Privacy policy

Your privacy matters. This policy explains how FlexPro365 Limited collects, uses, and safeguards your personal information.

1. Identity and Contact Details of the Data Controller

1.1. Role of the Data Controller

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Irish Data Protection Act 2018, FlexPro365 Limited acts as the sole Data Controller regarding the personal data collected and processed through www.blue-fly-648995.hostingersite.com (the “Website”). This means we determine the purposes and means of the processing of your personal data.

1.2. Company Information

FlexPro365 Limited is a private company limited by shares, incorporated and registered in the
Republic of Ireland.

  • Company Registration Office (CRO) Number: 807911.
  • Registered Office Address: 127 Dun Eimear, Bettystown, Co. Meath, A92 CX6K,
    Republic of Ireland.

1.3. Data Protection Contact Point

Given the targeted B2B nature of our business and the scale of our data processing, we are not legally mandated to appoint a statutory Data Protection Officer (DPO) under Article 37 of the GDPR. However, we take our privacy obligations seriously and have designated a primary contact point to manage all data protection queries, subject access requests, and compliance issues. All such correspondence should be directed to: info@blue-fly-648995.hostingersite.com.

2. Categories of Personal Data Collected

We adhere strictly to the principle of data minimization (Article 5(1)(c) GDPR), ensuring that we only collect personal data that is adequate, relevant, and limited to what is strictly necessary for the purposes outlined in this policy. We process the following categories of data:

2.1. Actively Collected Data (Directly Provided by You)

When you choose to engage with us by submitting a query through our Website’s contact form, We collect the following information:

  • Your full name.
  • Your business email address.
  • Your business telephone number.
  • Any additional contextual or personal data you voluntarily choose to include in the freetext message field.

2.2. Passively Collected Technical Data (Automated)

When you navigate and interact with our Website, we deploy Google Analytics 4 (GA4) to automatically collect certain technical and behavioral metrics. This includes:

  • Anonymized/pseudonymized IP addresses. (Note: Your IP address is collected via EU servers to ascertain coarse geolocation, such as your city, and is immediately discarded before being logged on Google’s analytics servers.)
  • Browser type, version, and language settings.
  • Operating system and device hardware types.
  • Referring to Uniform Resource Locators (URLs) and exit pages.
  • Behavioural data, including pages visited, click-through rates, and session durations.

2.3. Booking and Scheduling Data

To facilitate initial consultations, we integrate a third-party scheduling tool, Calendly. When you Book a discovery call or training session, we process:

  • Your name.
  • Your business email address.
  • Appointment date, time, duration, and related calendar metadata.

2.4. Exclusion of Special Categories of Data

We do not request, require, or knowingly collect any “special categories of personal data” as defined under Article 9 of the GDPR. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health, sex life, or sexual orientation. We ask that you refrain from submitting any such sensitive information through our contact forms or booking portals.

3. Purposes of Processing and Legal Basis

Under Article 6 of the GDPR, we must establish a valid lawful basis for every instance of data processing. We rely on the following legal bases to process your information:

3.1. Contact Form Data

  • Purpose: To receive, review, and comprehensively respond to your commercial inquiries, and to facilitate ongoing B2B communications regarding our ERP consulting services.
  • Legal Basis: Article 6(1)(b) GDPR (processing is necessary for the performance of a contract, or to take pre-contractual steps at your request). Furthermore, we rely on Article 6(1)(f) GDPR (processing is necessary for the purposes of our legitimate interests).
  • Legitimate Interests Assessment: We have a legitimate commercial interest in responding promptly to inbound business inquiries to foster client relationships. Processing your contact details is strictly necessary to achieve this. Given the professional nature of the data and your voluntary submission, this processing aligns with your reasonable expectations and does not override your fundamental rights and freedoms.

3.2. Analytics and Technical Data

  • Purpose: To monitor website uptime, analyse user engagement trends, optimize our digital content delivery, and improve the overall structural performance of the Website.
  • Legal Basis: Where non-essential analytical cookies are placed on your device to facilitate this tracking, we rely exclusively on your freely given, specific, informed, and unambiguous consent under Article 6(1)(a) GDPR, read in conjunction with Regulation 5 of the Irish ePrivacy Regulations (S.I. 336/2011). You are not obligated to provide this consent.

3.3. Calendly Booking Data

  • Purpose: To schedule, manage, and facilitate remote discovery calls, software demonstrations, and professional ERP consultations.
  • Legal Basis: Article 6(1)(b) GDPR (processing is necessary to take steps at your request prior to entering into a formal Consulting Agreement).

