Privacy Policy

1. Introduction

Qilumchip ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website qilumchip.ie (the "Site") and use our services.

We are the data controller of your personal data. Our registered business address is 18 O'Connell Street Upper, Dublin 1, D01 H5R2, Ireland. Our legal entity name is Qilumchip Limited.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site. By accessing and using Qilumchip, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. What Personal Data We Collect

We collect personal data that you provide directly to us, as well as data collected automatically when you use our Site. The types of personal data we collect include:

• Contact Information: Your full name, email address, telephone number, and postal address
• Communication Data: Messages, inquiries, and any other content you provide through our contact forms or email
• Technical Data: Your IP address, browser type, operating system, device identifier, and mobile device information
• Usage Data: Pages you visit, links you click, time spent on pages, referring and exit pages, and search queries
• Cookie Data: Information stored in cookies, including session identifiers and tracking data
• Geolocation Data: Approximate location derived from IP address (not precise)

3. How We Collect Personal Data

We collect personal data through the following methods:

• Contact Forms: When you submit our inquiry form or contact us via email
• Automatic Collection: Through cookies, web beacons, and server logs as you navigate the Site
• Analytics Tools: Google Analytics and similar analytics services that track user behaviour
• Server Logs: Information recorded by our web server, including request data, timestamps, and response codes
• Third-Party Integrations: If you interact with social media buttons or other embedded tools

We do not knowingly collect data from children under the age of 16. If we discover we have done so, we will delete such data immediately.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases under GDPR Article 6:

• Consent (Article 6(1)(a)): When you submit a contact form or consent to receive marketing communications, you explicitly consent to the processing of your data
• Contract Performance (Article 6(1)(b)): We process data necessary to respond to your inquiries and provide requested services
• Legal Obligation (Article 6(1)(c)): We may process data to comply with applicable Irish and EU laws, including tax requirements
• Legitimate Interests (Article 6(1)(f)): We have a legitimate interest in improving our Site, preventing fraud, and understanding how visitors use our services. This does not override your rights

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• To respond to your inquiries and provide customer support
• To send you requested information about roof maintenance and gutter care
• To improve and optimise the functionality of our Site
• To analyse usage patterns and trends to enhance user experience
• To send marketing communications, newsletters, and promotional materials (only with your consent)
• To comply with legal obligations, court orders, and regulatory requirements
• To prevent fraud, abuse, and security threats
• To enforce our Terms of Service and other agreements
• To conduct research and statistical analysis on our services
• To personalise your experience and deliver relevant content

We will not use your data for automated decision-making or profiling without your explicit consent.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our retention periods are:

• Contact Form Submissions: 2 years (unless you request deletion earlier)
• Email Communications: 3 years, unless part of ongoing business relationship
• Marketing Consent Records: Until you withdraw consent
• Analytics Data: 14 months (Google Analytics default retention)
• Server Logs: 90 days
• Cookies: Persistent cookies up to 13 months; session cookies until browser closes
• Legal/Compliance Records: 6 years (for tax and accounting purposes)

After the retention period expires, we securely delete or anonymise your data. If you request deletion, we will remove your data within 30 days, except where we are legally required to retain it.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your data with the following categories of recipients:

• Service Providers: Web hosting providers, email service providers, analytics services, and payment processors who process data on our behalf under data processing agreements
• Legal Requirements: Law enforcement, regulatory authorities, and courts when required by law or legal process
• Business Partners: With consent, we may share anonymised or aggregated data with business partners for research or service improvement
• Successor Organisations: In the event of a merger, acquisition, or bankruptcy, your data may be transferred as part of business assets

All recipients of your data are bound by contractual or legal obligations to maintain confidentiality and use your data only for specified purposes.

8. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission for transfers to third countries
• Adequacy Decisions: We only transfer to countries with an adequacy decision from the European Commission
• Your Consent: We may obtain your explicit consent for specific international transfers

Our primary hosting provider is based in the EU. Google Analytics may transfer data to the United States under the Data Privacy Framework. You can opt out of Google Analytics in your browser settings.

9. Your Data Subject Rights (GDPR Articles 15–22)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request a copy of all personal data we hold about you
• Right to Rectification (Article 16): You can request that we correct inaccurate or incomplete data
• Right to Erasure (Article 17): You can request deletion of your data ("right to be forgotten"), subject to legal obligations
• Right to Restriction (Article 18): You can request that we limit how we process your data
• Right to Data Portability (Article 20): You can request your data in a structured, machine-readable format
• Right to Object (Article 21): You can object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: You can withdraw consent for any processing at any time without penalty
• Right to Lodge a Complaint: You can submit a complaint to the Data Protection Commission (DPC) in Ireland

To exercise any of these rights, contact us at [email protected] with your request. We will respond within 30 days. If we require additional information to verify your identity, we may extend this to 60 days.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience and gather analytics. Our cookie usage includes:

• Essential Cookies: Required for Site functionality, security, and user authentication. These cannot be disabled
• Analytics Cookies: Track user behaviour to improve Site performance and user experience (Google Analytics)
• Marketing Cookies: Used to deliver targeted advertisements and measure campaign effectiveness (optional)
• Preference Cookies: Remember your settings and preferences for future visits

You can manage cookie settings through your browser. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. However, blocking essential cookies may affect Site functionality. For more information on cookies, visit www.allaboutcookies.org.

11. Children's Privacy

Our Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it immediately and notify the child's parent or guardian. If you believe we have collected data from a child, please contact us at [email protected].

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the bottom of this page indicates when the policy was last revised. Material changes will be communicated via email to users who have provided contact information, or by prominent notice on the Site.

Your continued use of the Site after changes become effective constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed of how we protect your data.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

• Data Controller: Qilumchip Limited
• Registered Address: 18 O'Connell Street Upper, Dublin 1, D01 H5R2, Ireland
• Email: [email protected]
• Phone: +353 1 687 4295
• Data Protection Authority: Data Protection Commission (DPC), Ireland – www.dataprotection.ie

You have the right to lodge a complaint with the DPC if you believe we have violated your data protection rights. Contact details for the DPC are available on their website.