Last updated: April 2026
4.1 Our Commitment to GDPR
IrelandStream.com is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Irish Data Protection Acts 1988–2018.
As an Irish-based business, GDPR compliance is not optional — it is a legal requirement and a cornerstone of our commitment to our customers.
4.2 Data Protection Principles
We adhere to all GDPR principles. Your data is:
- Processed lawfully, fairly and transparently
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Retained no longer than necessary
- Processed securely
4.3 Legal Basis for Processing
We process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Processing your order | Contract (Art. 6(1)(b)) |
| Sending service emails | Contract (Art. 6(1)(b)) |
| Fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
4.4 Data Subject Rights
Under GDPR, you have the following rights:
Right of Access (Art. 15) Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16) Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17) Request deletion of your personal data (“right to be forgotten”).
Right to Restriction (Art. 18) Request that we limit how we use your data.
Right to Data Portability (Art. 20) Receive your data in a structured, machine-readable format.
Right to Object (Art. 21) Object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making (Art. 22) We do not use automated decision-making or profiling.
4.5 Exercising Your Rights
To exercise any GDPR right, contact our Data Protection contact:
Email: gdpr@irelandstream.com Response time: Within 30 days (as required by GDPR Art. 12)
4.6 Data Transfers
We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards.
Where third-party processors are located outside the EEA, we ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
4.7 Data Breach Procedure
In the event of a personal data breach, we will:
- Notify the Data Protection Commission (DPC) within 72 hours (if required under Art. 33 GDPR)
- Notify affected individuals without undue delay (if required under Art. 34 GDPR)
- Document all breaches in our internal breach register
4.8 Complaints
If you believe we have not handled your data correctly, you have the right to lodge a complaint with:
Data Protection Commission (DPC) Ireland Website: www.dataprotection.ie Phone: +353 (0)761 104 800 Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28
4.9 Policy Review
This GDPR Compliance Policy is reviewed annually or whenever significant changes occur in data processing activities or applicable law.
