top of page

Adaptive Leadership Consulting Privacy Policy

Introduction

Adaptive Leadership Consulting (Ireland) Limited ("we," "us," or "our") is committed to protecting the privacy of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our consultancy services (the "Services"), or otherwise interact with us. This policy applies to our operations in Ireland and is designed to comply with the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and other applicable Irish and EU data protection laws.   

 

1. Data Controller

For the purposes of the GDPR and Irish data protection law, the data controller is:

  • Adaptive Leadership Consulting (Ireland) Limited, Drumconnick, Cavan, Co. Cavan. Ireland (CRO Co. Number: 770330)

  • Email: info@adaptiveleadership.ie

​

2. Information We Collect

We may collect the following categories of personal data:

  • Identity Data: First name, last name, title, gender, job title, and organization.

  • Contact Data: Business billing address, email address, and telephone numbers.

  • Financial Data: Bank account and payment card details (if you are paying us directly, or if we are paying you) as part of the procurement of delivery of Services.

  • Transaction Data: Details about payments to and from you, and details of Services you have purchased from us or we have purchased from you.

  • Technical and Usage Data: Internet protocol (IP) address, login data, browser session and geo-location data (if collected), device and network information, statistics on page views and sessions, acquisition sources, search queries, browsing behavior, information about your access and use of our website (including through the use of cookies), your communications with our website, browser type, operating system type, and the domain name of your Internet service provider. 

  • Interaction Data: Information you provide when you participate in interactive features of our Services (surveys, contests, promotions, activities, or events).

  • Marketing and Communications Data: Your preferences for receiving marketing from us and our third parties, and your communication preferences.

  • Professional Data: (If applicable) If you are a worker or applying for a role with us, your professional history (previous positions, experience).

  • Special Category Data: If, in the course of providing our Services, clients choose to share information about themselves related to health and well-being, ethnic origin, trade union membership or other special categories, this is at their discretion and their explicit content is obtained verbally.

 

3. How We Collect Personal Data

We collect personal data in the following ways:

  • Directly: When you provide it to us (e.g., through our website, digital and paper forms, email, telephone, or in person).

  • Indirectly: Through your interactions with us (e.g., website usage, emails, telephone calls, online inquiries).

  • From Third Parties: From your employer (if they enroll you in our program), or from analytics/cookie providers and marketing providers (see "Cookies" section below).

  • From Publicly Available Sources: We may collect personal data from publicly available sources like professional networking sites (e.g., LinkedIn).

 

4. Legal Basis and Purposes for Processing Personal Data

We will only use your personal data when the law allows us to. We process your personal data for the following purposes and based on the following legal bases:

  • To enable you to access and use our website, including assessing whether to take you on as a new client:

    • Type of Data: Identity Data, Contact Data

    • Legal Basis: Performance of a contract; Legitimate Interests (assessing suitability of potential clients).

  • To provide our Services to you, including managing your meeting bookings:

    • Type of Data: Identity Data, Contact Data

    • Legal Basis: Performance of a contract.

  • To contact and communicate with you about our Services, including responding to inquiries:

    • Type of Data: Identity Data, Contact Data

    • Legal Basis: Performance of a contract; Legitimate Interests (responding to client inquiries).

  • To contact and communicate with you about inquiries made via our website:

    • Type of Data: Identity Data, Contact Data

    • Legal Basis: Legitimate Interests (providing excellent customer service, responding to inquiries).

  • For internal record keeping, administrative, invoicing, and billing purposes:

    • Type of Data: Identity Data, Contact Data, Financial Data, Transaction Data

    • Legal Basis: Performance of a contract; Legal Obligation (e.g., tax law); Legitimate Interests (managing finances, recovering debts).

  • For analytics, market research, and business development, including operating and improving our Services:

    • Type of Data: Technical and Usage Data

    • Legal Basis: Legitimate Interests (improving our website and services, developing our business).

  • For advertising and marketing, including sending promotional information about events and information of interest:

    • Type of Data: Identity Data, Contact Data, Technical and Usage Data, Marketing and Communications Data

    • Legal Basis: Consent (for direct marketing emails/communications); Legitimate Interests (for marketing to existing clients, subject to opt-out rights).

  • To run promotions, competitions, and/or offer additional benefits:

    • Type of Data: Identity Data, Contact Data, Interaction Data, Marketing and Communications Data

    • Legal Basis: Consent; Legitimate Interests (engaging with clients, promoting our business).

  • If you apply for employment with us: to consider your employment application:

    • Type of Data: Identity Data, Contact Data, Professional Data

    • Legal Basis: Legitimate Interests (recruiting staff).

  • To comply with our legal obligations or as required/authorized by law:

    • Type of Data: All categories of data, as necessary

    • Legal Basis: Legal Obligation.

  • To process special category data during provision of services:

    • Type of Data: Special Category Data

    • Legal Basis: Explicit Consent.

 

5. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients:

  • Our employees, contractors, and related entities (if any).

  • IT service providers, data storage, web-hosting, and server providers.

  • Marketing or advertising providers.

  • Professional advisors (e.g., lawyers, accountants, auditors, bankers, insurers).   

  • Payment systems operators.

  • Our existing or potential agents or business partners.

  • Sponsors or promoters of any promotions or competitions we run.   

  • In the event of a business transfer (e.g., sale, merger), to the relevant parties.

  • Courts, tribunals, and regulatory authorities (e.g., the Data Protection Commission) if required by law or in connection with legal proceedings.

