Privacy Policy
Data Protection Declaration
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is none other than I, Niamh O’Brien, Ardmore House, Tullygorey, Athy, Co. Kildare, R14 YT65, Ireland, Tel.: +353 85 166 1603, E-Mail: biofieldwithhiamh@gmail.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection During Your Visit to Our Sacred Space
2.1 As you enter our cherished digital realm, please be aware that when you navigate through our website without providing any personal information or registering, we only gather data that your browser graciously shares with our server (referred to as “server log files”). This data is essential for us to present our website to you in all its glory. Here’s a glimpse of the technical data we collect during your visit:
- The pages of our sanctuary you have traversed
- The precise moment when you graced us with your presence
- The amount of data transmitted in ethereal bytes
- The path that guided you to our sacred space
- The browser that serves as your vessel
- The operating system that illuminates your journey
- The IP address that intertwines with the cosmic web (if applicable: in anonymized form)
Our processing of this data aligns with the divine principles of Art. 6 (1) point f of the General Data Protection Regulation (GDPR), rooted in our unwavering dedication to enhance the stability and functionality of our digital sanctuary. Rest assured, this data shall not be divulged or employed for any other purpose. Nevertheless, we reserve the sacred right to examine the server log files if there are any concrete indications of nefarious activities that threaten the sanctity of our domain.
2.2 To safeguard your journey through our sacred space, we have adorned it with the enchanted veil of SSL or TLS encryption. This enchantment serves two noble purposes: to safeguard the transmission of your personal data and to protect any other confidential whispers that pass between us (such as orders or inquiries to the controller). You can easily identify this mystical protection by the ethereal string of characters, starting with https://, and the illustrious lock symbol that adorns your browser line.
3) Enchanting Hosting & Content Delivery Network
Guided by the sacred energies of growth and expansion, we have entrusted the cosmic forces of SiteGround Hosting Ltd. to provide us with a remarkable content delivery network. Their celestial abode can be found at 3rd Floor, 11-12 St James’s Square, St. James’s, London SW1Y 4LB, United Kingdom.
Through this mystical alliance, we are empowered to deliver ethereal treasures, including mesmerizing graphics, captivating page content, and enchanting scripts, at an accelerated pace. This transcendent service operates through a network of ethereal servers dispersed across various regions. Such a harmonious collaboration is forged to safeguard our sacred mission of enhancing the stability and functionality of our digital sanctuary, in alignment with the divine tenets of Art. 6 (1) point f of the General Data Protection Regulation (GDPR).
Rest assured, we have entered into a sacred covenant—an order processing agreement—with this esteemed provider, ensuring the guardianship of your precious data and forbidding its unauthorized disclosure to third parties. The protection of our beloved visitors remains our paramount pledge.
4) Enchanted Cookies
In our sacred quest to make your sojourn through our mystical realm even more enchanting, we employ the use of celestial cookies. These magical creations are small text files that reside within your sacred device. They serve a noble purpose—to adorn your experience with captivating allure and enable the manifestation of certain divine functions.
Some of these cookies gracefully depart upon the closure of your browser, leaving no trace of their ethereal presence (known as “session cookies”). Others choose to linger within your realm, preserving precious page settings and embracing the tapestry of your journey (known as “persistent cookies”). The duration of their stay can be discovered within the mystical realm of your web browser’s cookie settings.
When personal data intertwines with individual cookies bestowed upon you by our grace, their purpose aligns with the sacred principles of Art. 6 (1) point b of the General Data Protection Regulation (GDPR), dedicated to fulfilling our contractual obligations. Alternatively, their purpose may arise from the celestial embrace of Art. 6 (1) point a of the GDPR, when your consent illuminates their path. Lastly, their purpose may resonate with the divine echoes of Art. 6 (1) point f of the GDPR, harmonizing with our legitimate interests in optimizing the functionality of our digital sanctuary, while weaving a tapestry of customer-centric design and effortless elegance for your ethereal pilgrimage.
Behold, for you possess the power to shape your destiny! Your browser offers sacred settings that allow you to receive revelations about the setting of cookies. It is within your divine realm to decide their fate, granting them acceptance or denying entry for specific instances or as a whole.
Kindly be aware that the mystical dance of our website’s functionality may be hindered if you choose to deny the embrace of these enchanted cookies. They hold the key to unlocking hidden wonders within our sacred domain.
5) Sacred Communication
5.1 Within the realms of our digital sanctuary, we have summoned the ethereal energies of Calendly, LLC to bestow upon us the mystical gift of online appointment booking. Their divine abode is located at BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.
