Privacy Statement for this website

This statement was last updated on 15^th March 2019.

Who we are?

GDPR Wisdom is a trading name of Wandsoft Limited.

We are a provider of Software As a Service (Saas) solutions in the field of GDPR compliance and Customer Relationship management.

Wandsoft Limited is incorporated in Ireland since 2001, number 343136. Registered Address: Unit 3, Grange Road Retail Park - Grange Road - Rathfarnham - Dublin 16

Wandsoft is registered as a data-processor with the Data Protection Commissioner in Ireland, reference 12631/A  

About this privacy statement

We have created this data protection notice as the controller of personal data for visitors to this website, for prospects, clients and former clients. This notice aims to demonstrate our firm commitment to privacy and to inform people dealing with us about the information we collect and process in connection with such interaction.

This notice sets out an explanation of what personal data about you we process, why we process your personal data, with whom your personal data is shared and a description of your rights with respect to your personal data.

What information do we process?

We need to keep and process certain information about you to manage our business, for management purposes, to comply with our legal obligations and, where necessary, to protect our legitimate business interests. We will collect and process information from you during your visit on this website, during our contractual relationship and following the termination of our contractual relationship.

Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties, e.g. credit check references.

The categories of personal data we process and the lawful basis for doing so are set out in more detail below.

How do we use your information?

The information we hold and process will be used for management and administrative purposes. We keep it and use it to enable us to run our business, manage our contractual relationship with you effectively, lawfully and appropriately and protect your rights and interests. This includes using your information to enable us to manage contracts, comply with legal obligations, pursue our legitimate interests and protect ourselves in the event of legal proceedings against the company.

The uses we make of each category of your personal data, together with the lawful basis we rely on for those uses are set out in more details below.

Where there is a need to process your data for a purpose other than those set out in the appendix or otherwise outlined to you, we will inform you of this.

How is your information shared?

Your personal data may be disclosed to third parties where we are legally obliged to do so or where our contract requires or permits us to do so. For example, we pass on certain information to our accountant to fulfil our legal obligations.

More detailed information on how we share your personal data is set out below. 

Will your information be transferred abroad?

Our data-centres are located in Ireland, so generally, your personal data will not be transferred abroad.

We may transfer your personal data within the EEA for purposes connected with the management of our business, eg staff travelling abroad that may need to log on remotely from an encryptd computer.

In limited and necessary circumstances, your personal data may be transferred outside of the EEA (website statistics). Appropriate safeguards are in place to ensure the security of your personal data where it is transferred outside of the EEA.

The transfer of personal data is explained in more detail below.

How long do we keep your information?

Any personal data processed about you on this website is retained in accordance to our record retention policy. 

What happens if you do not provide us with your information?

In some cases, you may decline to provide us with your personal data. If we believe that we require relevant information to effectively and properly manage our contractual relationship, we may not be able to continue our relationship with you.

Will you be subject to profiling or automated decision making?

You will not be subject to automated decision making or profiling.

What are your rights under the data protection law?

You have the following rights under data protection law, although your ability to exercise these rights may be subject to certain conditions:

• the right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data;
• the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete;
• the right, in certain circumstances, to request that we erase your personal data;
• the right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or object to our use of your personal data or the way in which we process it;
• the right, in certain circumstances, to transfer your personal data to another organisation;
• the right to object to automated decision making and/or profiling; and
• the right to complain to the Data Protection Commissioner.

Review

This data protection notice will be reviewed from time to time to take into account changes in the law and the experience of the notice in practice.

Further information

If you have any queries in relation to this data protection notice, or if you have any concerns as to how your data is processed, please contact our Data Protection Officer using the following form:

First Name *

Surname *

Email * ?

