Customer Services firstname.lastname@example.org
Current version: May 2020
We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
Surveys, General Enquiries made by you, Customer Service Queries made by you - The legal basis we rely on for the processing of your personal data is for our legitimate interests i.e. we have good, sensible, practical reasons for processing your personal data which is in our interest. We have outlined these interests in the section "Information we collect and what we use it for". We have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests on grounds which are personal to you and we will consider any such objection in accordance with our legal obligations under Data Protection Laws.
Contests and promotions - The legal basis we rely on for the processing of your personal data is that processing is necessary for us to perform the contract you have agreed to enter with us (i.e. the terms and conditions of the contest/promotion). If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms and conditions.
Newsletter - We process your personal data based on any consent you have given (if required) or in accordance with our legitimate interests in communicating with our customers, subject to any marketing preferences you have expressed to us.
These providers (together with any other IT or business support service providers we may engage from time to time) process your personal data as part of the services they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the "How to contact us" section. Your personal data is transferred outside of Ireland and the EEA in order for website hosting services provided by Amazon Web Services which is in US and Mark Anthony Group in Canada who provide Management of website and any IT services to us. It may be necessary for other transfers outside the EEA to occur in accordance with the business practices of any other of the above service providers we may engage from time to time. Any transfer of your data outside Ireland and the EEA will be carried out in accordance with the Data Protection Laws to safeguard your privacy rights.
In case of Canada, there is an adequacy decision of the European Commission pursuant to Directive 95/46/EC which avails under article 46 of the GDPR. In case of the United States of America, we ensure that the relevant company has entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission, has adopted corporate binding rules, or has otherwise implemented appropriate safeguards. If you have any questions around the transfer mechanisms used by us, please contact us using the contact details in the 'How to Contact Us' section.
We only retain your personal information for as long as we need it in order to provide you with the service you have requested from us.
The above periods may be extended if any of the above is retained by us in the context of your purchase of a product or a legal process or where legal retention periods require a longer processing.
As a data subject, you have the following rights under the Data Protection Laws:
Rights in relation to automated decision making do not apply as we do not carry out any automated decision making.
If you would like to exercise your rights, please contact us at the details set out above in the section "How to contact us" section.
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please note that exceptions apply to some of these rights which we will apply in accordance with the law.
Alternatively, you can send your complaint to a German Data Protection Supervisory Authority. The addresses and URLs of the German Data Protection Supervisory Authorities can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Alternatively, you can send your complaint to the Irish Data Protection Commission. Information about how to do this is available on its website at www.dataprotection.ie.
In any case, we would ask that you contact us in the first instance so that we can assist you with your query or concern.