AUTOLEASE FLEET MANAGEMENT LIMITED
TRADING AS NIFTIBUSINESS
PRIVACY AND COOKIES POLICY
EFFECTIVE DATE 04 SEPTEMBER 2024
SECTION 1: WHO IS THE DATA CONTROLLER AND OUR CONTACT DETAILS
The controller of personal data which we collect is Autolease Fleet Management Limited trading as NiftiBusiness (“us”, “we”, or “our”) . Our principal office is located at Cedar House Joyce Way Park West Business Park Dublin 12. You can contact us by letter to this address.
We operate the www.Niftibusiness.ie website (the “Website ”) and the NiftiBusiness Drivers App ( ‘the App’). We offer our Services , including fleet management , vehicle leasing and customer services ( ‘ the Services’) through the Website and/or the App .When you visit our Website and/or our App we collect information relating to your interactions through these online channels.
SECTION : PURPOSE OF THIS POLICY
This page informs you of our policies regarding the collection, use, and disclosure of Personal Data when you use our Website and/or our App , and the choices you have associated with that data. In this Privacy Policy, the term “Personal Data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, our possession, and includes personal data as described in Data Protection Legislation (as defined below)
SECTION 3 : HOW WE USE YOUR DATA
We use your data to provide and improve our Services. By using the Website and /or the App you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.niftibusiness.ie.We will handle your Personal Data in accordance with Data Protection Legislation. “Data Protection Legislation” means the Irish Data Protection Acts 1988 to 2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and any other applicable law or regulation relating to the processing of Personal Data and to privacy, including the E-Privacy Directive 2002/58/EC and the European Communities (Electronic
Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, as such legislation shall be supplemented, amended, revised or replaced from time to time.
SECTION 4 : TYPES OF DATA COLLECTED
4.1 We collect several different types of information for various purposes to provide and improve our Website and /or App and /or our Services to you. We will only collect and use your information where we are legally entitled to do so.
4.2 Personal Data
While using our Services and or using the Website and/or App , we may ask you to provide us with certain Personal Data. Personal Data may include, but is not limited to:
- Email addresses
- Telephone numbers including mobile phone numbers
- Home addresses
- First and last names
- Cookies and Usage Data; and
- Portal User Data.
4.3 Usage Data
We may also collect information how the Website and/or App are accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address, browser type, browser version, the pages of our Website and/or App that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
4.4 Interactive Areas
Our Website and App will sometimes offer chat options which allow you to speak directly with one of our staff members while you are browsing online. Sometimes these chat options will appear automatically on your screen- they are an optional service, and you can decide whether or not you wish to interact with them. It is important that when you interact with these chat options , you do so in a responsible way. Under no circumstances should you provide any bank account details, transactional history, personal or financial information when using these services. You may however choose to provide us with certain information, such as your name and contact details, if you would like us to contact you directly. If you do, we will use this information solely to respond to and deal with your comments or queries.
4.5 Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our Website and/or App and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Website and/or App.
The ‘Help Menu’ on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-ons settings or visiting the website of its manufacturer.
For more information about cookies and managing them including how to turn them off, please visit www.cookiecentral.com. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to fully experience the interactive features of our website or other related websites/applications which you visit/use.
We do not use any non-essential cookies without your explicit consent. You can withdraw your consent to cookies and/or manage your consent preferences at any time by clicking on the black circular icon on the bottom left of the website on both desktop and mobile.
Examples of Cookies we use:
Necessary Cookies: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preference Cookies: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistic Cookies: Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing Cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You can find a list of cookies we use and the purposes for which we use them in Table 4.5 below.
