Privacy Policy
Last updated: [DATE]
This privacy policy explains how CMS Pros ("[Your Legal Entity Name]", "we", "us", "our") collects, uses, stores, and protects personal data when you use our website cmspros.eu and our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.
Data Controller
[Your Legal Entity Name]
[Registered Address]
Ireland
CRO Registration: [Number]
Email: [your email]
For data protection enquiries, please contact us at the email address above.
What Personal Data We Collect
Data You Provide Directly
- Contact form submissions: name, email address, company name (optional), website URL (optional), and message content
- Free site audit requests: name, email address, website URL, company name (optional), preferred language
- Email correspondence: email address, name, and content of communications
- Client project data: website credentials, hosting access details, and other technical information provided for the purpose of delivering our services
Data Collected Automatically
- Server logs: IP address, browser type, referring page, pages visited, and timestamp — collected automatically by our web server for security and performance monitoring
- Cookies: as described in our Cookie Policy, with your consent where required
- Analytics data: anonymised usage data collected through [Google Analytics / Matomo / other] with your consent — see Cookie Policy for details
Data We Do Not Collect
We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation). We do not collect payment card details directly — payments are processed through [payment processor] which has its own privacy policy.
Why We Process Your Data (Legal Basis)
| Purpose | Legal Basis (GDPR Art. 6) | Data Involved |
|---|---|---|
| Responding to enquiries and providing quotes | Legitimate interest (pre-contractual communication) | Name, email, message content |
| Delivering site audit reports | Consent (you request the audit) | Name, email, website URL |
| Delivering contracted services (upgrades, hosting, maintenance) | Performance of a contract | Contact details, website credentials, project data |
| Invoicing and accounting | Legal obligation (tax law) | Name, address, payment records |
| Website analytics | Consent (via cookie consent) | Anonymised usage data |
| Website security monitoring | Legitimate interest (security) | Server logs, IP addresses |
| Sending service-related communications | Legitimate interest / contractual necessity | Email address |
We do not use your personal data for automated decision-making or profiling.
How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 12 months after last communication, then deleted |
| Site audit data | 6 months after delivery, then deleted |
| Client project data | Duration of the contract + 12 months, then deleted |
| Website credentials provided for projects | Deleted upon project completion (you should change passwords after any project) |
| Invoices and accounting records | 7 years (Irish tax law requirement) |
| Server logs | 90 days, then deleted |
| Analytics data | 26 months (anonymised) |
Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients, and only to the extent necessary:
- Hosting providers: Our EU-based hosting infrastructure provider processes data as part of serving your website. A data processing agreement is in place.
- Email service: We use [email service] for business email. Communications you send to us are processed by this provider.
- Analytics: [Google Analytics / Matomo] processes anonymised website usage data with your consent. [If Google Analytics: Data is processed in the EU under Google's EU data processing terms.]
- Payment processing: [Payment processor] processes payment data. We do not see or store your payment card details.
- Professional advisors: Our accountant and legal advisors may access data as required for their professional services, under appropriate confidentiality obligations.
All third-party processors are bound by data processing agreements and are required to process your data in compliance with GDPR.
International Data Transfers
Your personal data is processed and stored within the European Economic Area (EEA). If any processing involves transfer outside the EEA (for example, if a third-party service provider operates globally), we ensure appropriate safeguards are in place — either an EU adequacy decision for the recipient country, Standard Contractual Clauses, or equivalent measures as required by GDPR Chapter V.
Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your data where there is no compelling reason for continued processing
- Right to restrict processing — request limitation of processing in certain circumstances
- Right to data portability — receive your data in a structured, commonly used format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at [your email]. We will respond within 30 days as required by GDPR.
Cookies
Our website uses cookies. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted communications (HTTPS/TLS), secure server infrastructure within EU data centres, access controls and authentication, and regular security monitoring.
Children's Data
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this privacy policy to reflect changes in our data processing activities or legal requirements. The "last updated" date at the top of this page indicates the most recent revision. We encourage you to review this policy periodically.
Complaints
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a data protection supervisory authority. The relevant authority for our operations is:
Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
You may also contact the supervisory authority in your own EU member state.