GDPR Compliance

Your data protection rights under European law

Our Commitment to GDPR

Rare Wheeler is fully committed to compliance with the General Data Protection Regulation (GDPR). As an Irish organisation, we adhere to both Irish data protection law and the EU GDPR framework to ensure your personal data is handled lawfully, fairly, and transparently.

Data Controller

For the purposes of GDPR, Rare Wheeler is the data controller responsible for your personal data.

Contact details:
Rare Wheeler
42 Camden Street Lower
Saint Kevin's, Dublin 2
D02 HX65, Ireland
Email: [email protected]

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent

When you provide explicit consent for us to process your personal data for specific purposes, such as subscribing to communications or registering for programmes.

Contractual Necessity

Processing is necessary for the performance of a contract with you, such as providing the programmes and services you've enrolled in.

Legitimate Interests

Processing is necessary for our legitimate interests in operating and improving our business, provided these interests do not override your fundamental rights and freedoms.

Legal Obligation

Processing is necessary to comply with legal obligations to which we are subject.

Your Rights Under GDPR

Right of Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data and receive information about how it is being used.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances, including:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing (Article 18)

You can request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Subject line: "GDPR Request"
  • Include: Your full name, email address, and specific right you wish to exercise

We will respond to your request within one month of receipt. In complex cases, this may be extended by two additional months, and we will inform you if this is necessary.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Secure data storage and transmission

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU Commission approved standard contractual clauses
  • Transfers to countries with adequate data protection as determined by the EU Commission
  • Your explicit consent for the transfer

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Programme registration data: Duration of programme plus 3 years
  • Email communications: Until you unsubscribe or request deletion
  • Financial records: As required by Irish law (typically 6 years)
  • Website analytics: 26 months

Children's Data

Our services are designed for adults aged 18 and over. We do not knowingly collect or process personal data from individuals under 18 years of age.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 (0)761 104 800
Email: [email protected]
Website: www.rare-wheeler.com

Updates to This Information

We may update our GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Questions and Contact

If you have questions about our GDPR compliance or how we handle your personal data, please contact us at [email protected]