The purpose of this document is to provide you as our data subject with a statement regarding the Data Protection and Privacy obligations of Winfooz Limited, Subsidiaries and Franchisees [The Organisation] and an explanation of your rights as a data subject. This Notice applies to of all of our websites (Websites), which are accessible from www.winfooz.com and its sub-domains, including our Customer Platform (the Customer Platform), as well as any associated mobile applications (Mobile Apps) owned and controlled by The Organisation from time to time. This includes our obligations in dealing with Personal Data, in order to ensure that we comply with the requirements of the relevant and applicable Data Protection and Privacy Law. As Winfooz Limited is established in the Republic of Ireland, this document is written in the vein of Irish Data Protection Law, as Winfooz Limited falls under the jurisdiction of the Irish Data Protection Commission.
This Privacy Notice sets out what Personal Data we collect and process about you in connection with the services and functions of The Organisation. We will inform you of the following:
Any Personal Data is collected and processed in accordance with applicable Data Protection and Privacy Laws.
All our representatives, which include employees and contractors, are required to comply with this Privacy Notice when they process Personal Data on our behalf.
Please note that we may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with applicable Data Protection and Privacy Laws. We will not disclose personal information to any third party without your consent or on one of the grounds listed herein, except in incidences where an individual is potentially at risk or where the law requires it.
We are not responsible for the content or the privacy notices for any websites that we provide external links to.
These practices may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review the Privacy Notice periodically to make sure that you understand how any personal information you provide will be used.
We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable Data Protection and Privacy Laws, and that we have in fact complied with the laws. We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by taking action if our representatives, including employees or contractors, fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.
The Organisation must comply with the data protection and privacy principles set out in the relevant Data Protection and Privacy Law. Data Protection and Privacy Laws provide rights to individuals with regard to the use of their Personal Data by organisations, including ourselves. The applicable Data Protection and Privacy Laws govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.
Compliance with the applicable Data Protection and Privacy Laws is a legal obligation. In addition, our compliance with the Data Protection and Privacy Laws helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.
Currently, the following laws apply to The Organisation:
|State and/or Country of Incorporation||Applicable Law|
“Data Controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any Personal Data is processed, who/which make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
Within the Winfooz structure, this role is fulfilled by several companies which will vary depending on your relationship with The Organisation (whether it be as a customer, shareholder, contractor or any other relevant relationship). The relationships depicted generally below are governed by agreements peripheral to this Notice, but under which this Notice might be incorporated.
|Winfooz Limited - Ireland||Winfooz Canada Incorporated - Canada|
|Activity and/or Accounts on Winfooz Platforms||Data Controller||Data Processor|
|Client and/or Customer Lists – B2B and B2C*||Data Controller||Data Controller|
|Employees and Suppliers*||Data Controller||Data Controller|
|Commercial Transactions*||Data Controller||Data Controller|
|Consumer Transactions*||Data Controller||Data Controller|
|Arbitration and Dispute Resolution||Data Controller||Data Controller|
*Whilst each entity acts as a Data Controller for this function, intellectual property ownership is generally retained by Winfooz Limited in agreements peripheral to this Notice, but under which this Notice might be incorporated.
Our Data Protection Co-Ordinator can be contacted as follows to answer queries relating to this structure:
Post: Winfooz Limited 13-18 City Quay Dublin 2, D02 ED70, Ireland
This Notice aims to ensure compliance with the rules as found in relevant Data Protection and Privacy Laws. We aim to comply with the following in the EU:
We aim to comply with the following in Canada:
At times we may be required to process special category data. You will be notified of this at the data collection point. We will only process special category data on one of the following grounds:
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. We use criminal conviction data in the following ways:
We process this data because of our legal obligation and/or rely on the lawful basis of [insert lawful basis] to process this data.
The data we collect from you will be used in accordance with the purposes outlined in this Privacy Notice.
|Type of Data||Purpose/Activity||Possible Lawful Basis for Processing|
|Names,Addresses,Contact numbers,Email addresses,Dealership number,Business Licence number||To manage our relationship with you as our customer, supplier, contractor or shareholder||Performance of a contract with you|
|Names,Addresses,Contact numbers,Email addresses,Dealership number,Business Licence number||Electronic account creation and/or management||(a)-Performance of a contract with you (b)-Necessary to comply with our legal obligation|
|Email addresses||Use the personal data that you provide on our web forms and questionnaires||Necessary steps to prior to entering into a contract with you|
|Resumes,Portfolio of work,Home address||For employment purposes||(a)-Necessary to comply with our legal obligation (b)-Performance of a contract with you|
|Email addresses||Notifying you about changes to our terms or this policy||Necessary to comply with our legal obligation|
|Email addresses||Asking you to leave a review or take a survey||Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)|
|Email addresses,Phone numbers||To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a)-Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b)-Necessary to comply with a legal obligation|
|Visits to the website,Page views,And other data collected through third party providers such as Google Analytics||To use data analytics to improve our website, products/services, marketing, customer and investor relationships and experiences||Necessary for our legitimate interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|Email addresses,Work addresses,Phone numbers,||To respond to your enquiry, feedback or complaint||(a)-Necessary to comply with our legal obligation (b)-Performance of a contract with you|
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. At the point at which you provide us with your Personal Data you will be asked whether you wish to receive any marketing communications from us. You may withdraw this consent at any time.
