Web and Online Privacy Statement
Who we are and what we do
Acceptance and Changes
STEPSTONE Consulting’s web and online privacy statement is an organic document which changes frequently as our technologies change and the information provided here is constantly being reviewed in line with the Data Protection Acts, 1988 and 2003 and with EU General Data Protection Regulation 2018.
This webpage was last updated on Monday, 3 March 2019
The General Data Protection Regulation
On May 25th 2018, a new EU General Data Protection Regulation (GDPR) came into effect which replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
The main objective of the new legislation was to ensure consistency regarding data privacy laws across Europe by changing the way organisations approach data privacy. The fundamental aim of GDPR is to protect all EU citizens from privacy and data breaches. This new law gives individuals complete authority over their personal data in terms of who has it, where it is stored, how it is stored, the length for which it is stored and the purpose for which it is gathered.
STEPSTONE Consulting fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with us. We will not collect any personal information about you on this website without your permission, except as may be required or permitted by law. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality, in accordance with the Data Protection Acts, 1988 and 2003 and with EU General Data Protection Regulation 2018.
What data is collected about you?
To provide our services to you, STEPSTONE Consulting needs to process personal information, such as your address and other contact details, to provide service information or register you for our training or other events. We collect information about you when you use our services. In addition, third parties may collect information about you when you use our services. Collected information may include or reflect personal information that could identify you, as well as non-personal information. We refer to your information as “your data” for short.
To register for our newsletter or for an event you must provide valid personal contact information.
To purchase training or other services, you may need to provide a valid payment method (e.g., credit card or PayPal account). Your payment information will be collected and processed by our authorized payment vendors. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions.
Other Information You May Submit
You may submit data to us for limited purposes such as requesting customer support; answering a questionnaire; participating in a study; entering contests; or signing up to receive communications from us.
We collect your shipping address to send you products you have ordered.
Information Collected by Third Parties
Some third parties may collect data about you when you use our services. This may include data you submit (such as payment information) or automatically-collected information (in the case of third-party analytics providers and advertisers).
We may obtain data from third parties about you. We may combine that data with information that we have collected. For example, some advertisers or advertising platforms may allow us to determine what other online services you might use so that we may place relevant ads on those services.
How is your personal data collected?
We obtain your personal data directly from you in the course of your registration or enquiry or newsletter sign-up. We may also be provided with information necessary for providing our services to you by your employer.
How your personal data is used and the legal basis for its processing?
Any information which you provide is used by STEPSTONE Consulting only in accordance with the purpose for which you provided the information and will only be retained for as long as required for the purpose. This is normally stated on the webpage where the information is requested and should be self-explanatory.
We process your personal data for the purpose of providing various management training, facilitation and/or advisory services to you, on the basis of your or your employer’s contract with STEPSTONE Consulting. We also process your personal data for the purpose of providing you with information on our services, such as via newsletter or email, on the basis of your prior consent to receive such information from us.
We may use your data for the following purposes:
- Identification and authentication: We use your data to verify you when you access your account.
- Operating our services: We use your data to provide our services, process and fulfill orders, provide customer support, and to otherwise comply with our contractual obligations to you. We (and/or our third-party vendors) use your financial information to process purchases made by you and to pay you refunds as necessary.
- Communicating with you: We use your data when we communicate with you (e.g., when we respond to a customer support or other inquiry).
- Improving our services: We use your data to understand how our services are being used and how we can improve them. In general, we analyze aggregated data, rather than specific user data.
- Customizing your experience: We use your data to personalize the service to you.
- Marketing and advertising: We use your data to display ads and send you offers. We may also use your data in delivering third-party advertisements to you. This may include “targeted ads” based upon your activities.
- Exercising our rights: Where reasonably necessary, we use your data to exercise our legal rights and prevent abuse of our service. For example, we may use your data to detect and prevent fraud, spam, or content that violates our Terms of Service.
- Legal compliance: We use your data where we are legally required to do so. For example, we may need to gather your data to respond to a court order.
