Privacy Policy
Excel Web Design is committed to protecting the privacy and security of your personal data. As a web development company based in Ireland, we operate in full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2018 (as amended). This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with our website, services, or contact us. Our servers are located within the European Union (EU), ensuring that personal data remains within the EU unless otherwise specified.
We act as the Data Controller for the personal data we process. If you have any questions about this Privacy Policy or our data practices, please contact us at info@excelwebdesign.ie.
This policy is provided in a clear and concise manner to meet our transparency obligations under Article 5(1)(a) of the GDPR and Section 42 of the Data Protection Act 2018.
1. Data Controller Details
- Company Name: Excel Web Design
- Registered Address: Villa Marie, Lagore Road, Dunshaughlin, A85EY99
- Data Protection Officer (DPO): Marie van den Berg contact info@excelwebdesign.ie for data matters
- EU Representative: Not applicable (as we are established in the EU).
2. Personal Data We Collect
We collect personal data directly from you or automatically through our website and services. The types of data include:
- Identity Data: Name, email address, phone number, job title (e.g., from contact forms or inquiries).
- Contact Data: Billing address, delivery address (for service-related deliveries).
- Technical Data: IP address, browser type, device information, pages visited (via cookies and analytics tools).
- Marketing and Communications Data: Preferences for receiving updates about our web development services.
- Professional Data: Company details, project requirements (for potential clients).
We do not collect sensitive personal data (e.g., health, racial, or political information) unless explicitly required for a service and with your consent.
3. How We Collect Personal Data
- Directly from you: When you fill out contact forms, subscribe to newsletters, request quotes, or communicate via email/phone.
- Automatically: Through cookies, server logs, and analytics tools (e.g., Google Analytics) when you visit our site.
- From third parties: Occasionally from business partners or public sources (e.g., LinkedIn for professional networking), but only if necessary and with lawful basis.
4. How We Use Personal Data
We process personal data for legitimate business purposes, always in line with GDPR principles (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality) and the Data Protection Act 2018.
| Purpose | Lawful Basis (GDPR Article) | Relevant Data Categories |
|---|---|---|
| To respond to inquiries and provide web development quotes/services | Contractual necessity (Art. 6(1)(b)) or Legitimate interests (Art. 6(1)(f)) | Identity, Contact, Professional |
| To manage client relationships and deliver projects | Contractual necessity (Art. 6(1)(b)) | Identity, Contact, Technical |
| To send marketing communications (e.g., newsletters) | Consent (Art. 6(1)(a)) | Marketing and Communications |
| To improve our website and services (analytics) | Legitimate interests (Art. 6(1)(f)) | Technical |
| To comply with legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) | Identity, Contact |
| For security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | Technical, Identity |
We only process data for specified, explicit, and legitimate purposes and do not use it incompatibly. Under the Data Protection Act 2018, we ensure processing is proportionate and respects your rights.
5. Sharing Personal Data
We share personal data only when necessary and with safeguards:
- Service Providers: Hosting providers, email services (e.g., within EU), and analytics tools bound by data processing agreements (Art. 28 GDPR).
- Professional Advisers: Lawyers, auditors (limited to necessary data).
- Business Transfers: In mergers/acquisitions, with notice to you.
- Legal Requirements: To comply with laws or protect rights (e.g., DPC requests).
We do not sell personal data. All recipients are EU-based or provide equivalent protections (e.g., Standard Contractual Clauses for any non-EU transfers, though none currently apply).
6. International Data Transfers
As our servers and processors are within the EU, no transfers outside the EEA occur. If this changes, we will use GDPR-approved mechanisms (e.g., adequacy decisions or binding corporate rules) and inform you.
7. Data Security
We implement appropriate technical and organizational measures to protect data, including encryption, access controls, and regular audits (Art. 32 GDPR). Servers are EU-hosted with robust firewalls. In case of a breach, we notify the DPC within 72 hours (Art. 33) and affected individuals if high risk (Art. 34), as required by the Data Protection Act 2018.
8. Data Retention
We retain data only as long as necessary:
- Inquiries: 12 months.
- Client data: Duration of contract + 7 years (for tax/legal compliance).
- Marketing: Until consent withdrawn.
Afterwards, data is securely deleted or anonymized.
9. Your Rights Under GDPR and Data Protection Act 2018
As an EU data subject, you have rights under GDPR (Arts. 15-22) and Sections 48-93 of the Data Protection Act 2018. Contact us to exercise them (free of charge, except abusive requests):
- Access: Request a copy of your data.
- Rectification: Correct inaccurate data.
- Erasure (“Right to be Forgotten”): Delete data where no longer needed.
- Restriction: Limit processing in disputes.
- Portability: Receive data in structured format.
- Objection: Oppose processing (e.g., marketing; we always honor).
- Withdraw Consent: At any time (without affecting prior processing).
- Automated Decisions: Rare; right to human review.
We respond within one month (extendable). Complaints? Contact the DPC at www.dataprotection.ie.
10. Cookies and Tracking
Our site uses cookies for functionality and analytics. See our Cookie Policy for details. You can manage preferences via browser settings.
11. Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect their data.
12. Changes to This Policy
We review this policy annually or as needed. Changes will be posted here with the updated effective date. Significant changes may be notified by email.
13. Compliance with Data Protection Act 2018
This policy aligns with the Data Protection Act 2018, which incorporates GDPR and adds Irish-specific provisions, such as enhanced DPC powers for enforcement and rules for law enforcement processing (not applicable here). We maintain records of processing activities (Art. 30 GDPR) and conduct Data Protection Impact Assessments (DPIAs) for high-risk activities.
For full legal text, see GDPR and Data Protection Act 2018.