Privacy Policy
Effective date: 25/05/2018
Who are we (Who is the Data Controller)?
Toomey Audio Visual Ltd. trading as InteractiveFlatscreens.ie. Toomey AV are an Irish nationwide supplier of audiovisual equipment for installation and rental.
Where are we (Where is the location of Processing)?
A3, Baldonnell Business Park, Baldonnell, Dublin D22 A299
- you can contact us by phone on 01 4660515.
-OR-
- you can contact us by e-mail on info@toomeyav.ie
Personal Data is processed:
- at our office in Baldonnell, Dublin 22.
What personal data do we process?
We process the following data:
- Names, addresses and telephone numbers submitted via contact forms
- E-mail addresses
- Text submitted via forms on our website (which may or may not include names, e-mail addresses and telephone numbers)
- IP addresses
Why do we process it?
We process data for a variety of reasons:
- Customer administration (invoicing, delivery dockets, site instructions for our staff etc.) and Customer Relationship Management.
- To process orders for our customers
- To send out correspondence and newsletters that we feel may be of interest and would be of benefit to our customers. Other day-to-day administration purposes that would be in our legitimate interests
- If we are in receipt of a valid request from Irish and European law enforcement authorities, we would make data available to them.
Who do we share it with, and why?
We use iContact to produce our newsletter. This is a third-party service and you may have signed up for the monthly newsletter via a form on our website, which will have passed your name and e-mail address to iContact via a secure channel. By virtue of them storing your Personal Data, iContact are therefore considered a Data Processor. The iContact privacy policy is available here https://www.icontact.com/legal/privacy.
We have no intent or interest in sharing your Personal Data with other services, other than the above. If we were thinking of doing so, we would ask you first. We’re polite like that.
Your Rights
To exercise the following rights, please send an e-mail to info@toomeyav.ie. You may be asked for additional data to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit. To aid with GDPR compliance we also have an online tool available where you can view and delete any data we may have via a GDPR Personal Data Request.
You have the following rights:
1. Right to be Informed:
You will be provided with “fair processing information”, which will be completely transparent about how we gathered and will use your data. We will also notify you about any third party processors with whom we share your Personal Data, along with the reason for doing so. But you’re pretty much already reading it all in this policy anyway.
2. Right of Access:
You have the right to confirmation that your personal data are being processed and get access to a copy of your personal data and any other supplementary information.
3. Right of Rectification:
You have the right to have your personal data corrected if it is inaccurate or incomplete.
4. Right to Erasure:
You have the right to have your personal data deleted from our systems in the following situations:
- When you withdraw consent
- Data deletion is to comply with a legal obligation
- Where the data was unlawfully processed
- Where it is no longer necessary
- Where you object to the processing
- Where the personal data is processed to offer “information society services” to a child
We may have grounds to refuse such deletion requests for the following reasons:
- Exercise the right of freedom of expression
- For public health purposes in the public interest
- To comply with legal obligations
- The exercise or defence of legal claims
- Archiving purposes in the public interest
5. Right to Restrict Processing:
You can request that we no longer process your data, but that we can still store it.
6. Right to Data Portability:
You can obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form. We will also, at your request, pass your information directly to a competitor of ours, but we cannot be expected to provide it as a specific direct input to their electronic processing systems.
7. Right to Object:
You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).
8. Rights in relation to Automated Decision Making and Profiling:
We do not carry out any automated decision making or profiling activities, we’re not scary like that, so this right would not apply.
Cookies
Cookies are delicious snacks enjoyed by many people, but in this context a cookie is a small text file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
The cookies used by this site are listed below.
_ga: Is used to identify unique users to the website and it expires after 2 years. It’s a first-party cookie from Google Analytics, used to track performance on this website.
_gid: Is used to identify unique users to the website and it expires after 24 hours. It’s a first-party cookie from Google Analytics, used to track performance on this website.
_gat: Is used to throttle the request rate, limiting the collection of data on high traffic sites and it expires after 10 minutes. It’s a first-party cookie from Google Analytics, used to track performance on this website.