Table 4.5
Cookie | Purpose | Expires | Cookie Type |
1.gif | Used to count the number of sessions to the website, necessary for optimizing CMP product delivery. | End of Session | Necessary |
CookieConsent | Stores the user’s cookie consent state for the current domain | 1 Year | Necessary |
PHPSESSID | Preserves user session state across page requests. | Session | Necessary |
wpEmojiSettingsSupports | This cookie is part of a bundle of cookies which serve the purpose of content delivery and presentation. The cookies keep the correct state of font, blog/picture sliders, colour themes and other website settings. | Session | Necessary |
wpEmojiSettingsSupports | This cookie is part of a bundle of cookies which serve the purpose of content delivery and presentation. The cookies keep the correct state of font, blog/picture sliders, colour themes and other website settings. | Session | Necessary |
li_gc | LinkedIn: Stores the user’s cookie consent state for the current domain | 180 Days | Necessary |
lidc | LinkedIn: Registers which server-cluster is serving the visitor. This is used in context with load balancing, to optimize user experience. | 1 Day | Preferences |
cusid [x2] | Click Dimensions: This cookie is used to identify the frequency of visits and how long the visitor is on the website. | 1 Day | Statistics |
cuvon | Click Dimensions: This cookie is used to determine when the visitor last entered the different subpages on the website. | 1 Day | Statistics |
_ga | Google Analytics: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years | Statistics |
_ga_# | Google Analytics: Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. | 2 years | Statistics |
_gat | Google Analytics: Used by Google Analytics to throttle request rate | 1 Day | Statistics |
_gid | Google Analytics: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 day | Statistics |
hjActiveViewportIds | Hotjar: This cookie contains an ID string on the current session. This contains nonpersonal information on what subpages the visitor enters – this information is used to optimize the visitor’s experience. | persistent | Statistics |
hjViewportId | Hotjar: Saves the user’s screen size to adjust the size of images on the website. | Session | Statistics |
_hjSession_# | Hotjar: Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | 1 day | Statistics |
_hjSessionUser_# | Hotjar: Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | 1 year | Statistics |
_hjTLDTest | Hotjar: Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. | Session | Statistics |
sentryReplaySession | Spotify: Registers data on visitors’ website-behaviour. This is used for internal analysis and website optimization. | Session | Statistics |
lastExternalReferrer | META: Detects how the user reached the website by registering their last URLaddress. | Persistent | Marketing |
lastExternalReferrerTime | META: Detects how the user reached the website by registering their last URLaddress. | Persistent | Marketing |
_fbp | META: Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | 3 Months | Marketing |
cuvid | Click Dimensions: This cookie is used to collect information on a visitor. This information will become an ID string with information on a specific visitor – ID information strings can be used to target groups with similar preferences or can be used by third-party domains or ad-exchanges. | 2 Years | Marketing |
_gcl_au | Google: Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 3 Months | Marketing |
bcookie | LinkedIn: Used by the social networking service, LinkedIn, for tracking the use of embedded services. | 1 Year | Marketing |
sp_landing | Spotify: Used to implement audio-content from Spotify on the website. Can also be used to register user interaction and preferences in context with audiocontent – This can serve statistics and marketing purposes. | 1 day | Marketing |
sp_t | Spotify: Used to implement audio-content from Spotify on the website. Can also be used to register user interaction and preferences in context with audiocontent – This can serve statistics and marketing purposes. | 1 year | Marketing |
You should also be aware that there are cookies which are found in other companies’ internet tools which we may use to enhance the Website and/or App. You may see ‘social buttons’ during your use of the website including but not limited to Twitter, Facebook, LinkedIn and Instagram which enable you to share or bookmark certain web pages. These websites and social platforms have their own cookies and privacy practices, which are controlled by them.
4.6 Portal User Data
4.6.1 Where you are a user of our Online Portal (a “Portal User”) we may collect certain categories of Personal Data (“Portal User Data”) on behalf of your employer (or an organisation who is providing you with insurance cover in accordance with their internal insurance policy based on information you provide to the Portal, as the case may be) (the “Portal Data Controller”).
4.6.2 Portal User Data relating to you may include the following categories of Personal Data:
- Full name.
