Effective Date: 03 October 2025
BACD Ltd (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website at www.ballinasloe.ie
1. Who We Are (GDPR Art. 13(1)(a))
- Controller: BACD Ltd.
- Address: Ballinasloe Enterprise Centre, Creagh, Ballinasloe, County Galway, Ireland
- Contact Email for Data Protection Matters: info@bacd.ie
2. Personal Data We Collect (GDPR Art. 13(1)(c))
We collect:
- Directly provided by you: name and email address (newsletter), name, email address, and message content (contact form)
- Automatically collected: IP address, browser, device type, usage data, server access logs
- From cookies and embeds: analytics data (Google Analytics, if enabled), technical and usage data from embedded Google Maps
We do not operate public user accounts or reviews.
3. Purposes and Legal Bases (GDPR Art. 13(1)(b))
Purpose | Data Involved | Legal Basis |
Responding to enquiries | Contact form | Legitimate interest |
Sending newsletters | Name, email | Consent |
Analytics (Google Analytics, if used) | IP, usage data, cookies | Consent (ePrivacy requires opt-in) |
Google Maps embed | Usage & technical data | Consent for third-party embed |
Security & operation | Logs, IP | Legitimate interest |
4. Recipients of Data (GDPR Art. 13(1)(e))
We may share data with:
- Hosting provider [WP Engine]
- Email provider for newsletters [Mailchimp]
- Cookie management platform [CookieYes]
- Google Analytics
- Google Maps
Joint Controller Note: Google may process data independently for its own purposes (e.g. profiling, service improvement). Please see Google’s Privacy Policy for details: https://policies.google.com/privacy
5. International Transfers (GDPR Art. 13(1)(f))
Data processed by Google Analytics and Google Maps may be transferred to the United States. We rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Google’s supplementary security commitments
- Transfer risk assessments conducted where appropriate
6. Data Retention (GDPR Art. 13(2)(a))
- Contact form: deleted within 24 months
- Newsletter: retained until unsubscribe
- Analytics (if enabled): retained for 14 months
- Server logs: retained for 12 months
- Cookies: see Cookie Declaration
- Backups: Backups may retain data beyond these periods for security, but are not actively processed and are deleted on rotation (max 12 months)
7. Security (GDPR Arts. 24–32)
We apply appropriate technical and organisational measures, including:
- SSL/TLS encryption of data in transit
- Encryption of hosting infrastructure at rest
- Role-based access to CMS with logging
- Restricted access to authorised staff only
- Regular monitoring and patching of systems
8. Your Rights (GDPR Arts. 15–22)
You have the right to:
- Access, rectify, or erase your data
- Restrict or object to processing
- Withdraw consent at any time (does not affect prior processing)
- Data portability
- Not be subject to automated decision-making, including profiling
- Lodge a complaint with the supervisory authority:
9. Children’s Data
- We do not knowingly collect data from children under 16.
10. Cookies (ePrivacy Directive, Art. 5(3))
We use cookies for:
- Essential: required for operation
- Analytics: Google Analytics (if enabled, consent required)
- Functional: improve usability
- Marketing: embeds (Google Maps, social media)
Non-essential cookies load only after consent. Cookie preferences can be managed via our banner or through the Cookie Declaration.
11. Updates
This policy may be updated periodically. The latest version will always be available on this site.