We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
We will not share your Personal Data with any third party for marketing purposes.
You may object to direct marketing by using the contact details herein or links present in communications to opt-out of direct marketing.
We may use trusted third parties as data processors. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with applicable Data Protection and Privacy Laws. Any such organisation or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.
Specifically, we need to have written agreements in place with all our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection.
We use the following categories of data processors in the course of our business:
These categories may be updated from time to time and for an updated list of categories of data processors you should check this Privacy Notice periodically.
We may pass on your details if we are under a duty to disclose or share a Data Subject’s Personal Data in order to comply with any legal obligation, or in order to enforce or apply any contract with the Data Subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or Personal Data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
Other than the above, we will not disclose personal information to any third party without your consent except in incidences where an individual is potentially at risk or where the law requires it.
When we transfer your Personal Data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
We have a documented data retention schedule. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and generally for up to seven (7) years afterwards or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under certain circumstances, by law you have the right to:
We have appointed a Data Protection Co-Ordinator to monitor compliance with our data protection obligations and with this Notice and our related policies. If you have any questions about this Notice or about our data protection compliance, please contact the Data Protection Co-Ordinator.
Data subjects must make a formal request for Personal Data we hold about them or otherwise to exercise their data protections rights whether to make an access request or otherwise by contacting our Data Protection Co-Ordinator who will respond to the request within 30 days.
We are obliged to comply with exceptions to your requests where laid out in law. Such exceptions relate to health data, disclosures that would be likely to cause serious harm to your physical or mental health or emotional condition and opinions given in confidence.
Our Data Protection Co-Ordinator can be contacted as follows:
Post: Winfooz Limited 13-18 City Quay Dublin 2, D02 ED70, Ireland
You as the Data Subject have the right to complain at any time to a data protection supervisory authority in relation to any issues related to our processing of your Personal Data. We are regulated for data protection purposes by the Irish Data Protection Commission.
You can contact the Data Protection Commission as follows:
Use their website www.dataprotection.ie
Phone: +353 57 8684800 or +353 (0)761 104 800
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland.
By consenting, where this is the appropriate grounds, to our processing your Personal Data in line with this Privacy Notice you are giving us permission to process your Personal Data specifically for the purposes identified.
You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of Personal Data relating to you. If you have any queries relating to withdrawing your consent, please contact our Data Protection Co-Ordinator using the contact details set out below.
Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data.
We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures himself. In addition, we have appropriate written agreements in place with all of our data processors.
We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:
We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We use third party vendors and hosting partners to provide the necessary hardware, software networking, storage, and related technology required to run. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques.
Situations may arise where it is necessary to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our organisation provided that the third party agrees to adhere to the terms of the Privacy Notice and provided that the third party only uses your Personal Data for the purposes that you provided it to us. The Personal Data transferred will be limited to that which is absolutely necessary. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.
Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.
As Profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.
As a responsible company, we do not use automatic decision-making or profiling. or
This website contains an automated decision-making mechanism, which is used to determine user location. You have the right to object to the use of your Personal Data. Please submit your request through the contact details on this website in writing.
We will not process Personal Data involving automated decision making, unless if necessary for the performance of a contract (e.g. avoid fraudulent payment) or subject to your explicit consent, to better serve your needs in accordance with your preferences. Please note that in such case, you will be informed through layered notices on the conditions of processing of your Personal Data, the profile built, how the profile is used, the logic involved. You will be requested to explicitly consent to such profiling if it is not necessary for the performance of a contract.
We regularly check the automated tools used to ensure that the profiling is done fairly. Specific measures such as data minimization are implemented when creating profiles. You are invited to express your point of view through the right of access described above. You can also contest the result of the automated decision by sending an email to the contact details provided in this Notice.
As an organisation, we do not allow children to use our services, transact on our platforms or be employed.
If you would like to make use of our services and you are not yet 18 years old, we require that an adult is present when you register. Where consent is required to process your Personal Data as a child, we will obtain that consent from the adult who is authorised to give the consent on your behalf.
Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. A cookie contains your contact information and information to allow us to identify your computer when you travel around our site for the purpose of helping you accomplish your account registration/purchase/auction participation/whatever appropriate. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. The cookies we use do not detect any information stored on your computers.
Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting our site:
How we may use this technical information.
Aggregate cookie and tracking information may be shared with third parties.
The technical information is used to allow us improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes.
Some of the above information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.
We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “Personal Data” within the meaning of the GDPR.
Any changes to this Privacy Notice will be posted on this website and served to you in an appropriate way before your Personal Data is processed so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.