The following discloses Unipupil’s information gathering and dissemination practices for the personal information collected through our Website.
For the purpose of these Acts, the Data Controller is UNIPUPIL LIMITED with registered number 511203, THE GUINNESS ENTERPRISE CENTRE, TAYLOR’S LANE, DUBLIN 8, Ireland.
The Data Protection Officer is Unipupil Ltd (in the person of its legal representative), GUINNESS ENTERPRISE CENTER, Taylor's Lane, Dublin 8, Ireland..
1. Field of applications and scope
This Privacy Statement describes how we process your personal data for our services on the Unipupil websites, tools, applications, and other services (hereafter collectively referred to as the “Services”). It applies generally to the Unipupil web site and content and other related web sites where this policy appears in the footer of the page.
This Privacy Statement applies to all of our Services (whether accessed or made available online or through any other platform or device, hereafter collectively referred to as the "Website").
The policies which apply on any of our domains or subdomains are always the policies which appear in the footer of each web site. By visiting the Website directly or through another site, you accept the practices described in the Privacy Statement.
We are not responsible for the content or privacy practices on any web site not operated by Unipupil to which the Website links or which links to the Website.
Unipupil will ensure that all of your personal information is treated with the utmost care and security and according to the Acts.
2. What information we collect about you (User Data)
We may collect and process the following data about you:
2.1 Registration and Ordering
Before using (and/or having access to) certain parts of the website you must complete an online registration form. During registration, you will be prompted to provide to us certain personal information. In addition, we may also ask you for your country of residence and/or your organisation’s country of operation, so we can comply with applicable laws and regulations, and for your gender. These types of personal information are used for billing purposes, to fulfil your orders, to communicate with you about your orders and the website, and for marketing purposes. If we encounter a problem when processing your order, your personal information may be used to contact you.
2.2 Email Addresses
Several locations of the website permit you to enter your email address for purposes including but not limited to: to sign up for email newsletters and special offers, to request us to notify you of new products, and/or to perform other types of communications. By performing a purchase, booking or other kind of order; you may be opting in to receive email communications, so read carefully all the policies related to that specific order.
2.3 Cookies and Other Technology
Like many sites, our website employs cookies and web beacons (also known as clear GIF technology or “action tags”) to speed your navigation of the Site, recognise you and your access privileges, and track your website usage.
(ii) Web beacons assist in delivering cookies and help us determine whether a web page on the website has been viewed and, if so, how many times. For example, any electronic image on our website, such as an ad banner, can function as a web beacon. When used in HTML-formatted email messages, action tags can tell the sender whether and when the email has been opened.
(iii) We may use third-party advertising companies to help tailor site content to users or to serve ads on our behalf. These companies may employ cookies and web beacons to measure advertising effectiveness (such as which web pages are visited or what products are purchased and in what amount). Any information that these third parties collect via cookies and web beacons is not linked to any personal information collected by us.
2.4 Logging Files
As is true of most web sites, our website server automatically recognises the Internet URL from which you access the website. We may also log your Internet protocol (“IP”) address, Internet service provider, and date/time stamp for system administration, order verification, internal marketing, and system troubleshooting purposes. (An IP address may indicate the location of your computer on the Internet.)
You may choose to submit a review. If you post a review, we may ask for your email address and nationality. If you submit a review, your nationality will be visible to other users (your email address will be kept private). Also, any personally identifiable information that you submit as part of the review can be read or used by other visitors to the website. We are not responsible for any personally identifiable information that you choose to submit as part of your review. We believe you can post a helpful review without disclosing any personal information.
2.6 Payment details
These data are necessary to complete the purchase operations on our website (for example, credit card information). This type of data is transmitted to us via a secure server protocol, which encrypts all personal and credit card data. The encryption method used is the "Secure Socket Layer" (SSL) standard technology.
3. When do we collect data?
When you make a payment for a product (or any other booking and/or purchase on our website), you will be asked to complete online forms providing your personal information. This information is required to process, book and complete your purchase (including in some cases the sending of an email, informing about the payment, to you).