Confirm Email *

Country * ? Please choose Albania Algeria Andorra Angola Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belgium Belize Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Bulgaria Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Chile China Colombia CookIsland CostaRica Croatia Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt ElSalvador England Estonia Ethiopia Faroe Islands Fiji Finland France French Guiana Gambia Georgia Germany Ghana Gibraltar Greece Greenland Guam Guinea Haiti HongKong Honduras Hungary Iceland India Indonesia Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kuwait Kyrgyzstan Latvia Libya Liechtenstein Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Mali Malta Martinique Mauritania Mauritius Mexico Moldova Monaco Mongolia Montserrat Morocco Mozambique Namibia Nepal Netherlands NewCaledonia NewZealand Nigeria Northern Ireland Norway Oman Pakistan Palestine Panama PapuaNewGuinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Helena Saint Lucia Samoa San Marino Saudi Arabia Scotland Senegal Seychelles SierraLeone Singapore Slovakia Slovenia Solomon Islands Somalia SouthAfrica SouthKorea Spain SriLanka Sweden Switzerland Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Uganda Ukraine United Arab Emirates United Kingdom United States of America Uruguay Uzbekistan Venezuela Vietnam Wales Yemen Zambia

Phone No. * ?

Company

Comments * ?

Please confirm you are not a robot by answering the result of this simple operation: 1 + 7 (answer is 8)

 

Appendix

The data-centres that hosts our servers and backups are ISO 27001 certified and located in Ireland:

• CTI-Global
• Blacknight

As a visitor to the website

When you browse this website, we passively collect the following personal data: 

• For for security reasons (legitimate interest Article 6-1-f )
  • Your IP address,
  • The page viewed
  • The time the page was viewed
  • The browser you used to view the page.
  • We do not cross reference the log with the enquiry, but we reserve the right to do so should we be concerned about the security of our operations.
  • The web server logs are normally kept for 6 months or less.
  • The personal data is stored in Ireland.
  • The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock   on your browser.
• For statistics (legitimate marketing interest Article 6-1-f )
  • Page viewed
  • The time the page was viewed
  • The browser you used to view the page
  • Page referers
  • We use our own Analytics. We cannot identify you from our Analytics (we no longer use Google Analytic)

When you open a link to a 3rd party website from our website, we passively collect the following personal data: 

• To help our marketing team gauge the popularity of material we would refer to (legitimate interest Article 6-1-f )
  • your country (we do not store the IP address),
  • the time,
  • the link you clicked
  • your browser type. 

When you make an enquiry via a form on this website

We use our own product, Wandsoft   CRM to handle your requests and manage our business.

• We collect (contract Article 6-1-b & legitimate interest Article 6-1-f)
  • your name, email address, phone, so we can contact you;
  • comments supplied in the form. so our team can easily refer to your query;
  • the time of the enquiry, so we can measure our response time dealing with your enquiry;
  • country, to measure our marketing efforts; 
• The personal data is stored in Ireland.
• We do not send your data to anyone but our staff, so you can be reassured your data stays in the EU;
• The transfer of the form content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock   on your browser.
• Our servers use encryption at rest.
• You will not be added to a mailing list.

When you become a GDPR Wisdom client, we will store:

As a data controller:

• Data required by law to provide a paid service (contract Article 6-1-b & legal obligations Article 6-1-c)
  • Invoice address
  • Service purchased
  • We keep these for a period specified by the Irish Revenue Commissioners   services (6 years + current financial year)
  • We will transfer the information to our appointed accountants Guardian Management   so they can perform our mandatory accounts return.
  • If required, we may need to transfer some of the personal data to the Revenue Commissioners, legal advisors.
• If you pay by credit card:
  • Credit card details
    • We use the services of Stripe   that may send data outside the EEA;
  • To avoid data to be sent outside the EEA due to credit card processing, you can pay by bank transfer.
  • Some data will be shared with our bank
• If you pay by cheque or bank transfer:
  • Some data will be shared with our bank

If -sadly- you don't become a GDPR Wisdom client, we will anonymise your personal data.

As a data-processor (client of Wandsoft-Bizoneo-GDPR Wisdom):

We will store your data in a GDPR compliant environment and will provide you with a data-processor agreement.

You will be able to view all access we might require to maintain and keep your GDPR Wisdom or Wandsoft system up to date.

We will not interact with your data unless instructed otherwise.

We will store on-going communication for the ability to provide support to the service(s) purchased from us.

Retention policy relevant to this website

• Website logs: 6 months or less;
• Enquiries: Until the end of our relationship, anonymise thereafter;
• Invoices: 6 years + current financial year.

Please note that we have no control over Google Analytics retention periods.