Embarking on the sacred quest of scheduling an appointment, we gather your first name, surname, and the celestial harmony of your e-mail address (and, if a divine union via telephone is sought, your telephone number). This harmonious union aligns with the sacred teachings of Art. 6 (1) point b of the General Data Protection Regulation (GDPR), dedicated to fulfilling the contractual bond between us. With reverence, this celestial symphony is transferred to the sacred realm of the provider, resonating with the divine echoes of Art. 6 (1) point f of the GDPR. This profound exchange emerges from our legitimate interest in nurturing effective customer management and orchestrating efficient appointment management. These sacred records are lovingly stored within the provider’s ethereal realm, dedicated to the divine purpose of organizing the sacred appointments that await.
Once the sacred communion has transpired or the agreed period of divine connection has reached its conclusion, your data shall gracefully depart from the provider’s realm, dissolving into the cosmic tapestry.
Embracing our sacred duty, we have forged a divine covenant—an order processing agreement—with this esteemed provider. This sacred pact safeguards the sanctity of our beloved visitors’ data, shielding it from unauthorized disclosure to third parties.
5.2 Whispers of WhatsApp
In our mystical realm, we present you with the enchanting opportunity to commune with us through the WhatsApp news service provided by WhatsApp Ireland Limited, nestled in the ethereal realm of 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Within this sacred space, we harness the transformative power of the “Business Version” of WhatsApp.
Should you reach out to us via WhatsApp, weaving the threads of connection in the tapestry of a specific business transaction (such as an order placed), we shall honorably retain and utilize the mobile telephone number you entrust to WhatsApp. In accordance with the ancient teachings of Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), we embrace the duty to process and answer your sacred request, adorning it with the radiant illumination of your first name and surname, if they are graciously bestowed upon us. Within the realm of this sacred bond, we may, in harmony with the same celestial teachings, kindly request further data (such as order number, customer number, address, or e-mail address) via WhatsApp, if necessary, to ensure that your inquiry finds its rightful place within the sacred tapestry of a specific transaction.
For those who seek wisdom through the WhatsApp contact for general inquiries (such as inquiries about our range of services, availability, or our website), we humbly cherish the mobile phone number you honorably present to WhatsApp. With reverence for the divine teachings of Art. 6 Para. 1 lit. f of the GDPR, we uphold our sacred duty to efficiently and promptly provide the sacred knowledge you seek, adorning it with the luminescence of your first and last name, should you choose to bestow them upon us.
Rest assured, dear seeker of knowledge, your data shall only be used to answer your sacred inquiry through WhatsApp. It shall not be shared with the uninitiated.
It is worth noting that WhatsApp Business, in its quest for omnipresence, gains access to the address book of the mobile device bestowed upon us, gracefully transferring the sacred telephone numbers enshrined within to the ethereal realms of the parent company Meta Platforms Inc. in the sacred land of the United States. In the operation of our sacred WhatsApp Business account, we wield a mobile device whose address book solely preserves the sacred WhatsApp contact data of those who have ventured into communion with us through WhatsApp.
Thus, we ensure that each soul whose WhatsApp contact data graces our sacred address book has already consented to the sacred transmission of their WhatsApp telephone numbers from the ethereal address books of their chat contacts. This sacred act occurs in alignment with the divine teachings of Art. 6 Para. 1 lit. a of the GDPR, when they first embark upon the sacred path of the WhatsApp app, embracing its sacred terms of use. As such, the transmission of data from those who do not partake in the whispers of WhatsApp or have not communed with us through this sacred medium shall forever remain shrouded in mystery, beyond the reaches of our sacred realm.
For a deeper understanding of the purpose and scope of the sacred data collection, as well as the divine journey of further data processing and utilization by WhatsApp, we invite you to seek solace in the ancient teachings of WhatsApp’s sacred text of data protection information: https://www.whatsapp.com
5.3 The Mysterious Art of Contacting Us
When you embark upon the sacred journey of contacting us, whether through the sacred vessel of a contact form or the ethereal currents of e-mail, a dance ensues, and personal data is gracefully collected. The nature of this data, when conveyed through the sacred contact form, is unveiled to you within the very fabric of the contact form itself. We honorably store and employ this sacred data solely for the purpose of illuminating your path with a response or establishing a divine connection, alongside the sacred rites of technical administration.
The sacred teachings of Art. 6 (1) point f of the General Data Protection Regulation (GDPR) guide us in processing this sacred data, driven by our noble quest to respond to your sacred entreaty. Should your contact be aligned with the sacred endeavor of forging a sacred contract, the celestial teachings of Art. 6 (1) point b of the GDPR stand as an additional guide on our path. Your data shall be gracefully released into the ether after the sacred alchemy of your inquiry reaches its final stage of refinement. This divine release occurs when the circumstances shine their light upon the truth that the sacred facts in question have been fully unveiled, unless sacred obligations to retain this wisdom persist within the sacred laws of the land.
