Brainbox Privacy Policy

Brainbox Privacy Policy: an overview

What data we collect

• Name and contact details
• IP address
• Date of birth

Under 16?

Parental Consent required to sign up

How to manage your data

• Unsubscribe from our mailing list
• Contact us directly

If you have any queries about how we enact your rights please email us at: info@brainbox.ie

Please read our Privacy Policy in full below to see how we comply with data protection and privacy laws.

1. Who we are

Brainbox is an educational consultancy that delivers programmes to primary and second-level schools, in addition to parent talks and staff workshops. We also offer one-on-one online consultancy to students, parents and teachers.

Data protection and privacy laws provide rights to individuals with regard to the use of their Personal Data by organisations, including our organisation. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data. We must comply with data protection and privacy laws because the law requires us to but we also would like you to have confidence in dealing with us, and compliance with data protection law helps us to maintain a positive reputation in relation to how we handle Personal Data.

We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable data protection and privacy laws, and that we have in fact complied with the laws. We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing. This privacy policy document outlines how your personal information is collected, used, processed, disclosed and protected by Brainbox when you visit www.brainbox.ie, subscribe to our mailing list, contact us through our website, or pay for our services. We are not responsible for the privacy practices of any other websites.

2. How do we collect your data?

• Newsletter subscriptions.
• Online contact form on our website or emails you send directly to our company email info@brainbox.ie.
• Telephone orders and/or requests.
• Physical order forms: this refers to hard copy booking forms which you complete.
• Online public and commercial website registration.
• Financial Transactions: this refers to information related to paying for our services through our payment gateway, PayPal.
• Cookies: these are small data files used to collect information on how a user interacts with a website.

3. How will we use your data?

The primary reason we collect your data is to supply you with services, news and information which you have expressed an interest in, and where it is required for us to perform functions or activities on your behalf. For example, when you make a purchase through our website, we collect information such as your name, billing address, email address, phone number, credit/debit card details, date of purchase, amount of purchase and other relevant billing information so you can pay for our services, receive receipts and payment reminders. It also provides us with a record of orders you have made with us. We accept payments through PayPal. Please refer to the PayPal privacy policy for more details.

If you are a student signing up for online Exam Coaching we collect information about you, including your age. If you indicate that you are under 16 years old you will be required to provide proof of parental consent to use our services.

• Further Details (i) Categories of Data. (ii) Purpose. (iii) Possible lawful basis for processing
• Name and Contact Details To manage our relationship with you as a customer, supplier or contractor
  (a) Performance of a contract with you / (b) Necessary to comply with our legal obligation
• Name and Contact Details To send you marketing material
  (a) Necessary for our legitimate interests (ensure sales continue) / (b) Consent
• Name and Contact Details; IP address To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) / (b) Necessary to comply with a legal obligation.
• IP address To use data analytics to improve our website, products/services, marketing and customer relationships and experiences
  (a) Consent / (b) Necessary for our legitimate interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
• Name and Contact Details To respond to your enquiry or feedback
  (a) Necessary to comply with a legal obligation / (b) Performance of a contract with you
• Name and Contact Details (invoices) To comply with our tax obligations
  (a) Necessary to comply with a legal obligation / (b) Consent
• Cookies (IP address) To manage cookies
  (a) Necessary to comply with a legal obligation / (b) Consent
• Name and Social Media Handles To build an online community, disseminate information and to respond to your queries directly.
  (a) Necessary for our legitimate interests (customer service)
• Age Refers to students signing up for online Exam Coaching
  (a) Necessary to establish you are over 16 years, i.e. the digital age of consent in Ireland.

4. How do we store your data?

We only retain your data for as long as is necessary to fulfil the purposes we collected it for, or until you inform us that you wish to be removed from our mailing list. To determine the appropriate retention period for Personal Data, we consider:

• The amount, nature, and sensitivity of the data
• The potential risk of harm from unauthorised use or disclosure of your data
• The purposes for which we process your data and whether we can achieve those purposes through other means

5. The applicable legal requirements

We comply with our obligations under the GDPR by:

• keeping your Personal Data accurate and up to date
• following strict security procedures in the storage of your Personal Data from the point of collection to the point of destruction
• protecting Personal Data from accidental loss, misuse, unauthorised access or processing, disclosure and damage by ensuring that appropriate technical measures are in place

We provide data protection training to all employees in relation to their responsibilities in the processing and safeguarding of personal information. Only authorised persons can process your data under our strict instructions. We have procedures in place to deal with a data breach which includes notifying you and the Data Protection Commissioner where we are legally required to do so.

