This Privacy Policy relates to our privacy practices in connection with gbaconsulting.ie (the “Site”) and associated iOS and Android applications, including the following:

Instasafe

Instaspace

Clashmore National School

Kinsalebeg National School

No Name Club

Scoil Bhride Naas

Scoil Cholmcille Ros a Mhíl

University Limerick Student Life

Ward Union Hunt

About us

GBA Consulting is a business name incorporated in Ireland with company number 643759 and having a registered office at Naas, Co Kildare, Ireland (“we” / “us” / “our” / “GBA Consulting”). Amongst other services, we provide a mobile communications, payments and document management platform for schools and other to engage their community and facilitate fundraising.

About our Privacy Policy

We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily. This privacy policy (the “Policy”) together with our Terms of Service sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of this website (“our Site” or “the Site”) and / or the GBA Consulting platform, app or service (the “Services”). We do not knowingly attempt to solicit or receive information from children.

Controller

Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.

The information we collect

We will collect and process the following data about you for the following purposes:

Information provided by You or Your Organisation

Your Data. In order to communicate with and provide relevant content to you, you or your organisation will provide us with your name, email address and information on your children’s names and their base class (the class to which they have been assigned) within the school.

Information you give us

Your Data. In addition to the information provided by your organisation, you may also provide us with your credit card details to facilitate payments to your organisation. We use Stripe to handle all Credit Card transactions and as such do not store and never have access to your credit card details. All details are securely stored by Stripe who provide us with a token, which on conjunction with our Stripe Private Key can be used to charge your account.

You may also elect to upload documents to the Service from time to time as requested or facilitated by your organisation. These documents are stored on a secure server provided by Google Firebase, with access provided solely to you, any your organisation staff member with Administrative privileges for our Service, as well as GBA Consulting employees or agents. GBA Consulting company policy prohibits staff and agents from accessing any documents uploaded by you save in the event that they are requested to do so by an authorised officer of your organisation and only where such access is necessary to resolve a problem or to assist your organisation in the processing of the documents where they are unable to do so themselves for any reason.

From time to time and for various reasons, you may also provide information by completing forms on our Site (or in our App) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, register for, subscribe to or use the Services, search for a product, place an order on our Site, participate in any future discussion boards or other social media functions on our Site and/or when you participate in and respond to our sign-up or other surveys or report a problem with our Site and/or the Services.

The information we collect about you

Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:

  • Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you use the application and other performance data which may be subject to analytics software such as Fabric.io (“Fabric”);
  • Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us;

No special categories of personal data: We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR, unless you decide to provide this information to us.

Cookies

What are cookies and why we use them

The Site may use cookies from time to time. “Cookies” are small text files which are stored by your browser on your computer and are normally used to gather statistical information and to analyze trends of use or access to a website. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site. For more about our use of cookies and how you can disable them, please see our cookie policy.

What we do with your information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the services we have agreed to perform on behalf of your organisation.
  • This includes providing access to the Service via a combination of your email and password (set-up by you).
  • We may also use your email address to send confirmation emails after payments have been processed, documents uploaded or to inform you of any changes to either our terms and conditions or to our privacy policy.
  • Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at 

privacy@gbasolutions.ie. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.

How long we keep your information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we may hold personal data as needed for our accounting or tax compliance purposes for a period of 6 years or for 5 years where needed for our compliance with anti-money laundering regulations. For more information about our data retention policies please contact us at privacy@gbaconsulting.ie.

Disclosure of your information

We do not sell your personal information (or Your End Customer Data) to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:

You agree that we have the right to share your personal information with the following recipients or categories of recipients.

  • Any department or authorized person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014.
  • Selected third parties including business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services, including but not limited to:
    • Stripe for payment and delivery services;
    • Google Firebase for hosting and maintaining GBA Consulting applications.
  • Where we have your consent to do so, email marketing service providers, including ElasticEmail, to send information to you from time to time by email about promotions, competitions, updates and new products or services that may be of interest to you;
  • Analytics and search engine providers that assist us in the improvement and optimization of our Site such as to Fabric and Google;

We will disclose your personal information to third-party recipients.

