Privacy Notice

This is our privacy notice.
We don't do anything nasty with your data, but this document explains who we are and what we do with your data.

This Privacy policy is effective from May 25th 2018. If you are a GDPR4School or XpertDPO customer or you're just browsing our website, this policy applies to you.

GDPR4School is a product of XpertDPO Ltd. Our registered address is 10 Summerfield, Arklow, County Wicklow, Ireland. We also have an office at 20 Clanwilliam Terrace, Dublin. We are registered in Ireland: 628375. Our VAT Registration Number is 3545944FH

If you are a registered XpertDPO customer or a visitor to our website we act as the ‘data controller’ of personal data. This means we determine how and why your data are processed.

If you are a customer who uses one of our outsourced services (DPO-as-a-Service / European representative-as-a-Service) then we act as the 'Data Processor'

Read this Privacy Policy.

If you are our customer, please also check the contracts between us: they may contain further details on how we collect and process your data.

If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Privacy Policy.

From the moment you interact with XpertDPO, we are collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.

Contact Details

Your name, address, telephone number, email address...

Financial Information

Your bank account number, sort code, credit/debit card details...

Data that identifies you

Your IP address, geolocation information about where you might be...

Data on how you use our website

Your URL clickstreams (the path you take through our site), products/services viewed, page response times, how long you stay on our pages, what you do on those pages and how often...

XpertDPO is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target XpertDPO at children, and we do not knowingly collect any personal data from any person under 16 years of age

We don’t collect any "sensitive data" about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent, or when we have to to comply with the law.

Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

Lawful bases: contract & legitimate interests

Customer support

Notifying you of any changes to our services, solving issues via telephone support, phone or email.

Lawful basis: contract

Marketing purposes (with your consent)

Sending you emails and messages about new features, products and services, and content.

Lawful basis: contract


Here is what each of these "Lawful bases" mean:
Consent

You have given clear consent for you to process your personal data for a specific purpose.

You can change your mind!

If you have previously given consent to our processing your data you can freely withdraw such consent at any time. You can do this by emailing us at [email protected].

If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another overriding legal basis for processing your information, then we may continue to do so subject to your legal rights.

Contract

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

Legitimate interests

Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:

  • gaining insights from your behaviour on our website
  • developing and improving our services
  • enabling us to enhance, customise or modify our services
  • determining whether marketing campaigns are effective
  • enhancing data security
Your choices

You can choose not to provide us with personal data. If you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process transactions without personal data.

You can turn off cookies in your browser by changing its settings

You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and browse its pages.

You can ask us not to use your data for marketing

We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at [email protected].

Your rights

You can exercise your rights by sending us an email at [email protected].

You have the right to access information we hold about you

This includes the right to ask us supplementary information about:

  • the categories of data we’re processing
  • the purposes of data processing
  • the categories of third parties to whom the data may be disclosed
  • how long the data will be stored (or the criteria used to determine that period)
  • your other rights regarding our use of your data

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

You have the right to make us correct any inaccurate personal data about you

You can object to us using your data for profiling you or making automated decisions about you. We will use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behaviour). Otherwise, the only circumstances in which we will do this is to provide our services to you.

You have the right to port your data to another service

We will give you a copy of your data in a commonly used, machine readable format so that you can provide it to another service. However, where there is a possibility that the rights and freedoms of a third person would be at risk by providing the data, we may exercise our right to refuse your request.

You have the right to be ‘forgotten’ by us

You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data we will erase your data.

You can contact our Data Protection Officer at any time to exercise your rights as a Data Subject.

Data Protection Officer Stuart Anderson
Postal Address 10 Summerfield
Arklow
Y14 PX34
Co. Wicklow
Ireland
Telephone +353 404 53906
Email [email protected]

You have the right to lodge a complaint regarding our use of your data

Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the Office of the Data Protection Commissioner, you can find their contact details directly below...

Commissioner Helen Dixon
Postal Address Canal House
Station Road
Portarlington
R32 AP23
Co. Laois
Telephone +353 57 8684800
+353 (0)761 104 800
Lo Call Number 1890 252 231
Fax +353 57 868 4757
Email [email protected]

We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. For more information on our efforts to ensure your data is held in a secure manner, please see our data security policy.

And please remember:
  • You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
  • You are responsible of your username and password: keep them secret and safe!
  • If you believe your privacy has been breached, please contact us immediately on [email protected]

The personal data we collect is processed at our offices in Ireland and in any data processing facilities operated by the third parties identified below. By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

We will archive and stop actively using any personal information about you within 6 months from the last time you stop using XperDPO's Services. We will delete your personal data from our archives no later than 6 years from the last time you used XpertDPO's services or as agreed with you in a separate contract.

Modern businesses often use third parties to help them host their applications, communicate with customers, power their emails etc. We partner with third provide these services.

When we do use these services, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

Analytics
Service provider Data collected or shared Purpose Location of processing
Google Analytics privacy policy
  • Contact details
  • How you use our website
  • Data that identifies you
  • Cookies
GoogleAnalytics is a web analytics service: we use it to track your use of the service, and prepare reports on user activity United States of America

Communications
Service provider Data collected or shared Purpose Location of processing
Microsoft Office 365 privacy policy
  • Contact details
Office 365 is a web based office productivity suite: we use it to send, receive and track our email communications, create documents and share out documents with OneDrive United States of America

Payments
Service provider Data collected or shared Purpose Location of processing
Stripe privacy policy
  • Contact details
  • Bank Account Number
  • Credit / Debit Card Number
  • CVV
  • Card Expiry Date
Stripe is a technology company that builds economic infrastructure for the internet. we use it to receive electronic payments for our digital products and service offerings European Union

Marketing / Products
Service provider Data collected or shared Purpose Location of processing
Kajabi privacy policy
  • Contact details
  • Product(s) Purchased
Kajabi is a Knowledge Commerce platform: we use it to develop, market and sell our digital products United States of America

We use cookies. Unless you adjust your browser settings to refuse cookies, we (and these third parties) will issue cookies when you interact with us. These may be ‘session’ cookies, meaning they delete themselves when you leave our website, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.

How can I block cookies?

You can block cookies by activating a setting on your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website will not function fully. In some cases, our website may not be accessible at all. Please note that where third parties use cookies we have no control over how those third parties use those cookies.

What specific cookies do we manage?
Service provider Key Cookies Purpose
Google Inc.
  • ga
  • _gat_gtag_UA_119335301_1
  • _gat_http%3A%2F%2Fxpertdpo.com%2F
  • _gid
Google Analytics uses cookies allows us to see information on the activities of visitors to our website and users of our service, including page views, source and time spent on our website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. To opt out of being tracked by Google Analytics across all websites click here
Cookiebot
  • CookieConsent
Cookiebot allows us to provide a cookie consent banner and an automated cookie scan and declaration on our website