- Address.
- Phone Number.
- Vehicle registration number.
- Branch / Cost centres.
- Driving licence information, including:
- Type of driving licence (i.e. full / provisional licence).
- Driving licence number.
- Number of years for which your driving licence has been held.
- Country of issue of driving licence.
- Previous accident records.
- Record of refusal of insurance.
- Medical conditions, which may affect your driving ability.
- Eye test results.
- Photocopies of your driving licence.
4.6.3 The Portal Data Controller is a controller (as defined in Data Protection Legislation) in respect of your Portal User Data. As a Processor, we will only Process Portal User Data relating to you in accordance with the instructions of the Portal Data Controller who is the controller of your Portal User Data.
4.7 Data Collected Through Our App
4.7.1 The personal data that we collect through the App , and how we use that data, will vary depending on how you interact with our App. In this section, we have set out the various purposes for which we use Personal Data collected through our App. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, including how we balance our legitimate interests against your rights and freedoms where applicable, please contact us using the contact details provided under Section 1.
4.7.2 Personal Data and the purposes for which we collect it may include, but is not limited to:
(i) To register you as a user of the App.
When we register you as a user of the App, we will ask you to provide basic personal information to set up your account and provide you with access to the App.
(i) To respond to your enquiries and send you service-related communications.
When you get in touch with us , we process your Personal Data so that we can manage and respond to your enquiry or comment. We will also contact you from time to time with service communications. Depending on how you choose to contact us, we may process the following types of personal data:
- Identity data: Name
- Contact details: E-mail address; postal address; phone number
- Vehicle registration number.
- Location and related data: Language; country and city
- Communications data: Recordings of phone conversations between you and us (where applicable); content of your messages (including any attachments you provide)
- Usage data: Information about your usage of our App
- Technical data: Usage data e.g., log-in time and log-out times.
(iii) To fix bugs and improve the functionality of the App.
To fix issues, improve App functionality, and adjust the App, we may carry out a technical analysis of how users interact with our App. Where possible, we will anonymise the personal data we use to carry out this activity.
(iv) To Handle accident reporting
Unfortunately, accidents sometimes happen. If you are involved in an accident, we will use some of your Personal Data to carry out internal reporting, provide information to our insurers and other relevant third parties, and comply with our legal obligations.
(v) To send you news and offers
Where we are permitted to do so, we will send you news and offers relating to products and services offered by us and/or our third-party partners that we think may be of interest to you. Depending on the settings you have enabled in your App, we will send these to you by in-app or push notifications. You can withdraw your consent to receiving these marketing messages within the App at any time (see Section 8 (Your privacy rights) to find out how you can object to marketing messages). You can also withdraw your consent to marketing communications via the “Notification Settings” of the App (under your “Profile”), by turning off the toggle relating to “Push Notifications”.
(vi) To comply with our legal obligations
We may use your Personal Data to provide information to competent authorities where we are required to do so by applicable laws or regulations (e.g., to our insurers). The types of personal data we share for this purpose will vary depending on the nature of the legal obligation
(vi) Categories of Personal Data which may be used for these purposes include but are not limited to :
- Identity data: Name.
- Contact details: E-mail address; phone number; workplace and home address (where provided)
- Vehicle registration number.
- Location and related data: Country; language; time zone.
- Technical information: Information about your device (Device ID; advertising ID) including the version of the App you are using; device ID, GAID (Google Advertising Identifier), IP address; usage data (usage frequency, information relating to the download of the App); login information.
- Usage data: Information about your usage of our App
- Technical data: Usage data e.g., log-in time and log-out times
5. HOW WE USE YOUR DATA
5.1 Autolease Fleet Management Limited uses the collected data for various purposes. We have set out below, in Table 5.1 below , a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
5.2 Please note that we may process your Personal Data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your Personal Data where more than one ground has been set out in the table below.
