Privacy policy

Disclaimer: This document was created as a template for information purposes only. By using it, you agree to this disclaimer and take into account that Webnode is not responsible for any actions taken or use based on the content of this website. We strongly recommend you to seek legal advice and adjust this document to suit the needs of your business.

The e-shop https://www.emeraldwelcomecentre.ie/online-store/ on the website www.emeraldwelcomecentre.ie company ID 754759 based in Ireland processes personal data provided by Customer to fulfill and additionally confirm Terms and Conditions, to process electronic orders and shipments and for the necessary communication during a period required by law.

General provisions

1. Personal data controller, in compliance with GDPR (hereinafter referred to as „Regulation“) is Akinbola Idowu Olusoji Sanuade, company ID 754759, based in Ireland (hereinafter referred to as „Controller“);

2. The contact details of the Controller are: e-mail: info.admin@emeraldwelcomecentre.ie, tel.: +353879160804;

3. Personal data is any information that relates to an identified or identifiable natural person.

The source of personal data

1. Controller processes personal data obtained with consent from Customer and collected through the contract to purchase and fulfillment of the electronic order created in the e-shop https://www.emeraldwelcomecentre.ie/online-store/.;

2. Controller processes only the identifying and contact details of Customer which are necessary for the fulfillment of the contract to purchase;

3. Controller processes personal data for the shipping and accounting purposes and for the necessary communication between the contracting parties for the duration required by law. Personal data will not be made public and will not be transferred to other countries.

Purpose of data processing

Controller processes personal data of the Customer for following purposes:

1. Registration on the website www.emeraldwelcomecentre.ie in compliance with Chapter 4, Section 2 of GDPR;

2. For fulfillment of the electronic order created by Customer (name, address, e-mail, telephone number);

3. To observe law and regulations arising from the the contractual relationship between Customer and Controller;

4. Personal data are necessary for the fulfillment of contract to purchase. Contract cannot be concluded without the personal data.

Duration of personal data storage

1. Controller stores personal data for the period necessary for fulfillment of rights and obligations arising from the contractual relationship between Controller and Customer and for the duration of 3 years following the conclusion of contractual relationship;

2. Controller must delete all personal data after the expiration of the period required for the storage of personal data.

Recipients and processors of personal data

Third parties processing personal data of the Customer are subcontractors of the Controller. Services of these subcontractors are indispensable for the successful fulfillment of the contract to purchase and processing of the electronic order between Controller and Customer.

Subcontractors of the Controller are:

• Webnode AG (e-shop system);
• Shipping company;
• Google Analytics (website analytics);

Rights of Customer

In compliance with the Regulation, Customer is entitled to:

1. The right of access to personal data;

2. The right to rectification of personal data;

3. The right to erasure of personal data;

4. The right to object to processing of personal data;

5. The right to data portability;

6. The right to withdraw consent to the processing of personal data in writing or by e-mail sent to: info.admin@emeraldwelcomecentre.ie;

7. The right to lodge a complaint with the supervisory authority in case of suspected breach of the Regulation.

Security of personal data

1. Controller declares to take all technical and organizational precautions necessary for the protection of personal data;

2. Controller has taken technical precautions to secure data storage spaces, in particular securing access to computer with a password, using antivirus software and performing regular maintenance of computers.

Final provisions

1. By placing an electronic order on the website www.emeraldwelcomecentre.ie Customer confirms to be informed about all the conditions of personal data protection and accepts them to the full extent;

2. Customer accepts these rules by ticking the checkbox in the order purchase form;

3. Controller can update these Rules at any time. New, updated version has to be published on his website.

These Rules come into effect on 20th January 2025

EMERALD WELCOME CENTRE - MOBILE APP PRIVACY POLICY

Effective Date: January 1, 2026
Last Updated: January 1, 2026
Version: 1.0

TABLE OF CONTENTS

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Legal Basis for Processing (GDPR)
5. Information Sharing and Disclosure
6. International Data Transfers
7. Data Security
8. Data Retention
9. Your Privacy Rights (GDPR)
10. Children's Privacy
11. Mobile App Specific Information
12. Third-Party Services and Links
13. Changes to This Privacy Policy
14. Contact Us
15. Supervisory Authority

1. INTRODUCTION

1.1 Who We Are

Emerald Welcome Centre ("we," "us," "our," or "Emerald Welcome Centre") operates the Emerald Welcome Centre mobile application (the "App").