4. Marketing Communications

4.1. Current Marketing Posture

FlexPro365 Limited is focused on delivering high-quality ERP consulting and does not currently operate direct email marketing campaigns, nor do we distribute automated promotional newsletters. Personal data submitted via the contact form or the Calendly scheduling integration is utilized strictly for direct, individualized commercial communication relating to your specific inquiry

4.2. Future Marketing Initiatives

Should we decide to introduce direct electronic marketing communications (e.g., updates on Microsoft Dynamics 365 features, training seminars, or industry insights) in the future, we will do so in strict compliance with Article 6(1)(a) of the GDPR and Regulation 13 of the ePrivacy Regulations (S.I. 336/2011). We will not utilize your data for marketing purposes unless you have provided prior, affirmative, opt-in consent.

4.3. Unsubscribe Mechanism

In the event that you opt in to future marketing communications, every electronic transmission we send will feature a clear, functional, and automated “unsubscribe” hyperlink at the footer. This mechanism will allow you to withdraw your consent instantaneously, without detriment. and free of charge.

5. Third-Party Data Processors and Integrations

To operate the Website efficiently and securely, we engage specialized third-party service providers. These entities act as Data Processors on our behalf under Article 28 of the GDPR, processing your data strictly in accordance with our documented instructions.

5.1. Calendly, LLC (United States)

  • Role: Provision of cloud-based appointment scheduling and calendar management architecture.
  • Data Shared: Your name, business email address, and scheduling preferences.
  • Transfer Mechanism & Safeguards: Calendly processes data securely via infrastructure managed by Google Cloud Services and Amazon Web Services. International transfers are safeguarded via the EU-US Data Privacy Framework. Additionally, our engagement is governed by Calendly’s Data Processing Addendum, which incorporates the European Commission’s Standard Contractual Clauses SCCs).

5.2. Google LLC (United States)

  • Role: Provision of website analytics via the Google Analytics 4 (GA4) platform.
  • Data Shared: Technical metadata, behavioral analytics, and coarse geolocation data derived from IP addresses.
  • Transfer Mechanism & Safeguards: Data processing is governed by the Google Ads Data Processing Terms. Google relies upon the EU-US Data Privacy Framework to legitimize transatlantic data flows.

5.3. LinkedIn Corporation (United States)

  • Role: Outbound social media hyperlink destination.
  • Data Shared: None. The Website does not utilize embedded LinkedIn tracking pixels, software development kits (SDKs), or Insight Tags.
  • Transfer Mechanism: Not applicable. We only provide an outbound hyperlink. Once you click this link and navigate to the LinkedIn platform, LinkedIn assumes the role of an independent Data Controller. At that juncture, you are entirely subject to LinkedIn’s proprietary privacy and cookie policies.

6. International Data Transfers (Chapter V GDPR)

6.1. Rationale for International Transfers

The technical infrastructure required to support modern B2B websites relies on globally distributed cloud environments. Consequently, utilizing Google Analytics 4 and Calendly necessitates the routing and storage of certain personal data on servers located outside the European Economic Area (EEA), specifically within the United States.

6.2. Transfer Safeguards and the “Schrems II” Backdrop

The GDPR strictly regulates international data transfers to ensure that your fundamental rights are not compromised when your data leaves the EU. Acknowledging the legal complexities surrounding EU-US data flows (often referred to as the “Schrems II backdrop”), we ensure that all transfers to the United States are protected by robust legal mechanisms. We rely primarily on two safeguards:

  • The EU-US Data Privacy Framework (DPF): Based on the European Commission’s adequacy decision of 10 July 2023, the US ensures an adequate level of protection for personal data transferred to US organizations that are certified under the DPF. Both Google LLC and Calendly, LLC maintain active certifications under this framework.
  • Standard Contractual Clauses (SCCs): In instances where the DPF cannot be relied upon, we rely on the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) embedded within the Data Processing Agreements executed with our vendors. These clauses impose binding contractual obligations on the US providers to handle your data with EU-equivalent security and privacy standards.

6.3. Further Information

If you require more detailed technical or legal information regarding the specific safeguards We rely upon for international data transfers, you may submit a request to info@blue-fly-648995.hostingersite.com.

7. Data Retention Schedule

In strict accordance with the principle of storage limitation (Article 5(1)(e) GDPR), we retain personal data only for as long as is objectively necessary to fulfil the purposes for which it was originally collected, or to comply with statutory legal, accounting, or reporting obligations.

Data Category Retention Period Justification
Contact form
submissions

(General
Inquiries)
24 months from the date
of the last
communication.
Retained to facilitate pre-contractual
negotiations and out of a legitimate interest
In following up on a stalled commercial
inquiries.
Calendly
booking records

(Consultation
Data)
Duration of the
scheduled appointment +
12 months.
Necessary for the administration of service
delivery, scheduling audits, and precontractual record keeping.
Google
Analytics Data

(Technical
Metrics)
14 months (Standard
GA4 default retention
period).
Required for longitudinal analysis of site
performance and year-over-year traffic
comparisons.

