Bizoneo Website Data Protection Statement
Last updated: 07 September 2022
This data protection statement will be reviewed from time to time to take into account changes in the law and the experience of the notice in practice.
Who are we?
Bizoneo is a trading name of Wandsoft Limited. Our office is located Unit 1B Robinhood Ind Estate Dublin 12 - Ireland.
We are a provider of software solutions.
Wandsoft Limited is incorporated in Ireland since 2001, number 343136. Registered Address: Unit 3, Grange Road Retail Park - Grange Road - Rathfarnham - Dublin 16 - Ireland
About this data protection statement
We have created this data protection statement as the controller of personal data for visitors to this website. This statement aims to inform people dealing with us about the information we collect and process in connection with such interaction.
This statement sets out an explanation of what personal data we process, why we process personal data, with whom personal data is shared and a description of your rights with respect to personal data.
What personal data do we process?
We need to keep and process certain information about you to manage our business, to comply with our legal obligations and, where necessary, to protect our legitimate business interests. We will collect and process information from you during your visit on this website, during our contractual relationship and following the termination of our contractual relationship.
Personal data is normally obtained directly from you.
Please note that we provide business services. We do not target children and while we recognise a child can browse our website or submit an enquiry, we do not target nor knowingly process children data on this website or to run our business. Data-controllers who avail of our services may process children data and it is their responsibility to inform you of such processing. In such case, we process data on instructions from such data-controllers.
The categories of personal data we process and the lawful basis for doing so are set out in more detail below.
How do we use your personal data?
The information we hold and process will be used for management and administrative purposes. We keep it and use it to enable us to run our business, manage our contractual relationship with you effectively, lawfully and appropriately and protect your rights and interests. This includes using your information to enable us to manage contracts, comply with legal obligations, pursue our legitimate interests and protect ourselves in the event of legal proceedings against the company.
The uses we make of each category of your personal data, together with the lawful basis we rely on for those uses are set out in more details below.
Where there is a need to process your data for a purpose other than those set out in the appendix or otherwise outlined to you, we will inform you of this and if required, seek your consent.
Sharing of personal data
Your personal data will not normally be shared with third parties unless we are legally obliged to do so or where our contract requires to do so. For example, we pass on certain information to our accountant to fulfil our legal obligations.
More detailed information on how we share your personal data is set out below.
Transfer of personal data outside the EEA
Our data-centres are located in Ireland, so your personal data will not be transferred outside the EEA..
Retention of personal data
Any personal data processed about you on this website is retained in accordance to our record retention policy explained in each process below.
Declining to provide your personal data
In some cases, you may decline to provide us with your personal data. If we believe that we require relevant information to effectively and properly manage our contractual relationship, we may not be able to continue our relationship with you.
Profiling and automated decision making
You will not be subject to automated decision making or profiling.
Your rights under data protection law
You have the following rights under data protection law:
- Information Request: the right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data;
- Update Data: the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete;
- Data Deletion: the right, in certain circumstances, to request that we erase your personal data;
- Restrict Processing Object to Processing: the right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or object to our use of your personal data or the way in which we process it;
- Data Portability: the right, in certain circumstances, to transfer your personal data to another organisation;
- Review Automated Decisions: the right to object to automated decision making and/or profiling; and
- File a Complaint: the right to complain to the Data Protection Commissioner.
Please note that your ability to exercise these rights may be subject to certain conditions.
Please use the contact form and mark the enquiry for the attention of Mr Claude Saulnier.
Details of Processing Activities
Visitor to the website
Profiling: No
Data shared: No
Transfer outside the EEA: No
Processing of special categories of data: No
Processing of children data: No
Processing of criminal data: No
Encryption of data in transit: Yes
Encryption of data at rest: Yes
Lawful basis:
Legitimate interest
Personal data processed
When you browse this website, we collect the following data:
- Your IP address,
- The page viewed
- The time the page was viewed
- The browser you used to view the page.
- We do not cross reference the log with the enquiry, but we reserve the right to do so should we be concerned about the security of our operations.
- The personal data is stored in Ireland.
Lawful basis: Legitimate interest of the controller for security purposes.
When you open a link to a 3rd party website from our website, we collect the following data:
- your country (we do not store the IP address),
- the time,
- the link you clicked (to gauge the interest of material posted)
- your browser type (eg Chrome. Firefox, Safari...)
Lawful basis: Legitimate interest.This helps our marketing team gauge the popularity of material we would refer to. We have no way to identify you
Retention period
Log files are kept for a maximum of 6 months.
Security measures in place
The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.
We use encryption at rest.
Our servers are located in ISO 27001 accredited data-centres in Ireland.
Sharing of personal data
- The information is only shared with our staff.
When you make an enquiry on our website
Profiling: No
Data shared: No
Transfer outside the EEA: No
Processing of special categories of data: No
Processing of children data: No
Processing of criminal data: No
Encryption of data in transit: Yes
Encryption of data at rest: Yes
Lawful basis:
Contractual requirements
Legitimate interest
Personal data processed
We collect
- your name, email address, phone, so we can contact you;
- comments supplied in the form. so our team can easily refer to your query;
- the time of the enquiry, so we can measure our response time dealing with your enquiry;
- country, to measure our marketing efforts;
Lawful basis: Contract or Legitimate interest depending on our relationship.