Company Details:

• Legal Name: Emerald Welcome Centre
• Company Number: 754759 (Ireland)
• Email: privacy@emeraldwelcomecentre.ie
• Phone: +353879160804

1.2 Our Commitment to Privacy

We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains:

• What personal information we collect through our mobile app
• How we use, store, and protect your information
• Your rights regarding your personal data
• How to contact us with privacy concerns

1.3 Who This Policy Applies To

This Privacy Policy applies to all users of our mobile app, including:

• Students enrolled in our courses
• Prospective students browsing course information
• Asylum seekers and refugees using our educational services
• Support workers and legal professionals accessing our resources

1.4 Our Special Commitment to Asylum Seekers

We recognize that many of our users are asylum seekers and refugees in vulnerable situations. We take extra care to:

• Protect your sensitive immigration-related information
• Never share your enrolment data with immigration authorities
• Maintain strict confidentiality of your personal information
• Provide options for pseudonymous use where safety is a concern
• Implement enhanced security measures for your protection

1.5 Legal Framework

We comply with all applicable data protection laws, including:

• General Data Protection Regulation (GDPR) - EU Regulation 2016/679
• Irish Data Protection Act 2018
• ePrivacy Directive (as implemented in Irish law)
• Charter of Fundamental Rights of the European Union

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

Account Registration Information: When you create an account, we collect:

• Full name (or approved pseudonym for safety reasons)
• Email address
• Password (encrypted and never stored in plain text)
• Country of residence
• Preferred language

Payment Information: When you purchase courses:

• Billing name and address
• Payment method details (processed securely by third-party payment processors)
• Transaction history
• Invoices and receipts

Important: We do NOT directly store your full credit/debit card numbers. Payment processing is handled by PCI-DSS compliant third-party processors (Stripe, PayPal, etc.).

Course Progress and Learning Data: As you use the app:

• Courses enrolled in
• Lessons accessed and completed
• Time spent on lessons
• Quiz scores and assessment results
• Downloads of course resources
• Bookmarks and saved content
• Notes you create (if feature available)
• Course completion status

Communications: When you contact us:

• Support requests and help desk tickets
• Email correspondence
• Feedback and survey responses
• Chat messages (if feature available)

Optional Information: You may choose to provide:

• Profile photo
• Phone number (for account security)
• Biographical information (if you share it voluntarily)
• Immigration case deadlines (for reminder purposes only)

Important: We do NOT require you to disclose your immigration status, asylum case details, country of origin, or reasons for seeking asylum.

2.2 Information Automatically Collected

Device Information: When you use our app:

• Device type and model (e.g., iPhone 12, Samsung Galaxy S21)
• Operating system and version (e.g., iOS 16, Android 12)
• App version
• Device identifiers (e.g., IDFA on iOS, Advertising ID on Android)
• Screen size and resolution
• Language settings
• Time zone

Usage Information: We automatically collect:

• App launch and usage times
• Features and screens accessed
• Tap and swipe interactions
• Search queries within the app
• In-app navigation patterns
• Session duration
• Frequency of use

Technical Information:

• IP address
• Mobile carrier
• Connection type (WiFi, cellular)
• Internet Service Provider
• Browser type (if accessing via mobile browser)

Location Information (If Enabled):

• Approximate location based on IP address
• Precise location (only if you grant permission for location services)

Note: We do not track your precise location without your explicit consent. You can disable location services in your device settings.

Analytics and Performance Data:

• App performance metrics
• Crash reports and error logs
• Load times and response times
• Feature usage statistics

2.3 Information from Third-Party Sources

Social Media (If You Connect Accounts): If you choose to sign in using social media (Facebook, Google):

• Basic profile information (name, email, profile picture)
• Only information you authorize during connection

Payment Processors:

• Transaction confirmation
• Payment status
• Fraud prevention data

App Stores:

• Purchase confirmation
• App download and update information

2.4 Sensitive Personal Data

Under GDPR Article 9, certain categories of data are considered "special category" or sensitive personal data. We DO NOT intentionally collect:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data for identification purposes
• Health data
• Data concerning sexual orientation

Exception: As an organization serving asylum seekers, we recognize that immigration status information may reveal some of the above categories. If you voluntarily share such information (e.g., in communications about your asylum case), we treat it with the highest level of protection and confidentiality.