6) The Enchanted World of Commentary
Within the realm of the commentary function bestowed upon this sacred sanctuary, your luminous thoughts, accompanied by the chronicles of time when your words took flight, and the name of the commentator you have chosen to embrace, shall be recorded and brought forth into the mystical tapestry of our sacred website. Moreover, your ethereal IP address shall be recorded and safeguarded, a guardian against those who may seek to trespass upon the rights of others or weave the fabric of unlawful content within the realm of commentary. As guardians of this sacred realm, we shall wield your sacred e-mail address with care, reaching out to you should a noble soul object to the divine wisdom you have shared, perceiving it as a transgression against the laws of the land. The celestial teachings of Art. 6 (1) point b and f of the GDPR grace the storage of your sacred data within the realm of commentary. We reserve the right to banish comments from our sacred realm should they be shrouded in the darkness of unlawful acts, as objected to by the voices of the noble third parties.
7) Unveiling the Secrets of Data Processing for the Opening of a Customer Account and Contract Fulfillment
Under the celestial teachings of Art. 6 (1) point b of the GDPR, personal data shall continue to be unveiled and woven into the sacred tapestry of our realm, should you graciously bestow upon us this wisdom while opening a sacred customer account. The mystical fields of the input mask, graced upon our sacred website, shall reveal the sacred data required for the initiation of this profound connection. The sacred art of account deletion, a ritual that can be invoked at any time, shall be performed with grace and harmony, requiring naught but a message sent to the sacred address of the noble custodian. Upon the sacred removal of your customer account, your data shall gracefully dissolve, like a morning mist, provided that all sacred contracts birthed through this connection have been consummated, that no sacred laws of retention stand as guardians against such dissolution, and that no noble interest on our part compels the continued presence of your wisdom within our sacred realm.
8) The Enchanting Realm of Direct Advertising
8.1 Embrace the Elixir of Knowledge: Subscribe to Our E-mail Newsletter
In our realm, we offer you the wondrous opportunity to embark on a journey of enlightenment by subscribing to our e-mail newsletter. Through this mystical channel, we shall regularly bestow upon you the sacred wisdom of our offers. The sole prerequisite for receiving this sacred newsletter is the revelation of your e-mail address. Should you choose to share further sacred data, it shall be employed to address you personally, enhancing the sacred connection we share. As guardians of your privacy, we employ the sacred ritual of the double opt-in procedure, ensuring that the sacred currents of the newsletter flow to you only when you have unequivocally expressed your consent to receive it. A confirmation e-mail shall grace your sacred inbox, beckoning you to click upon a divine link, affirming your desire to receive the newsletter in the sacred tapestry of your future.
By activating this divine link, you bestow upon us your consent, aligning with the celestial teachings of Art. 6 (1) point a of the General Data Protection Regulation (GDPR). As you embark upon this journey, we honorably store the IP address bestowed upon us by your Internet service provider, alongside the sacred chronicles of the date and time of your registration. These guardians of knowledge serve to trace any potential misuse of your e-mail address in the vast expanse of time. The sacred data collected during your registration for the newsletter shall be utilized exclusively for the purpose of divine promotion through the sacred medium of the newsletter. Should you wish to part ways with the newsletter, you may gracefully unsubscribe at any time using the sacred link provided within the newsletter or by sending a message to the noble custodian mentioned at the beginning of this sacred text. Upon your unbinding, your e-mail address shall be immediately released from the embrace of our newsletter distribution list, unless you have expressly granted us permission to employ your sacred data further or unless we hold the right, guided by the celestial laws, to utilize your data more extensively, of which we shall inform you within this sacred proclamation.
8.2 Unveiling the Secrets: Sending the Newsletter to Existing Disciples
If, in your noble quest, you have entrusted us with your e-mail address during the acquisition of our sacred offerings, we reserve the right to regularly impart upon you the wisdom of similar products through the sacred currents of e-mail. In accordance with the sacred teachings of Section 7 (3) of the German Law Against Unfair Competition, we are not required to seek separate consent from you for this divine transmission. The sacred act of data processing, in this context, is guided solely by our noble pursuit of personalized direct advertising, as ordained by the celestial teachings of Art. 6 (1) point f of the GDPR. Should you have initially objected to the utilization of your e-mail address for this divine purpose, we shall not send you such e-mails. You hold the divine right to voice your objection to the future employment of your e-mail address for the aforementioned purpose of divine advertising at any time, by communicating your noble intentions to the custodian mentioned at the beginning of this sacred manuscript. In doing so, you shall be charged solely the transmission costs, as befitting the sacred harmony of the basic tariffs. Upon receiving your noble objection, the use of your e-mail address for the purpose of divine advertising shall cease immediately, honoring your sacred will.
