Privacy Policy

1. How we use personal data

This page describes how DataAgent (EU) Ltd (“DataAgent”) deals with (or “processes”) personal data.

2. Who is the data controller?

DataAgent is the data controller for all the processing described in this policy.

3. How to contact us about our processing of personal data

To contact DataAgent about our processing of personal data, you can email contact@dataagent.eu or write to us at Core B, Block 71, The Plaza, Park West, Dublin 12.

4. Whose personal data do we process?

DataAgent processes the personal data of the following categories of individuals:

  • individuals representing our clients or potential clients – such as their staff, officers and occasionally their contractors (such as legal advisers or external Data Protection Officers) and owners (whom we call “client representatives”);
  • individuals who communicate with DataAgent about our clients’ processing of personal data (whom we call “our clients’ customers”)
  • individuals representing supervisory authorities who communicate with DataAgent about our clients’ processing of personal data (whom we call “regulators”)
  • individuals involved in litigation or arbitration proceedings to which DataAgent is a party (whom we call “litigants”);
  • individuals concerned in the existing or potential provision of services to DataAgent or its clients – such as representatives of accountants, lawyers, travel and accommodation providers and other contractors, or events organisers (“service providers”);
  • other participants in professional interest groups, professional education events or similar groups, associations or events in which we participate (“professional contacts”);
  • individuals who may be suitable for or interested in joining DataAgent’s staff (whom we call “potential employees”); and
  • representatives of governmental authorities or agencies which communicate with DataAgent in relation to our own legal compliance (whom we call “officials”).
5. What information about individuals do we process?
  • Information about client representatives, service providers and professional contacts: we process contact details, details of professional positions and activities, as well as the content of communications with us.
  • Information about our clients’ customers: we process information which individuals provide to us. That information will normally include the individual’s name, contact details, details of his or her relationship with our client, as well as the communication which the individual sends to us. It may also include proof of identity information.
  • Information about regulators and officials: we process contact details, details of professional positions and activities, communications with us, plus any other information which the individual provides.
  • Information about litigants: we process personal data which we receive in the course of the litigation.
  • Information about potential employees: we process contact details, details of professional positions, history, activities, interests and aspirations, and communications with us.
6. What do we use personal data for?

We use personal data for the purposes described in this section.

  • Providing our services to our clients – specifically our representative services. Providing these services can include (among other things):
             - passing on communications to our clients and considering how to respond to communications (including in discussions with our clients);
              - considering, discussing and/or complying with the orders and requirements of supervisory authorities; and
              - participating in enforcement action by supervisory authorities and in legal proceedings.
  • Assessing, improving and facilitating the use of our services, including our websites.
  • Marketing our services.
  • Recruiting staff and developing our knowledge and capabilities.
  • Invoicing and collecting our fees from our clients.
  • Running our operations, ensuring our legal compliance, and pursuing our rights and interests (for example in commercial transactions or legal or arbitration proceedings).
7. The legal basis for our processing

We process personal data in pursuit of our legitimate interests – specifically our interests in:

  • providing our services to our clients;
  • assessing, improving and facilitating the use of our services, including our websites;
  • marketing our services;
  • recruiting staff and developing our knowledge and capabilities;
  • invoicing and collecting our fees from our clients; and
  • running our operations, ensuring our legal compliance, and pursuing our rights and interests.
8. Recipients to whom we send personal data

We transfer personal data to a variety of recipients. Our recipients include:

  • our clients and client representatives – for example when we forward a communication from one of our clients’ customers to our client in the course of providing our services;
  • regulators – for example when we are required to supply information in relation to our clients’ processing of personal data;
  • service providers – for example our lawyers, our accountants and our IT service providers;
  • participants in litigation – including other parties, witnesses, judges, and arbitrators;
  • professional contacts – for example if we share recommendations as to appropriate service providers;
  • officials – for example in relation to our own legal compliance; and
  • investors – for example when we seek investment in our business.
9. When we transfer personal data outside the EEA

We make some transfers of personal data outside the European Economic Area (“EEA”). Recipients in each of the categories described above may, in some instances, be located outside the EEA.