2.5 Information We Do NOT Collect

We do NOT collect:

• Your asylum application details
• Your country of origin (unless you voluntarily provide it)
• Your immigration case number
• Your reasons for seeking asylum
• Government-issued ID numbers
• Social Security or equivalent numbers
• Passport numbers
• Precise GPS location (without consent)

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

To Provide Educational Services:

• Create and manage your account
• Process course enrolments and payments
• Deliver course content and materials
• Track your learning progress
• Provide certificates of completion
• Enable course features (quizzes, downloads, bookmarks)
• Synchronize progress across devices

To Communicate with You:

• Send account confirmations and receipts
• Provide course access credentials
• Deliver important updates about courses or platform
• Send deadline reminders (if you've shared deadlines with us)
• Respond to your support requests
• Notify you of technical issues or maintenance
• Send security alerts and account notifications

To Process Payments:

• Process course purchases securely
• Issue invoices and receipts
• Manage refunds and cancellations
• Prevent payment fraud
• Comply with tax and accounting requirements

To Improve Our Services:

• Analyze how students use our app and courses
• Identify technical issues and bugs
• Test new features and improvements
• Understand which courses are most helpful
• Optimize app performance and user experience
• Develop new courses and content

For Security and Fraud Prevention:

• Protect against unauthorized access
• Detect and prevent fraudulent activity
• Enforce our Terms and Conditions
• Protect our legal rights and interests
• Comply with legal obligations

For Marketing (With Your Consent):

• Send information about new courses (opt-in only)
• Share relevant immigration law updates
• Notify you of special offers or discounts
• Send educational newsletters and resources

Important: You can opt out of marketing communications at any time.

3.2 Legal Compliance

We use your information to:

• Comply with tax and accounting regulations
• Respond to valid legal requests and court orders
• Cooperate with law enforcement where legally required
• Protect against legal liability
• Enforce our contracts and policies

3.3 With Your Consent

For certain uses, we ask your explicit consent:

• Sending marketing communications
• Enabling precise location services
• Sharing testimonials or case studies (always anonymized unless you agree)
• Using your information for research or analytics beyond operational needs
• Sharing information with third parties not covered in this policy

You can withdraw consent at any time.

3.4 We Will NEVER Use Your Information To:

✗ Share your course enrolment with immigration authorities
✗ Track your immigration case status
✗ Sell your data to third parties
✗ Share your information for advertising purposes
✗ Contact government agencies about your asylum status
✗ Discriminate based on your immigration status
✗ Endanger your safety or asylum claim

4. LEGAL BASIS FOR PROCESSING (GDPR)

Under GDPR Article 6, we must have a lawful basis to process your personal data. We rely on the following legal bases:

4.1 Contractual Necessity (Article 6(1)(b))

We process your data to fulfill our contract with you:

• Providing access to courses you purchased
• Delivering educational content and services
• Processing payments and issuing receipts
• Providing customer support
• Managing your account

What This Means: We need this data to provide the services you signed up for. Without it, we cannot deliver the courses you purchased.

4.2 Legal Obligation (Article 6(1)(c))

We process data to comply with legal requirements:

• Tax and accounting record-keeping (Irish Revenue requirements)
• Financial reporting obligations (Irish Companies Registration Office)
• Responding to valid legal requests from authorities
• Compliance with anti-money laundering regulations
• Data breach notification requirements

What This Means: Irish and EU law requires us to keep certain records and respond to legitimate legal demands.

4.3 Legitimate Interests (Article 6(1)(f))

We process data for our legitimate business interests, balanced against your rights:

Our Legitimate Interests:

• Improving our educational platform and courses
• Preventing fraud and ensuring platform security
• Understanding how students use our services
• Analyzing platform performance
• Protecting our legal rights
• Direct marketing to existing customers (with easy opt-out)

Your Rights Protected: We always balance our interests against your privacy rights. You can object to processing based on legitimate interests (see Section 9).

