Privacy Policy

Introduction

ironleafes Ltd ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our digital marketplace solutions.

This policy applies to all personal data processed by ironleafes in connection with our services, website, and business operations. We are registered in Ireland under company registration number 582914 and our registered office is located at Grafton Street 18, Dublin D70 9543, Ireland.

Data Controller Information

ironleafes Ltd acts as the data controller for the personal information we process. As a data controller, we determine the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Irish data protection laws.

Data We Collect

The data we collect depends on how you interact with our services. We collect personal information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources where legally permitted.

Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, and postal address when you contact us or request our services
• Account Information: Username, password, and profile information when you create an account for our digital marketplace platforms
• Business Information: Company details, VAT numbers, business requirements, and project specifications
• Communication Data: Content of emails, messages, and other communications you send to us
• Payment Information: Billing details and payment card information processed securely through our payment providers

Information We Collect Automatically

• Website Usage Data: Pages visited, time spent on our website, click patterns, and referral sources
• Technical Information: IP address, browser type, device information, operating system, and screen resolution
• Cookies and Tracking Technologies: Information collected through cookies and similar technologies as described in our Cookie Policy
• Performance Data: Website performance metrics and error logs to improve our services

How We Use Your Information

We process your personal data for various purposes based on different legal grounds under GDPR. How we use your information depends on the services you use and your preferences that you communicate to us.

Service Provision and Contract Performance

• Delivering our digital marketplace solutions and related services
• Processing payments and managing billing for our services
• Providing customer support and responding to your enquiries
• Managing user accounts and authentication for our platforms
• Communicating with you about your projects and service updates

Legitimate Business Interests

• Improving our website functionality and user experience
• Conducting analytics to understand how our services are used
• Developing new features and services for our digital marketplace solutions
• Protecting our business against fraud and security threats
• Marketing our services to potential clients (with appropriate opt-out mechanisms)

Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Maintaining records as required by Irish and EU regulations
• Responding to lawful requests from authorities
• Enforcing our terms of service and protecting legal rights

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on include:

• Contract: Processing necessary to perform our contract with you or take steps at your request before entering into a contract
• Legitimate Interests: Processing necessary for our legitimate business interests, provided these are not overridden by your rights and freedoms
• Legal Obligation: Processing necessary to comply with legal obligations to which we are subject
• Consent: Where you have given specific consent for certain processing activities, such as marketing communications

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

• Service Providers: Trusted third-party providers who assist us in delivering our services, such as hosting providers, payment processors, and analytics services
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Business Transfers: In connection with any merger, acquisition, or sale of company assets, subject to appropriate confidentiality protections
• Protection of Rights: To protect the rights, property, or safety of ironleafes, our customers, or others

All third parties we work with are required to maintain appropriate security measures and use your data only for the specific purposes we authorise.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data outside the EEA, we ensure adequate protection through:

• European Commission adequacy decisions for countries with equivalent data protection laws
• Standard Contractual Clauses approved by the European Commission
• Other appropriate safeguards recognised under GDPR

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention periods vary depending on the type of information and the purpose for which it is processed:

• Contact and Enquiry Data: Retained for 3 years after last contact unless you request deletion
• Customer Account Data: Retained for the duration of the business relationship plus 7 years for legal and tax purposes
• Website Analytics Data: Anonymised after 26 months and retained for statistical purposes
• Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
• Legal and Compliance Records: Retained as required by applicable laws, typically 7 years

When personal data is no longer needed, we securely delete or anonymise it in accordance with our data retention and disposal procedures.

Your Rights

Under GDPR and Irish data protection law, you have several rights regarding your personal data. These rights include:

Access and Portability

• Right of Access: Request a copy of the personal data we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used format or have it transmitted to another controller

Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances

Processing Restrictions

• Right to Restrict Processing: Request limitation of processing in specific situations
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, though this may be extended in complex cases.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security assessments and penetration testing of our systems
• Access controls and authentication mechanisms to limit data access
• Employee training on data protection and security best practices
• Incident response procedures for potential data breaches
• Regular backups and disaster recovery planning

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but continuously work to improve our security measures.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and improve our services. For detailed information about our use of cookies, including how to manage your cookie preferences, please refer to our Cookie Policy.

You can control cookie settings through your browser preferences, though disabling certain cookies may affect the functionality of our website.

Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the contact information below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, provide additional notice through our website or direct communication.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our services after any changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us using the following contact information:

You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not handled your personal data in accordance with applicable law. More information is available at www.dataprotection.ie.

Governing Law

This Privacy Policy is governed by Irish law and the General Data Protection Regulation (GDPR). Any disputes arising from this policy will be subject to the exclusive jurisdiction of the Irish courts.