Your privacy is important to NDB Chartered Accountants Limited ("NDB"), a firm of accountants based in Ireland. This privacy statement sets out how we will protect your data, in line with current Irish and EU legislation, through appropriate organisation and technical security measures/processes. It also describes your rights in relation to that data.
NDB reserves the right to make changes to this statement, as necessary. When we do so we'll make previous versions available, on request, so you can see what these changes are. If any such changes alter key aspects of the notice or its meaning, we will notify you of those changes in advance. We encourage you to occasionally review this page for information on our latest practices.
This privacy notice specifically covers e-mail marketing and communications. Should you access our services, we will seek additional explicit consent, usually by means of written communications such as a letter of engagement where the scope and price of the service will be mutually agreed and the purposes for which we collect and process your data will be clearly set out in writing for you. We will also provide you with an appropriate privacy notice.
A full list of your rights under the General Data Protection Regulation (GDPR) is shown below in paragraph 9.
1. How NDB collects personal data
You can give us your personal data in many ways. For example, when you ask us to provide you with a consulting service or training, to purchase a manual or template document, you may also register through our website to receive our regular technical blogs, sign up to attend a training course or when making enquiries about our services.
When we collect data from you we will ensure it is adequate for the purpose and never excessive. We would like to send you marketing communications to keep you up to date with any updates to the range of services available to you, but we will only do so, if you provide us with your express consent. You can change your mind and opt out of this type of communication at any time, by following the directions included in those communications.
All the personal data we hold about you will be processed by our staff in Ireland and no third parties will have access to your personal data, except where already stated above, unless there is a legal obligation for us to provide them with this.
Should you not opt out, any consent provided will expire automatically after 5 years, unless subsequent consent has been provided in that time.
Data Collection – Client Engagements
We need to know basic personal data to provide you with our services, and to claim our right to be paid in return for our services, under our standard terms of engagement/contract we have with you. If you do not provide this information, then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need to provide and oversee the services that we have agreed to provide.
2. How NDB uses your personal data
Eligibility verification - as a consulting and training provider, NDB has a legitimate interest in retaining your personal data to provide our training/consulting services and provide you with updates to our manuals/templates from time to time (this does not affect your right to object, at any time, to this type of processing).
Marketing - we will only send e-mail electronic communications. We will record your mailing preferences. We will use this information to keep the quantity of communications appropriate and to make sure any communications are as relevant as possible.
Management reporting and business planning - we may produce internal documents, analysing our interaction with clients, to monitor our own activities.
Data validation - NDB always strives for the highest level of accuracy in the data we hold. This includes contacting you directly to check the data we hold is accurate. This minimises the possibility of sending information to you at an incorrect e-mail address.
Disclosures required by law - the law can require the disclosure of information for various reasons, in such circumstances NDB must comply with those requests.
While doing business with you, NDB may share information with carefully selected organisations we engage with to provide certain services. These include:
Data storage services, such as DC Cloud Services for cloud storage and data management;
Financial organisations such as banks and building societies.
Please note that outside of the EU member states, privacy laws may not be equivalent to those provided by the GDPR. In such countries, NDB and any third party processors will still handle your data as described in this document, ensuring appropriate security measures in line with legislation.
4. Protecting your data
NDB ensures the highest levels of security, both with technical encryption and passwords and organisational, when collecting and processing data, and when your data is in transit and when at rest on the cloud or on our servers. This is regularly reviewed to ensure those measures remain effective and up-to-date with the latest available technologies.
5. Retention of data
To ensure we can perform our services, we will retain basic data provided to us normally for a minimum of seven years. It is in the legitimate interests of NDB to be able to do so and to ensure that we can provide support to you for the minimum period allowed under Irish law and regulation. For this reason, we will retain these records only for the period allowed under Irish and EU law and regulation, unless you object or request to engage your right to be forgotten.
When visiting the NDB's website, we may use features which collect your IP address and data on which pages you are visiting on our site.
This allows us to tailor your experience and electronic marketing to what we think you want to see.
We do not normally collect information from children. In accordance with local Irish data protection legislation, if and when we collect information from children, we will process that information in an age appropriate manner. If a child is under 16 years of age, we will seek consent from a parent or guardian.
8. Categories of data we collect
Personal data: name, and title and on occasions date of birth, date of marriage, VAT and PPS numbers;
Contact data: postal address, email address and telephone numbers.
Current legislation provides the following rights for individuals in relation to their personal data:
The right to access the personal data we hold on you;
The right to correct and update the personal data we hold on you;
The right to have your personal data erased;
The right to object to processing of your personal data;
The right to data portability;
The right to withdraw your consent to the processing at any time for any processing of personal data to which consent was sought;
The right to object to the processing of personal data where applicable;
The right to lodge a complaint with the Irish Data Protection Commission.
A cookie is a tiny element of data that a website can send to a visitor's computer's browser so that this computer will be recognised by the site on their return. Cookies allow our web server to recognise a computer on connection to the website, which in turn allows the server to make downloading of pages faster than on first viewing. In addition, cookies may also be used by us to establish statistics about the use of the website by Internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, site performance, etc. By collecting and using such data, we hope to improve the quality of the website.
The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above. In any event, such information may not be kept for longer than one year.
Navigation data about site viewers is automatically collected by our servers. If you do not wish to have this navigation data collected, we recommend that you do not use the website. A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on the website. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer's hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of the website, we recommend that visitors do not block the recording of cookies on their computer.
All NDB servers and computer systems are protected from outside intrusions. As a result, all data that may be collected about website viewers using cookies, will be protected from unauthorised access.
Cookies used on the website are only active for the duration of the visit. Cookies used on this site are not stored on visitor's computer once you have closed your web browser. Information generated using cookies may be compiled into an aggregate form so that no individual can be identified.
11. Transfer of User Data outside the User Jurisdiction
To provide the website service to you, we may need to transfer User Data to locations outside the jurisdiction in which a visitor is viewing the website (the User Jurisdiction) and process User Data outside the User Jurisdiction. If the User Jurisdiction is within the European Economic Area (the EEA) please note that such transfers and processing of personal data may be in locations outside the EEA. Any data sent or uploaded by users may be accessible in jurisdictions outside the User Jurisdiction (including outside the EEA). The level of data protection offered in such jurisdictions may be less than that offered within the User Jurisdiction or (as the case may be) within the EEA.
User Data may be controlled and processed from time to time, outside the EEA. By continuing to use the website and by providing any personal data (including sensitive personal data) to us via the website or email addresses provided on the website, visitors are consenting to such transfers, provided that they are in accordance with the purposes set out above and elsewhere in this Privacy Notice. Please do not send us any personal data if you do not consent to the transfer of this information to locations outside the User Jurisdiction (including, if applicable, outside the EEA).
There are several places throughout this website that may link to other Websites that do not operate under NDB's privacy practices. When visitors link to other Websites, NDB's privacy practices no longer apply. We encourage visitors to review each site's privacy notice before disclosing any personally identifiable information.
If you have any questions regarding this statement or you wish to discuss your data, you can contact NDB's Data Protection Representative at firstname.lastname@example.org or by writing to:
116B Lower Kilmacud Road, Stillorgan, Co. Dublin