4.4 Consent (Article 6(1)(a))

For certain processing, we ask your explicit consent:

• Marketing communications about new courses
• Precise location tracking (if applicable)
• Non-essential cookies and analytics
• Testimonials using your information
• Optional feedback surveys

Your Right: You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4.5 Special Category Data (If Applicable)

If we process special category data (GDPR Article 9), we rely on:

• Explicit consent (Article 9(2)(a)) - You explicitly agree to our processing this data
• Substantial public interest (Article 9(2)(g)) - Supporting asylum seekers and refugees serves substantial public interest

5. INFORMATION SHARING AND DISCLOSURE

5.1 We Do NOT Sell Your Information

Critical Commitment: We do NOT sell, rent, or trade your personal information to third parties for marketing or any other purposes.

5.2 Trusted Service Providers

We share limited information with service providers who help us operate our app:

Payment Processors:

• Who: Stripe, PayPal, or similar PCI-DSS compliant payment processors
• What They Get: Payment information, billing details, transaction data
• Why: To securely process your payments
• Protections: Contractually bound to GDPR compliance; use data only for payment processing

Cloud Hosting and Storage:

• Who: [Your hosting provider, e.g., AWS, Google Cloud, Azure]
• What They Get: Account data, course content, usage data
• Why: To host our app infrastructure and store data securely
• Protections: GDPR-compliant; data stored in EU/EEA or with Standard Contractual Clauses

Email Service Providers:

• Who: [Your email service, e.g., SendGrid, Mailchimp]
• What They Get: Email address, name, communication preferences
• Why: To send transactional emails and course communications
• Protections: GDPR-compliant; data processing agreement in place

Analytics Providers:

• Who: Google Analytics for Mobile, Firebase Analytics, or similar
• What They Get: Anonymized usage data, device information, app performance metrics
• Why: To understand app usage and improve services
• Protections: Data anonymized where possible; you can opt out

Customer Support Tools:

• Who: [Your support platform, e.g., Zendesk, Intercom]
• What They Get: Support requests, email correspondence, account information
• Why: To provide customer support and resolve issues
• Protections: GDPR-compliant; confidentiality agreements

App Platform Providers:

• Who: LearnWorlds (or your LMS provider)
• What They Get: Account data, course progress, content access logs
• Why: To provide the learning platform infrastructure
• Protections: GDPR-compliant; data processing agreement

All Service Providers:

• Are carefully vetted for security and privacy practices
• Sign data processing agreements (GDPR Article 28)
• Can only use data as we instruct
• Must implement appropriate security measures
• Are prohibited from using data for their own purposes

5.3 Legal Requirements and Protection

We may disclose your information if required to:

Legal Compliance:

• Comply with valid court orders or subpoenas
• Respond to lawful requests from Irish or EU authorities
• Meet legal, regulatory, or governmental requirements
• Comply with tax and accounting obligations

Protection of Rights:

• Enforce our Terms and Conditions
• Protect against fraud, illegal activity, or security threats
• Defend against legal claims or litigation
• Protect the safety of users or the public
• Protect our legal rights and property

Transparency Commitment:

• We will resist overly broad or unjustified requests for user data
• We will notify you of legal requests unless prohibited by law
• We will request court orders for non-routine requests
• We maintain transparency reports (available upon request)

5.4 Business Transfers

If Emerald Welcome Centre is involved in a merger, acquisition, bankruptcy, or sale of assets:

• Your information may be transferred to the new entity
• The new entity must continue protecting your data under GDPR
• We will notify you before any transfer
• You will have options to delete your account if you disagree
• Your rights under GDPR remain fully protected

5.5 With Your Explicit Consent

We may share information with third parties if you explicitly consent:

• Sharing testimonials or success stories (always anonymized unless you agree otherwise)
• Connecting with educational partners or support organizations
• Participating in research studies
• Any other purpose with your informed, freely-given consent

You can withdraw consent at any time.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you:

• Statistical reports on course completion rates
• Anonymous usage analytics
• Research on educational effectiveness
• Public reports on our impact

This data is anonymized and cannot be traced back to you.

5.7 What We Will NEVER Share

We will NEVER share: ✗ Your enrollment in immigration courses with government authorities
✗ Your personal information for advertising or marketing by third parties
✗ Your data with your country of origin government
✗ Your immigration status or asylum-related information
✗ Your information in ways that could endanger your safety or asylum claim

6. INTERNATIONAL DATA TRANSFERS

6.1 Where Your Data Is Stored

Primary Storage Location: Your personal data is primarily stored on secure servers located within the European Economic Area (EEA), ensuring full GDPR protection.

