Your Privacy

Who Are We?

Who Are We?

We are Bridgecastle Information Management Ltd, trading as Castlebridge. We are an Information Strategy consultancy based in Ireland specialising in

  • Information Governance,
  • Data Privacy,
  • Data Quality, and
  • Information Ethics.

To find out how to contact us, check out our CONTACT US page

Purposes for Processing

Purposes for Processing

We process data about people for the following purposes:

  • Sales and marketing
  • Executing projects
  • Delivering training, (either directly or through partners) 
  • General office administration and accounting
  • HR administration, including payroll and recruitment
  • Management of sub-contractors

Categories of Information Processed

Categories of Information Processed

Processing Purpose Category of Information Processed

Sales and marketing

  • Contact names
  • Telephone numbers (land line and mobile)
  • Social Media Identifiers (e.g. twitter accounts)
  • email addresses
  • Postal Addresses
Executing Projects
  • Contact names (for project stakeholders, participants)
  • Email Addresses
  • Contact phone numbers

Delivering Training

  • Student names
  • email addresses
  • Exam scripts / assignments
  • Student Grades

[Note: We deliver training either inhouse for clients, through partners, or as public courses - the data processed will vary depending on the context of delivery]

General Office Administration & Accounting
  • Contact names
  • Contact details (e.g. address, email address, telephone number)
  • Tax identifiers (e.g Irish PPS Number for employees or VAT number for subcontractors
  • Timesheets
  • Data associated with accounts receivable or accounts payable.
HR Administration and Management of Sub Contractors
  • Contact Names
  • Contact details (address, email, phone number)
  • PPSN (for employees)
  • Attendance records/time sheets
  • Training records
  • Sick certs and data relating to occupational health
  • CVs
Health and Safety
  • Occupational health data
  • Accident reports, including details of injuries and contact information for injured parties or witnesses 
Website performance management and security
  • IP Addresses (in server log files)

Cookies and Similar technologies

Cookies and Similar technologies

Castlebridge does not use website analytics technologies. Any cookies that are written by the site are necessary for the operation of the services on this site. Where we have embedded videos or other 3rd party content, it is our policy to use embed codes that to not write cookies until you interact with the video or other content.

Grounds for Processing

Grounds for Processing

Castlebridge processes data provided by you on one of the following grounds, depending how or why you are interacting with us

Processing Activity Processing Conditions Relied On
Sales and Marketing
  • Consent
  • Legitimate interest (for postal marketing)
Executing Projects
  • Necessary for execution of contract
  • Legitmate Interest 
    • It is in the legitimate interest of a company to engage in marketing to promote its products or services
Delivering Training
  • Necessary for execution of contract
  • Consent
  • Legitimate Interest
    • It is necessary to be able to contact project stakeholders to deliver projects we are contracted to deliver
General Office Administration & Accounting
  • Legitimate Interest
    • It is in the legitimate interest of the organisation to process information for administration and compliance with accounting requirements
  • Statutory Obligations
  • Necessary for execution of contractual obligations
HR Administration and Management of Sub Contractors
  • Statutory obligations (e.g. payment of payroll taxes etc.)
  • Legitiamte Interests 
    • It is in the interests of the organisation to efficiently and effectively manage staff and ensure compliance with duties of care and other obligations.
  • Necessary for the execution of contractual obligations
  • Necessary for obligations arising in the area of employment, taxation, and social security law
Health and Safety
  • Legitimate Interests
    • It is in the legitimate of the organisation to process data about health and safety issues for the purposes of seeking legal advice, defending claims, and supporting insurance risk assessment
  • Necessary for obligations arising under employment law and social security legislation
  • Statutory obligations

Categories of Recipients

Categories of Recipients

For many of our processing activities, we are required to disclose data to 3rd parties who are not data processors acting on our behalf or data controllers on whose behalf we are working.

Categories of recipients include:

  • Tax authorities (e.g. Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
  • Standards bodies or bodies accrediting certifications taught or examined by Castlebridge.

Cross-border data transfers

Cross-border data transfers

Castlebridge may, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Teamwork.com, Office365, and similar tools.

Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of

  • EU/US Privacy Shield
  • Model Contract Clauses
  • An Adequacy Decision from the European Commission.

In exceptional circumstances we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into (e.g. transferring data to a US-based accrediting body for certifications so that a client can receive their accreditation).

On a case by case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.

Data Retention

Data Retention

Castlebridge retains personal data about individuals for a range of periods. The basis for our retention periods is based on:

  • Statutory obligations
  • Contractual obligations
  • Quality assurance standard obligations provided by our training partners or accrediting bodies.
  • For reasonable periods after the conclusion of engagements for QA and risk management purposes.

On a case by case basis, records may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation.  Where records are subject to this kind of "hold" process, the ongoing retention will be reviewed on an annual basis.

Your Rights

Your Rights

  • For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
  • For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.
  • You have the right to request
    • A copy of data we hold about you (Right of Access)
    • That any error in data we hold about you is corrected (Right of Rectification)
    • That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
    • That we refrain from processing data for a specific purpose (Right to Restrict processing)
  • You have the right to complain to the Irish Data Protection Commissioner (www. dataprotection.ie), and to seek compensation through the Courts.

Contacting Us

Contacting Us

As we said earlier, you can contact us via our Contact Page.

Alternatively, if you have a specific data protection query you can email dataprotection@castlebridge.ie.