6. Marketing

Brainbox uses your Personal Data for the primary reason of providing you with our services, or to inform you about news or events associated with Brainbox which you may be interested in. We may use your Personal Data to form a view on what we think you may want or need, or what may be of benefit to you. This is how we decide which services and offers may be most relevant for you.

We strive to provide you with choices regarding Personal Data uses around marketing. Where appropriate, you will be asked whether you wish to receive any marketing communications from us. You can opt out of direct marketing by using the provided unsubscribe link in our communications with you. We will not share your Personal Data with any third party for marketing purposes.

Facebook Ads

We make use of Facebook Ads from time to time. We do base our ads on interests and do not use re-marketing techniques. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through:

• the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/,
• the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/
• the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/.

For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation.

Google Ads

We make use of Google Ads from time to time. We do base our ads on keywords and do not use re-marketing techniques. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/.

7. What are your data protection rights?

Under certain circumstances, by law you have the right to:

• Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
• Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
• Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
• Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
• Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
• Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

8. What are cookies?

Cookies are small text files that are transferred to your device’s hard drive while you are browsing a website to remember your personal details and/or preferences and to enable us to recognise your browser and help us to track visitors to our site for different purposes.

9. How do we use cookies?

We use cookies to help enhance the functionality of our website and to collect information to evaluate how, where and when the website is being used. We will make no attempt to identify individual visitors, or to associate technical details with any individual. We will only use the information for statistical and other administrative purposes, and to inform our security measures.

Our website uses Google Analytics, a web analytics service that uses cookies to collect anonymised website user data, including your Internet Protocol (IP) address, date and time you access our site, browser type, and internet service provider. We note that your IP address is considered Personal Data under the GDPR. Other information we receive when you visit our website and accept cookies includes:

• web pages you have accessed
• previous Internet address from which you linked directly to our site
• resources downloaded
• click rate data

Google may give access to this information to third parties if required to do so by law, or where such third parties process the information on Google’s behalf. For more information about the use of cookies, visit: http://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

10. What types of cookies do we use?

Strictly necessary cookies

These cookies identify you as being signed in to our website and help keep you logged in as you browse our pages. These cookies do not usually contain any personally identifiable  information.

Performance cookies

These cookies are used to collect statistical information about visitors to our website and the pages they view. We use these cookies to understand what content is popular which helps us to improve our website. This information is aggregated and used anonymously; these cookies do not collect information that identifies a visitor.

Functional cookies

These cookies allow websites to remember choices you make and provide enhanced and more personal features, such as remembering your user name and email address so you don’t have to enter it again when you revisit that site to use its services.

11. How to manage your cookies

Most web browsers automatically accept cookies, but if you wish you can set your browser to prevent it from accepting cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

For details on how to manage cookies, including how to opt out of performance cookies, visit: www.aboutcookies.org. Please note that disabling cookies may compromise the functionality of our website and affect your browsing experience.

12. Who we share your data with

We avoid collecting unnecessary Personal Data, namely information about an individual which allows that person to be identified, and will not without your consent share or disclose any of your personal information with third parties except where such a transfer is a necessary part of the activities that we undertake, or where there is a legal requirement.

We use third parties such as a payment processing provider, web provider, database provider, email marketing provider and mailing house provider to provide certain services and we have data processor agreements in place with all third parties. We require third parties to have appropriate technical and operational security measures in place to protect your Personal Data in line with Irish and EU laws on data protection. Such third parties have access to Personal Data needed to perform these functions, but may not use it for any other purpose.

If we transfer your Personal Data out of the EEA, we will only do so to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. Where we use service providers based in the US we ensure that they have certified their compliance with the EU-US Privacy Shield Framework.

In certain circumstances, the GDPR allows Personal Data to be disclosed for legal reasons without the consent of the data subject. Under these circumstances, we will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the company’s legal advisers where necessary.

13. Changes to our privacy policy

This Privacy Policy and Notice has been approved and authorised by Evan Costigan, founder of Brainbox, on 1st January 2024. We encourage you to check back for changes to this policy which will be updated annually, or more frequently if required.

14. How to contact us

Our data protection coordinator can be contacted as follows:
email: info@brainbox.ie;
phone: +353862004139.

15. How to contact the appropriate authorities

You have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. As our organisation is located in Ireland and we conduct our data processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner:

‍Website: www.dataprotection.ie
Phone: +353 57 8684800 or 1890 252231.
Email: info@dataprotection.ie
Address: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23;
or 21 Fitzwilliam Square S., St. Peter’s, Dublin 2, D02 RD28.