INSPA and INSPAsmiles ("We") are committed to protecting and respecting your privacy and personal data. As of the 25th May 2018 the new GDPR (General Data Protection Regulation) comes into force and we consistently update our practices towards being fully compliant with the new GDPR Regulations.
This notice sets out the basis on which any personal data we collect from you, that you provide to us, or that we obtain about you from other sources, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
To aid us in fulfilling this Policy, INSPA / INSPAsmiles staff have completed or are currently undertaking CPD (Continual Professional Development) courses introducing them to further Child Safety and Protection laws and the new General Data Protection Regulations GDPR.
What information do we collect and process about you?
INFORMATION WE COLLECT FROM YOU
Visiting our website
In relation to each of your visits to our site we will automatically collect the following information:
Technical Information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), length of visits and pages visited. It also includes Analytics data such as Geo (language, location), Technology (browser and operating system, network), Mobile (device) and Acquisition (adwords, social, campaigns, search console).
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version, however, doing so may negatively impact your browsing experience.
Our website uses HSTS Secure, adding an extra layer of security forcing browsers to view the secure version of our website. HSTS Secure ensures the connection is encrypted and prevents potential attackers from accessing or impersonating our site.
INFORMATION YOU GIVE TO US
This is information about you that you give us by filling in our proof/order forms or by corresponding with us by e-mail, phone, website form, eCommerce sites/forms, app, entering competitions or otherwise. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information and personal description. This information you provide is used only for the purpose of producing and dispatching your order(s) or particular requests.
Proof / Order Forms
Our Proof / Order Forms are hard copy forms that contain a space for personal details to be filled in if you choose to do so. Information here can include Pupils Name, Class and Telephone Number. By filling in these details you are giving us permission to contact you if needed to process your order.
INSPA / INSPAsmiles are the copyright holders of all photographs taken by them. We store all our digital files (for commercial purposes) securely on password protected systems solely for the purpose of processing future orders, reproducing images when requested and fulfilling our contractual obligations to our schools and customers. Images are stored and labeled only with unique reference numbers on our computers. No other personal information (other than the actual image) that would identify a child are stored on our computers and all our systems contain up to date anti-virus protection software, are updated regularly and are shut down every evening.
We always secure Parental / Guardian Consent prior to taking photographs in schools. All our printing and packaging is completed in-house by INSPA / INSPAsmiles staff who have completed or are currently training in Child Safety and Protection as well as the new GDPR.
INFORMATION WE RECEIVE FROM OTHER SOURCES
This information received may be about you and received from sources other than directly from you such as: Official School Representatives, Teachers, Parents or Guardians. As our photographs are stored only with unique order reference numbers on our computers, we occasionally require additional information to process your order and provide our contractual obligations to our schools and customers. This only occurs in unusual situations such as a proof / order form not being returned with a payment for photographs and the identification of a pupil needs to be obtained to process your order.
What we do with the information that you have given us?
Any information given to INSPA / INSPAsmiles in confidence will be processed in accordance with the law. It will not be disclosed to anyone outside the company without your permission, unless it is lawful for us to do so and we will not send any statistical information to any third party. We take our responsibility towards the security of your personal data seriously and we have taken an active approach to this responsibility by attending and completing CPD courses in Child Safety & Protection and the new GDPR. All personal information / data collected or given to us is to aid us in providing you with the best experience, service and product.
HOW LONG DO WE KEEP YOUR DATA FOR
Our policy is to ensure your data is only stored for as long as necessary to provide you with our services as our client. This may vary according to the type of information and the specific applicable purpose(s) and we can provide you with relevant details applicable to your data on request.
We only use responsible third party service providers for certain business function such as; Wetransfer, Mailchimp, Squarespace, Stripe, Paypal, N26 and Gsuite from Google which help us operate and market our service opportunities and products to educational establishments and customers on the island of Ireland. Outside of this we do not share or disclose any of your personal information without your consent and we do not share or disclose any personal data to third parties for marketing or statistical purposes.
Legal Basis for Processing
Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this policy relates are:
Where the processing is necessary for us to perform a contract that you are party to, or at your request, to take steps prior to entering a contract, that is the ground on which we are processing that data. If you have given your consent for us to process the data, that is the basis on which we are processing that data. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data. Where the processing of data is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests. Our legitimate interests comprise the management, marketing and promotion of our business, products and services.
You have the right to access any personal information that INSPA / INSPAsmiles processes about you and to request the following information:
What personal data we hold about you
The purposes of the processing
The categories of personal data concerned
How long we intend to store your personal data for
The recipients to whom the personal data has/will be disclosed
If we did not collect the data directly from you, information about the source
This statement covers INSPA / INSPAsmiles and our website(s). It does not cover other sites to which our site is linked.
DATA PROTECTION COMMISSIONER
Canal House, Station Road, Portarlington, Co. Laois, Ireland R32 AP23
+353 (0) 57 8684800