  • Law enforcement officers, as required or authorized by law.

  • Third-party data processors, such as Google Analytics.

  • Any other third parties as required or permitted by law.

 

6. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA). If we do so, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy Decision: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.   

  • Standard Contractual Clauses (SCCs): Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.   

  • Binding Corporate Rules (BCRs): If applicable, we may rely on BCRs approved by a supervisory authority.

 

7. Data Security

We have implemented appropriate technical and organizational measures to secure your personal data from accidental loss, unauthorized access, use, alteration, and disclosure. These measures include:   

  • Access Controls:

    • Multi-Factor Authentication (MFA): We enforce multi-factor authentication for all user accounts. This requires users to provide two or more verification factors (e.g., password and a code from a mobile app) to access their accounts, significantly reducing the risk of unauthorized access even if a password is compromised.

    • Principle of Least Privilege: We implement the principle of least privilege, granting users only the minimum necessary access rights to perform their job duties. This limits the potential damage from a compromised account. We regularly review and update user permissions.

    • Strong Password Policies: We enforce strong password policies for all user accounts, requiring a minimum length, complexity (uppercase, lowercase, numbers, symbols), and regular password changes. 

    • Role-Based Access Control (RBAC): Within Google Workspace and Microsoft 365, we use role-based access control to define permissions based on job roles. This ensures that users only have access to the data and features relevant to their responsibilities.

  • Data Encryption:

    • Data in Transit Encryption: All data transmitted between our users' devices and Google Workspace/Microsoft 365 servers is encrypted using Transport Layer Security (TLS). This protects data from interception during transmission.

    • Data at Rest Encryption: Google Workspace and Microsoft 365 encrypt data at rest using industry-standard encryption algorithms (e.g., AES 256-bit). This protects data stored on their servers from unauthorized access. 

  • Network Security:​

    • Secure Wi-Fi: We use a secure, password-protected Wi-Fi network with WPA2 or WPA3 encryption for all business operations. We avoid using public Wi-Fi for sensitive work.

    • VPN (Virtual Private Network): When accessing company data from remote locations (e.g., coffee shops, airports), we encourage the use of a reputable VPN to encrypt the connection. 

  • Regular Security Assessments and Audits:

    • Vulnerability Scanning: We regularly perform vulnerability scans of our systems (primarily our website) to identify and address potential security weaknesses. If you don't do this formally, consider using a free online vulnerability scanner for your website.

    • Security Audits: We conduct periodic security audits of our Google Workspace and Microsoft 365 configurations to ensure that security settings are properly configured and that best practices are followed. This includes reviewing user permissions, sharing settings, and security logs.

  • Data Backup and Recovery:

    • Cloud-Based Backups: We rely on Google Workspace and Microsoft 365's built-in data backup and recovery capabilities to ensure that our data is protected against accidental deletion or data loss. This is a key benefit of using these platforms.

  • Regular Reviews:​

    • Regular Review and Updates: We regularly review and update our incident response plan to ensure that it remains effective and aligned with industry best practices.

  • Vendor Management:

    • Third-Party Risk Assessment: We assess the security practices of our key third-party vendors (Google, Microsoft, and any other providers you use) to ensure they meet our security standards. 

    • Data Processing Agreements (DPAs): We have Data Processing Agreements (DPAs) in place with Google, Microsoft, and other relevant third-party providers that process personal data on our behalf. These agreements ensure that they comply with GDPR and other applicable data protection laws.

​

We cannot guarantee the security of information transmitted over the internet. Any transmission is at your own risk.

 

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:   

  • The amount, nature, and sensitivity of the personal data.   

  • The potential risk of harm from unauthorized use or disclosure.

  • The purposes for which we process your personal data.   

  • Whether we can achieve those purposes through other means.

  • Applicable legal requirements.

 

9. Your Rights

Under the GDPR and Irish data protection law, you have the following rights:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.   

  • Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data in certain circumstances.   

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.   

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, andmachine-readable format and to transmit it to another controller.   

  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests and processing for direct marketing purposes.   

  • Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.   

  • Right to Withdraw Consent: where processing is based on consent, you can withdraw this consent.

T

o exercise any of these rights, please contact us using the contact details provided above. We will respond to your request within 20 working days. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).   

 

10. Cookies

Our website uses cookies. Cookies are small text files placed on your computer to collect standard internet log information and visitor behavior information.   

  • Types of Cookies: We use the following types of cookies:

    • Essential Cookies: Necessary for the website to function.

    • Analytical/Performance Cookies: Allow us to recognize and count visitors and see how they move around our website.

    • Functionality Cookies: Used to recognize you when you return to our website.

    • Targeting/Advertising Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We may use this information to make our website and advertising more relevant to your interests.   

  • Cookie Consent: We will obtain your consent to use non-essential cookies (e.g., analytics and advertising cookies) in accordance with the ePrivacy Directive and Irish regulations. We will provide a clear and comprehensive cookie banner on our website allowing you to accept or reject cookies.   

  • Managing Cookies: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.   

 

11. Google Analytics

We use Google Analytics to analyze the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/   â€‹

 

12. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. This Privacy Policy applies solely to information collected by us.   

 

13. Complaints

If you have any complaints about our use of your personal data, please contact us in the first instance. You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland: Data Protection Commission 21 Fitzwilliam Square South Dublin 2, D02 RD28 Ireland Website: www.dataprotection.ie   

 

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on our website and, where appropriate, notify you by email. Please check back frequently to see any updates or changes.

​

Last update: 1 March 2025

bottom of page