Cookie_notice_accepted: Determines whether to show you the cookie notice or not.
Clicky Analytics Cookies
_jsuid: This is a random number that is generated by the Code the first time someone visits a web site with the Code installed. Its sole purpose is to better identify new and unique visitors to a web site. This cookie is sent to the Service for every event logged. The value of this cookie will also be set as a third party cookie with the name of “cluid”, if such a cookie does not exist. The purpose of the third party cookie is for web sites with multiple domains and who want to track visitor sessions across multiple domains, which is not possible with first party cookies. These “uid” cookies are set to more or less never expire.
_eventqueue: This cookie stores an array of mouse events that can’t be guaranteed to be logged to our servers before the current page is unloaded. The purpose is to store these events in a queue so on the subsequent page view, these events can be processed and logged. This is a session cookie so it will expire when the visitor leaves your web site.
_custom_data_[key]: This cookie only gets set if you are using our custom data tracking feature. Whenever you set custom data for a session, we put it in a cookie so every time that visitor comes back to your site in the future, the same data will get attached to their new session, even if they don’t login or follow whatever processed was used to originally declare these variables. Note: Each piece of data you attach has a ‘key’ and a ‘value’, so each unique key will be its own cookie. For example, _custom_data_email or _custom_data_username. This cookie is set to more or less never expire. This cookie can be disabled by setting the sticky_data_disable tracking option.
_referrer_og: This cookie stores the external referrer for a visitor, so that on future visits the same referrer will be attached to their sessions. This cookie expires after 90 days but will be set again or updated on future visits if they arrive at your site from a link on another site, whether or not it’s the same referrer. When this cookie is updated, the expiration date is reset to 90 days from the time of the new visit. This cookie can be disabled by setting the sticky_data_disable tracking option.
_utm_og: This cookie stores dynamic (UTM) campaign variables, so that on future visits the same campaign data will be attached to their sessions. This cookie expires after 90 days but will be set again or updated on future visits if they arrive at your site with campaign data in the URL. When this cookie is updated, the expiration date is reset to 90 days from the time of the new visit. This cookie can be disabled by setting the sticky_data_disable tracking option.
_first_pageview: This cookie is set on the first page view of a session. It is used to make our tracking code more efficient, so certain processes are only run on a visitor’s initial page view. It expires after 10 minutes.
heatmaps_g2g_[site_id]: This cookie tells our tracking code whether or not to log data about where a visitor is clicking on a site to send back to our servers and use that data to generate a heatmap report of clicks on that page. If you disable cookies, heatmap data cannot be logged. This is a session cookie so it will expire when the visitor leaves your web site.
unpoco_[site_id]: The Code sends “pings” when a visitor sits on a single page. This allows the Service to more accurately track “time on site” values. Because this feature uses a lot of extra bandwidth, it requires a paid account. For non-paid accounts, this cookie is set to tell the Code not to send these pings. This cookie expires after 1 hour but will be set again upon future visits by the same visitor.
no_tracky_[site_id]: When a site stops using the Service, it is quite common for the web master to leave the code installed, which is against the Terms of service. For high traffic sites, this can use a lot of extra bandwidth and CPU resources on our servers. This cookie is set whenever data is sent in for a site that is disabled. It tells our tracking code to stop sending data to us. This cookie expires after 1 hour but will be set again upon future visits by the same visitor, until the Code is removed from the offending web site.
The “no_tracky” cookie is also set for some types of visitor filters that you can configure. For example, if you create a filter to only log data from visitors in Canada, then we set this cookie for all visitors in other countries, to save resources on our end.
clicky_olark: This cookie gets set if you are using Olark chat in combination with Clicky. It contains Olark’s unique ID information for the visitor. This cookie is sent to the Service, which is needed in order to initiate the chat process within Spy. This is a session cookie so it will expire when the visitor leaves your web site.
