Privacy Statement

Privacy Policy Statement for Surnamecrest

When you use Surnamecrest, you trust us with your information. This privacy policy is meant to help you understand what data we collect, why we collect it, and what we do with it. We have tried to make it as simple as possible but if you have any questions please contact by email at us [email protected] or Surnamecrest, 18 Manor Court, Knocknacarra, Co. Galway, Ireland

Surnamecrest assumes the function of data controller and supervises the compliance with General Data Protection Regulation (GDPR) within the business.

1        Information we collect

Surnamecrest, holds personal data as part of conducting an commerce business. The data comes under the following headings: General Administration data and Financial records

1.1       Subscription to Surnamecrest

In order to notify subscribers to Surnamecrest for notification of upcoming events, discounts, products, we collect the following information:

  • Name
  • Address
  • E-mail address

Subscribers may unsubscribe at any time by clicking ‘unsubscribe’ at the bottom of any email they are sent.

1.2       General administrative records

Surnamecrest may hold information regarding purchasing and marketing emails and mail.

1.3      Financial records

A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue.  Surnamecrest may hold data in relation to payments: receipts and invoices. Information will include name of bill payer, client name, address, method of payment and record of invoices and payments made.

2        Where we get our information

Personal data will be provided by the client through subscription to our mailing list or purchase of a product.

2.1       Subscription to Surnamecrest

Data is collected by individuals who sign up to receive notifications via and the electronic sign- up form on www. surnamecrest.com which is a WordPress site hosted by Site Ground.

2.2       Purchase records

Data is collected from individuals who purchase a product through our website on www.surnamecrest.com.  Data can also be collected by phone or manual hard-copy purchase.

3        How we use the information that we collect

3.1       Subscription to Surnamecrest

We use the information we collect to notify subscribers of upcoming events, discounts and products.

4        Data retention periods

The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means.

 4.1       Subscriber Information

Data collected  when a person subscribes to Surnamecrest is retained until such time that the subscriber opts out of the subscription process.  The subscriber has the option to opt out at any time.

4.2       Surnamecrest purchase Records

Surnamecrest keeps both physical and electronic records of purchases in order to provide a service.

  • The preferred format for product data is electronic format.
  • Records are deleted confidentially and destroyed after 2 years from the date of the purchase.

 4.3       Financial Records

Surnamecrest keeps paper records of financial data from those who use our services.

Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.

  • Financial Data is kept for 6 years to adhere to Revenue guidelines.
  • Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.

4.4       Exceptions

If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.

5        Sharing Data

5.1       Legal requirements

Surnamecrest is required to share data with external parties in the following circumstances:

  • Compliance with law enforcement.

5.2       Financial requirements

Surnamecrest also is required to share Financial data with our Accountantin order to comply with local tax laws. Surnamecrest is obtaining a copy of the Accountant’s own Data protection policy.

6        How we protect your data

In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:

6.1       By limiting the data that we collect in the first instance

All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes.  Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected.

6.2       By keeping only the data that is required,

6.3       By deleting the data

within two years of the completion of purchase. Where data is required to be held by us for longer than the period of two years, we will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, pseudonymisation of personal data, and/or safe and secure storage facilities for paper/electronic records.

6.4       By retaining the data for only as long as is required

which in this case is two years, except for circumstances in which retention of data is required in certain specific circumstances as set out at Article 23(1) of the GDPR.

6.5       By deleting the data securely and confidentially after the period of retention has elapsed.

This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.

6.6       By ensuring that any personal data collected and retained is both accurate and up-to-date.

7        Security

Surnamecrest is aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.

All persons working in, and with Surnamecrest in a professional capacity are briefed on the proper management, storage and safekeeping of data.

All data used by Surnamecrest, including personal data may be retained either in Electronic Data, or Physical Files

Where applicable, Surnamecrest may convert physical files to electronic records to allow us to provide a better service to course attendees.

7.1       Data Security

Surnamecrest understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which Surnamecrest use to ensure that the data is kept safe.

7.1.1       Electronic Data

All electronic data is contained in the following systems.  Each system is accessed through user id and is password protected.

  • WooCommerce – this platform is plugged into Wordprocess for processing of product payment. Client financial information is never held by Surnamecrest.  WooCommerce privacy Policy can be found at https://woocommerce.com/privacy-policy/
  • PayPal – for processing of payments for products. Client financial information is never held by Surnamecrest.  Paypal Privacy Policy can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
  • Stripe – for processing of payments for products. Client financial information is never held by Surnamecrest.  Stripe Privacy Policy can be found at https://stripe.com/ie/privacy

7.1.2       Physical Files

All physical data is located at Surnamecrest, 18 Manor Court, Knocknacarra,. Galway.   These records are kept in a container secured with a lock and key.

7.2       Security Policy

Surnamecrest understands that requirements for electronic and physical storage may change with time and the state of the art. As such, the data controller in Surnamecrest reviews the electronic and physical storage options available to Surnamecrest every 12 months.

All physical devices used by persons working in Surnamecrest which may contain any identifiable personal data are enabled, where it is possible, with loss or theft tracking and remote wipe abilities

All persons working in Surnamecrest are aware and briefed on and refresh the requirements for good data hygiene every 12 months. This briefing compliance is monitored by the Surnamecrest data controller and includes, but is not limited to:

  • Awareness of client conversations in unsecure locations.
  • Enabling auto-lock on devices when leaving them unattended, even within Surnamecrest locations.
  • Use of non-identifiable note taking options. (initials, not names).
  • The awareness of Surnamecrest procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.

This privacy policy may change from time to time in line with legislation or industry developments. Any changes we may make to our privacy policy in the future will be posted on this page. By continuing to use our Website you will be deemed to have accepted such changes.

If you have any questions regarding this policy, or your dealings with our website, please contact us at Email:  [email protected] or in writing to Surnamecrest, 18 Manor court, Knocknacarra, Galway. Ireland

 This Privacy Policy was updated on 23 May 2018.