Get in touch
049-4355066

GDPR Policy

Last Updated: 03/11/2025

Introduction

This GDPR Policy outlines how Arch-I Modular Solutions Limited complies with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988-2018.

This policy applies to all personal data we process about individuals within the European Economic Area (EEA), including customers, prospective customers, website visitors, and business contacts.

Data Controller Information

Company Name: Arch-I Modular Solutions Limited
Company Number: 680374
Registered Address: Unit A, Lavey Business Park, Lisnaglea, Stradone, Co. Cavan, H12 Y660, Ireland

Data Controller: Matt Fitzgerald, Managing Director
Email: [email protected]
Phone: (049) 435 5066

GDPR Principles

We are committed to processing personal data in accordance with the six GDPR principles:

1. Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly inform data subjects about how we collect and use their personal data through our Privacy Policy and this GDPR Policy.

2. Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes only. We do not process personal data in a manner incompatible with those purposes.

Our legitimate purposes include:

  • Responding to enquiries and providing quotes
  • Managing business relationships
  • Improving our website and services
  • Complying with legal obligations

3. Data Minimisation

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

4. Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We correct or delete inaccurate data without delay.

5. Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

6. Integrity and Confidentiality

We process personal data securely using appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent

For certain activities (such as marketing communications), we rely on explicit consent. You have the right to withdraw consent at any time.

Contractual Necessity

Where processing is necessary for entering into or performing a contract with you (such as providing a quote or delivering services).

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:

  • Responding to enquiries
  • Improving our services
  • Understanding website usage
  • Maintaining business records

Legal Obligation

Where processing is necessary to comply with legal obligations to which we are subject.

Categories of Personal Data We Process

We process the following categories of personal data:

Identity Data

  • Full name
  • Company name

Contact Data

  • Email address
  • Telephone number
  • Business address

Technical Data

  • IP address (anonymised)
  • Browser type and version
  • Device type
  • Operating system
  • Website usage data

Communications Data

  • Enquiry details
  • Project requirements
  • Correspondence with us

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This GDPR Policy and our Privacy Policy provide this information.

Right of Access

You have the right to obtain confirmation that we are processing your personal data and to access that data. You can request a copy of your personal data free of charge.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances, including:

  • The personal data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed

Note: This right is not absolute. We may need to retain certain data to comply with legal obligations or establish, exercise, or defend legal claims.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain circumstances, including:

  • You contest the accuracy of the personal data
  • The processing is unlawful but you do not want the data erased
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

This right applies where:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

Right to Object

You have the right to object to processing of your personal data where:

  • Processing is based on legitimate interests
  • Processing is for direct marketing purposes

If you object to processing for direct marketing purposes, we will stop processing your data for such purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Note: We do not currently engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Phone: (049) 435 5066
Post: Data Controller, Arch-I Modular Solutions Limited, Unit A, Lavey Business Park, Lisnaglea, Stradone, Co. Cavan, H12 Y660, Ireland

Information We May Need

To verify your identity and process your request, we may ask you to provide:

  • Proof of identity (such as a copy of your passport or driving licence)
  • Proof of address
  • Details of your specific request

Response Time

We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by two further months. We will inform you within one month if we need to extend the response period.

No Fee Usually Required

You will not usually need to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Contact Form Submissions

Retention Period: Indefinitely
Justification: We retain contact form submissions indefinitely for business record-keeping purposes and to maintain a history of business communications.

Your Rights: You may request deletion of your data at any time by exercising your right to erasure.

Website Analytics Data

Retention Period: Indefinitely
Justification: Analytics data is anonymised and aggregated, containing no personally identifiable information. This data is used to improve website functionality and user experience.

