Privacy Policy (GDPR) Template (Ireland)

WHO WE ARE — DATA CONTROLLER

Emerald Digital Solutions Ltd. is the Data Controller of your personal data within the meaning of Article 4(7) GDPR and section 2 of the Data Protection Act 2018.

Registered Address: 14 Fitzwilliam Square, Dublin 2, D02 N964
Privacy Contact Email: privacy@emeralddigital.ie
Telephone: +353 1 234 5678
Website: https://www.emeralddigital.ie

If you have any queries about this Privacy Policy or our data protection practices, please contact us at the email address above.

WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data within the meaning of Article 4(1) GDPR:

(a) Identity and Contact Data: Name, email address, postal address, telephone number, and company name where applicable.
(b) Usage and Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, pages visited, referring URLs, and clickstream data.
(c) Cookie Data: Preferences, session identifiers, and tracking information collected via cookies and similar technologies — see Section 7 below.
(d) Financial Data: Payment card details (processed directly by our payment processor and not stored by us), billing address, and transaction history.
(e) Communications Data: Content of messages you send us, customer support enquiries, and feedback.
(f) Analytics Data: Aggregated and/or anonymised data about how you interact with our website, collected via third-party analytics services.

HOW WE COLLECT PERSONAL DATA

We collect personal data through the following means:

(a) Directly from you: When you register an account, complete a form, place an order, contact us via email or telephone, subscribe to our newsletter, or otherwise interact with our services.
(b) Automatically: Through cookies, server logs, and similar technologies when you visit our website — see Section 7 for details.
(c) Third parties: From analytics providers (such as Google Analytics), payment processors, and social media platforms, subject to their own privacy policies. Where we receive data from third parties, we ensure appropriate legal bases and contractual safeguards are in place.

LEGAL BASIS FOR PROCESSING

We process your personal data on one or more of the following lawful bases under Article 6 GDPR:

(a) Consent (Art. 6(1)(a)): Where you have given clear, freely given, specific, informed and unambiguous consent. You may withdraw consent at any time by contacting us — withdrawal does not affect the lawfulness of processing before withdrawal.
(b) Contractual Necessity (Art. 6(1)(b)): Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
(c) Legal Obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation under Irish or EU law, including obligations under the Companies Act 2014, Taxes Consolidation Act 1997, or applicable regulatory requirements.
(d) Legitimate Interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests (such as fraud prevention, IT security, and service improvement), provided such interests are not overridden by your fundamental rights and freedoms — we carry out legitimate interests assessments where this basis applies.

Where we process special categories of personal data (Art. 9 GDPR), we rely on an explicit legal basis under Article 9(2) and any applicable provision of the Data Protection Act 2018.

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

(a) To provide, operate, and maintain our services and website;
(b) To process and fulfil transactions and send related information including purchase confirmations and invoices;
(c) To manage your account, preferences, and communications;
(d) To respond to your enquiries, comments, and requests;
(e) To send marketing communications where you have provided consent under Art. 6(1)(a) GDPR — you may unsubscribe at any time by clicking the unsubscribe link or contacting us;
(f) To comply with legal obligations, including Irish Revenue, the Companies Registration Office (CRO), and regulatory requirements;
(g) To prevent fraud and ensure the security of our systems; and
(h) To improve and personalise our services based on how users interact with our website.

SHARING YOUR PERSONAL DATA

We do not sell your personal data. We may share your personal data with the following categories of recipients in the circumstances described:

(a) Data Processors (Art. 28 GDPR): Third-party service providers who process personal data on our behalf under written data processing agreements, including hosting providers, IT support, payment processors, analytics providers, and email service providers. Each processor is required to implement appropriate technical and organisational measures and to process data only on our documented instructions.
(b) Payment Processors: When you make a payment, your payment card data is processed directly by our PCI DSS-compliant payment processor (e.g. Stripe Ireland Ltd, a data processor regulated in Ireland). We do not store full card details on our systems.
(c) Professional Advisers: Solicitors, accountants, and auditors bound by professional duties of confidentiality, where necessary for legal or financial compliance.
(d) Public Authorities: Where we are legally required to disclose data, for example to the Revenue Commissioners, An Garda Síochána, the Data Protection Commission (DPC), or a court of competent jurisdiction.

International Transfers (GDPR Chapter V): Some of our service providers are located outside the EU/EEA. In such cases, we ensure that transfers are subject to appropriate safeguards, primarily Standard Contractual Clauses (SCCs) approved by the European Commission, or an EU adequacy decision. You may request a copy of the relevant transfer mechanisms by contacting us.

COOKIES

Our website uses cookies and similar technologies. Under the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336/2011), non-essential cookies require your prior informed consent before being placed on your device.