Table 5.1
Purpose | Categories of Data | Legal basis for processing and where necessary, basis of legitimate interest |
To provide and maintain the Service To allow you to participate in interactive features of our Service when you choose to do so To provide customer care and support | – Identity data: Name – Contact details: E-mail address; postal address; phone number – Vehicle registration number. | Necessary for our legitimate interest to provide the Website and /or App and Service to you. |
To provide analysis or valuable information so that we can improve the Service To monitor the usage of the Service To detect, prevent and address technical issues | • Cookies and Usage Data. | Necessary for our legitimate interests (for running the Service, running our business, provision of administration and IT services and network security) |
To notify you about changes to our Service and/ or our Privacy Policy | • Identity data: Name • Contact details: E-mail address; postal address; phone number • Vehicle registration number. • Location and related data: Language; country and city • Communications data: Recordings of phone conversations between you and us (where applicable); content of your messages (including any attachments you provide) • Technical data: Cookies data , Usage data e.g., log-in time and log-out times | Necessary for our legitimate interests (for running our business and website) Necessary for us to comply with our legal obligation |
To provide access to the Online Portal | • Portal User Data as described above | Necessary for our legitimate interest to provide the Service to you. |
To provide access to the App | • Data as described in Section 4.7 above | Necessary for our legitimate interest to provide the Website and /or App and Services to you |
To conduct market research and surveys when you agree to receive them. | • Data as described in Section 4.7 above | Necessary for our legitimate interest to provide the Website and /or App and Services to you |
Where we are permitted to do so, we will send you news and offers relating to products and services offered by us and/or our third-party partners that we think may be of interest to you. | Where we are permitted to do so by law, we process this information on the basis that it is necessary for our legitimate interest in marketing our services and providing relevant information to our customers and potential customers that we think will be of interest to them. In all other cases, we process this information based on your consent. |
As noted above, in relation to Portal User Data, the Portal Data Controller is a controller (as defined in Data Protection Legislation) in respect of Portal User Data and is responsible for establishing the legal basis of the Processing of Portal User Data. Where you are a Portal User, your Portal Data Controller’s data protection policy, rather than this Privacy Policy, will apply to the processing of your Portal User Data.
6. TRANSFER OF DATA
6.1 Your information, including Personal Data, may be transferred to, stored at, or accessed from a destination outside the European Economic Area (“EEA”) for the purposes of us providing the Service. It may also be processed by staff operating outside the EEA who work for us, another corporate entity within our group, or any of our suppliers.
6.2 If you are located outside Ireland and choose to provide information to us, please note that we transfer the data, including Personal Data, to Ireland and process it there.
6.3 Autolease Fleet Management Limited will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. The safeguards in place with regard to the transfer of Your Data outside of the EEA to third parties shall include (but shall not be limited to) the entry by us into appropriate contracts with all transferees of such data, reliance on a decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country and/or standard contractual clauses approved by the European Commission or the DPC and any additional or supplementary measures required. Please contact us for further information on the means to ensure an adequate level of data protection and the transfer mechanism we rely upon for such transfers.
6.4 Where any Portal Data Controller is located outside of the EEA, that Portal Data Controller is responsible for ensuring that the transfer of Portal User data is lawful under Data Protection Legislation. This may include obtaining your explicit consent in respect of any such transfer.
7. DISCLOSURE OF DATA
7.1 Legal Requirements
Autolease Fleet Management Limited may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Autolease Fleet Management Limited
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
8. YOUR RIGHTS
8.1 As a data subject, you have the following rights under Data Protection Legislation and we, as controller in respect of Your Data, will comply with such rights in respect of Your Data:
- the right of access to Personal Data relating to you.
- the right to correct any mistakes in your Personal Data.
- the right to ask us to stop contacting you with direct marketing.
- rights in relation to automated decision taking.
- the right to restrict or prevent your Personal Data being processed.
- the right to have your Personal Data ported to another data controller.
