1. Introduction

This Privacy Policy explains how Digital Data Protection Services (“DDPS”, “we”, “us”, “our”) collects, uses and protects personal data in the course of providing consultancy and training services, and through our website and related contact channels.​
We are committed to handling personal data lawfully, fairly and transparently, in accordance with the General Data Protection Regulation (GDPR) and applicable Irish Data Protection Act 2018.​

2. Who we are and how to contact us

Digital Data Protection Services is a data protection and GDPR consultancy based in Ireland.​
If you have any questions about this Privacy Policy or our processing of personal data, you can contact:

• Controller: Digital Data Protection Services

• Contact person: Kathy Horgan

• Email: kathyhorgan@digitaldataprotectionservices.com

• Phone: 087 931 0750

• Postal address: 8 Ardroe, Ballyroe, Tralee, Co. Kerry, V92 WYWR, Ireland

These contact details should be used for any queries, requests to exercise data protection rights, or concerns about how personal data is handled.​

3. What personal data we collect

The types of personal data we may collect include:​

• Contact details: name, work email address, phone number, job title, organisation.

• Communication data: information you provide in emails, contact forms, meeting notes or consultation calls.

• Client data: details about your organisation’s data protection needs, project documentation and related correspondence, which may occasionally include limited personal data about your staff or contacts.

• Website and usage data: technical information such as IP address, browser type, and basic analytics data where enabled.

4. How we collect personal data

We collect personal data in the following ways:​

• Directly from you when you contact us by email, phone, web form, social media or in person.

• In the course of providing consultancy or training services under a contract with your organisation.

• Automatically, through essential and (where used) analytics cookies when you visit our website.

5. Purposes and legal bases

We process personal data for these purposes and legal bases:​

• To respond to enquiries and provide quotes or proposals (legitimate interests in developing our business; and/or steps taken at your request before entering a contract).

• To deliver consultancy, training and related services to client organisations (performance of a contract with your organisation).

• To manage our relationship with clients, including billing, record‑keeping and quality assurance (performance of a contract; legal obligations; legitimate interests).

• To operate, secure and improve our website and services (legitimate interests in running and safeguarding our business).

• To comply with legal and regulatory obligations, including tax and accounting requirements (legal obligation).

6. Sharing of personal data

We do not sell your personal data.​
We may share personal data with:

• Professional service providers who support our business (such as IT, email, website hosting, or accountancy services), subject to appropriate confidentiality and data processing agreements.

• Public authorities, regulators or law enforcement bodies where required by law.​

Where we engage processors, they are only permitted to process personal data on our documented instructions and must implement appropriate security measures.​

7. International transfers

If any service providers or tools we use involve transferring personal data outside the European Economic Area, we will ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, as required by the GDPR.​

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.​
In general:

• Enquiry data is kept for up to [12–24] months after our last contact if no contract is formed.

• Client and project records are kept for up to [6–7] years after the end of the engagement for legal, tax and professional record‑keeping purposes.

• Technical logs and analytics data are kept for shorter periods, in line with security and analytics needs.

9. Your data protection rights

Under the GDPR, individuals have the following rights in relation to their personal data, subject to certain conditions and exemptions:​

• Right of access to your personal data.

• Right to rectification of inaccurate or incomplete data.

• Right to erasure (“right to be forgotten”) in certain circumstances.

• Right to restriction of processing.

• Right to data portability (for data you have provided to us, where processing is based on consent or contract and carried out by automated means).

• Right to object to processing based on our legitimate interests.

• Where we rely on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details above.​
You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland or with your local supervisory authority.​

10. Cookies and similar technologies

Our website may use essential cookies to enable core functionality and, where chosen, analytics cookies to help us understand how visitors use the site.​
Where required, we will present a cookie banner allowing you to manage your cookie preferences, and you can also control cookies through your browser settings.​

11. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.​
These measures include access controls, secure communication channels and limiting personal data to what is necessary for the relevant purposes.​

12. Third‑party websites

Our website may contain links to other websites.​
This Privacy Policy does not cover those sites and we are not responsible for their content or privacy practices; you should review the privacy information provided on any third‑party site you visit.​

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or best practice.​
The most recent version will always be available on our website, and where appropriate, we will notify clients or key contacts of significant changes.​

14. How to contact us or the Data Protection Commission

If you have any questions about this Privacy Policy or how we handle personal data, please contact us using the details in section 2.​
You can contact the Data Protection Commission (DPC) at www.dataprotection.ie for further information or to make a complaint.​