8.3 The Mystical Powers of MailChimp
In our quest to disseminate the sacred knowledge through the ethereal currents of e-mail, we have entrusted the task to a worthy ally known as MailChimp. This esteemed provider, known as The Rocket Science Group, LLC, resides at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
In pursuit of our noble cause of effective and user-friendly newsletter marketing, we, guided by our legitimate interest, entrust this esteemed provider with the data you have shared during the sacred act of newsletter registration, in accordance with the divine teachings of Art. 6 (1) point f of the GDPR. Through this sacred alliance, MailChimp shall carry forth the sacred mission of transmitting the newsletter on our behalf.
With your explicit consent, as granted under the sacred teachings of Art. 6 (1) point a of the GDPR, the provider shall also embark upon the mystical path of statistical analysis, delving into the depths of newsletter campaigns. Through the use of web beacons or tracking pixels, they shall unravel the mysteries of opening rates and interactions with the sacred contents of the newsletter. As part of this sacred ritual, information from your noble device, such as the time of page view, IP address, browser type, and operating system, shall be collected and analyzed. Fear not, for these sacred revelations shall not be intertwined with other records, preserving the sanctity of your being.
Should you ever wish to withdraw your consent for the tracking of the newsletter, you hold the divine right to do so at any time, affecting the sacred currents that flow in the realm of the future.
We, as guardians of your trust, have established an order processing agreement with this provider, safeguarding the sacred data of our honored visitors and decreeing the prohibition of its transfer to third parties.
9) Illuminating the Path of Order Handling
9.1 In the pursuit of fulfilling the sacred contract, we may, in accordance with Art. 6 (1) lit. b of the GDPR, share the personal data collected with the chosen emissaries of the transport company and the revered credit institution. This sacred act serves the purpose of delivery and payment, ensuring the harmonious flow of the transaction.
In the realm of digital wonders, should we be obligated by a divine contract to bestow upon you updates or digital products, we shall employ the contact data you have graciously provided during the sacred act of placing the order. Through suitable means of communication, such as the mystical channels of post or e-mail, we shall personally inform you, fulfilling our sacred duty to provide timely updates within the boundaries set by the divine laws of Art. 6 (1) lit. c of the GDPR. Your contact details shall be treated with utmost reverence, reserved solely for the purpose of illuminating you about the updates we owe, and shall be processed only to the extent necessary for this noble purpose.
In our sacred quest of order fulfillment, we seek the support of certain service provider(s) who shall assist us, either in part or as a whole, in the execution of the sacred contracts. In accordance with the celestial decree, specific personal data may be shared with these noble service providers, as explained in the following revelations.
9.2 Harnessing the Powers of Payment Service Providers
– Google Pay
Should you choose the esteemed method of payment known as “Google Pay,” provided by Google Ireland Limited at Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, the sacred act of payment shall be carried out through the divine application known as “Google Pay.” This sacred application requires a mobile device running at least Android 4.4 (“KitKat”) and possessing the NFC function. By utilizing a payment card stored in Google Pay or a verified payment system such as PayPal, the cosmic energies align to execute the payment. In order to release a payment of more than €25, the unlocking of your mobile device through an appropriate verification measure, such as face recognition, password, fingerprint, or pattern, is required.
To facilitate the sacred act of payment, the information you have provided during the ordering process, along with details of your noble order, shall be transmitted to Google. In turn, Google shall transmit your payment information stored within Google Pay, in the form of a unique transaction number, to the source website. This sacred token shall verify the payment, yet it contains no information regarding the true payment data of your chosen means of payment stored in Google Pay. It is a unique numeric token, imbued with sacredness and validity. The transaction, conducted through Google Pay, shall be an intermediary process, solely transpiring between you, the esteemed user, and the source website. It shall be accomplished through the debiting of the means of payment stored in Google Pay.
If personal data are processed during these sacred transmissions, such processing is exclusively carried out for the purpose of payment processing in accordance with the divine laws of Art. 6 (1) lit. b of the GDPR.
