Introduction
Collecting Personal Information
The following types of personal information may be collected, stored, and used:
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy
Using Your Personal Information
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website. We may use your personal information for the following:
administering our website and business;
personalizing our website for you;
supplying services purchased through our website;
sending you non-marketing commercial communications;
sending you email notifications that you have specifically requested;
sending you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
sending you marketing communications relating to our business
dealing with inquiries and complaints made by or about you relating to our website;
keeping our website secure and prevent fraud;
other uses.
If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
Your privacy settings can be used to limit the publication of your information on our website and can be adjusted using privacy controls on the website.
We will not, without your express consent, supply your personal information to any third party for their or any other third party’s direct marketing.
Disclosing Your Personal Information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this policy, we will not provide your personal information to third parties.
Retaining personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this policy, we will not provide your personal information to third parties.
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations regarding the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will usually delete personal data falling within the categories set out below at the date/time set out below:
personal data type will be deleted 16:00 04.01
Not withstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law;
if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.
We will store all the personal information you provide on our secure servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Amendments
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.
Your Rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity (we will usually accept a photocopy of your passport certified by a notary plus an original copy of a utility bill showing your current address).
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
Third Party Websites
This website is hosted by [Please amend to provide info on what the website is running. This platform collects personal data when you visit this website, including:
Information about your browser, network and device
Web pages you visited prior to coming to this website
Your IP address
[Please amend to provide info on what the website is running on] needs the data to run this website, and to protect and improve its platform and services. [Please amend to prove info on what the website is running on] analyzes the data in a de-personalized form.
Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Updating Information
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Privacy by Design
The principles of ‘Privacy by Design and Default and Consent’ can be summarised as:
1. Use proactive rather than reactive measures. Anticipate, identify and prevent privacy invasive events before they happen.
2. Privacy should be the default position. Personal data must be automatically protected in any system of business practice, with no action required by the individual to protect their privacy
3. Privacy must be embedded and integrated into the design of systems and business practices
4. All legitimate interests and objectives are accommodated in a positive-sum manner. Both privacy and security are important, and no unnecessary trade-offs need to be made to achieve both.
5. Security should be end-to-end throughout the entire lifecycle of the data. Data should be securely retained as needed and destroyed when no longer needed.
6. Visibility and transparency are maintained. Stakeholders should be assured that business practices and technologies are operating according to objectives and subject to independent verification.
7. Respect user privacy by keeping the interests of the individual uppermost with strong privacy defaults, appropriate notice and user friendly options.
Privacy by Default and Consent
BY DEFAULT:
Our aim is that appropriate technical and organisational measures will be applied to ensure that, by default, only the personal data which is necessary for each specific purpose of processing of personal data is used, in relation to:
(a) the amount of personal data collected;
(b) the extent of processing that personal data;
(c) the period of its storage; and
(d) its accessibility.
Our aim is that by default personal data should be restricted to those who have a business need to know.
BY CONSENT:
Our aim is that when considering a proposal for a particular type of processing of personal data, the impact of this on the individuals affected should be considered, and that appropriate technical and organisational measures should be put into place to ensure that:
(a) the Data Protection Principles are implemented; and
(b) any risks to individuals’ rights and freedoms are minimised.
Anonymised or partly/reversibly anonymised data should be used wherever possible.
When buying systems/software which involve personal data, or considering transfers/sharing of personal data including using the “cloud”, we must evaluate the privacy and security of alternative solutions and vendors/partners. The use of such systems/software should to the maximum extent possible avoid personal data being involved or put at risk of a data breach.
Personal data should only be placed on systems, devices or software where this is compliant with our policies and the legislation. The use, and duration of holding, of personal data should be minimised.
Reviews of, and improvements to, privacy should be undertaken regularly by the team in their areas of work, documented, and privacy risks and precautions reviewed by the team regularly.
Cookies
This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. We only use essential cookies to securely serve this website to you.
These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.
How to make a complaint
To communicate with our Data Controller (M. Newman) please email info@b2me.net
You may also make a complaint to the Data Protection Commission here.
Data Breaches
How we are prepared for a personal data breach:
We know how to recognise a personal data breach.
We understand that a personal data breach isn’t only about loss or theft of personal data.
We have prepared a response plan for addressing any personal data breaches that occur.
We have allocated responsibility for managing breaches to a dedicated person or team.
Our team know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.
How we respond to a personal data breach:
We have in place a process to assess the likely risk to individuals as a result of a breach.
We have a process to inform affected individuals about a breach when their rights and freedoms are at high risk.
We know we must inform affected individuals without undue delay.
We know who is the relevant supervisory authority for our processing activities.
We have a process to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
We know what information we must give the ICO about a breach.
We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
We document all breaches, even if they don’t all need to be reported.