- Protecting your information: Where appropriate, we may anonymize, backup, and delete certain data.
We may use algorithms and other automated means to implement any of the above.
How is your personal data disclosed?
Your data will be provided as necessary, for the purpose of delivering our services to you, to our partners and service providers. Your data may also be disclosed where required or authorised by law. We will not otherwise disclose your personal data to third partners or sell your data.
We share data with third parties as follows:
- As you instruct: We may make your profile and videos available to others as you instruct in using our services. We may share your data with persons to whom you have granted account-level access.
- With your consent: We may share your data with third parties where we have obtained your express consent to do so. You may revoke these consents.
- Authorized vendors: We may share your data with third-party vendors that help us operate our services, process orders, and comply with your instructions and our contractual obligations. This includes payment processors, content delivery networks (CDNs), cloud-based hosting services, monitoring services, email service providers, quality assurance and testing vendors, fraud and abuse prevention vendors, customer relations management (CRM) vendors, and shipment vendors.
- Advertising: We may share your data with advertising companies to display relevant ads to you. Unless you expressly agree, we will not share or sell your name, email address, or physical address with such persons.
- Analytics: We may share your data with persons who provide analytics showing how customers are using our services.
- Affiliates and advisors: We may share your data with our partners and our auditors and advisors for planning, financial reporting, accounting, auditing, tax filings, and legal compliance. Unless you expressly agree, we will not share your data with any partner for other purposes than providing our services to you, such as direct marketing.
- Certain legal situations: We may share your data where we believe disclosure is necessary to comply with a legal obligation or in connection with a corporate transaction.
- Aggregated or anonymized information: We may publicly disclose non-personal aggregated or anonymized information such as our number of visitors and registered users.
We use reasonable efforts to vet vendors for their privacy and data security practices. We require that such vendors agree to protect the data we share.
STEPSTONE Consulting may from time to time use service providers located outside of the European Union to process your data. When this is done, at least one of the following safeguards to protect your personal data to a similar level as within Europe will be applied, i.e.:
- We will use service providers located in countries which have been designated by the European Commission as having an adequate national standard of data protection, or;
- For transfers to the United States of America, our service providers may be registered under and have committed to adhering to the Privacy Shield Framework, or;
- We will require our service providers to adopt the standard data protection contract clauses pre-approved by the European Commission.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is recorded, including any legal or regulatory requirements to maintain records.
Your Data Protection rights
- You have the right to be provided on request with a copy of your personal data.
- You have the right to rectification of inaccurate data we may have recorded about you.
- You have the right to the erasure of your data (“right to be forgotten”) which we no longer have justification for recording.
- You have the right to object to processing of your data which is being done by STEPSTONE Consulting on the basis of its legitimate interests.
- You have the right to restrict the processing of your personal data when:
- the basis for its processing is in dispute;
- its accuracy is in dispute;
- we cannot establish a lawful basis for its processing, but you do not wish it to be erased;
- we no longer need your data, but you need it for the establishment, exercise, or defence of legal claims;
- you object, where applicable, to our processing of your data on the basis of our legitimate interests, pending verification of whether your interests override ours;
- You have the right to be provided with a copy of your data in machine readable format, or to have it transferred directly to another data controller (“data portability”).
If you are not satisfied with our responses or are otherwise concerned with how we process your personal data, you also have the right to make a complaint to the Data Protection Commission.
We use a third-party service, WordPress.org, to publish our sites. These sites are hosted at wpengine.com, which is run by WPEngine, Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how WordPress processes data, please see Automattic’s privacy notice.
Photos and Video embedding
We use a third-party provider, Mailchimp, to deliver emails to targeted groups. We only use lists where we have already gathered consent and delete lists regularly. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our communications. For more information, please see Mailchimp’s privacy notice.
Social media sharing and integration
How to contact us:
We can be contacted at: STEPSTONE Consulting, Fitzwilliam Hall, Fitzwilliam Place Dublin 2. Ireland. D02 T292. Tel: +353 (0)1 902 3838. We can be contacted by post or phone at the above address, or by email at email@example.com.