GDPR Policy

This GDPR Policy ("Policy") outlines how EIRCASA LTD, trading as KeyMetrics ("KeyMetrics", "we", "our", or "us"), complies with the requirements of the General Data Protection Regulation (GDPR). This Policy applies to all personal data processed by KeyMetrics in the course of providing our services.

1. Data Controller

KeyMetrics acts as the data controller for the personal data we collect and process. Our contact information is provided at the end of this Policy.

2. Lawful Basis for Processing

We will only process personal data when we have a lawful basis to do so under GDPR. This may include:

• The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Processing is necessary to protect the vital interests of the data subject or another natural person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

3. Data Subject Rights

Under GDPR, data subjects have the following rights regarding their personal data:

• Right to access: Data subjects have the right to access their personal data and request information about how it is being processed.
• Right to rectification: Data subjects have the right to correct inaccurate or incomplete personal data.
• Right to erasure: Data subjects have the right to request the deletion of their personal data under certain circumstances.
• Right to restrict processing: Data subjects have the right to restrict the processing of their personal data under certain circumstances.
• Right to data portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
• Right to object: Data subjects have the right to object to the processing of their personal data under certain circumstances.
• Rights related to automated decision making: Data subjects have the right not to be subject to automated decision making, including profiling, that produces legal effects concerning them or similarly significantly affects them.

4. Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data and protect it against unauthorized or unlawful processing and accidental loss, destruction, or damage.

5. Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA) that may not provide the same level of data protection as the EEA. In such cases, we will ensure that appropriate safeguards are in place to protect the personal data, such as using standard contractual clauses approved by the European Commission.

6. Data Breach Notification

In the event of a data breach involving personal data, we will notify the relevant supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach. We will also notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee compliance with GDPR and ensure the protection of personal data. You may contact the DPO using the information provided at the end of this Policy.