Last updated: 13/08/2021
We respect your privacy and are committed to protecting your personal data. This Data Protection Policy describes the types of information we collect and use, how and why we use such information, who we share it, and tells you about your data protection and legal rights.
When we say “we”, “us” or “our”, GreenAware is our business name and we are part of Boyne Valley Unlimited Company, a company incorporated in Ireland with company number 24499 of Platin Road, Drogheda, Co. Meath, the controller of your information.
Who this policy applies to
This Data Protection Policy applies to all visitors who access or use our websites, domains, apps and related services (together, the “Website”).
This Website is not intended for children and we do not knowingly collect data relating to children.
We are committed to ensuring that all personal data are:
- Processed lawfully, fairly and transparently
- Processed for specific purposes only, and not in any manner incompatible with those purposes
- Adequate, relevant and limited to what is necessary
- Not kept longer than necessary
- Processed consistent with your rights
- Kept confidential and secure
Types of personal data processed
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use and otherwise process the following types of personal data:
- Identity data: includes personal details and contact information such as first name, last name, home address, phone number, email address, fax number nationality (where required), unique ID code (which allows us to process your orders and payments).
- Contact data: includes name, email address and telephone numbers.
- Profile data: includes your username and password, your interests, preferences, and publicly available information, feedback and survey responses.
- Usage data: includes information about how you use our Website.
- Marketing and communications data: includes your preferences in receiving marketing from us and our third parties and your communications preferences. We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and services may be relevant for you. You may receive marketing communications from us if you have requested information from us. You will always have the right to unsubscribe from such communications.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data under data protection legislation as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Data Protection Policy.
We do not collect any special categories of personal data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your personal data
We use your personal data for the purposes outlined below, except where restricted by law. In doing so, we rely on a number of separate and overlapping legal bases to lawfully process your personal data. We set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We also identify what our legitimate interests are, where appropriate.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you would like more details about the specific legal ground we are relying on to process your personal data.
The table below sets out the purposes for which we use your personal data and the legal bases we are relying on in the table below.
|To manage our relationship with you.
||To notify you about changes to our terms or policies and asking you to leave a review or take a survey.
||Performance of a contract with you. Necessary to comply with a legal obligation. Our legitimate interests to keep records updated and to study how customers use our products/services.
|To administer and protect our business and the Website.
||To include troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data and screening customers and orders for potential risk or fraud.
||Our legitimate interests of running our business, provision of administration and IT services, network security and to prevent fraud. To comply with a legal obligation.
|To deliver relevant Website content and advertisements to you.
||To measure or understand the effectiveness of the advertising we serve to you.
||Our legitimate interests to study how customers use our products, to develop them, to grow our business and to inform our marketing strategy.
|To make suggestions and recommendations to you.
||To recommend products and services that may be of interest to you.
||Our legitimate interest of developing products and growing our business.
|Improve efficiencies and processes.
||To process information from feedback and reviews.
||Our legitimate interest of improving efficiencies in the workplace, internal management and effective performance of personnel.
|To market our Website.
||Where permitted by digital marketing law we may contact you by email to let you know about future events, news and promotions.
||Our legitimate interests of marketing our Website and developing our business.
|To enable you to take part in a prize draw, competition or complete a survey.
||To provide you with information and updates in relation to our business, products, competitions and events.
||Performance of a contract with you. Our legitimate interests to study how customers use our product, to develop and grow our business.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we share your personal data
We may share your personal data with the parties set out below for the lawful purposes referred to above:
- To our affiliates, including our related companies, members and subsidiaries.
- To service providers to help us provide our services and communicate with you. For example, categories of service providers include Wordpress to power our IT software and hosting providers, companies assisting with our marketing services and our other business partners.
- To third parties in the case of business re-organisation. For example to third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this data protection policy.
We may also share your personal data for legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our terms and conditions or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.
If we outsource the processing of personal data to third parties or provide personal data to third party service providers, we require those third parties to protect the personal data they are provided with appropriate security measures and only use it to provide their service to us prohibit and restrict them from using the personal data for their own purposes.
You can read more about how WordPress uses your personal data here.
We have put in place appropriate technical and organisational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data (including special categories of personal data). In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulatory authorities of a breach where we are legally required to do so.
In some cases, we need to transfer your information to recipients outside the European Economic Area (“EEA”) for the purposes described in this Data Protection Policy. Where we transfer your information, we do so in accordance with EU data protection law. If you are based in the EEA, when your data is moved from your home country to a third country outside the EEA some of these countries may not have the same data protection safeguards as your home country. If we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Third party links
We will only retain your personal data only for as long as is necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax and accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have determined the following retention periods for the following categories of personal data:
|Contact information/ online activity.
||The period you are a customer period plus 2 years (from last order date).
||To fulfil contract to which you are a party
You have several rights in relation to your personal data. You have a right to:
- access a copy of your personal data held by us;
- request rectification of your personal data if it is inaccurate or incomplete;
- request erasure of your personal data in certain circumstances;
- restrict our use of your personal data in certain circumstances;
- move (or port) personal data which you have given us to process; and
- object to the processing of your data where our legal basis for processing your data is our legitimate interests.
However, these rights may not be exercised in certain circumstances, such as when the processing of your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims.
If you have any questions about this Data Protection Policy, or if you require further information about our use of your personal data or you wish to avail of any of your rights, you may contact us at email@example.com or firstname.lastname@example.org.
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, you have the right to lodge a complaint with the Data Protection Commission. The contact details of the Data Protection Commission are:
Data Protection Commission,
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Phone: +353 87 103 0813
Changes to the Data Protection Policy
We may update this Data Protection Policy from time to time in order to reflect, for example, changes to our business, our practices, or for other operational, legal or regulatory reasons, so please review it frequently. We will notify you of any changes by posting the updated policy on this page with its effective date. If the change is material, we will take reasonable steps to notify you, such as by posting a notice on our website.