Privacy Policy

Learn how we protect your data, use cookies, and comply with GDPR regulations.

Introduction

This Privacy Policy explains how Taxworld ("we", "our", "us") collects, uses, and protects personal data when you use our website www.taxworld.ie and its subdomains, including landing.taxworld.ie and app.taxworld.ie.

We comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Irish Data Protection Act 2018.

We do not use analytics cookies or tracking technologies at this time.

1. Who We Are (Data Controller)

Taxworld
220 Capel Building, Mary's Abbey, Dublin 7, D07 XHK8, Ireland
Contact: online contact form

We determine the purposes and means of processing personal data for visitors of www.taxworld.ie and its subdomains.

2. Personal Data We Collect

We collect the following personal data:

  • Contact details: name, email, phone number, company name.
  • Address information: street address, city, county, postcode, country.
  • Financial information: IBAN and account holder name (used for GoCardless payments).
  • Account credentials: username and hashed password when logging in through app.taxworld.ie.
  • Technical data: IP address, device type, browser type (via security logs, e.g. Cloudflare).

3. Data Collected via Website Forms

We collect personal data when you submit forms on www.taxworld.ie and its subdomains (for example, contact enquiries, publication requests, registrations, or membership enquiries).

Depending on the form, the data collected may include:

  • Name
  • Email address
  • Phone number
  • Address details (where required for fulfilment or delivery)
  • Company name

Form submissions are delivered to our internal email inboxes for processing and are retained only for as long as necessary, in line with our retention policy.

We do not store passwords or payment details through website forms.

4. User Accounts on app.taxworld.ie

After registration, we may create a user account within our own system at app.taxworld.ie. We store:

  • Email
  • Secure hashed and salted passwords
  • Profile/account information and membership status

Passwords are never stored in plain text. Data is hosted in a secure MySQL database on DigitalOcean in an EU data centre.

5. Payments (GoCardless)

We use GoCardless to process bank payments. Financial information is transmitted securely to GoCardless and is not stored in our own systems beyond what is necessary to initiate the mandate.

GoCardless acts as a processor and complies with GDPR, PSD2 and applicable financial regulations.

We rely on the following lawful bases:

  • Contract (Article 6(1)(b) GDPR): processing registrations, creating user accounts, providing our services, and processing payments.
  • Legitimate interests (Article 6(1)(f) GDPR): site security, fraud prevention, service improvement, and responding to enquiries. We balance these interests against your rights and expectations.
  • Consent (Article 6(1)(a) GDPR): marketing communications, where applicable.

7. Security and Cloudflare

We use Cloudflare for DDoS protection, security, and content delivery. Cloudflare may process:

  • IP address
  • Browser and device metadata
  • Security event logs (for example, firewall events)

Cloudflare cookies are considered strictly necessary for the functioning and security of the Website and therefore do not require consent under the Irish ePrivacy Regulations (S.I. 336/2011).

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law:

  • Form submissions and general enquiries: up to 3 years.
  • Account data: retained while the account is active and for a reasonable period afterwards to handle queries or disputes.
  • Financial records and invoicing data: retained for at least 6 years to comply with tax and accounting obligations.

9. International Transfers

Some of our processors (such as Cloudflare or GoCardless) may transfer personal data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions where available; and/or
  • EU Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Your Rights Under GDPR

Under GDPR you have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data in certain circumstances.
  • Request restriction of processing.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (for example, marketing).
  • Request data portability.

You can exercise these rights by contacting us using the details below.

11. Complaints

If you have concerns about how we handle your personal data, you can contact us directly. You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland:

https://www.dataprotection.ie

12. Contact Us

For privacy enquiries, please contact us via our online contact form.