“Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any Personal Data is processed, who/which make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
Our Data Protection Coordinator can be contacted as follows:-Email: firstname.lastname@example.org
The purpose of this document is to provide you as our data subject with a statement regarding the Data Protection and Privacy practices and obligations of Serity Limited, [the Organisation] and an explanation of your rights as a data subject. This Notice applies to our business practices, our website (Websites), which are accessible from https://serity.io, its sub-domains, as well as any associated mobile applications (Mobile Apps) owned and controlled by the Organisation. As the Organisation is established in the Republic of Ireland, this document is written in the vein of Irish Data Protection Law and the Organisation falls under the jurisdiction of the Irish Data Protection Commission. This Privacy Notice sets out what Personal Data we collect and process about you in connection with the services and functions of the Organisation. We are not responsible for the content or the privacy notices for any websites to which we provide external links.
Laws that apply to us:
|State and/or Country of Incorporation||Applicable Law|
Our practices as described here now may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review this Notice periodically to make sure that you understand how any personal information you provide will be used. We may also email you to let you know if and when we update this Notice to ensure you are informed.
Data protection provides rights to individuals with regard to the use of their Personal Data by organisations, including our organisation. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.
Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.
We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable Data Protection and Privacy Laws, and that we have in fact complied with the laws. We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.
We aim to comply with the following principles found in Data Protection Law:
Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.
Purpose Limitation. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.
Retention – Personal data should be kept in an identifiable format for no longer than is necessary.
Integrity and confidentiality – Personal data should be kept secure.
Accountability – Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.
We will collect personal data with you in accordance with the purposes outlined in this document. This will be basic personal data used to facilitate creating an online account for you to use the compliance benchmarking services and receive support. This personal data usually includes your name and email address and from time to time billing information. We expect you to use personal data associated with your business-related activities.Special Category Personal Data
We will not collect special category data from you unless you are an employee in which case we would be obliged to do so under law.Criminal Conviction Data
We will not collect criminal conviction data from you.Children’s Personal Data
Directors and employees of the Organisation who are bound by confidentiality agreements will process personal data on behalf of the business.Service Providers
We may use trusted service providers who could be considered data processors, sub-processors or third parties. We need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with Irish and EU laws on data protection. Any such organisation or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.
We use the following categories of third party service providers including data processors in the course of our business:
We may pass on your details if we are under a duty to disclose or share a Data Subject’s Personal Data in order to comply with any legal obligation, or in order to enforce or apply any contract with the Data Subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or Personal Data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
Other than the above, we will not disclose personal information to any third party without your consent, or as listed herein, except in incidences where an individual is potentially at risk or where the law requires it.
We host our application in the US as we are an international service. The hosting provider participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Depending on your choice of cookies, there may be one or more cookies that transfers data to the USA served from Stripe. Stripe participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.International Transfers
If we transfer your Personal Data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
1. We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.
3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US.
Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention. As Profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do. We do not use automated decision making using personal data or profiling using personal data in our normal course of business.
We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques. We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:Confidentiality
means that only people who are authorised to use the data can access it.Integrity
means that Personal Data should be accurate and suitable for the purpose for which it is processed.Availability
means that authorised users should be able to access the data if they need it for authorised purposes.
We have a documented data retention schedule. Generally, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and for up to seven (7) years afterwards or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. Where appropriate, you will be asked whether you wish to receive any marketing communications from us.
We will not share your Personal Data with any third party for marketing purposes. You may object to direct marketing by using the contact details herein to opt-out or make use of the opt-out links on communications.
We make use of Facebook Ads from time to time. We do base our ads on interests and do not use re-marketing techniques. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance.
You can also opt-out from Facebook and other participating companies through
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation.Google Ads
We make use of Google Ads from time to time. We do base our ads on keywords and do not use re-marketing techniques. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/.
We make use of the following necessary cookies on this website:
|m||m.stripe.com||Determines the device used to access the website. This allows the website to be formatted accordingly.||10 years||HTTP Cookie|
|CookieConsent||serity.io||Stores the user's cookie consent state for the current domain.||1 year||HTTP Cookie|
|_serity_io_session||serity.io||This cookie maintains your login status according to your chosen preference.||Session||HTTP Cookie|
|__stripe_mid||serity.io||This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.||1 year||HTTP Cookie|
|__stripe_sid||serity.io||This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.||1 day||HTTP Cookie|
Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site for different purposes. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.Technical Personal Data
Like most websites, we may gather technical information for compliance purposes and security reasons. We will make no attempt to identify individual visitors, or to associate the technical details listed below with any individual, unless necessary and declared.
We may collect this technical information from you when you visit our website and accept cookies. This information may include standard information from you (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our website (such as the web pages viewed and links clicked). We do note that your IP address is considered personal data under the GDPR.
Certain information in relation to web usage is revealed via our internet service provider or hosting service who records some of the following data. Whilst we do not access this information regularly, the technical information may be used to inform our security measures, to allow us improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes. The information we receive depends upon what you do when visiting our site:
You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of Personal Data relating to you. If you have any queries relating to withdrawing your consent, please contact our Data Protection Coordinator using the contact details set out below.
Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
We do not own or operate CCTV cameras and we do not process CCTV footage.
|Categories of Data||Purpose/Activity||Possible Lawful Basis for Processing|
|Name and Contact Details||To manage our relationship with you as our customer, supplier, contractor or shareholder||Performance of a contract with you|
|Name and Contact Details||Electronic account creation and/or management||
|Name and Contact Details||To manage our relationship with you as a customer in our CRM||
|Social Media Handles or Profile IDs||When you choose to engage with us via social media platforms and we need to respond.||Necessary for our legitimate interests (ensure sales continue and to deal with issues customers raise)|
|Name and Contact Details||Use the Personal Data that you provide on our web forms and questionnaires||Necessary steps to prior to entering into a contract with you|
|Name and Contact Details||Notifying you about changes to our terms or this policy||Necessary to comply with our legal obligation|
|Name and Contact Details||Asking you to leave a review or take a survey||Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)|
|Name and Contact Details; IP Address||To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
|IP Address||To use data analytics to improve our website, products/services, marketing, customer and investor relationships and experiences||Necessary for our legitimate interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|Name and Contact Details||To respond to your enquiry, feedback or complaint||
|Name and Contact Details; Invoices||To comply with our tax obligations.||Necessary to comply with a legal obligation|
|Voice/Video Data||Record webinars and possibly other communications to use for evaluation and training purposes, ensure quality of service and courses, maintain a record of services requested.||
Under certain circumstances, by law you have the right to:
We have appointed a Data Protection Coordinator to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Protection Coordinator.
Data subjects must make a formal request for Personal Data we hold about them or otherwise to exercise their data protections rights whether to make an access request or otherwise by contacting our Data Protection Coordinator who will respond to the request within 30 days.
We are obliged to comply with exceptions to your requests where laid out in law. Such exceptions relate to health data, disclosures that would be likely to cause serious harm to your physical or mental health or emotional condition and opinions given in confidence.
Our Data Protection Coordinator can be contacted as follows:-
You as the Data Subject have the right to complain at any time to a data protection supervisory authority in relation to any issues related to our processing of your Personal Data. As our organisation is located in Ireland and we conduct our data processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner.
You can contact the Data Protection Commissioner as follows:
Phone: +353 57 8684800 or +353 (0)761 104 800
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland
This Notice has been approved and authorised by:Name
Philipa Jane FarleyPosition
21 November 2019