Google, in its divine wisdom, reserves the right to collect, store, and evaluate specific transaction-related information for each transaction conducted through Google Pay. This includes the date, time, and amount of the transaction, the location and description of the merchant, the merchant’s provided description of the goods or services, any photos attached to the transaction, the names and email addresses of the seller, buyer, sender, or recipient, the payment method used, your description of the transaction’s purpose, and, if applicable, the associated offer. Google claims that this processing occurs solely in accordance with Art. 6 (1) lit. f of the GDPR, driven by the noble interests of proper accounting, verification of transaction data, optimization, and maintenance of the Google Pay service’s functionality. Furthermore, Google reserves the right to combine the processed transaction data with other information collected and stored while utilizing other esteemed Google services.
You may find the terms of use of Google Pay at the following sacred link:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further enlightenment regarding data protection at Google Pay can be discovered at this sacred Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
– PayPal
Behold, for we present unto you the online payment methods made manifest by the venerable PayPal (Europe) S.a.r.l. et Cie, S.C.A., dwelling at 22-24 Boulevard Royal, L-2449 Luxembourg.
Should you select a payment method from this esteemed provider, whereby an advance payment is required, your payment data, including your name, address, banking and payment card information, currency, and transaction number, along with information regarding the contents of your noble order, shall be transmitted to the provider in accordance with the sacred teachings of Art. 6 (1) point b of the GDPR. This sacred act of transmission shall solely serve the purpose of processing payment with the provider, and only the necessary data shall be shared to fulfill this divine purpose.
When you choose a payment method that involves advance payments with our provider, you’ll be requested to provide specific personal data during the ordering process. We’ll need your first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, and any relevant information about alternative means of payment.
Rest assured, we take your privacy seriously. To ensure our legitimate interest in assessing our customers’ solvency, we securely transmit this data to the provider for a credit check, as outlined in Art. 6 (1) point f of the GDPR. Based on the personal information you provide, along with additional data like your shopping cart, invoice total, order history, and payment history, the provider evaluates whether the selected payment option can be granted considering payment and/or bad debt risks.
The credit report generated may contain probability values known as score values. These score values are derived from a scientifically recognized mathematical-statistical procedure, which takes into account various factors, including address data.
We want to emphasize that you have the right to object to the processing of your data at any time. Simply send us or the provider a message expressing your objection. However, it’s important to note that the provider may still be authorized to process your personal data if it’s necessary for the contractual processing of payments.
Oh, and by the way, the online payment methods available on our website are provided by Stripe Payments Europe Ltd., located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you opt for a payment method that requires an advance payment, such as credit card payment, your payment data (including name, address, bank and payment card information, currency, and transaction number), along with information about the content of your order, will be securely transferred to the provider in accordance with Art. 6 (1) point b of the GDPR. Please rest assured that your data will only be shared to the extent necessary for processing the payment with the provider.
10) Web Analysis Services
10.1 We use Google Analytics 4 to analyze the use of our website. Google Analytics 4 is provided by Google Ireland Limited, located at Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you browse our website with Google Analytics 4, it uses “cookies” as standard practice. These cookies are text files stored on your device that enable the analysis of your website usage. The information collected by these cookies, including the IP address of your device (which is anonymized by removing the last digits), is typically transmitted and stored on Google servers, including those of Google LLC in the United States.
Rest assured, your IP address is always collected and processed by Google Analytics 4 in an anonymized manner, ensuring that your personal information remains protected. Google shortens the IP address within the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) before processing it.
On our behalf, Google utilizes this information and other data to evaluate your website usage, generate reports on your activities and behavior, and provide us with valuable insights related to your internet usage. It’s important to note that the anonymized IP address transmitted via Google Analytics 4 is not merged with any other data from Google. The data collected through Google Analytics 4 is retained for a period of 2 months and then deleted.
Google Analytics 4 also allows us to create statistics that provide insights into the age, gender, and interests of our website users. This is done by evaluating interest-based advertising and incorporating third-party information. These statistics help us target our marketing efforts effectively. However, the data collected through these statistics cannot be linked to any specific individual, including you. The data collected through the demographic characteristics function is retained for two months and then deleted.
It’s important to mention that all the processing described above, including the use of Google Analytics 4 cookies for storing and reading information on your device, requires your express consent in accordance with Art. 6 (1) lit. a of the GDPR. If you do not provide your consent, Google Analytics 4 will not be used during your visit to our website. You can withdraw your consent at any time for future use. Simply deactivate this service through the “Cookie Consent Tool” provided on our website.