We can also collect data on you from a variety of different sources which include:
When you purchase products or services from (but not limited to) the website or via any of our distribution channels
(ii) When you become a subscriber
(iii) When you speak to our customer services personnel
(iv) Via measures which capture data in an explicit way, for example by completing surveys and/or polls
In any of the above cases the data we collect could be personal data.
4. Protect and secure your information
In order to protect and safeguard the personal data provided to us, we have implemented and use appropriate business systems and procedures. For example, your credit card information is transmitted to us through a secure server protocol, which encrypts all your personal and credit card details. The encryption method used is the industry standard "Secure Socket Layer" (SSL) technology. Our SSL certificate has been issued by www.godaddy.com. Furthermore, we have implemented and use security procedures and technical and physical restrictions for accessing and using personal information. Only authorised employees are permitted to access personal information for performing their duties in respect to our services.
Our server and network are protected by firewalls against unauthorised access and we have intrusion detection systems that monitor and detect unauthorised (attempts to) access or misuse our servers.
While we use industry-standard precautions to safeguard your personal information, we cannot guarantee complete security. 100% complete security does not presently exist anywhere online or offline.
Please do not email your credit-card number or other sensitive information.
5. Email communications
After you have made an order, you may receive a message with all the information about your order. You may take this email to the institution as proof of the payment.
- This email isn’t warranted and the user performing the payment should keep all the data displayed at the “summary page” shown at the end of the buying process.
-This email can’t be considered as a legal contract. Sending this email has the unique purpose of informing the user who has performed the purchase.
-This email isn’t inside the ordering process. Receiving this email isn’t a mandatory step to complete or confirm a purchase.
To the extent that you have "Opted in" you may receive our newsletter or other information.
5.1. Opt-Out Policy
Subscribers to Unipupil’s newsletter (or other Unipupil’s email communications) have the option to opt-out/in of receiving information from us. Please use the opt-out option on your profile to choose which data you should like to opt-out/in of receiving. Because we have to communicate with you about orders that you choose to place, you cannot opt out of receiving emails related to your orders.
5.2 No Spam, Spyware or Spoofing
We and our users do not tolerate spam. Make sure to set your Unipupil communication preferences so we communicate to you as you prefer. You are not licensed to add other Unipupil users, even a user who has purchased an item from you, to your mailing list (email or physical mail) without their express consent. To report Unipupil-related spam or spoof emails to Unipupil, please forward the email to email@example.com or spoof@
6. What do we do with your personal information?
One reason for collecting personal information from you is to provide an efficient, meaningful, and customised experience. For example, we can use your personal information to:
(i) help make our website easier for you to use by not having to enter information more than once
(ii) help you quickly find information, products, and services
(iii) help us create content that is most relevant to you
(iv) alert you to new information, products, and services that we offer
Unless we have your express consent we will only disclose personal data to third parties (Institutions) if this is required for the purpose of completing a purchase with them. This is of course subject to the proviso that we may disclose your data to certain permitted third parties, such as members of our own group, our own professional advisers who are bound by confidentiality codes, Strategic Partners (see clause 9.1), and when we are legally obliged to disclose your data.
By becoming a subscriber you consent to receive from us by e-mail our e-newsletter and details of other special offers which we may think may be of interest to you.
The personal information that you submit to us through the website will be collected, stored and processed on our servers in Ireland. By becoming a Unipupil user you consent to the collection, storage and processing of that personal information in Ireland and the transfer of the personal data submitted by you to this website.
We do not sell, rent or trade your personal information to third parties for marketing purposes without your express consent.
For any of the above purposes we may send your information internationally including to countries outside Ireland. Some of these jurisdictions offer differing levels of protection of personal information, not all of which may be as high as in Ireland. We will transmit data internationally only in countries that guarantee adequate level of protection.
In any case, Unipupil is not responsible for any violations committed by third parties.
Some information and e-mails sent to Unipupil may be used as testimonials but no e-mail address or contact details will be displayed.
7. How long we keep your data
WE KEEP YOUR DATA [Registration and Ordering (name, surname, address, age, nationality); Email Addresses; Cookies and Other Technology; Logging Files; Reviews; Payment details] UNTIL THE DATA OWNER OR THE INTERESTED PARTY ASK FOR THEIR ELIMINATION.
