Effective Date: 11/03/2019 Notice Version: 1.0
Data Controller Contact Information
Justin Caffrey Global Ltd
Justin Caffrey (data protection officer)
Ph: +353 860490043
This document governs the privacy notice of our website www.justincaffrey.com
Our privacy notice tells you what personal data (PD) and non-personal data (NPD) we may collect from you, how we collect it, how we protect it, how we may share it, how you can access and change it, and how you can limit our sharing of it. Our privacy notice also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.
When using our website and submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:
The right to be informed
You have the right to be informed about the personal data we collect from you, and how we process it.
The right of access
You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.
The right to rectification
You have the right to have your personal data corrected if it is inaccurate or incomplete.
The right to erasure (right to be forgotten)
You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
The right to restrict processing
You have a right to ‘block’ or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.
The right to data portability
You have the right to request and get your personal data that you provided to us and use it for your own purposes. We will provide your data to you within 30 days of your request. To request your personal data, please contact us using the information at the top of this privacy notice.
The right to object
You have the right to object to us processing your personal data for the following reasons:
Processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.
Rights in relation to automated decision-making and profiling.
Automated individual decision-making and profiling
You will have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Filing a complaint with authorities
You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
For details about your rights under the law, visit https://www.dataprotection.ie/en/organisations
Our Legal Basis for Collecting and Processing Personal Data
Our legal basis for collecting and processing your PD when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract. Our legal basis for collecting and processing your PD when you sign up for our newsletter and information about our products and services through our website opt-in forms is based on consent. Our legal basis for collecting and processing your PD is based on consent.
These definitions should help you understand this policy.
"Personal Data" means any information that identifies or can be used to identify an individual directly or indirectly, including, but not limited to, first and last name, identification number, date of birth, email address, gender, occupation, or other demographic information.
"Website" means all content included in our domain justincaffrey.com (Justin Caffrey Global Ltd)."Services" means the justincaffrey.com (Justin Caffrey Global Ltd) product, including justincaffrey.com (Justin Caffrey Global Ltd) analytics and testing mechanisms and justincaffrey.com (Justin Caffrey Global Ltd) content, as well as any information or support related to them that we provide to customers.
"Channels" means the various means by which we may collect information including our Website, the Services, social media pages, HTML-formatted e-mail messages and through offline sales and marketing activities.
"Website Visitor" refers to anyone visiting our Website.
"User" refers to the person or entity that uses our Services. They may have downloaded and installed our free or premium videos, our online courses or have subscribed to use a free or premium version of them in a site.
"you" refers to Website Visitors or Users."GDPR" refers to the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.
"including", "includes" or similar words refer to matters which are included without limitation, in other words, that are not limited to any list provided.
‘Non-personal data’ (NPD) is information that is in no way personally identifiable.
‘Personal data’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data.
A “visitor” is someone who merely browses our website. A “member” is someone who has registered with us to use or buy our services and products. The term “user” is a collective identifier that refers to either a visitor or a member.
If you have any questions or comments, or if you want to update, delete, or change any Personal Data we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by email at email@example.com, or by postal mail to our business address.
5. Information We Collect
a. Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:
Your email when you sign up to our product or newsletter.
Your name and email when you post a comment on our blog posts.
Your name and email when you contact us through our contact forms.
Your name, email, postal address, telephone number and your company name when you subscribe to our payment product.
The Personal Data you provide us when you send us an email or contact our support service.
Note that we do not collect any payment (credit card) information when you subscribe to one of our services. We have an agreement with Stripe as payment processor of our services. See the section Third-party Providers below for more information.
b. Information we collect automatically: When you use the Services or browse our Website, we may collect information about your visit to our Website, your usage of the Services, and your web browsing. That information may include:
Your network routing information (where you come from).
Your Internet Protocol (IP) address used to connect your computer to the Internet and which may identify your general geographic location or company.
Your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.
c. Track and evaluate our marketing campaigns, including online advertising and e-mail marketing campaigns.
d. To communicate with you about a conference, an on-line course, coaching or event hosted, co-sponsored or participated by us, including information about the event's content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation. After the event, we may contact you about the event and related products and services, and may share information about your attendance with your company (if any).
e. To share Personal Data with third parties who provide services to us, provided that the third party has executed any data processing documentation required by law.
6. What Personal Data We Share and Disclose to Third Parties
We do not sell your Personal Data to anyone. We may share your Personal Data with our third party Service Providers, who help us provide and support our Services and products, such as credit card processing services, order fulfilment, analytics, event or campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar services. In this case, we require by contract from our services providers to use your Personal Data only for the purpose of providing services to us and subject to terms consistent with this policy.We may disclose your personal data as we believe to be necessary or appropriate:
under applicable law, including laws outside your country of residence;
to comply with legal process;
to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
to enforce JustinCaffrey.com (Justin caffrey Global Ltd) terms and conditions, which are subject to this private policy; and
to allow us to pursue available remedies or limit the damages that we may have.
Additionally, in the event of a reorganization, merge, sale, joint venture, assignment, transfer, or other disposition of all or any portion of justincaffrey.com’s (Justin Caffrey Global Ltd) business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Data it has collected to the relevant third party.