- the right to erasure.
- the right to complain to the Data Protection Commission (“DPC”) if you believe we have not handled your Personal Data in accordance with Data Protection Legislation.
8.2 These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your Personal Data, please contact us. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.
8.3 Right of access to Personal Data relating to you
8.3.1 You may ask to see what Personal Data we hold about you and be provided with:
- a summary of such Personal Data and the categories of Personal Data held.
- details of the purpose for which it is being or is to be processed (see above).
- details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers (see below).
- details of the period for which it is held or the criteria we use to determine how long it is held (see “Retention of Personal Data” below).
- details of your rights, including the rights to rectification, erasure, restriction or objection to the processing (set out in this section).
- any information available about the source of that data.
- whether or not we carry out automated decision-making, or profiling, and where we do, information about the logic involved and the envisaged outcome or consequences of that decision making or profiling.
- where your Personal Data is transferred out of the EEA, what safeguards are in place.
8.3.2 Details in respect of the above points are all set out in this Privacy Policy. If you need further clarification, please contact us (see ‘Contact Us’ below).
8.3.3 Requests for your Personal Data must be made to us (see ‘Contact Us’ below) specifying the Personal Data to which you need access, and a copy of such request may be kept by us for our legitimate purposes in managing the Website and/or App . To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
8.3.4 There are certain types of data which we are not obliged to disclose to you, which include Personal Data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations. We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the Personal Data requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to Data Protection Legislation.
8.4 Right to update your Personal Data or correct any mistakes in your Personal Data
You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you wish to do this, please:
- email or write to us (see ‘How can you contact us’ below).
- let us have enough information to identify you (e.g. name, registration details).
- let us know the information that is incorrect and what it should be replaced with.
If we are required to update your Personal Data, we will inform recipients to whom that Personal Data have been disclosed (if any), unless this proves impossible or has a disproportionate effort. It is your responsibility that all the Personal Data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (see ‘Contact Us’ below).
8.5 Right to ask us to stop contacting you with direct marketing
8.5.1 We have a legitimate interest to send you electronic communications in connection with the Services and related matters (which may include but shall not be limited to newsletters, announcement of new features etc. and which may also appear on social media platforms such as Facebook, LinkedIn, Twitter or Instagram.). We may also ask you for your consent to send you direct marketing from time to time. You may be able to select your preferences with respect to direct marketing when registering Your Account. We may also ask you different questions for different services, including competitions. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
8.5.2 You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- Click on ‘unsubscribe’ on an email (this will be instantaneous).
- Send an email via ‘Contact Us’ below (this can take up to 5 working days).
8.5.3 We will provide you with information on action taken on a request to stop direct marketing – this may be in the form of a response email confirming that you have ‘unsubscribed’. Unsubscribing from direct marketing does not unsubscribe you from essential electronic communications in respect of the administration of Your Account.
8.6 Rights in relation to automated decision taking
You may ask us to ensure that, if we are evaluating you, we do not base any decisions solely on an automated process and have any decision reviewed by a member of staff. Profiling may occur in relation to your Personal Data for the purposes of targeted advertising and de-targeting you from specified advertising. This allows us to tailor our advertising to the appropriate customers and helps to minimise the risk of you receiving unwanted advertising. These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law, (ii) necessary for the performance of a contract between you and us, or (ii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.
8.7 Right to restrict or prevent processing of Personal Data
8.7.1 In accordance with Data Protection Legislation, you may request that we stop processing your Personal Data temporarily if:
- you do not think that your Personal Data is accurate (but we may start processing again once we have checked and confirmed that it is accurate).
- the processing is unlawful, but you do not want us to erase your Personal Data.
- we no longer need the Personal Data for our processing; or
- you have objected to processing because you believe that your interests should override the basis upon which we process your Personal Data.
8.7.2 If you exercise your right to restrict us from processing your Personal Data, we will continue to process the Personal Data if:
- you consent to such processing.