8. Account protection
You are responsible for maintaining the confidentiality of your password and shall be responsible for all uses via your registration and/or login, whether authorised or unauthorised by you. You agree to notify us immediately of any unauthorised use or your registration, user account or password.
By accepting this Agreement you are agreeing that we may use the personal information provided for the purposes explained in the Privacy Statement We will not disclose the contents of your private communications unless required to do so by law (in particular laws relating to defamation, harassment or obscenity) or in good faith where such actions may be necessary:
(a) To comply and conform to the requirements of Law and any legal processes.
(b) To protect the personal safety of our users or the public and defend our right to protect the good name of Unipupil.
(c) In order to maintain and protect Our Community Portal we reserve the right to forward contact details to the police/Garda or other regulatory authorities when requested to do so. We also reserve the right to forward details where a complaint arises concerning your use of ‘Our Community’ Portal and where we deem this to be out of line with the Agreement.
IF YOU CHOOSE TO MAKE ANY OF YOUR PERSONALLY IDENTIFIABLE OR OTHER INFORMATION PUBLICLY AVAILABLE IN A SUBMISSION OR IN ANY USER CONTENT, YOU DO SO AT YOUR OWN RISK.
8.1 Using information from Unipupil
Unipupil enables you to share personal and financial information to complete transactions and collect payments. We encourage you to respect the privacy of other users. We'd want to guarantee the privacy or security of your information and therefore we encourage you to evaluate the privacy and security policies of your trading partner before entering into a transaction and choosing to share your information. To help protect your privacy, we allow only limited access to other users' contact and financial information to facilitate your transactions and collect payments.
You agree to use user information only for:
(i) Unipupil transaction-related purposes that are not unsolicited commercial messages.
(ii) using services offered through Unipupil or
(iii) other purposes that a user expressly chooses.
9. Disclosure of Information to Third Parties
We may share your information with third parties under Unipupil’s control.
We may share non-personal information (such as the number of daily visitors to a particular web page, or the size of an order placed on a certain date) with third parties such as advertising partners. This information does not directly personally identify you or any user.
Unipupil may share personally identifiable information, including information that you provide on the Site, with third parties as described below. You should also be aware that this means that we may transfer information to any country in the world, provided that is guarantees an adequate level of protection.
In any case, Unipupil is not responsible for any violations committed by third parties.
9.1. Strategic Partners
From time to time we may enter into a special relationship with another company that is not owned by or affiliated with Unipupil to provide additional features on this Site. These special relationships may include business partners, sponsors and co-branded sites (referred to here as "co-branded pages"). With your consent, Any information, including personally identifiable information that you provide on one of these co-branded pages, will be shared with these third party partners. Since these third parties will use your information in accordance with their own privacy practices, you should check their websites for information regarding their privacy policies.
9.2. Service Providers
We may use third party service providers to help us operate our business and this Site or administer activities on our behalf, such as sending emails, order fulfilment. We may share your information with these third parties for those limited purposes.
9.3 Third Party Advertising
The ads which may appear on this Website are delivered to you, on our behalf, by our Web advertising partner. Information about your visit to this site, such as number of times you have viewed an ad (but not your name, address, or any other personal information), is used to serve ads.
(9. WHAT TO DO IF YOU DON’T WANT COOKIES TO BE SET OR WANT THEM TO BE REMOVED?)
9.4 Investigations and Requests
9.5 Other Disclosures
Personally identifiable information of any individual user may be shared with other companies outside Unipupil:
(i) as permitted by law.
(ii) in the event of a transfer of ownership, assets or a bankruptcy of Unipupil.
(iii) where we determine that disclosure of specific information is necessary to comply with the
request of a law enforcement or regulatory agency or other legal process, or
(iv) to protect the interests or safety of Unipupil or other visitors to this Site.
In any case, Unipupil is not responsible for any violations committed by third parties.
10. User rights
The user has the right to request information about his personal data in our possession at any time. The user can contact UniPupil, which will provide all personal data by e-mail.
GDPR – Article 15:
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
The user has the right to request the correction of personal data if it is not correct, including the right to request the completion of incomplete personal data.
