Last Updated: 24th May 2018
CWDS are committed to protecting and respecting your privacy. This policy explains how we use and protect your personal information when you use this website www.cwds.ie
By visiting www.cwds.ie you are accepting and consenting to the practices described in this Privacy Statement.
For the purpose of the Data Protection Acts 1988 and 2003 (as amended) the data controller is Patrick Cuddihy. Our business address is 11 Altamount Park, Dublin Road, Kilkenny, trading as CWDS (Business Name Number 55825). You can contact us by phone on 086-1714079 or by email on info(at)cwds.ie
Personal data is processed at our office or at other locations that staff are located on occasion.
What personal data do we process?
We process the following data:
- Names, addresses and telephone numbers submitted via contact forms
- Email addresses
- Text submitted via forms on our website (which may or may not include names, addresses, e-mail addresses and telephone numbers
- information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths)
- information that you provide to us when registering or subscribing to our email notifications and/or newsletters
- information relating to any purchases you make of goods and/or services or any other transactions that you enter into through our website
- Any other personal information that you choose to send to us.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Why do we process it?
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.
We may use your personal information to:
- administer our website and business
- personalise our website for you
- enable your use of the services available on our website
- send you goods purchased through our website
- send statements, invoices and payment reminders to you
- send you non-marketing commercial communications
- send you email notifications that you have specifically requested
- send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter)
- send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications)
- deal with enquiries and complaints made by or about you relating to our website
- keep our website secure and prevent fraud
Our website financial transactions are handled through our payment services providers, PayPal and Stripe. You can review the provider’s privacy policies here PayPal Stripe. We will share information with our payment services providers only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Who do we share it with, and why?
Online Orders – We use WooCommerce, an e-commerce platform for taking orders. https://woocommerce.com/privacy-policy/
Online Payment – We use PayPal and Stripe to handle our online payments
Shipping – We use DPD and An Post to deliver our orders.
Newsletter – We use MailChimp to produce our newsletter.
We have no intent or interest in sharing your Personal Data with other services, other than the above. If we were thinking of doing so, we would ask you first.
To exercise the following rights, please send an e-mail to info(at)cwds.ie. You may be asked for additional data to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit. You can also use our online tool to request your personal data.
You have the following rights:
- Right to be Informed:
You will be provided with “fair processing information”, which will be completely transparent about how we gathered and will use your data. We will also notify you about any third party processors with whom we share your Personal Data, along with the reason for doing so. But you’re pretty much already reading it all in this policy anyway.
- Right of Access:
You have the right to confirmation that your personal data are being processed and get access to a copy of your personal data and any other supplementary information.
- Right of Rectification:
You have the right to have your personal data corrected if it is inaccurate or incomplete.
- Right to Erasure:
You have the right to have your personal data deleted from our systems in the following situations:
- When you withdraw consent
- Data deletion is to comply with a legal obligation
- Where the data was unlawfully processed
- Where it is no longer necessary
- Where you object to the processing
- Where the personal data is processed to offer “information society services” to a child
We may have grounds to refuse such deletion requests for the following reasons:
- Exercise the right of freedom of expression
- For public health purposes in the public interest
- To comply with legal obligations
- The exercise or defence of legal claims
- Archiving purposes in the public interest
- Right to Restrict Processing:
You can request that we no longer process your data, but that we can still store it.
- Right to Data Portability:
You can obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form. We will also, at your request, pass your information directly to a competitor of ours, but we cannot be expected to provide it as a specific direct input to their electronic processing systems.
- Right to Object:
You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).
- Rights in relation to Automated Decision Making and Profiling:
We do not carry out any automated decision making or profiling activities, we’re not scary like that, so this right would not apply.
There may be a charge for such a request (which will not be higher than an amount permitted by applicable law, currently €6.35). We may also request proof of identification to verify your access request. Any queries in relation to personal data should be sent in writing to: at CWDS, 11 Altamount Park, Dublin Road, Kilkenny.
We use Google Analtyics on our site.
We use Clicky Analtyics on our site. Clicky Analytics writes cookies to your device (detailed above).
Where We Store Your Data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by personnel operating outside the EEA that work for us or for one of our suppliers or sub-contractors. Such staff may be engaged in, among other things, the fulfilment of orders you submit, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to such transfer, storing and processing. In such circumstances we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement.
Where you have chosen (or where we have given you) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website which you transmit at your own risk. Once we have received your information, we will apply procedures and use security features to try to prevent unauthorised access.
Cross-border Data Transfer
Our use of Mailchimp means that the names and e-mail addresses of our monthly newsletter subscribers are stored on servers hosted in US based data centres. Full details of MailChimp security set-up is available on their website here https://mailchimp.com/about/security/
Our unstructured data (documents, spreadsheets, etc.), which may occasionally contain personal data, is stored on a server at our premises and we also use Dropbox which is a tool for sharing project designs. Gmail is used for e-mail provision. The data on our internal server is regularly backed up to our host. Any personal data stored in our Dropbox, email or MailChimp are covered by contracts with Google, Dropbox and MailChimp.
Details of Google’s G Suite security set-up is available here https://policies.google.com/privacy
Details of Dropbox security set-up is available here
Details of Spiral Hosting security set-up is available here
Our website is hosted in Ireland and we do not use any other service that is outside of the EU for processing of Personal Data.
Where necessary we will process personal data provided to us for the purposes of seeking legal advice or other legal purposes. Examples of such processing would include providing information to debt collection agencies in the event of persistent non-payment for products or services by an individual or Sole Trader.
Also, where we receive a formal request under Section 8 of the Data Protection Acts 1988 and 2003 or Article 23 of the General Data Protection Regulation (GDPR) we may be required to disclose personal data of website users, newsletter subscribers and/or clients to An Garda Síochána, the Revenue Commissioners, or other relevant organisation.
System Logs, Maintenance, and Investigation of Data Security Breaches:
We process certain data, including IP addresses, as part of our internal system logging on this website to support the diagnosis of issues and maintenance of the website.
In addition, we will make use of detailed system logs on our webhosting platform and within our Content Management System to support investigations of Data Security breaches.
We take appropriate measures to ensure the security of personal data under our control and to prevent unauthorised access, disclosure, modification, or destruction of data. We have defined procedures and protocols for processing personal data including:
- Information Security policy
- Data Retention policy
We retain data only for the length of time necessary to provide services to customers, engage in marketing activities, and other legitimate purposes of the business.
Detailed Data Retention policies are available on request.
Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for those websites or policies. Please check the applicable policies before you submit any personal data to those websites.
Changes to this Privacy Statement
Any changes we may make to this Privacy Statement in the future will be posted on this page and the date of changes will be posted. Please check back frequently to see any updates or changes this Privacy Statement.