Privacy Notice
1. Who we are:
We are SOA Research Company Limited by Guarantee of Fumbally Exchange, Argus
House, Blackpitts, Dublin 8, Republic of Ireland. We are the controller of the personal data
you provide to us in connection with the purposes below. If you have any data privacy queries,
you can contact us by post at our registered address or by email at hello@soa.ie.
2. Why we process your data, the lawful basis for processing your data and who we share it with
A. For people who view and interact with our website or with us directly, we process data:
• to respond to your query when sent through our ‘contact us’ form, via our email or other
contact channels, at a show or trade fair, or any other means used to communicate
with us
• to sign up to our newsletter when you request subscription through our website
• via cookies and similar technologies on our website as follows:
• to run any competitions or draws as per the terms of those from time to time
• for the purposes of the administration and the security of our business
The legal basis for this processing is our legitimate interest in the administration and operation
of our services as well as our legitimate interest in marketing and promoting our services. We
always include an unsubscribe button in our direct marketing communications, so you can opt
out of receiving such communications at any time.
We share this data with our IT support service providers, including hosting and client
relationship management system providers to process this data for the purpose of providing
us with their services. We may also share your data with our advisors; where required by law
or regulation; with a third party in connection with any sale or reorganisation of our business;
or to respond to any legal or regulatory process.
We will retain this data for the period of time it is required for us to conduct business; satisfy
legal or regulatory requirements; or where required to safeguard our business (e.g. statute of
limitations or investigations).
B. For our clients, potential clients, business contacts, research partners or those we engage
with as part of public consultations, we process data:
• in order to market the services of our firm
• to provide you with updates and newsletters to which you have subscribed
• to engage in our business with you
• to run any competitions or draws as per the terms of those from time to time
• for the purposes of the administration and the security of our business
The legal basis for the processing of this data is processing necessary for the purpose of the
legitimate interests of our firm in promoting our services and may be required pursuant to our
contract with you.
We share information such as your name and email address with our service providers
including newsletter services provider who sends out our newsletters. We may also share your
data with our IT support service providers; advisors; where required by law or regulation; with
a third party in connection with any sale or reorganisation of our business; or to respond to
any legal or regulatory process.
We will retain this data for the period of time it is required for us to conduct business; satisfy
legal or regulatory requirements; or where required to safeguard our business (e.g. statute of
limitations or during investigations).
C. For job applicants, we process data:
• to recruit new workers; or
• to ascertain your suitability for a specific role
• for the purposes of the security of our business
The legal basis for this processing is processing necessary for the purpose of the legitimate
interests of our firm in recruiting new staff.
We share the information you provide in your application with any contracted recruiter we have
engaged in order to recruit candidates. We may also share your data with our IT support
service providers; advisors; where required by law or regulation; with a third party in
connection with any sale or reorganisation of our business; or to respond to any legal or
regulatory process.
We will retain this data for the period of time it is required in relation to recruiting and
employment activities; satisfy legal or regulatory requirements; or where required to safeguard
our business (e.g. statute of limitations or during investigations).
3. Transfers of data outside the European Economic Area
We transfer data relating to service providers located worldwide. The safeguard we have put
in place for this transfer is to enter into European Commission approved standard contractual
clauses with the provider (where required).
[NOTE: REVIEW YOUR SERVICE PROVIDERS TO SEE IF THIS IS APPLICABLE. IF IT IS,
ENSURE THAT ANY SERVICE PROVIDERS OUTSIDE OF THE EEA HAVE STANDARD
CONTRACTUAL CLAUSES IN PLACE E.G. ANY STORAGE SERVICES, CLOUD
PROVIDERS OR DIRECT MARKETING PROVIDERS.]
4. Information received from third parties and the source of that data
We may receive data about you from third parties e.g. recruitment agents or referrals from
business affiliates (which they will make you aware of).
5. Your rights relating to personal data
You have the following rights under the GDPR, in certain circumstances and subject to certain
exemptions, in relation to your personal data:
• right to access the data – subject to certain exceptions, you have the right to request a copy
of the personal data that we hold about you, together with other information about our
processing of that personal data.
• right to rectification- you have the right to request that any inaccurate data that is held about
you is corrected, or if we have incomplete information you may request that we update the
information such that it is complete.
• right to erasure – you have the right to request us to delete personal data that we hold about
you in certain circumstances. This is sometimes referred to as the right to be forgotten.
• right to restriction of processing or to object to processing – in certain circumstances you
have the right to request that we no longer process your personal data for particular
purposes, or to object to our processing of your personal data for particular purposes.
• right to data portability – you have the right to request us to provide you, or a third party, with
a copy of certain personal data in a structured, commonly used machine readable format.
In order to exercise any of the rights set out above, please contact us at the contact details at
the start of this privacy notice.
If we are processing personal data based on your consent, you may withdraw that consent at
any time. This does not affect the lawfulness of processing which took place prior to its
withdrawal.
If you are unhappy with how we process your personal data, we ask you to contact us so that
we can rectify the situation. You have the right to lodge a complaint with a supervisory
authority. The Irish supervisory authority is the Data Protection Commission.
6. Security and Requirement to process personal data
We use organisational and technical measures to safeguard your information.
If you do not provide us with your information for the purposes described above, we cannot
send you our newsletter; respond to your queries; liaise with you on business matters; or
assess your suitability for a role within our firm.
7. Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
[NOTE: ENSURE THIS IS ACCURATE E.G. NO ARTIFICIAL INTELLIGENCE TOOLS ARE
USED TO MODEL POTENTIAL CLIENTS FOR MARKETING PURPOSES.]
8. Updates to this Policy
We may update this policy from time to time, for example, where the law changes.
Last updated: April 2019