Retention period
We will retain your details and query for the length of time required to handle you query.
Security measures in place
The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.
We use encryption at rest.
Our servers are located in ISO 27001 accredited data-centres in Ireland.
Sharing of personal data
We don't share personal data.
When you become a Bizoneo client
Profiling: No
Data shared: Yes
Transfer outside the EEA: No
Processing of special categories of data: No
Processing of children data: No
Processing of criminal data: No
Encryption of data in transit: Yes
Encryption of data at rest: Yes
Lawful basis:
Legal requirements
Contractual requirements
Legitimate interest
As a data controller:
- Data required by law to provide a paid service (contract Article 6-1-b & legal obligations Article 6-1-c)
- Invoice address
- Service purchased
- We keep these for a period specified by the Irish Revenue Commissioners services (6 years + current financial year)
- Please note that invoice will have the main contact name to ease dispatching in your organisation. It can be removed and then the invoice doesn't contain personal data.
- If you pay by credit card:
- Your credit card details are processed secuerly by Stripe , We do not have access to your card details. Our accounts department has access to the card holder's name, the last 4 digits of thecard number and the card expiry date (this is allowed by the PCI/DSS standard).
- The card is stored with Stripe so we can easily renew your order. You can also choose to pay by bank transfer.
If -sadly- you don't become a Bizoneo client, we will anonymise your personal data.
Lawful bases: Legal (for accounts information) and Contract.
As a data-processor (client of Bizoneo - Wandsoft):
We will store your data in a secure environment and will provide you with a data-processor agreement.
You will be able to view all access we might require to maintain and keep your Bizoneo or Wandsoft system up to date.
We will not interact with your data unless instructed otherwise.
We will store on-going communication for the ability to provide support to the service(s) purchased from us.
Lawful bases: Contract and legitimate interest depending on the context.
To comply with Irish legal obligations, we keep invoices for 6 years + current financial year.
Security measures in place
The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.
We use encryption at rest.
Our servers are located in ISO 27001 accredited data-centres in Ireland.
Sharing of data
- We will transfer the information to our appointed accountants Guardian Management so they can perform our mandatory accounts return.
- If required, we will transfer some of the personal data to the Revenue Commissioners and legal advisors.
- If you pay by credit card:
- We use the services of Stripe that may send data outside the EEA;
- To avoid data to be sent outside the EEA due to credit card processing, you can pay by bank transfer.
- Some data will be shared with our bank
Webinars
Profiling: No
Data shared: Yes
Transfer outside the EEA: Yes
Processing of special categories of data: No
Processing of children data: No
Processing of criminal data: No
Encryption of data in transit: Yes
Encryption of data at rest: Yes
Lawful basis:
Contractual requirements
Legitimate interest
Personal data processed
We collect
- your name, email address so we can invite you to the webinar;
- the time of the booking, so we can measure the returns of our marketing campaigns;
- the webinar you booked;
- your time zone so we can send you a confirmation personalised to your local time;
- when you join the webinar, we record your attendance to measure the returns of our webinars;
- Optionally, to assist our marketing, we ask the company you work for and you how you heard about us.
Lawful basis: Legitimate interest or Contract depending on whether the webinar is free or paid for.
Retention period
One year for free webinars.
Up to 7 years for paid webinars to comply with accounting legislation in Ireland.
Security measures in place
The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.
We use encryption at rest.
Our servers are located in ISO 27001 accredited data-centres in Ireland.
Sharing of personal data
We do not share your registration data. It is safely stored on our servers in Ireland.
When we send you the link, you'll need to confirm your name with Whereby. Whereby, our call platform may collect some data to improve the call including your IP address. Wherbay uses AWS as a data processor to ease the server loads. The AWS servers are meant to be located in the EU, however AWS is US based and whereby has safeguards in place. Contact whereby as a joint-controller for further information and check wherby's privacy notice.
We encourage you to join the call through a browser in incognito mode so all potential cookies are deleted.
If you apply for a job
Profiling: No
Data shared: No
Transfer outside the EEA: No
Processing of special categories of data: No
Processing of children data: No
Processing of criminal data: No
Encryption of data in transit: Yes
Encryption of data at rest: Yes
Lawful basis:
Legal requirements
Contractual requirements
Personal data processed
If you apply for a job, we process the following
- Your name
- Your CV
- Your motivation letter
- The time you sent the application
- Correspondance such as arranging the time for an interview
If we offer you a position, we will share our internal HR data protection notice when you accept the role.
Retention period
Applications may be kept up to a year
Security measures in place
If you apply by email, our mail servers are configured to prioritise encryption in transit
We will store your CV and correspondence in our own servers in Ireland. We use encryption at rest.
Our servers are located in ISO 27001 accredited data-centres in Ireland.
Sharing of personal data
Personal data is only used internally. We don't share personal data.
We don't use external recruitment software.