Email Communications

Retention Period: As necessary for business purposes
Justification: We retain email communications for record-keeping and to maintain business relationships.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Security Measures Include:

Technical Measures:

  • SSL/TLS encryption for data transmission
  • Secure website hosting with regular security updates
  • Firewall protection and intrusion detection
  • Regular security patches and software updates
  • Secure backup procedures
  • Database encryption

Organisational Measures:

  • Access controls limiting who can view personal data
  • Staff training on data protection
  • Confidentiality agreements
  • Regular security assessments
  • Incident response procedures
  • Data protection policies and procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notification to Supervisory Authority

Notify the Data Protection Commission without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Notification to Data Subjects

Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Breach Documentation

We maintain a record of all personal data breaches, including:

  • The facts relating to the breach
  • The effects of the breach
  • The remedial action taken

Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments (DPIAs) when:

  • Implementing new technologies or systems that process personal data
  • Processing is likely to result in a high risk to individuals’ rights and freedoms
  • Processing involves large-scale processing of sensitive data

Third-Party Data Processors

We may engage third-party service providers to process personal data on our behalf. When we do so:

Processor Agreements

We enter into written data processing agreements with all third-party processors that:

  • Specify the subject matter and duration of processing
  • Define the nature and purpose of processing
  • Require the processor to process data only on our instructions
  • Require appropriate security measures
  • Require assistance with data subject rights requests
  • Require deletion or return of data after the end of services

Due Diligence

We conduct due diligence on all third-party processors to ensure they provide sufficient guarantees regarding data protection and security.

Current Third-Party Processors

  • Website Hosting Provider: Provides secure server hosting for our website
  • Email Service Provider: Fluent SMTP for transactional emails
  • Analytics Providers: Google Analytics (with IP anonymisation enabled) and AnalyticsWP

International Data Transfers

Some third-party services we use may involve transfers of personal data outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we ensure that:

  • The recipient country provides an adequate level of protection (as determined by the European Commission), or
  • Appropriate safeguards are in place (such as Standard Contractual Clauses), or
  • The recipient is certified under an approved certification mechanism (such as the EU-US Data Privacy Framework)

Current International Transfers

Google Analytics: Google LLC is certified under the EU-US Data Privacy Framework. Additionally, we have enabled IP anonymisation to minimise personal data transfer.

Children’s Personal Data

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children.

If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data as quickly as possible.

If you believe we have collected personal data from a child, please contact us immediately at [email protected].

Complaints and Supervisory Authority

How to Complain

If you believe we have not complied with GDPR or other data protection laws, you may:

  1. Contact us first: We encourage you to contact us to resolve any concerns
  2. Lodge a formal complaint: You can lodge a complaint with the Irish supervisory authority

Irish Supervisory Authority

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Website: www.dataprotection.ie
Email: [email protected]
Phone: +353 (0)761 104 800
Lo-Call: 1890 252 231

Updates to This GDPR Policy

We may update this GDPR Policy from time to time to reflect:

  • Changes in data protection laws
  • Changes to our data processing activities
  • Changes to our business operations
  • Feedback from supervisory authorities

We will notify you of any significant changes by:

  • Posting a prominent notice on our website
  • Updating the “Last Updated” date at the top of this policy

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Contact Us

If you have any questions about this GDPR Policy or our data protection practices, please contact:

Data Protection Contact:
Matt Fitzgerald, Managing Director
Arch-I Modular Solutions Limited

Address: Unit A, Lavey Business Park, Lisnaglea, Stradone, Co. Cavan, H12 Y660, Ireland
Email: [email protected]
Phone: (049) 435 5066
Company Number: 680374

Summary of Your GDPR Rights

RightWhat It Means
Right to be InformedKnow how your data is collected and used
Right of AccessGet a copy of your personal data
Right to RectificationCorrect inaccurate or incomplete data
Right to ErasureRequest deletion of your data
Right to RestrictionLimit how we process your data
Right to Data PortabilityReceive your data in a portable format
Right to ObjectObject to certain types of processing
Rights Related to Automated DecisionsNot be subject to automated decision-making

To exercise any of these rights, contact us at [email protected] or (049) 435 5066.