We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular Ireland`s Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).
The person responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 of the GDPR is
Unit 1A, Bracken Business Park,
Bracken Road, Sandyford,
Dublin 18, Ireland
Tel.: 01 518 0518
Data Protection Commissioner (DPC) Registration Number 13807/A
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either as a whole or for individual measures, you can contact us at any time.
On what grounds do we use Personal Data?
We use your Personal Data for the following purposes and on the following grounds:
• On the basis of fulfilling our contract (when you buy our service)
• On the basis of your consent (when you voluntarily give us data and information about you)
• On the basis of legal obligations (for obligations such as tax, accounting, anti-money laundering, or when a court or other authority asks us to)
• On the basis of our legitimate interest (for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.) Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
• Right to confirmation and information
You have the right to receive clear information about the processing of your personal data.
You have the right to receive confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
• the purposes of processing;
• the categories of personal data processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to obtain the rectification or erasure of personal data concerning you or to obtain the restriction of processing by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• if the personal data is not collected from you, any available information about the origin of the data;
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
• Right to rectification
You have the right to request that we correct and, if necessary, complete personal data relating to you.
In detail: You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
• Right to erasure (“right to be forgotten”)
In a number of cases, we are obliged to delete personal data relating to you.
In detail: Pursuant to Article 17(1) of the GDPR, you have the right to request that we erase personal data relating to you without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:
• The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 (1) p. 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data have been processed unlawfully.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
• The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
If we have made the personal data public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you have requested them to erase all links to, or copies or replications of, that personal data.
• Right to restriction of processing
In a number of cases, you have the right to request us to restrict the processing of your personal data.
Specifically: You have the right to request us to restrict processing if one of the following conditions is met:
• the accuracy of the personal data is contested by you for a period of time which allows us to verify the accuracy of the personal data,
• the processing is unlawful and you have refused to erase the personal data and have instead requested the restriction of the use of the personal data;
• we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; or
• you have objected to the processing in accordance with Article 21 (1) of the GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
• Right to data portability
You have the right to receive personal data relating to you in machine-readable form, to transmit it, or to have it transmitted by us.
In detail: You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that
• the processing is based on consent pursuant to Art. 6 (1) sentence 1 a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) sentence 1 b) GDPR and
• the processing is carried out with the help of automated procedures.
• When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible.
• Right to object
You have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing are not overriding.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 e) or f) of the GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
• Right to withdraw consent
You have the right to withdraw consent to the processing of personal data at any time.
• Right to complain
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
The Supervisory Authority
The Data Protection Commission (DPC) in Ireland is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the DPC (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
What data we use and why
Data for the fulfilment of our contractual obligations
As Accountants, we process personal data that we need to fulfil our contractual obligations, such as names, addresses, email addresses, products ordered, billing and payment data. The collection of this data is mandatory for the conclusion of the contract.
The deletion of the data takes place after the expiry of warranty periods and legal retention periods. Data that is linked to a user account in particular data that is absolutely necessary for communication with our existing customers, such as name, address, email address and telephone number, is retained for the duration of the management of this customer account.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, because this data is required so that we can fulfil our contractual obligations towards you.
We only pass on your personal data to third parties if:
• you have given your express consent in accordance with Art. 6 para. 1 p. 1 a GDPR,
• the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 para. 1 p. 1 f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation for disclosure in accordance with Art. 6 para. 1 p. 1 c GDPR, as well as
• this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 b GDPR.
We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files).
The access data includes:
• Name and URL of the file accessed
• date and time of access
• amount of data transferred
• Message about successful retrieval (HTTP response code)
• browser type and version
• Operating system
• Referrer URL (i.e. the previously visited page)
• Websites accessed by the user’s system via our website
• Internet service provider of the user
• IP address and the requesting provider
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimising our website, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for accounting purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, troubleshoot and improve our services.
This is also our legitimate interest according to Art 6 para. 1 p. 1 f) GDPR.
We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers.
After the order process has been cancelled or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links etc.).
In addition to the data mentioned above, cookies are stored on your device when you use our website. Cookies are small text files that your computer, smartphone or tablet stores when you visit our website.
If you contact us (via contact form, telephone, life chat or e-mail), we will process your data for the purpose of processing the enquiry and in the event that follow-up questions arise.
If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to your enquiry, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR.
We only process other personal data if you consent to this (Art. 6 para. 1 p. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) GDPR). A legitimate interest is, for example, to respond to your enquiry.
Disclosure of personal data to third parties
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.
• Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.
• Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process payment for services to our payment service provider (Stripe).
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.
• Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e. at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.
After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection notice. If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending you the newsletter.
