Skip to content

Privacy Statement

IDPAA Limited Privacy Statement

IDPAA respects your privacy and is committed to protecting your personal data. This privacy statement will inform you on what we do with your personal data that you and others may provide us, why we collect it and the rights which you have in relation to it.

Contacting Us and Who we are

The terms “we”, “us”, “our” throughout this document refers to IDPAA Limited

IDPAA means IDPAA Limited, incorporated in Ireland with a company number 630958 and a registered office at Scart, Tubrid, Cahir , Co. Tipperary E21WK24

If you have any questions about how your information is stored or managed, or any questions about this statement or if you wish to exercise any of your privacy rights please contact us at: Scart, Tubrid, Cahir , Co. Tipperary E21WK24 or +353(0) 52 6146220 or via  email

What we use your personal data for

We collect your personal information for a number of different purposes and rely on a number of different legal grounds to do so.

We mainly use your personal information so that we can provide you with a quality consultancy service. Where we act as a Data Processor on behalf of our clients we act in accordance with their instructions and obligations which are set out in the terms of agreement with our clients.

We may use your personal information for our everyday business needs, such as managing our business.

However, more specifically, we may use the personal that we gather for any or all the following purposes:

Purpose Description Lawful Basis for Processing
Legal obligation We may use your personal information to comply with various legal obligations to which we are subject. The processing is necessary for compliance with a legal obligation to which the controller is subject.
Sales and Support enquiries To respond to correspondence, you send to us and fulfil the requests you make to us. To takes steps prior to the entry into a contract with you and for our Legitimate Business Interests.
Business needs We may also use your personal information to manage our everyday business needs, including accounting, sharing your information for administrative purposes, and to prevent fraud. We rely on our legitimate interest in the effective management of our business.
Website Security To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). (1) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud .

(2) Necessary to comply with a legal obligation.

Website analytics We use data analytics to improve your experience on our website and to define types of customers for our services and  to keep our website updated and relevant. We will only use analytics where you have given your consent .
Information pertaining to your customers, employees, contractors, and vendors You may on occasion provide us with information pertaining to your customers, employees, contractors or vendors when we are supporting your business on Data Subject Rights, Vendor Reviews and or where we provide you with Breach  Support. The processing is necessary to meet the obligations of our contract with you.

Who do we share your information with?

Staff and onsite suppliers: Your personal information may be accessed by our staff in order to perform their duties.

Third Party Service Providers to us: We may share your personal information with third party service provides that perform services and functions on our behalf such as our accountants and other business advisors, IT service providers, printers and providers of security and administration services such as CRM and email hosting companies.

Acquisition: to a third party if it acquires all or part of our business or assets in connection with the acquisition, or to a successor in interest in the unlikely event of our insolvency, winding up or liquidation;

Other Bodies:

  • If we are required to do so by applicable law and regulation, governmental, tax or regulatory body or law enforcement agency;
  • if you are represented by an Agent, to your Agent; and
  • to any other person with your prior consent to do so.

Further Information: If you would a comprehensive list of all our Third Party Service Providers please contact us in writing @  Scart, Tubrid, Cahir , Co. Tipperary E21WK24 or +353(0) 52 6146220 or via email

What type of information do we collect?

As a Data Protection Consultancy, we minimise the amount of personal data we need to collect to manage your account with us.

The following table is a non-exhaustive list and provides an indication of the categories and types of personal data we use to perform our duties.

Purpose Type of Data
Sales & Marketing Name,  Email Address, Contact Phone numbers, Role
Contract Management Government ID i.e. (PPSN, Vat), Contact information, Due Diligence documentation including Know your Customer data including Name, Address, Phone numbers, Director details, previous directorships.
Website/Contact Forms Name, Contact Details, I.P Address, Cookie Preferences
Security I.P Address
Where we act as a Processor Data as provided by the Data Controller

How long do we retain information?

The period of time we hold your information depends on the purpose for which we collected it. As a general rule we may hold your personal information for a period of 7 years from the date we cease to provide any product or service to you. We may hold this data for a longer period if we are legally required to do so.

We may transfer your personal data outside of the European Economic Area (“EEA”). These countries do not always afford an equivalent level of privacy protection and in such circumstances, we will take specific steps, in accordance with data protection law, to protect your personal information. For transfers of personal data, outside the EEA where there is no adequacy decision by the European Commission, we may rely on contractual protections approved by the European Commission.

Your Rights

You have several rights under data protection law in relation to how we use your personal information. You have the right, free of charge, to:

  • check what type of personal data we hold about you and what we do with that information (you are also entitled to receive a copy of this information);
  • have any inaccurate personal data which we hold about you updated or corrected;
  • erase personal information we hold about you;
  • stop us from using your personal information in certain cases, including if you believe that the personal information, we hold about you is inaccurate, or our use of your information is unlawful. If you exercise this right, we will store your personal information and will not carry out any other processing until the issue is resolved;
  • object to us using your personal information where we rely on our legitimate interests to use your information. We will stop using your personal information unless we can demonstrate an overriding legitimate ground for the continued processing of this information; and
  • receive certain aspects of your personal information in a structured, commonly used, and machine-readable format and to have that information transferred to you or another data controller.

These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights, please contact us using the contact details provided below. We will endeavour to respond to your request within one month. If we are unable to deal with your request within one month, we may extend this period by a further two months and we will explain why.

Where you contact us with regards to your Personal Data where we are acting in the capacity of a Processor on behalf of our clients. We will notify you of same and provide notice to the Data Controller of you request.

For all queries in relation to any of the above rights please contact us by emailing  or by post to Scart, Tubrid, Cahir , Co. Tipperary E21WK24 or by phone on +353(0) 52 6146220

You also have the right to lodge a complaint to the Office of the Data Protection Commission. For further information please see