GDPR Compliance

Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union. As an Irish company providing services to individuals in the EU, we are fully committed to GDPR compliance.

This page explains your rights under GDPR and how we fulfill our obligations to protect your personal data.

Data Controller Information

For the purposes of GDPR, crux-ride is the data controller responsible for your personal information.

Company name: crux-ride
Address: 42 Fitzwilliam Square, Dublin 2, D02 R590, Ireland
Email: [email protected]
Data Protection Officer: [email protected]

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data. Below we explain each right and how to exercise it.

1. Right to Be Informed

You have the right to clear, transparent information about how we collect and use your personal data. This information is provided in our Privacy Policy and through communication at the point of data collection.

2. Right of Access

You have the right to request access to your personal data. This is commonly known as a "data subject access request." When you make such a request, we will provide you with:

• Confirmation that we are processing your personal data
• A copy of your personal data
• Information about how we use your data and who we share it with

How to exercise this right: Email [email protected] with "Data Access Request" in the subject line. We will respond within one month.

3. Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete. We will correct inaccurate information and notify any third parties with whom we have shared your data.

How to exercise this right: Contact us at [email protected] specifying the information that needs correction.

4. Right to Erasure ("Right to Be Forgotten")

In certain circumstances, you have the right to request deletion of your personal data. This right applies when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent on which processing is based
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Important note: This right is not absolute. We may need to retain certain information to comply with legal obligations, such as financial record-keeping requirements that mandate retention for seven years.

How to exercise this right: Email [email protected] with "Erasure Request" in the subject line.

5. Right to Restrict Processing

You can request that we restrict how we use your personal data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don't want the data erased
• We no longer need the data but you need it for a legal claim
• You have objected to processing pending verification of our legitimate grounds

How to exercise this right: Contact [email protected] explaining why you wish to restrict processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another organization where technically feasible.

This right only applies to:

• Personal data you have provided to us
• Processing based on consent or contract
• Processing carried out by automated means

How to exercise this right: Email [email protected] with "Data Portability Request" in the subject line.

7. Right to Object

You have the right to object to processing of your personal data in certain circumstances:

• Processing based on legitimate interests or public interest
• Direct marketing (including profiling)
• Processing for research or statistical purposes

How to exercise this right: Contact us at [email protected] stating your objection.

8. Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.

Our position: We do not use automated decision-making or profiling that significantly affects our clients. All advisory decisions involve human judgment and expertise.

How to Exercise Your Rights

To exercise any of your GDPR rights:

1. Send an email to [email protected]
2. Clearly state which right you wish to exercise
3. Provide sufficient information to identify yourself (we may request additional verification to protect your security)
4. Include any specific details relevant to your request

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months and will inform you if this is necessary.

There is no charge for exercising your rights unless your request is clearly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse the request.

Legal Basis for Processing

We only process your personal data when we have a legal basis to do so. Our processing is based on:

• Consent: Where you have given clear consent for us to process your data for a specific purpose
• Contract: Where processing is necessary to fulfill a contract with you
• Legal obligation: Where we must process your data to comply with the law
• Legitimate interests: Where processing is necessary for our legitimate interests and does not override your rights and freedoms

Data Protection Principles

We adhere to the GDPR's core data protection principles. Your personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept only for as long as necessary
• Processed securely with appropriate safeguards

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Staff training on data protection
• Secure data storage and backup procedures
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Irish Data Protection Commission within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Provide clear information about the nature of the breach and steps being taken

International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Other legally approved transfer mechanisms

Children's Data

We do not knowingly collect or process personal data from individuals under the age of 18. Our services are intended for adults. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

Right to Lodge a Complaint

If you believe we have not complied with GDPR or your data protection rights, you have the right to lodge a complaint with the supervisory authority:

Data Protection Commission (Ireland)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 (0)761 104 800
Email: [email protected]
Website: www.crux-ride.com

However, we encourage you to contact us first so we can address your concerns directly.

Updates to This Page

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, by direct notification.

Contact Us

For any questions about GDPR compliance or to exercise your data protection rights:

Email: [email protected]
General enquiries: [email protected]
Address: 42 Fitzwilliam Square, Dublin 2, D02 R590, Ireland