Privacy Policy


Pembroke Privacy Limited (collectively referred to as “Pembroke Privacy.”, “we”, “us” or “our” in this privacy notice) respects your privacy and data protection rights. We take the protection of your personal data seriously. This privacy notice sets out how we protect your personal data and informs you of your privacy rights. Through this privacy notice we aim to inform you of how Pembroke Privacy processes your personal data.

It is important that you read this privacy notice carefully.

Who are we?

We are Pembroke Privacy Limited.  Our address is 4 Upper Pembroke Street, Dublin 2.

We provide a range of data protection services and we collect and process personal data in order to provide these services. Pembroke Privacy is the data controller in respect of this personal data.

This notice sets out the basis on which any personal data we collect from you or from others will be processed by us.  Please read the following carefully.

Our data protection contact may be contacted at, 4 Upper Pembroke Street, Dublin 2, D02 VN24 or on + 353 1 6392958.

Accuracy of your personal data

Please keep us informed of any changes to your personal data during your relationship with Pembroke Privacy. It is important that the personal data we hold about you is kept accurate and up to date.

Personal information we collect from you

Personal information or personal data means any information about an individual from which that person can be identified. It does not include anonymised data from which an individual cannot be identified.

We collect personal information from you when you become our client or when we engage you as a supplier. The type of information we collect and process for these purposes is contact and identity data such as:

  • Name
  • Job title/position
  • Contact details including address, phone number and email address
  • Directors’ details
  • Financial information e.g. bank details, billing details, tax number
  • Any information provided to us on your behalf to enable us to provide our services to you

We collect personal information from you when you apply to work for Pembroke Privacy. The type of information we collect and process for this purpose includes:

  • Name
  • Contact details
  • CVs education and employment history

We ask that you do not disclose sensitive personal data (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in job applications.

We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our website or our services.

We do not collect special categories of personal data about you unless you have asked us to in the context of the service we provide to you. Special categories of personal data are data relating to your racial origins, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. We do not collect information relating to criminal convictions or offences.

How your personal data is collected

Direct interactions

You may give us your personal data when you:

  • Correspond with us by phone, e-mail or otherwise.  
  • Fill in forms on our website such as via a “contact us” form.
  • Apply to work with us by sending us your CV or by completing an application form


When you visit our website we may automatically collect technical data about your computer equipment, browsing actions and preferences.

Third parties or publicly available sources

We do not usually collect personal data from third party sources.   However, we may connect with clients and contacts via social media networks e.g. Linked In. In those circumstances we may have access to your publicly available details from that source.  We do not download that data on integrate it with our systems.

How and why we use your personal data 

We collect the information, set out above, in order to provide you with our services, to market our services, to improve our website and to recruit staff.

We only use your personal data when we have a legal basis to do so.  The legal bases for the processing of your personal data are:

  • Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  • Processing necessary for compliance with a legal obligation to which we are subject;
  • Processing necessary for the purposes of the legitimate interests which we pursue where such interests are not overridden by your interests or fundamental rights or freedoms;
  • That you have provided consent for the processing for one of more specified purposes.

We have set out in the table below the purposes for which we process your personal data, the type of data we process and the lawful basis we reply upon to process your personal data.

Purpose/ActivityType of DataLawful basis of processing
To administer our relationship with our clients which will include:

Setting you and your company up as a client on our systemsLiaising with you about projects we are undertaking for youProcessing and ensuring payment of invoicesAdvising you of updates to our services and new developments in data protection where you have asked us to do so
ContactMarketing and Communications
Performance of a contract with you
Necessary for our legitimate interests
Recruitment and selection of candidates:
To create a profile of prospective employeesTo prepare interview notes
IdentityContactCV/Application detailsNecessary for our legitimate interests
Website Users:

To administer and improve our website and internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposesTo keep our website safe and secureTo measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertisingTo make suggestions and recommendations to you and other users of our website about services that may be of interest
IdentityContactMarketing and communicationsTechnicalNecessary for our legitimate interests
Necessary to comply with a legal obligation

Who do we share this information with?

We may share your personal data with our team including consultants who work on your account, selected business associates, suppliers and contractors to provide you with our services. For example, these business partners may include our web hosting provider and our IT Cloud service providers.

​In addition, we may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case information held by us about our Clients will be one of the transferred assets;
  • If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our Clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We attach at Schedule 1 a list of the categories of third parties with whom your personal data is shared.

How long do we keep hold of your information?

The time periods for which we retain your information depend on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

For further information on the periods for which your personal data is kept, please contact

​Do we transfer your information outside the European Union or European Economic area?

In some circumstances, it may be necessary for us to transfer your Personal Data to a country outside the European Economic Area (“EEA”).  We will only transfer your Personal Data where the transferee is based in a country that has been approved by the EU Commission, or where there are appropriate safeguards in place to protect your Personal Data.  If you would like further information about the appropriate safeguards in place to govern the transfer of your Personal Data, please contact

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed without authorisation, altered or disclosed.

We limit access to your personal data to those employees, agents, contractors, consultants and other third parties who have a business need to process your personal data.

Your personal data will only be processed by employees and third parties on our instructions and subject to a duty of confidentiality.

​What are your rights with respect to your personal data?

You have the following rights:

  • The right to access the personal data we hold about you.
  • The right to require us to rectify any inaccurate personal data about you without undue delay.
  • The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
  • The right to object to us processing personal data about you such as processing for profiling or direct marketing.
  • The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
  • The right to request a restriction of the processing of your personal data.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by contacting our Data Protection contact.

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is

What will happen if we change our privacy notice?

This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 31st January 2019.

How can you contact us?

Our Data Protection Contact can be contacted by:

Phone:  + 353 1 6392958.

Address: 3-4 Upper Pembroke Street, Dublin 2, D02 VN24.

On our website contact form:

Or by email:

Schedule 1

We have set out below a list of the categories of third parties with whom we share your data.

Categories of recipients

  • Pembroke Privacy Consultants
  • Email & cloud services
  • Law Firms (where appropriate)
  • IT services
  • Accounting: Software service providers, our Accountant and our Auditor
  • Insurance services (our Broker and Insurance Company)
  • Revenue Commissioners and other Regulatory Bodies where required to do so
  • Payroll service provider
  • Bookkeeper
  • Telephone answering service (when you phone us)
  • Office Management Company (when you meet with us in our offices)
  • Bank
  • Recruiters
  • International Association of Privacy Professionals – (your contact details only – where you book on our training courses)