We use the following categories of cookies:

(a) Strictly Necessary Cookies: Essential for the website to function — these do not require consent and cannot be disabled without affecting core functionality (e.g. session cookies, security cookies).
(b) Analytics and Performance Cookies: Help us understand how visitors interact with our website (e.g. Google Analytics, Hotjar). These are only placed with your consent.
(c) Functional Cookies: Allow the website to remember choices you make to provide a more personalised experience — placed with consent.
(d) Marketing / Targeting Cookies: Used to deliver advertising relevant to your interests — placed only with your prior consent under S.I. No. 336/2011.

You can manage your cookie preferences at any time through our cookie consent banner or your browser settings. Withdrawing consent for non-essential cookies will not affect the lawfulness of prior processing.

DATA RETENTION

In accordance with the storage limitation principle under Article 5(1)(e) GDPR, we retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by Irish or EU law.

Our general retention schedule is: 3 years from last interaction, or as required by Irish law. Specific retention periods vary by data category:

(a) Customer transaction records — 7 years from the date of the transaction, in accordance with the Taxes Consolidation Act 1997 and Revenue guidance;
(b) Employee records — duration of employment plus 7 years;
(c) Marketing data — until consent is withdrawn or 2 years from last interaction, whichever is earlier;
(d) Technical/usage data — up to 26 months unless anonymised sooner.

Where personal data is no longer required, we will securely delete, destroy, or anonymise it in compliance with our data retention procedures.

YOUR RIGHTS UNDER GDPR

Under Articles 15-22 of the GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

(a) Right of Access (Art. 15): To obtain a copy of the personal data we hold about you, and information about how it is processed (Subject Access Request — SAR).
(b) Right to Rectification (Art. 16): To have inaccurate or incomplete personal data corrected without undue delay.
(c) Right to Erasure / 'Right to be Forgotten' (Art. 17): To request deletion of your personal data in certain circumstances (e.g. withdrawal of consent, data no longer necessary).
(d) Right to Restriction of Processing (Art. 18): To restrict how we process your data in certain circumstances.
(e) Right to Data Portability (Art. 20): To receive personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller.
(f) Right to Object (Art. 21): To object to processing based on legitimate interests or for direct marketing purposes — where you object to direct marketing, we will cease processing immediately.
(g) Rights in Relation to Automated Decision-Making (Art. 22): Not to be subject solely to automated decision-making, including profiling, which produces legal or similarly significant effects.

To exercise any of these rights, please contact us at privacy@emeralddigital.ie. We will respond within one calendar month of receiving your request (extendable by two months for complex requests — we will inform you). We may need to verify your identity before processing your request. We do not charge a fee unless a request is manifestly unfounded or excessive.

Right to Lodge a Complaint with the DPC: If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority under Article 51 GDPR: Data Protection Commission, 21-25 Canal Road, Dublin 6, D06 YK07. Website: www.dataprotection.ie. Telephone: +353 57 868 4757.

DATA SECURITY

In accordance with Article 32 GDPR, we implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

(a) Encryption of personal data in transit (TLS/SSL) and at rest where appropriate;
(b) Access controls and authentication — data is accessible only to authorised personnel on a need-to-know basis;
(c) Regular security testing, vulnerability assessments, and staff training;
(d) Business continuity and data recovery procedures.

In the event of a personal data breach, we will notify the Data Protection Commission within 72 hours of becoming aware in accordance with Article 33 GDPR, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Article 34 GDPR).

CHILDREN

Our services are not directed at children. Under Article 8 GDPR and section 29 of the Data Protection Act 2018, Ireland has set the digital consent age at 16 years. We do not knowingly collect personal data from children under 16 years of age without verifiable parental or guardian consent. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take prompt steps to delete that data. Parents or guardians who believe their child's data has been collected may contact us at privacy@emeralddigital.ie.

CONTACT US AND DPC COMPLAINTS

For any questions, requests, or concerns regarding this Privacy Policy or our data protection practices, please contact us:

Emerald Digital Solutions Ltd.
14 Fitzwilliam Square, Dublin 2, D02 N964
Email: privacy@emeralddigital.ie
Tel: +353 1 234 5678

You have the right at any time to complain to the Data Protection Commission (DPC), the Irish supervisory authority for data protection matters:
Data Protection Commission, 21-25 Canal Road, Dublin 6, D06 YK07
Website: www.dataprotection.ie | Email: info@dataprotection.ie | Tel: +353 57 868 4757

We would, however, appreciate the opportunity to address your concerns directly before you approach the DPC, and encourage you to contact us in the first instance.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, technology, legal requirements, or other factors. When we make material changes, we will post the updated policy on our website with a revised effective date and, where appropriate, notify you by email. The current version of this policy is dated 15 April 2026. We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes acceptance of the updated policy.

This Privacy Policy is governed by the laws of Ireland, the GDPR (EU 2016/679) as applicable in Ireland, and the Data Protection Act 2018.