- the processing is necessary for the exercise or defence of legal claims.
- the processing is necessary for the protection of the rights of other individuals or legal persons; or
- the processing is necessary for public interest reasons.
8.8 Right to data portability
In accordance with Data Protection Legislation, you may ask for an electronic copy of your Personal Data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to Personal Data that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where:
- the processing is based on your consent or for the performance of a contract; and
- the processing is carried out by automated means.
8.9 Right to erasure
In accordance with Data Protection Legislation, you can ask us (please see ‘Contact Us’ below) to erase your Personal Data where:
- you do not believe that we need your Personal Data to process it for the purposes set out in this Privacy Policy.
- if you had given us consent to process your Personal Data, you withdraw that consent, and we cannot otherwise legally process your Personal Data.
- you object to our processing, and we do not have any legal basis for continuing to process your Personal Data.
- your Personal Data has been processed unlawfully or have not been erased when it should have been; or
- the Personal Data must be erased to comply with law.
We may continue to process your Personal Data in certain circumstances in accordance with Data Protection Legislation (i.e. where we have a legal justification to continue to hold such Personal Data, such as it being within our legitimate business interest to do so (e.g. retaining evidence of billing information etc.). Where you have requested the erasure of your Personal Data, we will inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
8.10 Right to complain to the DPC
If you do not think that we have processed your Personal Data in accordance with this Privacy Policy, please contact us in the first instance. If you are not satisfied, you can complain to the DPC or exercise any of your other rights pursuant to Data Protection Legislation. Information about how to do this is available on the DPC website at https://www.dataprotection.ie
8.11 Withdrawal of Consent
If you no longer consent to our processing of Your Data (in respect of any matter referred to in this Privacy Policy as requiring your consent), you may request that we cease such processing by contacting us via the ‘Contact Us’ facility referred to below. Please note that if you withdraw your consent to such processing, it may not be possible for us to provide all/part of the Service to you.
9. SERVICE PROVIDERS
We may employ third party companies and individuals to facilitate our Website and/or App (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Website and/or App are used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
10. ANALYTICS
We may use third-party Service Providers to monitor and analyse the use of our Website and /or App.
• Google Analytics:Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can optout of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on, available at http://tools.google.com/dlpage/gaoptout. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
11. LINKS TO OTHER SITES
This Privacy Policy only applies to websites and services that are owned and operated by us. Our Website and /or App may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
12. BREACH REPORTING
12.1 We will notify serious data breaches in respect of your Personal Data to the DPC without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay. It is not necessary to notify the DPC where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
12.2 We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your Personal Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:
- we have implemented appropriate technical and organisational measures that render the Personal Data unintelligible to anyone not authorised to access it, such as encryption; or
- we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
- it would involve disproportionate effort in which case we may make a public communication instead.
12.3 Where we act as a Processor we will notify the Data Controller of any data breaches without undue delay.
13. RETENTION OF PERSONAL DATA
Your Personal Data will be kept and stored for such period as we deem necessary taking into account the purpose for which it was collected in the first instance. This may include retaining your Personal Data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our website.
Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Service, not to specifically analyse personal characteristics about you.
14. CHILDREN’S PRIVACY
Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
15. CHANGES TO THIS PRIVACY POLICY
We reserve the right in our sole discretion to amend this privacy statement at any time, you should regularly check this privacy statement for any amendments. We will let you know via email and/or a prominent notice on our Website prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.
16. TERMS AND CONDITIONS
This Privacy Statement is subject to the Terms and Conditions of Use of the NiftiBusiness Website, a copy of which is available on www.niftibusiness.ie. It is important that you read the terms and conditions of use as where there is a conflict between this Privacy Statement and the Terms and Conditions of Use, the Terms and Conditions of Use shall prevail.
17. CONTACT US
If you have any questions about this Privacy Policy, please contact us: