Privacy, Cookies & Retention Notice
Effective date: 30 September 2025
Website: shirleykavanagh.com
Controller: Shirley Kavanagh (“Controller”)
Contact for all data queries: admin@shirleykavanagh.co
1. Privacy Notice
This Privacy Notice explains how we collect and use personal data via this website in a way that is lawful, fair, and transparent, in line with the GDPR and the Irish Data Protection Commission (DPC) guidance on the principles of data protection.
1.1 What personal data we collect
Contact details you provide (e.g., name, work email, organisation, role, and the content of your message) when you email us or submit a form.
Newsletter details (if you subscribe): name and email.
Event/meeting details (if applicable): name, email, organisation, role, and scheduling preferences.
Technical/cookie data: We only set strictly necessary cookies for basic site functionality. If we add analytics or marketing cookies in future, we will ask for your consent and provide a separate Cookie Notice (see Section 2).
1.2 How we use your data (purposes & lawful bases)
| Purpose | Examples | Lawful basis |
|---|---|---|
| Responding to enquiries | Replying to your email or contact-form message | Legitimate interests (to operate our website and respond to queries). You can object at any time. |
| Providing services / preparing to contract | Scoping work, proposals, scheduling sessions | Contract (or steps prior to entering a contract) |
| Newsletter / updates (if you opt in) | Occasional emails about articles, events, podcasts | Consent (you can withdraw at any time) |
| Protecting our website & complying with law | Security, legal obligations, record-keeping | Legitimate interests / Legal obligation |
1.3 Where we get your data
Directly from you (emails, forms, calls).
Indirectly (rare): a colleague may introduce you by email or provide your work email for scheduling; if so, we will inform you within a reasonable period and provide this Notice where required by Article 14 GDPR.
1.4 How long we keep your data (retention)
Enquiry emails/forms: normally up to 12 months from last contact.
Client/service records: as required for tax and professional records (typically up to 7 years from the end of services).
Newsletter data: until you unsubscribe or after 24 months of inactivity.
We may keep data longer where needed for legal claims or compliance.
1.5 Who we share data with
We use trusted service providers (“processors”) to run our business (e.g., website hosting, email, cloud productivity, calendar/meeting tools, newsletter platform). They only process data on our instructions, under contract, and with appropriate security.
1.6 International transfers
Some providers may be located or store data outside the EEA/UK. Where this happens, we rely on adequacy decisions (where available) or Standard Contractual Clauses (SCCs) approved by the European Commission, plus additional safeguards as needed.
1.7 Your data protection rights
Access your personal data
Rectify inaccurate data
Erasure (be forgotten)
Restrict processing
Object to processing based on legitimate interests (including direct marketing—you can opt out any time)
Data portability
Withdraw consent where we rely on consent (e.g., newsletters)
We will act on your request without undue delay and in any event within one month, subject to permitted extensions under the GDPR. To exercise any rights, email admin@shirleykavanagh.com.
1.8 Complaints
If you have concerns, please contact us first at admin@shirleykavanagh.com. You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland. Visit dataprotection.ie to contact the DPC.
1.9 Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit where applicable, least-privilege access, and confidentiality agreements with service providers.
1.10 Children
This website and our services are not intended for children under 16. We do not knowingly collect children’s data via the site.
1.11 Do you have to provide data?
If you contact us or request services, providing certain information may be necessary so we can respond or deliver services. If you do not provide it, we may be unable to proceed.
1.12 Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects via this website. If that changes, we will inform you and explain your rights.
1.13 Changes to this Notice
We may update this Notice from time to time to remain compliant and transparent. We will post the latest version here with an updated effective date.
2. Cookie Notice
This Cookie Notice explains how shirleykavanagh.com uses cookies and similar technologies.
2.1 What are cookies?
Cookies are small text files placed on your device when you visit a website. They help the site function and remember your preferences.
2.2 How we use cookies
Strictly necessary cookies: Required for core functionality (e.g., basic security, form submission). These do not require consent.
Preferences cookies (if used): Remember your settings and choices (consent-based).
Analytics cookies (if used): Help us understand site usage to improve content (consent-based).
Marketing cookies (if used): Used to deliver relevant content (consent-based).
2.3 Legal basis for cookies
We rely on your consent for non-essential cookies (e.g., analytics/marketing). You can withdraw consent at any time via the Cookie Settings link on our site. Strictly necessary cookies are used based on our legitimate interests in delivering a functional and secure website.
2.4 Managing cookies & withdrawing consent
Use the Cookie Settings link or banner on our site to manage your preferences at any time.
You can also control cookies via your browser settings, but disabling essential cookies may affect site functionality.
2.5 Cookies we use
Below is a template list. If we deploy new tools (e.g., Google Analytics), we will update this table and obtain consent before setting non-essential cookies.
| Category | Name | Provider | Purpose | Expiry | Type |
|---|---|---|---|---|---|
| Strictly Necessary | csrftoken / sessionid (example) | Website host | Security and session management | Session / up to 1 year | HTTP Cookie |
| Preferences (if used) | site_pref | Website host | Save language/layout preferences | 6 months | HTTP Cookie |
| Analytics (if used) | _ga, _gid | Google Analytics | Usage statistics (anonymised where possible) | 2 years / 24 hours | HTTP Cookie |
| Marketing (if used) | _fbp | Meta (Facebook) | Ad delivery and retargeting | 3 months | HTTP Cookie |
3. Records Retention Schedule
This schedule outlines typical retention periods/criteria. We retain the minimum necessary and review periodically. We may retain data longer where required for legal claims or compliance.
| Data Category | Examples | Lawful Basis | Typical Retention | Notes |
|---|---|---|---|---|
| Enquiries | Name, work email, organisation, message content | Legitimate interests | Up to 12 months from last contact | Extended if matter becomes a complaint or legal claim |
| Client/service records | Proposals, contracts, session notes, invoices | Contract / Legal obligation | Up to 7 years from end of services | To meet tax and accounting requirements |
| Newsletter subscribers | Name, email, subscription status | Consent | Until unsubscribe or 24 months of inactivity | Remove promptly on opt-out |
| Website technical logs | IP (short-term), user agent (if collected) | Legitimate interests | Up to 12 months | Security and troubleshooting |
| Event/meeting scheduling | Name, email, organisation, availability | Contract / Legitimate interests | Up to 24 months from last meeting | Operational records only |
For any questions about this Notice, please contact: admin@shirleykavanagh.com