Third Party Cookies:
- iContact uses cookies in accordance with their cookie policy – https://www.icontact.com/legal/privacy#privacy-cookies-and-tracking
- For site performance we use tools from WPMUDev and their cookie policy is available here – https://incsub.com/privacy-policy/
- Cookies from Facebook are in place, more info available here – https://www.facebook.com/policies/cookies/
- Cookies from Twitter are in place, more info here –
https://help.twitter.com/en/rules-and-policies/twitter-cookies - Our live chat facility on site uses cookies to remember any previous converstations, more info available here – https://www.livechatinc.com/privacy-policy/
You can find information on how to use browser settings to stop unwanted cookies in Chrome, Firefox, Opera, Safari and Internet Explorer. For other spurious browsers, please consult the help menu for that product.
Analytics
We use Clicky Analtyics and Google Analytics on our site. Both Clicky Analytics and Google Analytics writes cookies to your device (detailed above).
Clicky Analytics necessitates the transfer of some data to servers in the United States. The Clicky Analytics Privacy Policy is available here https://clicky.com/terms.
Security
We take appropriate measures to ensure the security of personal data under our control and to prevent unauthorised access, disclosure, modification, or destruction of data. We have defined procedures and protocols for processing personal data including:
- Information Security policy
- Data Retention policy
We retain data only for the length of time necessary to provide services to customers, engage in marketing activities, and other legitimate purposes of the business.
Detailed Data Retention policies are available on request.
All data stored on all mobile devices belonging to Toomey AV.
Other Purposes
Other purposes for which Toomey AV might process personal data can include:
Legal Action:
Where necessary we will process personal data provided to us for the purposes of seeking legal advice or other legal purposes. Examples of such processing would include providing information to debt collection agencies in the event of persistent non-payment for products or services by an individual or Sole Trader.
Also, where we receive a formal request under Section 8 of the Data Protection Acts 1988 and 2003 or Article 23 of the General Data Protection Regulation (GDPR) we may be required to disclose personal data of website users, newsletter subscribers and/or clients to An Garda Síochána, the Revenue Commissioners, or other relevant organisation.
System Logs, Maintenance, and Investigation of Data Security Breaches:
We process certain data, including IP addresses, as part of our internal system logging on this website to support the diagnosis of issues and maintenance of the website.
In addition, we will make use of detailed system logs on our webhosting platform and within our Content Management System to support investigations of Data Security breaches.
Cross-border Data Transfer
Our use of iContact means that the names and e-mail addresses of our monthly newsletter subscribers are stored on servers hosted in US based data centres. Full details of iContact security set-up is available on their website here:
https://www.icontact.com/legal/terms-conditions.
Our unstructured data (documents, spreadsheets, etc.), which may occasionally contain personal data, is stored on a server at our premises and we also use Dropbox, G Suite and SAP B1. We also use G Suite from Google and office 365 for our e-mail provision. The data on our internal server is regularly backed up our Google Drive and to Dropbox. Any personal data stored in our Google Drive, Dropbox SAP B1 or e-mail accounts are covered by our contract with Google, Dropbox, SAPB1 (Ignitar) and Office 365.
- Details of Google’s G Suite security set-up is available here:
https://gsuite.google.com/intl/en_ie/faq/security/ - Details of Dropbox security set-up is available here:
https://www.dropbox.com/security - Details of Ignitar Cloud SAP B1 available here
http://www.ignitar.com/privacy-policy/ - Details of Office 365 security set-up is available here
https://www.microsoft.com/en-us/trustcenter/security/office365-security
Our website is hosted in Ireland and we do not use any other service that is outside of the EU for processing of Personal Data. Our website is hosted by Spiral Hosting: https://www.spiralhosting.com/assets/legal/privacy.pdf
Updates or Questions
This Privacy Policy is reviewed quarterly to determine if it needs to be updated. If any update occurs, this will be communicated:
- On our website’s front page
- By an item in our next monthly newsletter to subscribers of our mailing list
It would also be reviewed each time we add functionality to our website.
Please direct any questions you may have directly to info@toomeyav.ie.