SIGTAX is devoted to ensuring that your personal data is protected. This privacy statement explains how and why we collect and use protecting personal data, and provides information about individuals` rights in relation to personal data. Such information will only be used in accordance with this privacy statement.
If the content or information that you disclose to us contains the personal information of other individuals, you must be legally permitted to share it with us.
The main aim of this policy is to be transparent for our clients on processing of personal data they provided. User`s personal information is not used for other purposes, unless we obtain user`s permission, or unless otherwise required or permitted by law or professional standards.
Who does it concern?
- Our clients
- Individuals whose personal data we obtain in connection with providing services to our clients
- Contacts in our customer relationship management (CRM) systems
- Sigtax.ie visitors (including hosting of other countries)
- Participants of SIGTAX meetings and events
- Individuals who use our cloud system
- Individuals who correspond with SIGTAX via email
- Job applicants
- Visitors to SIGTAX offices
Controller contact details
SIGTAX is the controller for the personal data it processes. You can contact SIGTAX a number of ways, which are set out on the contact page of our website.
DPO contact details
In accordance with Article 37 of the EU General Data Protection Regulation (GDPR), SIGTAX has appointed a Data Protection Officer. If you wish to contact our Data Protection Officer in relation to the processing of your personal data by SIGTAX, you can do so by e-mailing [email protected].
What data we process?
Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. These server logs may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.
When you access the Service by or through a mobile device (including but not limited to smart-phones or tablets), we may access, collect, monitor and/or remotely store one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by SIGTAX. A device identifier may convey information to us about how you browse and use the Service. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.
We may directly collect analytics data, or use third-party analytics tools and services, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user.
When you access the Service by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Service. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.
Why do we process?
We process user’s data for a number of reasons, including:
- Providing our services to users and fulfilling requests;
- Provision of data is necessary for the performance of an agreement with the user and/or for any pre-contractual obligations thereof;
- Data necessary for contracts, accounting and other documents.
- Developing and improving our services;
- Commercial and marketing communications;
- Legal compliance requirements;
- Exchanging of information and documents directly.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
If SIGTAX, or substantially all of its assets, were acquired, or in the unlikely event that SIGTAX goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of SIGTAX may continue to use your personal information as set forth in this policy.
Sharing and transfer of data with third parties. Protection of Certain Personally-Identifying Information
Please be aware that we do not share personal information with third parties except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards (our service providers, auditors, etc).
SIGTAX can discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that:
(i) need to know that information in order to process it on SIGTAX´s behalf or to provide services, and
(ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using our website and services, you consent to the transfer of such information to them. SIGTAX will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, SIGTAX discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when SIGTAX believes in good faith that disclosure is reasonably necessary to protect the property or rights of SIGTAX, third parties or the public at large.
If you have supplied your email address, SIGTAX may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with SIGTAX and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. SIGTAX takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
How we keep your data secure?
Your information collected through the Service may be stored and processed in Ireland, Switzerland and any other country in which SIGTAX or its subsidiaries, affiliates, or service providers maintain facilities. SIGTAX may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world.
SIGTAX cares about the security of your information, and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from SIGTAX, at all times. However, SIGTAX cannot ensure or warrant the security of any information you transmit to SIGTAX or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. Your privacy settings may also be affected by changes to the functionality of third-party sites and services that you add to the SIGTAX Service, such as social networks. SIGTAX is not responsible for the functionality or security measures of any third party.
In the event that any information under our control is compromised as a result of a breach of security, SIGTAX will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
As the data subject you have the following rights in relation to the personal information:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data.
- Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.
- Access their data. Users have the right to learn if data is being processed by the company, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
- Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.
- Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data.
- Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user's consent, on a contract which the user is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Links to Other Websites and Services
SIGTAX does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register as Users. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at [email protected].
If you have questions regarding personal data protection or you would like to exercise your rights, please contact the person you usually communicate in SIGTAX or write us by e-mail [email protected]. These requests can be exercised free of charge and will be addressed as early as possible and always within one month.
The GDPR came into force on 25 May 2018 and significantly changed data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations. The GDPR is designed to give individuals more control over their personal data. (A copy of the GDPR is available here).
The key principles relating to the processing of personal data under the GDPR are lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability (Article 5 of the GDPR).
Although the GDPR is directly applicable as a law in all Member States, it allows for certain issues to be given further effect in national law. In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’). (A copy of the 2018 Act is available here).
The Law Enforcement Directive
The Law Enforcement Directive (Directive (EU) 2016/680) is a piece of EU legislation, parallel to the GDPR, which also took effect from May 2018. The Law Enforcement Directive (‘LED’) deals with the processing of personal data by data controllers where the processing is for ‘law enforcement purposes’, which fall outside the scope of the GDPR.
As a Directive, the LED requires transposition into Irish law to take effect. The LED is transposed into Irish law by the 2018 Act, primarily in Part 5 of that Act.
Pursuant to Section 11 of the 2018 Act, the Commission is the supervisory authority for both the GDPR and the LED.
"SIGTAX" "we," "our," and "us" refers to SIGTAX Limited LTD, a company established and validly existing under the laws of Ireland, Address: 59 Merrion Square (South), Dublin 2, Ireland.
E-mail: [email protected]