Website Privacy Notice

1 About us 

This website is operated by Kay McCarthy Communication Strategies Ltd, 1 Strand Street Great, Dublin 1, Ireland D01T3C6 trading as MCCP (“MCCP”, “we”, “us”, “our”). We are an independent brand strategy agency. We provide business services to our corporate clients, including research studies into public and/or consumer sentiment about their business, their products and/or the sector in which they belong. 

2 Who does this privacy notice apply to? 

This privacy notice applies to individuals who access, browse and use our website, www.mccp.ie. Its aim is to give you information on how we collect and process your personal data through your use of the website, including any personal data you may provide when you contact us or sign up to our newsletter or from your browsing activity on our website. 

This website is not intended for children and we do not knowingly collect data relating to children. 

This privacy notice also applies to our corporate clients and their staff who may use our website and who engage our corporate services. 

It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are aware of how and why we are using your personal data. 

3 This privacy notice does not relate to research participation 

MCCP is not a ‘controller’ of, and this privacy notice does not relate to the processing of, personal data of individuals who participate (Participant) in market research studies we manage and carry out on behalf of our corporate clients (Research Client). 

The third party fieldwork agency who recruits and contracts with Participants is a controller of Participants’ personal data. Participant’s should consult their fieldwork agency’s privacy notices to understand their data protection practices. 

Research Client whose identity is made known to Participants by the fieldwork agency and/or in any research participant form we provide and/or any form of consent we provide is also a controller of Participants’ personal data. Please see the Participant Privacy Notice www.mccp.ie published on our website and/or made available to Participants before their participation in a research project begins. 

4 Third party links 

This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notices of every website you visit. 

5 Types of personal data we process 

Personal data” means information about an individual from which that person can be identified. It does not include data where an individual’s identity has been removed (anonymous data). 

Throughout this privacy notice we use the term "processing" to refer to all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring, erasing and disposing of it. 

The personal data we collect about you depends on the particular activities carried out through our website and whether or not we are providing brand strategy of other corporate services to you or your employer. Typically we collect and process the following kinds of personal data: 

  • Identity and Contact Data including your title, name, address, contact details and any personal data provided when contacting us and, in the case of our clients, any personal data provided in the course of us providing our services. 
  • Financial Data includes bank account and other information necessary for processing payments and fraud prevention, including payment card numbers, security code numbers, other related billing information and credit related data relating to our clients 
  • Transaction Data includes details about payments to and from our clients and personal data relating to the administration, management and performance of the corporate services provided to our clients 
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website 
  • Usage Data includes the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse- overs); and 
  • Marketing and Communications Data includes your preferences in receiving marketing communications from us [and from third parties] and your communication preferences. 

We also collect, use and share aggregated data such as statistical or demographic data for various purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. 

We do not collect any special categories of personal data about you (this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data; biometric data for the purpose of uniquely identifying an individual or data concerning health or sexual orientation). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. We will inform you at the time of collecting personal data from you whether you must provide the personal data to use the website or any of our services, and whether the provision of personal data requested by us is optional. 

6 How your personal data is received 

We may receive your personal data through various means including: 

  • Direct interactions: You may give us your Identity and Contact Data by filling in website forms or by corresponding with us by post, phone, email, SMS, social media or otherwise. This includes personal data you provide when you subscribe to our publications including our newsletters; request marketing to be sent to you; enter a competition, promotion or survey; give us feedback or contact us. [In addition, our clients may give us Financial and Transaction Data by these means and in person or remotely when requesting and/or receiving our corporate services.] 
  •  Automated technologies or interactions: As you interact with our website, we collect Technical Data and Usage Data [including details of your device, browsing actions and patterns, searches, sections view, traffic data, web logs and other communication data and the resources that you access]. We collect this personal data by using cookies, [tracking codes, server logs] and other similar technologies. [We may also receive Technical Data if you visit other websites using our cookies]. Please see our cookie policy https://www.mccp.ie/policy-cookies for further details. 
  • Third party sources: We may also receive personal data about you from third parties, as set  out below: 

Technical Data from the following parties: analytics providers such as Google Analytics; 

Identity and Contact Data, Financial and Transaction Data from providers of technical and payment services such as PayPal . 

[Identity and Contact Data from publicly available sources such as the Companies Registration Office (CRO)]. 

7 How we use your personal data 

We have set out below a description of the ways we typically process your personal data and the legal grounds we rely on to do so. 

Purpose / activity Type of Data Grounds for processing 

To respond to any queries you submit through the website, telephone, social media or other electronic means. 

Identity and Contact Data Necessary for our legitimate interests (for running our business and to develop new business). 

  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. 
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). 

Identity and Contact Data Technical Data 

  • Necessary for our legitimate interests (for running our business, provision of administration and IT services to us, network security, to identify and prevent fraud and in the context of a business reorganisation or group restructuring exercise). 
  • Necessary to comply with a legal obligation. 
  • To manage our relationship with you which will include notifying you about changes to our terms or privacy notice and asking you to provide feedback or take a survey. 