7. Public Information and Third Party Websites
a. Blog. We have a public blog on our Website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Data appears on our blog and you want it removed, contact us here. If we are unable to remove your information, we will tell you why.
b. Social media platforms. We maintain presences on social media platforms including LinkedIn, Instagram, Facebook and Twitter. Any information, communications or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
your display preferences, including your selected language,
if you have already replied to a survey pop-up that asks you to subscribe to our Newsletter (so you won't be asked again),
the service you subscribe to perform the checkout with our reseller.
9. What Types of Cookies Do We Have?
Depending on who sends the cookies and treats the data obtained, the cookies we use may be:
Own Cookies: These are cookies sent to your terminal from a computer or domain managed by us (and from which the service requested by you is provided). For example, we have defined and own certain cookies that are used to run certain functionalities of our product and services or user test experiments, as well asto track visitor information.
Third party cookies: These are cookies sent to your terminal from a computer or domain that is not managed by us, but by another entity that processes data obtained through cookies. For example, we use Google Analytics cookies to measure the traffic in our Website or MailChimp cookies to see the openings and clicks of our Newsletter emails. See the Third Party Service Providers section below for more details.
10. How You Can Control or Delete Cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You may delete all cookies that are already in your computer and you may set most browsers to prevent cookies from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. Browser manufacturers provide help for cookie management in their products. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
11. Data Collected for and by You
As you use our Services or post on our Channels you may write information you have collected from any individuals. We have no direct relationship with them other than you and, for that reason, you are responsible for making sure you have the appropriate permission for us to collect, post, and process information about these individuals. Consistent with the uses of Personal Data covered in Section 6, we may transfer Personal Data from you or these individuals to companies that help us provide or support our Services. All third Service Providers enter into a contract with us that protects Personal Data and restricts their use of any Personal Data consistent with this policy.
12. How You May Exercise Your Rights
You may send a request through the contact form in our Website to request the exercise of the following rights:
Right to request access to any Personal Data we may have about you.
Right to request rectification (if incorrect) or deletion of Personal Data.
Right to request limitation of their treatment, in which case they will only be kept by justincaffrey.com (Justin Caffrey Global Ltd) for the exercise or defense of claims.
Right to object to processing. justincaffrey.com (Justin Caffrey Global Ltd) will no longer process the Personal Data in the way you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims has to be further processed.
Right to data portability. In the event that you wish your Personal Data to be processed by another company, justincaffrey.com (Justin Caffrey Global Ltd) will provide you with the portability of your data to the new data controller.
We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Individuals may request to access, correct, amend, or delete information we hold about them through our contact form. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.Possibility of withdrawing consent. In the event that you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent prior to its withdrawal.How to complain to the Control Authority. If you consider that there is a problem with the way in which justincaffrey.com (Justin Caffrey Global Ltd) is handling your Personal Data, you may address your complaints to justincaffrey.com (Justin Caffrey Global Ltd) (indicated above) or to the corresponding Data Protection Authority
13. Accuracy and Data Retention
We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.
We will retain the following data:
Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
Subscribers data: During the time your account is active or as long as needed to provide you with our Services in accordance with our terms and conditions. In any case, it will be the minimum necessary period currently subject to certain statutes of limitation terms:
4 years: Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries...); Art. 66 ff. General Tax Law (Accounting Books...);
5 years: Art. 1964 Civil Code (personal actions without special time limit)
6 years: Art. 30 Commercial Code (Accounting Books, invoices...)
10 years: Art. 25 of the Prevention of Money Laundering and Financing of Terrorism Act.
Newsletter subscribers' details: From the moment the user sign up to the product until the user unsubscribes from the newsletter.
User data uploaded by justincaffrey.com (Justin Caffrey Global Ltd) to pages and profiles on social networks: From the moment the user offers consent until it withdraws it.
14. Children's Privacy
Our Services are not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services unless supervised/accepted by an adult, as applicable.Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately through our contact form or to the e-mail address indicated in the heading of this legal notice, and we will take reasonable steps to remove that information from our databases.
15. Notice of Breach of Security
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, justincaffrey.com (Justin Caffrey Global Ltd) undertakes to inform users within 72 hours) and later report the action we took in response.We use Braintree as the payment processor of our services. Therefore, all payments for the services will be done through Braintree. Braintree uses security measures to protect your information both during the transaction and after its completion. They are a United States-based payment processor of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates.We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.
16. Third party service providers
To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.
Stripe (a PayPal type service)
We use G Suite (Gmail, Docs, Drive, and Calendar for business), for communication, storage, and collaboration. In addition, on our Website we use Google Analytics to analyze its use and optimize its performance.Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively.Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, G Suite Standard Contractual Clauses, Data Processing Amendment to G Suite, and a EU Model Contract clauses.
We use Mailchimp to deliver our newsletters and other email communications. Therefore, Mailchimp, with servers located around the US, keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.Mailchimp is a registered trademark of The Rocket Science Group, a US company, the data of which are in US and has certified they comply with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland.As described in its knowledge base, Mailchimp is committed to achieving compliance with the GDPR and is mindful of your compliance efforts. For more information about the way in which Mailchimp is committed to achieving compliance with the GDPR in 2018, see About the General Data Protection Regulation.