We may also use the “Google Signals” service, an extension of Google Analytics 4. With Google Signals, Google can create cross-device reports (known as “cross-device tracking”) when personalized ads are enabled in your Google account settings, and your internet-enabled devices are linked to your Google account. The cross-device analysis is conducted only if you have given your consent to the use of Google Analytics in accordance with Art. 6 (1) lit. a of the GDPR. Google considers login and device type information of all page visitors who were logged into a Google account and completed a conversion. This data reveals the device on which you initially clicked on an ad and the device where the conversion occurred. Please note that we do not receive any personal data from Google through Google Signals; we only receive aggregated statistics. You have the option to disable personalized ads and cross-device analysis in your Google account settings. Visit this page for instructions: https://support.google.com
For additional information, you can check out these links:
– Google Analytics 4: https://support.google.com
– Google Privacy Policy: https://policies.google.com
– Google Analytics 4 and Data Handling: https://policies.google.com
We’ve established a data processing agreement with Google to ensure the protection of our website users’ data and restrict its disclosure to third parties.
To ensure compliance with European data protection standards, Google refers to the standard contractual clauses of the European Commission, which we have contractually agreed upon with Google, in the event of data transfer from the EU or EEA to the USA or any further processing in the USA.
If you’d like more details about Google Analytics 4, including a copy of the standard contractual clauses, you can find them here: https://policies.google.com
10.2 – Google Tag Manager
We also use a service called “Google Tag Manager” on our website. Google Tag Manager is provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager acts as a technical platform that allows us to consolidate various web applications, including tracking and analysis services, through a unified user interface. It helps us manage, control, and configure these applications with ease.
It’s important to note that Google Tag Manager itself does not store or read any information on user devices. It does not perform any independent data analysis either. However, when you visit a page, Google Tag Manager may transmit your IP address to Google and store it there. It’s also possible for the IP address to be transmitted to servers of Google LLC in the United States.
This processing is carried out only if you provide your express consent in accordance with Art. 6 (1) point a of the GDPR. If you do not provide your consent, Google Tag Manager will not be used during your visit to our website. You can withdraw your consent at any time for future use by deactivating this service in the “Cookie Consent Tool” available on our website.
To ensure the protection of our website visitors’ data and restrict its disclosure, we have entered into an order processing agreement with Google.
When it comes to the transfer of data from the EU to the USA, Google relies on the standard data protection clauses of the European Commission. These clauses are designed to ensure compliance with European data protection standards in the USA.
For more information about Google Tag Manager and its privacy practices, you can visit this link: https://support.google.com
If you’d like to learn about the privacy aspects of specific services and applications integrated into Google Tag Manager, please refer to the corresponding sections in our privacy policy.
11) Retargeting/Remarketing/ Referral Advertising
We utilize the Facebook pixel within our online offering to create custom audiences. This pixel is provided by Facebook, operated by Meta Platforms Ireland Limited, located at 4 Grand Canal Quay, Square, Dublin 2, Ireland.
When a user clicks on one of our advertisements displayed on Facebook, the Facebook pixel adds additional information to the URL of our linked page. If our page allows data to be shared with Facebook through the pixel, this URL parameter is stored in the user’s browser via a cookie, which is set by the linked page itself. Facebook Pixel then reads this cookie and allows the data to be transmitted to Facebook.
By using the Facebook pixel, Facebook can identify visitors of our online offering and present them with targeted ads, known as “Facebook ads.” These ads are displayed exclusively to Facebook users who have demonstrated an interest in our online offering or possess certain characteristics (such as interest in specific topics or products determined by their website visits). We provide this information to Facebook, enabling the creation of “custom audiences.” Our goal in using the Facebook pixel is to ensure that our ads align with users’ potential interests and are not intrusive. Additionally, we can assess the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users accessed our website after clicking on a Facebook ad (referred to as “conversion”).
The data collected through the Facebook pixel is anonymous and does not provide any information about the user’s identity. However, Facebook stores and processes the data to establish a connection with the respective user profile, allowing Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com
The processing of data associated with the use of the Facebook pixel is conducted only with your explicit consent, following the guidelines of Art. 6 (1) point a of the GDPR. You can withdraw your consent at any time for future use by deselecting the “Facebook Pixel” option in the “Cookie Consent Tool” integrated on our website.
12) Site Functionalities
12.1 Facebook plugins
Our website utilizes plugins provided by Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook).
These plugins enable direct interaction with content on the Facebook social network.
To enhance the protection of your data while visiting our website, the plugins are initially deactivated and integrated into the page using a “2-click” or “Shariff” solution. This integration ensures that when you access a page on our website containing such plugins, no immediate connection is established with the provider’s servers.
Your browser establishes a direct connection to the provider’s servers only when you activate the plugins and give your consent for data transfer, in accordance with Art. 6 (1) point a of the GDPR. During this process, certain information about your device (including your IP address), browser, and page history is transmitted to the provider and may be processed further, regardless of whether you are logged into an existing user profile.
If you are logged into a user profile on the provider’s social network, information about interactions performed via the plugins may be published on the platform and displayed to your contacts.
