Privacy Statement

Data Protection Information Notice

Effective: July 2019

The terms ‘Personal Data’, ‘Data Controller’ and ‘Data Processor’ are defined in the General Data Protection Regulation (EU) 2016/679.

Who we are: We are Information Security Assurance Services Limited (‘ISAS’) and we provide information security and data governance services to clients. We are an Irish company , incorporated in Ireland (Registration Number 516771) and our registered address is Unit C1, Nutgrove Business Park, Rathfarnham, Dublin D14 V5Y2. We have a Data Protection Officer who can be contacted at: sinead.mcdonald@isas.ie

What Personal Data do we collect on this website and elsewhere?:

We do not collect any Personal Data from you on this website.

If you contact us via e-mail then we will process your Personal Data (e.g. your email address) to respond to you. We do not ask for any other Personal Data, but you might volunteer them in an email in which case we will treat them as we will the rest of your email.

We do not sell any services or products on the web-site, so we do not collect any financial or banking details.

If you decide you want to take some or all of our services, we will subsequently ask you for certain Personal Data for communicating with you, for delivering those services and for accounting and billing purposes. This is so that we can perform our part of the legal contract we have with you. In this regard we are a Data Controller.

If, during the performance of that contract and as part of the services we deliver to you, we may be required to process the Personal Data of your customers, employees or clients. In this regard we are a Data Processor and we will have a Data Processor Agreement with you and we have obligations of confidentiality, security and protection of such Personal Data.

The only cookie that we put on your device is eucookielaw which is used to suppress the 'pop-up' notice on cookies if you have Accepted the notice on a previous visit.

Who do we share your Personal Data with?:

When we deliver services to you, we use Microsoft 365 to store account information, reports and to communicate with you via email. Microsoft stores any such information within the EEA.

We do not transfer any Personal Data outside the EEA.

The only cookie that we would store on your device is eucookielaw which is simply to let us know that you have Accepted the pop-up notice and suppress it on subsequent visits. We will keep such data for ten years.

How long do we retain your Personal Data for?:

Account information reports and email correspondence are retained for the duration of our contract with you and thereafter for 7 years for accounting and Revenue purposes.

The cookie data will be retained for ten years.

What rights do you have in relation to your Personal Data?:

Under the General Data Protection Regulation and the Data Protection Acts 1988 to 2018 you have the right to:

  • Request a copy of any Personal Data we hold on you;

  • Request that we amend any incorrect or inaccurate Personal Data held;

  • Request we stop or restrict the processing of your Personal Data

  • Request that we delete your Personal Data;

  • Request we provide you with your Personal Data in a structured, commonly used , machine readable format and transmitted to another Data Controller.

Not all of these rights are absolute, some may be restricted in limited circumstances. If you have a question or a complaint, please contact us and we are happy to discuss this further with you.

You do have the absolute right to lodge a complaint with the Data Protection Commission. Further details can be found at: www.dataprotection.ie

ISAS may amend this Statement from time to time.