PRIVACY POLICY

carolgaffney.com  |  Last Updated: 2 April 2026

Carol Gaffney, Brand Positioning Strategist, is committed to protecting your privacy and handling your personal data with care and transparency. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Irish data protection law.

By using this website, you acknowledge that you have read and understood this policy. We may update it from time to time; the date above reflects the most recent revision.

1. WHO WE ARE

The data controller responsible for your personal data is:

Carol Gaffney | carolgaffney.com | info@gaffneyandcompany.com

2. INFORMATION WE COLLECT

We may collect and process the following personal data:

  • Identity and contact data: your name, email address, phone number, and job title, provided when you contact us, complete an enquiry form, or book a consultation.

  • Communication data: the content of any messages, emails, or form submissions you send us.

  • Payment data: processed securely through third-party providers (such as Stripe or PayPal). We do not store full payment details on our systems.

  • Technical data: IP address, browser type, pages visited, and time of access, collected automatically when you use this website.

  • Marketing data: your preferences regarding communications from us.

3. LAWFUL BASIS FOR PROCESSING

We process your personal data on the following legal grounds under Article 6 of the GDPR:

  • Contract: to fulfil our obligations where you have engaged our services.

  • Legitimate interests: to respond to enquiries, improve our services, and communicate with you in ways that are reasonably expected.

  • Consent: to send marketing communications. You may withdraw consent at any time by contacting us or clicking 'unsubscribe' in any email.

  • Legal obligation: where we are required to process your data to comply with applicable law.

4. HOW WE USE YOUR DATA

We use your personal data to:

  1. Respond to your enquiries and provide our services;

  2. Process payments and deliver programmes, consultations, or digital products;

  3. Manage our email list and send relevant communications (with your consent);

  4. Improve our website and the quality of our services;

  5. Meet our legal and contractual obligations.

5. SHARING YOUR DATA

We do not sell your personal data. We may share it with trusted third-party providers who support our business operations, including:

  • Email marketing platforms (e.g. MailerLite);

  • Payment processors (e.g. Stripe or PayPal);

  • Website and analytics platforms (e.g. Squarespace, Google Analytics);

  • Scheduling or booking tools.

These providers are permitted to use your data only as necessary to deliver services to us. We may also disclose data where required by law or to protect our legal rights.

6. COOKIES

Our website uses cookies to support essential site functionality, analytics, and marketing. When you first visit, you will be asked for your consent to non-essential cookies. You may manage or withdraw cookie consent at any time through your browser settings, though this may affect your experience on the site.

We use Squarespace Analytics and Google Analytics to understand how our site is used. To opt out of Google Analytics, visit: https://tools.google.com/dlpage/gaoptout

7. DATA RETENTION

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. You may request deletion of your data at any time (see Section 8).

8. YOUR RIGHTS

Under GDPR, you have the right to:

  • Access the personal data we hold about you;

  • Request correction of inaccurate or incomplete data;

  • Request deletion of your data (the 'right to be forgotten');

  • Withdraw consent to marketing at any time;

  • Object to or restrict certain types of processing;

  • Request a portable copy of your data;

  • Lodge a complaint with the Data Protection Commission (Ireland) at www.dataprotection.ie.

To exercise any of these rights, please contact us at info@gaffneyandcompany.com. We will respond within 30 days.

9. DATA SECURITY

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or alteration. However, no method of data transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. INTERNATIONAL TRANSFERS

Our website is hosted on servers that may be located outside Ireland. By using this website, you consent to the transfer and storage of your data in those locations. We take all reasonable steps to ensure your data is handled securely and in accordance with applicable law.

11. CHILDREN

This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently done so, please contact us immediately.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. The revised version will be posted on this page with an updated date. Continued use of this website constitutes acceptance of any changes.

13. CONTACT

For any questions, requests, or concerns relating to your data:

Carol Gaffney | info@gaffneyandcompany.com | carolgaffney.com

Last Updated: 2 April 2026

Copyright © Carol Gaffney