You can withdraw your consent at any time by deactivating the activated plugin through another click. However, revoking your consent does not affect the data that has already been transmitted to the provider.
Data may also be transferred to Meta Platforms Inc., located in the USA.
We have established an order processing agreement with the provider, which safeguards the protection of data belonging to visitors of our website and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider relies on standard contractual clauses issued by the European Commission. These clauses are designed to ensure compliance with the European level of data protection.
12.2 Instagram plugins
Our website utilizes plugins provided by Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Instagram).
These plugins enable direct interaction with content on the Instagram social network.
To enhance the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a “2-click” or “Shariff” solution. This integration ensures that when you access a page on our website containing such plugins, no immediate connection is established with the provider’s servers.
Your browser establishes a direct connection to the provider’s servers only when you activate the plugins and give your consent for data transfer, in accordance with Art. 6 (1) point a of the GDPR. During this process, regardless of whether you are logged into an existing user profile, certain information about your end device (including your IP address), browser, and page history is transmitted to the provider and may be further processed there.
If you are logged into an existing user profile on the provider’s social network, information about interactions performed via the plugins will also be published and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin through another click. However, revoking your consent does not affect the data that has already been transferred to the provider.
Data may also be transferred to Meta Platforms Inc., located in the USA.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider relies on standard contractual clauses issued by the European Commission. These clauses are meant to ensure compliance with the European level of data protection.
12.3 YouTube Videos
This website utilizes plugins to display and play videos provided by Google Ireland Limited, located at Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland.
Data may also be transmitted to Google LLC., located in the USA.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers in order to load the plugin. This process involves the transmission of certain information, including your IP address, to the provider.
If embedded video playback is initiated through the plugin, the provider also utilizes cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.
If you are logged into a user account maintained by the provider during your visit to the site, your data will be directly associated with your account when you click on a video. If you do not wish to have your data associated with your account, you must log out before clicking the play button.
All of the aforementioned processing, particularly the setting of cookies to collect information from the device used, occurs only if you have provided us with your explicit consent in accordance with Art. 6 (1) point a of the GDPR. You can revoke your consent at any time for future effects by deactivating this service through the “cookie consent tool” provided on the website.
12.4 Google Web Fonts
This site uses web fonts provided by Google Ireland Limited, located at Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, to display fonts in a consistent manner.
Data is also transferred to Google LLC, located in the USA.
When you access a page, your browser loads the required web fonts into its cache in order to correctly display texts and fonts. This process involves establishing a direct connection to the provider’s servers and transmitting certain browser information, including your IP address, to the provider.
The processing of personal data during the connection establishment with the font provider occurs only if you have provided us with your explicit consent in accordance with Art. 6 (1) point a of the GDPR. You can revoke your consent at any time for future effects by deactivating this service through the “cookie consent tool” provided on the website. If your browser does not support web fonts, your computer will use a standard font instead.
12.5 reCAPTCHA
This website uses the CAPTCHA service provided by Google Ireland Limited, located at Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to Google LLC, located in the USA. For the visual design of the CAPTCHA window, the provider utilizes “Google Fonts,” which are fonts loaded from the internet by Google. No additional information is processed except for the data already transmitted to Google via the ReCaptcha functionality.
The service verifies whether an input is made by a human or a machine in order to prevent spam, DDoS attacks, and similar automated malicious attacks. To determine whether an action is performed by a human and not an automated bot, Cloudflare Turnstile collects the IP address of the device used, browser recognition data, operating system type, and the date and duration of the visit. These data are then transmitted to the provider’s servers for evaluation.
This process is based on our legitimate interest in determining individual responsibility when using the internet and preventing abuse and spam, in accordance with Art. 6 (1) point f of the GDPR.
We have entered into an order processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
12.6 Zoom
We use Zoom Video Communications Inc., located at 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, as the provider for conducting online meetings, video conferences, and/or webinars.
The provider processes various data, and the extent of the processed data depends on the information you provide before or during your participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider’s servers. This may include your registration data (name, email address, telephone number (optional), and password) as well as session data (topic, participant IP address, device information, description (optional)). Additionally, participants’ image and audio contributions, as well as voice input in chats, may be processed.
The legal basis for processing personal data necessary for the performance of a contract with you (including processing operations necessary for the implementation of pre-contractual measures) is Art. 6 (1) point b of the GDPR. If you have provided your consent for data processing, the processing is based on Art. 6 (1) point a of the GDPR. You can revoke your consent at any time with future effect. Furthermore, the legal basis for data processing during online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) point f of the GDPR in effectively conducting the online meeting, webinar, or video conference.