GDPR – Article 16:
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The user has the right to cancel any personal data processed by UniPupil at any time. UniPupil will evaluate the request and provide, if there is an assumption, to delete the data of the aforementioned user.
GDPR – Article 17:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.
The user has the right to request that UniPupil limits processing of personal data in the following circumstances:
-- if the user opposes the processing of UniPupil based on a legitimate interest, UniPupil will limit all processing of such data until the moment when the legitimate interest is verified;
-- if the user declares that the personal data are not correct, UniPupil must limit all processing of such data until the verification of their accuracy;
-- if the processing is not legitimate it is possible to oppose the cancellation of personal data and instead request a restriction on their use.
GDPR – Article 18:
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN.
A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Whenever UniPupil processes the user's personal data by automated means based on user consent, or on the basis of an agreement, the user has the right to obtain a copy of the data transferred to the user or to another person, in a commonly used format, in a structured and electronically readable form. This includes only the personal data sent to us by the user.
GDPR – Article 20:
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:>
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(b) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
The user has the right to oppose direct marketing, including profiling for direct marketing. The user can choose not to accept direct marketing by following the instructions in each marketing email.
GDPR – Article 21:
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
We respect children’s privacy. We do not knowingly or intentionally collect personal information from children under age 13. Elsewhere on our website, you have represented and warranted that you are either 18 years of age or using the website with the supervision of a parent or guardian. If you are under the age of 13, please do not submit any personal information to us, and rely on a parent or guardian to assist you.
11. Change/Modify Details
To change your details, or any aspect of your Unipupil account, please use the tool provided on your profile page.
Note that despite any request for removal of or change to personally identifiable information, will be considered to the extent that it is permitted by applicable law. We also reserve the right, from time to time, to re-contact former users of the site for important administrative purposes. Finally, we are not responsible for informing third parties (including without limitation our third party service providers or strategic partners) with whom we have already shared your personally identifiable information of any changes requested pursuant to this section, or for removing information from or causing information to be removed from the databases or records of such entities.
12. Access to Information and Correction
You may request in writing copies of your data held by us as data controller. The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject (GDPR – Art. 12.3).
Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:
(a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
(b) refuse to act on the request (GDPR – Art. 12.5).
We may also request proof of identification to verify your access request.
ALL REQUESTS should be addressed to our Data Protection Compliance Officer at the Guinness Enterprise Centre, Taylor’s Lane, Dublin 8, Ireland, or email address firstname.lastname@example.org.
13. Updates to this Policy
IF YOU HAVE ANY QUESTIONS OR CONCERNS ABOUT THE INFORMATION WE HOLD ABOUT YOU, suggestions or remarks about this privacy statement, please send an email to: email@example.com.
The Data Controller is UniPupil Limited with company registered number 511203, GUINNESS ENTERPRISE CENTER, Taylor's Lane, Dublin 8, Ireland (Unipupil).
The Data Protection Officer is Unipupil Ltd (in the person of its legal representative), GUINNESS ENTERPRISE CENTER, Taylor's Lane, Dublin 8, Ireland.
“Personal data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This information is collected automatically through this Website (also from third party applications integrated into this Website), including: IP addresses or domain names of the computers used by the User that connects to this Website, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc. .) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and the IT environment of the User.
User: the individual who uses this Website that, unless otherwise specified, coincides with the interested party.
Interested: the natural person whom the Personal Data refers.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
16. Governing Law
This Privacy Statement is governed by the laws of Ireland.
The first Irish law dealing with data protection is the Data Protection Act 1988.
The 1988 Act was amended by the Data Protection (Amendment) Act 2003. The 2003 Amendment Act brought our law into line with the EU Data Protection Directive 95/46/EC.
The ePrivacy Regulations 2011 (S.I. 336 of 2011) deal with data protection for phone, e-mail, SMS and Internet use. They give effect to the EU e Privacy Directive 2002/58/EC (as amended by Directive 2006/24/EC and 2009/136/EC).
At the moment, the last Irish Law dealing data protection is the Data Protection Act 2018 (n. 7/2018) that it gives effect to the EU Directive 2016/679 (GDPR – General Data Protection Regulation).
Last update: May 2018