  • If GBA Consulting or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or to apply our Terms of Service and other agreements.
  • To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organizations for the maintenance and security of the Site and Services.

Your Personal Data and Your Rights

Accessing your Personal Data

You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to privacy@gbasolutions.ie

 

We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.

Right of Restriction

You may restrict us from processing your personal data in any of the following circumstances:

  • You have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
  • The processing of your personal data is unlawful and you request the restriction of the use of personal data instead of its erasure;
  • We no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or
  • Where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.

Corrections or Erasure (Right to Rectification and Right to Be Forgotten)

If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us by email at privacy@gbasolutions.ie.

 

Your Right to Object

You have the right to object to the processing of your personal data at any time:

  • For direct marketing purposes
  • For profiling to the extent it relates to direct marketing
  • Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights, and freedoms or in connection with the enforcement or defence of a legal claim

To exercise your right to object at any time, please email privacy@gbasolutions.ie. Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above. For more information about our marketing practices, please see the Marketing Communications section below.

Data Portability

Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.

Personal Rights

The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned. If we receive any such request or communication directly from your customers and/or in relation to Your End Customer Data, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter. This will be described in more detailed in the Terms of Service or the other relevant contract between us.

Marketing Communications

We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you, unless we have your permission to do so.

Your Right to Object

You have the right to object to the processing of your personal data for our marketing purposes. To object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at privacy@gbasolutions.ie.

You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.

We use ElasticEmail and other email marketing service providers

Some of our communications may be sent by email using ElasticEmail. ElasticEmail’s servers and offices are located in the USA, Canada and the EU so if you choose to receive marketing communications from us by email, this means that your personal data may be transferred to, stored, or processed in the USA or Canada and you consent to the transfer, storing and processing of your personal data in this way. A copy ElasticEmail’s privacy policy can be found at https://elasticemail.com/resources/usage-policies/privacy-policy/.

Payment Information

When you make a payment to your organisation, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here https://stripe.com/ie/privacy.

Security Measures

Acknowledgement and Disclaimer

While we take our security responsibilities seriously, using world class partners for the provision of services we cannot provide ourselves (Google Firebase, Stripe, ElasticEmail, Fabric and others), unfortunately the transmission of information via the internet is not completely secure. Although we will always do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures to try to prevent unauthorized access. These are described in more detail below.

Location of Servers and Accessibility

The Services are a SaaS based CRM (Customer Relationship Management) system and, as such, your personal data is not stored locally but on a secure server. No installs are required on your PC or laptop. Our web application is only accessible via HTTPS, which helps ensure your interactions with our app are secure and private.

Data Storage

Your personal data is stored on secure servers hosted on Firebase, a service provided by Google. These servers are located in the United Stated. Firebase, through Google, participates in and has certified its compliance with the EU-US Privacy Shield Framework. You can read more about Firebase Security and Privacy policies at https://firebase.google.com/support/privacy.

Data Backup

Your personal data is backed up on a nightly basis. The Firebase / Google server data centres are protected by physical barriers and guarded 24/7.

Data Encryption

Data is encrypted using SSL Certification when transmitted from our servers to your browser. In the “security test” page we are graded A+.

Development and Operations

New features and updates are developed and released on development servers prior to being pushed live to the main production environment. Extensive testing is undertaken to ensure all new features are working correctly and the performance of the Site and Services is maintained.

Changes to this policy

Any changes made to this Policy from time to time will be published at the Site.

Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data will be notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or to object to the processing) as you see fit.

Questions or Complaints

Should you have any queries or complaints relating to this Privacy Policy, please contact us at:

GBA: privacy@gbasolutions.ie

Website: https:/gbasolutions.ie

GBA Solutions Ireland
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.