We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We therefore measure and store opening and click-through rates in your usage profile, i.e. whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes. In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimisation measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore Art. 6 para. 1 lit. f GDPR.
Of course, you can unsubscribe from receiving our information at any time, i.e., revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter and can confirm the unsubscription on our website. You can also contact us for a cancellation at any time.
General technical organisational measures
The Shelbourne Accountants website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).
Analysis and targeting tools
• Google services
On our website, we use various services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
You can find more information about Google services at https://www.google.com/privacy/ads/.
• Google Analytics
Our web site uses Google Analytics to design and improve the web site according to your needs. Google Analytics uses so-called cookies, which are stored on your terminal device, and which enable an analysis of your use of the website. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. We use the extension of IP anonymisation (so-called IP masking) on this website, i.e. your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.
Google’s services also include reports on the effectiveness of our advertising measures (including across devices), on the demographics and interests of our users, as well as functions for the cross-device delivery of online advertising if you are the owner of a Google account and have consented to the personalisation of advertising (“Ads Personalisation”). In this case, the legal basis for data processing is your consent to Google (Art. 6 para. 1 lit. a) GDPR).
You can object to the collection or analysis of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months.
• Google remarketing function
Google’s remarketing function enables us to present our users with advertisements based on their interests on other websites within the Google Ads network (so-called “Google Ads” or ads on other websites). For this purpose, the interaction of users on our website is analysed in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a “cookie”, is used to record the visits of these users. This number is used to uniquely identify a web browser on a specific computer and not to identify a person; personal data is not stored.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.
• Google Conversion Tracking
We also use Google’s conversion tracking in this context. When you click on an ad placed by Google, a conversion tracking cookie valid for 30 days is stored on your terminal device. This cookie is not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers.
The legal basis for this data processing is Art. 6 (1) f GDPR.
You can deactivate interest-based Google Ads on Google in your browser by activating the “Off” button at https://adssettings.google.com/authenticated or by deactivating it at http://www.aboutads.info/choices/.
• Other services of the Google Marketing Platform
Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions, i.e. whether a user sees an ad and later visits the advertiser’s website and makes a purchase there. According to Google, these cookies do not contain any personal information.
Your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of these services provides Google with the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to obtain and store your IP address.
In addition, cookies enable us to understand whether you perform certain actions on our website after you have called up one of our ads on Google or on another platform or clicked on it (conversion tracking) (“floodlight”). Google uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later.
You can prevent the tracking process by making the appropriate setting in your browser software (e.g. third-party cookies deactivated), deactivating cookies for conversion tracking by blocking cookies from the domain www.googleadservices.com in your browser settings, with regard to interest-based ads from providers that are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices or at the link http://www.google.com/settings/ads/. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.
• Facebook Custom Audiences
Our website uses the “Custom Audiences” remarketing function of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This allows users of the website to be shown interest-based advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites that also use this procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our online offers more interesting for you. The legal basis for the processing of your data is Art. 6 (1) f GDPR.
With Custom Audiences, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your Facebook account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider processes your IP address and other identifying features.
Deactivation of the “Facebook Custom Audiences” function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#.
Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy.
• Squarespace Metrics
Our website uses Squarespace Metrics, a web analytics service provided by Squarespace, Inc, 225 Varick Street, New York, NY 10014, USA (“Squarespace”).
Squarespace uses the data to evaluate the use of the website by the visitor, to compile reports on the visitors’ activities on the website and to provide other services related to the use of the website. Where Squarespace is required to do so by law, or where third parties process the data on its behalf, the data will be transferred to those third parties. Squarespace will never associate your IP address with any other data held by Squarespace. You have the option to prevent cookies from being stored on your computer by making the appropriate browser settings. However, by deactivating cookies you may not be able to use all the functions of our web site to their full extent. By using the website, you consent to the processing of data about you by Squarespace in the manner described above and for the purposes of compiling visitor statistics on the use of the website and improving the website.
The legal basis for the collection and processing of the data is Art. 6 (1) f GDPR. The legitimate interest in collecting and processing the data is to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use.
We use Hotjar, a web analytics service provided by Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”), to better understand usage patterns, to better understand the needs of our users and to optimize our services and user experience. Hotjar enables us to better understand the user experience on our sites (i.e., how long users spend on which of our sites, which links they click, what they like and dislike, etc.) so that we can tailor our offerings based on user feedback.
When you visit certain business sections of our website, our partner HubSpot uses the cookie listed below for functionality, performance and to track visitors. This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. Please refer to HubSpot`s usage policy for more information. The legal basis for the collection and processing of the data is Art. 6 (1) f GDPR. The legitimate interest in collecting and processing the data is to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use.
Duration for which the personal data are stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.