request marketing to be sent to you; or
- give us some feedback.
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. Please see our cookie policy here for further details.
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
- Technical Data from advertising networks such as Mailchimp based outside the EU or Sparkpost based inside the EU; and
- Contact, Financial and Transaction Data from providers of technical and payment services such as Stripe based outside the EU.
For what purposes do we process Personal Data and what is our legal basis?
We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so.
PURPOSE/ACTIVITY (Includes but is not limited to Lawful basis for processing) |
CATEGORY OF DATA SUBJECT |
TYPE OF DATA |
To facilitate communication between us, which includes the management of consultation bookings, electronic records, billing/invoicing and payments |
You |
(a) Identity; (b) Contact; (c) Financial; (d) Profile |
Necessary for the performance of a contract (to secure the provision of services between us) |
You |
(a) Identity/ Business Details (b) Contact (c) Financial (d) Profile (e) Marketing & Communications Data |
Performance of a contract with you & To keep you informed of maintenance and updates to your service |
You |
(a) Identity (b) Contact (c) Profile |
Performance of a contract with you Necessary for our legitimate interests (to ensure data accuracy and adequacy) To process and deliver your services including:
|
You |
(a) Identity/ Business Details (b) Contact (c) Financial (d) Profile |
Necessary for our legitimate interests (to recover debts due to us) To manage our relationship with you which will include:
|
You |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing & Communications Data |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated, to ensure data accuracy and adequacy, to study how customers use our products/services, to develop them and grow our business) To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
You |
(a) Identity (b) Contact (c) Technical |
Necessary for our legitimate interests (to ensure data integrity and confidentiality, for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
You |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing & Communications Data |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
You |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)To make suggestions and recommendationsto you about goods or services that may be of interest to you |
You |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Marketing & Communications Data (f) Profile |
- Note: When we process personal information for our and third parties’ legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you. We have considered whether there are other less intrusive means to reach the purposes identified above while still serving the legitimate interests identified. Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to you on how your personal data will be used how you can exercise your rights to obtain a copy of your personal data, it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not override your interests, fundamental rights and freedoms. We use cookies to facilitate the use of our website. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy here.
Do we share your Personal Data with anyone else?
We may share your Personal Data with the following parties in connection with our processing of your Personal Data:
THIRD PARTY |
REASON FOR SHARING DATA |
Woocommerce |
Backend e-commerce support for the website facilitating order fulfilment. |
The service provider allows us to send you email communications and alerts us if you request to be removed from our mailing lists |
|
Stripe |
Provides our payments services. |
|
Marketing & communications. |
|
Marketing & communications. |
-
We require all third parties to enter into a data processing agreements with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your Personal Data on our instructions and in accordance with data protection law.
In rare circumstances, we may be obliged to disclose Personal Data if disclosure is required to comply with the law.
Keeping your Personal Data secure
We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. We limit access to your Personal Data to those employees, agents and other third parties who are required to have access to your Personal Data and where they have agreed that they are subject to a duty of confidentiality.
We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the Data Subject, where legally required to do so.
We do not transfer your Personal Data out of the European Economic Area, save as detailed herein.
For how long do we keep your Personal Data?
Your Personal Data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.
Your data protection rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “Data Subject Access Request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent: where we rely on consent as a legal basis, you may withdraw consent at any time by contacting us. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
In the event that you wish to make a complaint about how your Personal Data is being processed by Folláin, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:
Contact
Data Protection Commissioner Telephone: +353 57 8684800/+353 761 104 800
Email: info@dataprotection.ie
Post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois
Contact Us
You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below:
Telephone: 0353 26 45288
Email: info@Follain.ie
Post: Folláin Teo, Baile Mhic Íre, Maighchromtha, Co. Chorcaí, P12 H635
Updates to this Privacy Policy
Our Privacy Policy may change from time to time, and any changes to this Privacy Policy will be posted on the website and will be effective when posted. As your use of the Folláin website is subject to your acceptance of this Privacy Policy, and any amendments thereto, please check back regularly.
Déan teagmháil linn
Má tá aon cheist agat, aiseolas nó iarratais faoinár gcuid táirgí, ba bhreá linn scéala a fháil uait.
Déan teagmháil linn