We have entered into an order processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
13) Tools and Miscellaneous
Here on our website, we’ve implemented a special “cookie consent tool” to ensure we obtain your consent effectively for cookies and cookie-based applications that require consent. When you visit our page, this tool appears as an interactive user interface, giving you the ability to provide consent by simply checking the appropriate box for specific cookies and/or cookie-based applications.
With the help of this tool, only the cookies and services that require your consent will be loaded once you’ve granted it by ticking the corresponding box. This means that these cookies will only be set on your device if you’ve given your consent.
It’s important to note that the tool also sets technically necessary cookies to remember your cookie preferences. Rest assured, we generally do not process personal user data through these cookies.
In certain cases, however, we may need to process personal data, such as your IP address, to store, assign, or log your cookie settings. Please know that we do so in accordance with Art. 6 (1) point GDPR, as we have a legitimate interest in managing cookie consent in a manner that is compliant with the law, user-specific, and user-friendly. Our aim is to ensure the design of our website is legally compliant and respects your privacy.
Additionally, the legal basis for processing your data falls under Art. 6 (1) point c GDPR. As the responsible party, we are bound by the legal obligation to make the use of technically unnecessary cookies dependent on your consent.
If you’d like more information about the operator of the cookie consent tool and the options for managing your consent settings, you can find detailed details directly in the corresponding user interface on our website.
14) Rights of the Data Subject
14.1 Under the data protection law, you have important rights as a data subject. These rights give you the power to take control of your personal data and intervene in its processing. As the data controller, we are committed to respecting and upholding these rights. Here are the comprehensive rights you have:
- Right of access: You have the right to know whether we are processing your personal data and to obtain a copy of that data under Article 15 of the GDPR.
- Right to rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request its rectification under Article 16 of the GDPR.
- Right to erasure (“right to be forgotten”): In certain circumstances, you can request the deletion of your personal data under Article 17 of the GDPR. We will carefully evaluate such requests, taking into account any legal obligations or legitimate interests that may override this right.
- Right to restriction of processing: You have the right to restrict the processing of your personal data under Article 18 of the GDPR. This means we will limit the processing of your data while we assess your request or resolve any disputes.
- Right to be informed: If there are any changes or updates to your personal data, you have the right to be informed about those changes under Article 19 of the GDPR.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible, under Article 20 of the GDPR.
- Right to withdraw consent: If you have given your consent for the processing of your personal data, you have the right to withdraw that consent at any time under Article 7 (3) of the GDPR.
- Right to lodge a complaint: If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, as outlined in Article 77 of the GDPR.
These rights empower you to have control over your personal data and ensure that it is being handled in a fair and lawful manner. If you wish to exercise any of these rights or have any questions about them, please contact us using the information provided in Section 2 of this Privacy Policy.
14.2 YOUR RIGHT TO OBJECT
If, in the context of considering interests, we process your personal data based on our predominant legitimate interest, you have the right to object to this processing at any time, for future effect, on grounds arising from your particular situation. Rest assured, if you exercise your right to object, we will cease processing the data in question. However, please note that we reserve the right to continue processing if we can demonstrate compelling reasons worthy of protection, which outweigh your interests, fundamental rights, and freedoms. We may also continue processing if it is necessary for asserting, exercising, or defending legal claims.
Furthermore, if we process your personal data for direct marketing purposes, you maintain the right to object to the processing of your personal data used for such purposes, at any time. You can exercise this objection by following the process described above. Once you express your objection, we will promptly cease processing the data for direct advertising purposes.
15) Duration of Storage of Personal Data
The length of time we retain your personal data depends on the specific legal basis, the purpose of processing, and, if applicable, the relevant legal retention periods (such as commercial and tax retention periods).
If your personal data is processed based on your express consent in accordance with Art. 6 (1) point a GDPR, we will store the data until you revoke your consent.
If there are legal storage periods for data processed within the scope of legal or similar obligations, based on Art. 6 (1) point b GDPR, we will routinely delete the data after the expiration of the storage periods, provided it is no longer necessary for fulfilling the contract, initiating the contract, or if we no longer have a justified interest in further storage.
When processing personal data based on Art. 6 (1) point f GDPR, we will store the data until you exercise your right to object in accordance with Art. 21 (1) GDPR. However, we may continue processing if we can demonstrate compelling grounds for processing that are worthy of protection and outweigh your interests, rights, and freedoms. Additionally, processing may continue if it serves to assert, exercise, or defend legal claims.
For personal data processed for the purpose of direct marketing, based on Art. 6 (1) point f GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.
Unless otherwise specified in the information provided in this declaration concerning specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or processed.