When we transfer personal data to a recipient outside the EEA:

  • we comply with the terms of an adequacy decision of the European Commission governing the jurisdiction where the recipient is located; or
  • where there is no adequacy decision for the recipient’s jurisdiction, we rely on the European Commission’s Standard Contractual Clauses for the transfer of Personal Data to a controller outside the European Union (Decisions 2001/497/EC and 2004/915/EC), which are available here.

For further details of individual transfers and the safeguards we employ, please contact us using the methods described above.

10. How long we keep personal data for

As described above, we process personal data for various purposes, including for the purposes of ensuring our legal compliance and defending our rights and interests.

For this reason, we retain personal data for a period of seven years, in order to comply with accounting rules and in order that information remains available in the event of civil claims brought during normal limitation periods.

That seven year period will start on the date on which the communication or document containing personal data was received by us or first stored in our systems, except where:

  • the communication or document is relevant on an ongoing basis to our provision of services for a client – in which case the period will start on the date on which our provision of services for that client finally ends; or
  • the communication or document has been used in or relevant to our other professional activities (such as participation in an event) – in which case the period will start when the activity comes to an end; or
  • the communication or document has been used in or relevant to the provision of services to DataAgent – in which case the period will start when the services come to an end; or
  • the communication or document has been relevant to or used in enforcement action or legal proceedings – in which case the period will start on the date on which the enforcement action or legal proceedings were finally resolved (including any appeals); or
  • you agree that we can retain your personal data for longer – in which case the period will start on the date that you indicate your agreement.

We conduct a deletion exercise at least once per year, during which we delete from our systems any personal data which is “expired” in accordance with these principles.

11. Your freedom to withhold personal data

You are not obliged to share your personal data with us. You can withhold your personal data if you wish.

For example, you can withhold your contact information. However this may impact on our, or our clients’, ability to communicate with you.

12. Your right to object

You have the right to object to our processing of your personal data based on our legitimate interests. You can do this by contacting us in the manner described in this policy. If you object to our processing on this basis, we will restrict that processing until we are able to demonstrate overriding interests justifying our processing.

You also have the right to object to our processing of your personal data for direct marketing purposes. If you object to this processing, it will immediately stop.

13. Your other rights

You also have the following additional rights:

  • the right to information about and access to your personal data, under Article 15 of the GDPR;
  • the right to have inaccurate personal data rectified, and incomplete data completed, under Article 16;
  • the right to have your personal data erased, under Article 17;
  • the right to have processing activities restricted, under Article 18;
  • the right to data portability, under Article 20;
  • the right to withdraw consent, where processing is based on consent, under Article 7(3);
  • the right not to be subject to decisions based on automated processing which produce legal or other similarly significant effects, under Article 22; and
  • the right to complain to a supervisory authority, under Article 77.

To exercise these rights in relation to our processing of your personal data, please contact us in the manner described in this policy.

14. Individuals in the UK

This policy applies in the same way if you are based in the UK, except that, after 31 December 2020:

  • you have additional rights, corresponding to the rights described in section 13 of this policy, arising under the UK GDPR (which may be exercised by contacting us in the manner described in this policy); and
  • we may transfer your personal data outside the UK, pursuant to adequacy regulations under section 17A of the Data Protection Act 2018 (“DPA18”) or standard data protection clauses specified by the Secretary of State pursuant to section 17C DPA18 or by the Information Commissioner pursuant to section 119A DPA18. Further details of individual transfers and the safeguards we apply may be obtained by contacting us in the manner described in this policy.
15. Review of this policy

This policy will be reviewed annually.


DataAgent (EU) Ltd
August 2020

Copyright 2020 DataAgent (EU) Ltd
Website by Just Wye