Data Protection & GDPR
Our Commitment to GDPR
GardenSpace Ireland is fully committed to compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented comprehensive measures to protect your personal data.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: When you submit an application form, you provide explicit consent for us to process your information
- Legitimate Interests: To operate our business, improve our services, and communicate with partners
- Legal Obligation: To comply with Irish and EU laws, including tax and business regulations
Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You can request a copy of all personal data we hold about you. We will provide this information in a commonly used electronic format.
Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to have it corrected.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.
Right to Restriction of Processing
You can request that we limit how we use your data in certain situations.
Right to Data Portability
You can request to receive your personal data in a structured, machine-readable format, or have it transmitted directly to another organization.
Right to Object
You can object to processing of your personal data where we are relying on legitimate interests as our legal basis.
Right to Withdraw Consent
Where we rely on consent to process your data, you have the right to withdraw that consent at any time.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Application data: Retained for the duration of partnership discussions and up to 2 years thereafter for business records
- Partner data: Retained for the duration of the partnership plus 7 years for tax and legal compliance
- Website analytics: Anonymized after 26 months
Data Security Measures
We implement industry-standard security measures to protect your personal data:
- Encrypted data transmission (SSL/TLS)
- Restricted access controls with multi-factor authentication
- Regular security audits and updates
- Secure cloud storage with reputable providers (Google)
- Staff training on data protection best practices
International Data Transfers
Some of our service providers (such as Google) may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Providers certified under recognized data protection frameworks
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Irish Data Protection Commission within 72 hours
- Inform affected individuals without undue delay
- Take immediate steps to contain and remediate the breach
- Provide guidance on protective measures you can take
How to Exercise Your Rights
To exercise any of your data protection rights or for any questions about how we handle your personal data, please contact us:
Email: partners@mygardenspace.ie
Subject line: "GDPR Request" or "Data Protection Inquiry"
We will respond to all valid requests within one month. In complex cases, we may extend this period by up to two additional months, and we will inform you of any such extension.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Irish Data Protection Commission:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 (0)761 104 800
Website: www.dataprotection.ie