Identity and Contact Data Transaction Data 

  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. 
  • Necessary to comply with a legal obligation. 
  • Necessary for our legitimate interests (to keep our records updated). 
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Identity and Contact Data Technical Data Usage Data Marketing and Communications 

  • Necessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy). 
  • To use data analytics to improve our website, services, marketing strategy, customer relationships and experiences. 

Technical Data Usage Data 

  • Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). 
  • To make suggestions and recommendations to you about goods or services that may be of interest to you, including by way of newsletters and other publications; and to observe the readership of our newsletters and other publications through the use of technologies. 

Identity and Contact Data Technical Data Usage Data Marketing and Communications Data 

  • Necessary for our legitimate interests (to develop our products/services, direct market and grow our business). 

[For our corporate clients only: To register you as a new corporate client; to provide, manage and administer our corporate services; to administer and collect payments, fees and charges relating to our corporate services; to comply with our legal obligations, including maintaining records; to comply with our insurance policies and to exercise or defend our legal rights, or to comply with court orders.] 

Identity and Contact Data, Financial Data, Transaction Dat,a Technical Data, Usage Data, Marketing and Communications Data 

  • Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. 
  • Necessary to comply with a legal obligation. 
  • Necessary for our legitimate interests (to keep our records updated, recover debts due to us, effectively manage and grow our business) 

Generally, we do not rely on consent as a legal grounds for processing your personal data although we will request your consent before sending direct marketing communications to you via email or text message. 

Marketing: We would like to send you information about [our services, insights and offers], which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by email, post, telephone, text message (SMS) or automated call. 

We will only ask whether you would like us to send you marketing messages when you subscribe to our mailing list on our website. 

We use certain technologies that allow us to see whether newsletters and other publications we send to our mailing list contacts have been viewed and read (in whole or in part). 

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by using the ‘unsubscribe’ link in emails [or ‘STOP’ number in texts] or by contacting us using the information set out in section 14 below. 

8 Disclosure of your personal data 

Except as set out in this privacy notice, we do not disclose to any third party personal data that we collect from you or you provide to us. We may have to share personal data with the parties set out below for the purposes set out in the table in section 7. 

  • [Internal third parties: Companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for the provision of and administration of our website and to assist us in providing our corporate services to clients 
  •  External third parties: Companies that provide products and services to us such as professional advisors, IT systems suppliers and support, data storage, IT developers, analytics companies, website hosting providers and other service providers. 
  • Public and Government Authorities: Entities that regulate or have jurisdiction over us. We will disclose personal data in order to comply with any legal obligation, if we are ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authorities or in order to enforce a contract with you or to protect our rights, property or safety and that of our staff, clients, website users and/or others. 
  • Corporate activity: Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. 

We require all third parties, who we disclose personal data which we collect under this privacy notice, to respect the security of personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Unless prevented by applicable law, we will notify you when your personal data may be provided to third parties in ways other than explained above, and you may have the option to prevent this sharing at the time that we notify you. 

9 International transfers 

Your personal data will not be transferred outside of the European Economic Area. 

10 Updating your personal data 

It is important that the personal data we hold about you is accurate and current. Please keep us informed, using the information provided in section 14 below if any of your personal data changes during your relationship with us. 

11 Data security 

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to obligations of confidentiality. You recognise that no entity can keep personal data fully secure. If you have reason to believe that any of your personal data is no longer secure, please notify us immediately by contacting us using the information provided in section 14 below. 

12 Data retention 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for statistical purposes, in which case we may use this information indefinitely without further notice to you. 

13 Your legal rights 

Under certain circumstances, by law you may have the right to: 

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected. 
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms. 
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it. 
  • Request the transfer of your personal data to you or to a third party. This enables you to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal data to perform a contract with you. 
  • Right to withdraw consent: If you provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you wish to withdraw your consent, we will take steps to ensure we no longer process your personal data for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal. 

In order to exercise one or more of your rights in respect of your personal data, please contact us in writing using the information provided in section 14 below. We will need you to provide us with information to identify you on our records, we will also need proof of your identity and address, and the information to which your request relates. 

You have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues (www.dataprotection.ie). However, we would appreciate the chance to deal with your concerns before you contact the supervisory authority and therefore ask you please contact us in the first instance. 

14 Contact us 

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests 

to exercise your legal rights, please contact our DPO by email at gdpr@mccp.ie or write to The Data Protection Officer, MCCP, 1 Strand Street, Dublin 1, Ireland DO1T3C6. 

15 Changes to this privacy notice 

We will change this privacy notice from time to time and any changes will be contained in a revised privacy notice posted on the website. This version of the privacy notice was last updated on [●] March 2020 and historic versions can be obtained by contacting us using the information in section 14 above. 

1 + 5 =
Before signing up to receive the mailing list please review the privacy notice available here