This Data Processing Notice (“Notice”) applies if you are buying a product or service from Procrop Ireland Limited trading as HLS (“HLS”) or obtaining a quote for products or services. When we refer to “you” in this notice, we refer to the individuals who provide us with Personal Data in order to provide these products or services. In the case of sole traders, partnerships and other un-incorporated customers, this will be the individuals who own the business, and for corporate customers, this will mean any directors, officers, shareholders or other parties responsible for the operation of the business whose data we collect. In all cases, this will include any joint applicants or guarantors whose Personal Data we process.

1. Who We Are and How to Contact Us and Our Data Protection Officer

HLS of Unit 147 Ashbourne Industrial Estate, Ashbourne, Co. Meath, Ireland is a Data Controller of your Personal Data. This means information that is about you or from which we can identify you. This Notice describes how we deal with your Personal Data.

We are the Data Controller of this Personal Data under relevant Data Protection Laws because in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this Notice. When we use terms such as “we”, “us” and “our” in this Notice, we mean HLS.

Our point of contact in relation to data protection matters can be contacted at any time, including if you have queries about this Notice or wish to exercise any of the rights mentioned in it, by emailing [email protected]

2. Where Do We Get Your Personal Data?

We will generally collect your Personal Data from you directly.

In addition, we obtain your Personal Data from the sales company who introduced you to us.

3. What Kinds of Personal Data About You Do We Process?

We process the Personal Data that you provide to us during the application process. The Personal Data includes:

  • Your title, full name, your contact details, including for instance your email address, home and mobile telephone numbers;
  • Your home address, delivery address (where different from your home address) and address history;
  • Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, IP address and MAC address;
  • Your purchase history

4. What Are the Legal Grounds for Our Processing of Your Personal Data (Including When We Share It With Others)?

Data Protection Laws require us to explain what legal grounds justify our processing of your Personal Data (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant. Here are the legal grounds that are relevant to us:

1) Processing necessary to perform our contract with you for the Services or for taking steps prior to entering into it:

  1. Administering and managing your Services and updating your records;
  • Where we consider that it is appropriate for us do so, processing necessary for the following legitimate interests, which apply to us and, in some cases, other organisations (who we list below) are:
    1. Administering and managing our relationship and your Services and keeping appropriate records;
    2. To improve our products and services, by reviewing which products you take up and use and the frequency and type of use you make of the Services, and to test their performance;
    3. To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as the Companies Registration Office (CRO) and the Central Bank of Ireland, To administer good governance for us and other members of our Group, and for audit of our business operations including accounting;
    4. To keep records of communications;
    5. For market research and analysis and developing statistics;
    6. When we share your Personal Data with these other people or organisations;
      • Members of our Group;
      • The sales company or organisation who referred or introduced you to us;
      • Our legal and other professional advisers, auditors and actuaries;
      • Financial institutions and trade associations
      • Governmental and regulatory bodies such as the Companies Registration Office (CRO), the Central Bank of Ireland and the Office of the Data Protection Commissioner (DPC)
      • Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
      • Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
      • Market research organisations who help us to develop and improve our products and services; and
      • Other organisations and businesses, who provide services directly to Merchants to enable transaction processing. Details of the organisations we use can be found on the above website
  • Processing necessary to comply with our legal obligations:
    1. For compliance with laws that apply to us;
    2. For establishment, defense and enforcement of our legal rights or those of any other member of our Group;
    3. For activities relating to the prevention, detection and investigation of crime;
    4. To carry out monitoring and to keep records;
    5. To deal with requests from you to exercise your rights under Data Protection Laws; and
    6. When we share your Personal Data with these other people or organisations:
      • Law enforcement agencies and governmental and regulatory bodies such as CRO, the Central Bank of Ireland and DPO; and
      • Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
  • Processing with your consent:
    1. For direct marketing communications;
    2. When you consent for us to share your information with a third party; and
    3. Where information has been gathered via cookies or similar technologies, you may block such cookies using your browser. Some parts of our website may not work properly if you do.

5. How and When Can You Withdraw Your Consent?

Much of what we do with your Personal Data is not based on your consent, instead it is based on other legal grounds. For processing that is based on your consent, you have the right to take back that consent for future processing at any time. You can do this by contacting us by email as detailed above. The consequence might be that we cannot send you some marketing communications or that we cannot take into account special categories of Personal Data.

6. Is Your Personal Data Transferred Outside the UK or the EEA?

We don’t process personal data outside of EEA.

7. For How Long Is Your Personal Data Retained by Us?

Unless we explain otherwise to you, we will hold your Personal Data whilst you are receiving Services from us, and for a period of up to 7 years afterwards, in case you have any queries or any legal claim arises, and to comply with our own legal, regulatory and record keeping requirements.

8. What Are Your Rights under Data Protection Laws?

Here is a list of the rights that all individuals have under Data Protection Laws. They do not apply in all circumstances. If you wish to exercise any of them, we will explain at that time if they are applicable or not.

  • The right to be informed about our processing of your Personal Data;
  • The right to have your Personal Data corrected if it is inaccurate and to have incomplete Personal Data completed;
  • The right to object to processing of your Personal Data;
  • The right to restrict processing of your Personal Data;
  • The right to have your Personal Data erased (the ‘right to be forgotten’);
  • The right to request access to your Personal Data and to obtain information about how we process it;
  • The right to move, copy or transfer your Personal Data (‘data portability’); and
  • Rights in relation to automated decision making that has a legal effect or otherwise significantly affects you.

You have the right to complain to the DPO which enforces Data Protection Laws: https://www.dpo.ie/.

9. Data Anonymisation and Use of Aggregated Information

Your Personal Data may be converted into statistical or aggregated data, which cannot be used to

re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Notice.

This document was issued in May 2018 and may be amended from time to time. Updated versions will be posted on our website: https://www.hls.ie/privacy-notice/ We will notify you of changes to this document.

Procrop Ireland Limited trading as HLS has its registered office at Unit 147 Ashbourne Industrial Estate, Ashbourne, co. Meath A84 WK40 and is registered in Ireland, company number 190664.