At the conclusion of the specified retention periods, your personal data will be subject to secure cryptographic deletion or irreversible anonymization, rendering it entirely unidentifiable.

8. Your Data Subject Rights

Under Chapter III of the GDPR (Articles 15 – 22), you possess a suite of fundamental rights regarding your personal data. We fully acknowledge and facilitate the exercise of these rights:

  • Right of Access (Art. 15): You have the right to request confirmation as to whether we are processing your personal data, and if so, to receive a copy of that data alongside supplementary information regarding the processing.
  • Right to Rectification (Art. 16): If you believe the personal data we hold about you is inaccurate, out of date, or incomplete, you have the right to request immediate correction or completion.
  • Right to Erasure / “Right to be Forgotten” (Art. 17): You may request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, or if you withdraw your consent.
  • Right to Restriction of Processing (Art. 18): You may request that we temporarily suspend the processing of your data. This is applicable if, for instance, you contest the accuracy of the data and we need time to verify it.
  • Right to Data Portability (Art. 20): Where processing is based on your consent or a contract, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
  • Right to Object (Art. 21): You possess the right to object to processing based on our legitimate interests (Article 6(1)(f)). Upon objection, we will cease processing unless we can demonstrate compelling, overriding legitimate commercial or legal grounds.
  • Rights related to Automated Decision-Making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We explicitly confirm that we do not engage in any automated decision-making or algorithmic profiling.
  • Right to Withdraw Consent (Art. 7(3)): Where we rely on your consent (e.g., for nonessential analytics cookies), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

8.1. Exercising Your Rights

To exercise any of the rights listed above, please submit a written request to info@blue-fly-648995.hostingersite.com. We will respond to all legitimate requests within one calendar month of receipt. In instances where a request is highly complex or if you have submitted multiple requests, this period may be legally extended by a further two months. Should an extension be necessary, we will notify you within the initial one-month period, outlining the reasons for the delay.

8.2. Right to Lodge a Complaint

If you believe that your data protection rights have been infringed or that we have processed your data unlawfully, you retain the fundamental right to lodge a formal complaint with the national supervisory authority. In the Republic of Ireland, this authority is the Data Protection Commission (DPC):

  • Address: 21 – 25 Canal Road, Dublin 6, D06 W6Y3
  • Website / Online Portal: www.dataprotection.ie (Complaints are processed most efficiently via the DPC’s online reporting forms)

9. Cookie Policy

This subsection serves as our compliant cookie notice under the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336/2011).

9.1. What Are Cookies?

Cookies are minute text files that are deposited onto your local device hardware (computer, smartphone, or tablet) by your web browser at the request of our website servers. They are utilized to ensure basic technical operability, remember your preferences, and provide complex behavioral analytics regarding how you interact with our site.

9.2. Schedule of Cookies Utilised

Our website utilizes the following trackers:

Cookie Name /
Provider
Type Purpose Duration Consent
Required?
_ga (Google
Analytics)
Analytics
(Nonessential)
Used to distinguish unique
users across browsing
sessions.
Up to 2
years
Yes
ga* (Google
Analytics)
Analytics
(Nonessential)
Used to persist session state
and event data across page
loads
Up to 2
years
Yes
PHPSESSID
(Website
Server)
Strictly
Necessary
Standard cookie used to
maintain user session state
and technical functionality
across page loads.
Session No

9.3. Consent and Cookie Management

In strict accordance with S.I. 336/2011, a dedicated Cookie Consent Banner is implemented across our website architecture. No non-essential cookies (including the GA4 analytics cookies detailed above) are written to your device prior to the registration of your explicit, affirmative consent. You retain absolute control over your cookie preferences. You may modify or revoke your consent at any time by accessing the persistent consent management tool located in the footer of our Website. Furthermore, you can adjust your browser-level configurations to universally reject or delete HTTP cookies. Please note, however, that disabling certain cookies may impede the functionality of integrated third-party platforms, such as the Calendly booking portal.

10. Changes to This Policy

We reserve the unilateral right to amend, revise, or update this Privacy Policy at any time to accurately reflect evolving technological architectures, modified business practices, or amendments to statutory data protection legislation. Any subsequent revisions will be published directly on this web page. The “Last Updated” metadata field located at the top of this document will always dictate the effective date of the most recent iteration. We strongly recommend that you review this document periodically to stay informed about how we are protecting your data.