EEA Countries: EU member states plus Iceland, Liechtenstein, and Norway.

6.2 Transfers Outside the EEA

If we use service providers located outside the EEA (e.g., United States), we ensure your data remains protected through:

Standard Contractual Clauses (SCCs):

• EU Commission-approved contracts ensuring GDPR-level protection
• Legally binding obligations on data recipients
• Rights for you to enforce protections

Adequacy Decisions:

• Countries recognized by EU Commission as providing adequate protection
• Currently includes: UK, Switzerland, Japan, Canada (commercial), New Zealand, Argentina, etc.

Other Safeguards:

• Binding Corporate Rules for large multinational service providers
• Explicit consent (for specific transfers)
• Necessity for contract performance

6.3 Current Non-EEA Service Providers

[List your non-EEA service providers, e.g.:]

• Payment Processors: Stripe (US) - Protected by SCCs
• Cloud Services: [Provider] ([Country]) - Protected by SCCs
• Analytics: Google Analytics (US) - Anonymized data + SCCs

6.4 Your Rights Regarding Transfers

You have the right to:

• Request information about safeguards for international transfers
• Object to specific transfers
• Request a copy of SCCs or other safeguard documents
• Withdraw consent for transfers based on consent

Contact: privacy@emeraldwelcomecentre.ie

7. DATA SECURITY

7.1 Our Security Commitment

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

7.2 Technical Security Measures

Encryption:

• Data encrypted in transit using TLS/SSL (Transport Layer Security)
• Sensitive data encrypted at rest (AES-256 encryption)
• Passwords hashed using bcrypt with salt
• Payment data encrypted by PCI-DSS compliant processors

Access Controls:

• Multi-factor authentication for administrative access
• Role-based access control (RBAC)
• Least privilege principle (staff access only what's needed)
• Regular access reviews and audits

Network Security:

• Firewalls protecting infrastructure
• Intrusion detection and prevention systems
• DDoS protection
• Regular vulnerability scanning
• Penetration testing

Application Security:

• Secure coding practices
• Regular security updates and patches
• Input validation and sanitization
• Protection against common attacks (SQL injection, XSS, CSRF)
• Secure session management

Infrastructure Security:

• Secure cloud hosting with SOC 2 Type II certified providers
• Redundant systems and backups
• Disaster recovery procedures
• Regular security audits

Mobile App Specific Security:

• Certificate pinning (prevents man-in-the-middle attacks)
• Secure local storage (encrypted)
• Jailbreak/root detection
• Code obfuscation
• Secure API communication

7.3 Organizational Security Measures

Staff Training:

• Comprehensive data protection training for all staff
• Regular security awareness programs
• Phishing and social engineering awareness
• Incident response training

Policies and Procedures:

• Information security policy
• Data protection policy
• Incident response plan
• Business continuity and disaster recovery plans
• Secure development lifecycle

Vendor Management:

• Security assessments of all service providers
• Data processing agreements (GDPR Article 28)
• Regular security audits of critical vendors
• Vendor security incident notification requirements

Physical Security (For Servers/Offices):

• Restricted physical access to data centers
• Security monitoring and surveillance
• Secure disposal of hardware and media

7.4 Data Breach Response

In the event of a data breach:

Our Actions:

• Immediate containment and investigation
• Notification to Data Protection Commission within 72 hours (if risk to rights)
• Notification to affected users without undue delay
• Transparent communication about the breach
• Remediation to prevent recurrence

What We'll Tell You:

• Nature of the breach
• What data was affected
• Likely consequences
• Measures taken to address the breach
• Recommended steps for you to protect yourself

Your Actions:

• Follow our recommended protective steps
• Change your password immediately
• Monitor your accounts for suspicious activity
• Contact us with questions: security@emeraldwelcomecentre.ie

7.5 Your Security Responsibilities

While we implement strong security, you also play a role:

Do: ✓ Use a strong, unique password ✓ Enable two-factor authentication (if available) ✓ Keep your app updated to latest version ✓ Log out on shared devices ✓ Report suspicious activity immediately ✓ Protect your device with passcode/biometrics ✓ Use trusted WiFi networks

Don't: ✗ Share your password with anyone ✗ Use the same password across multiple services ✗ Save passwords on shared devices ✗ Click suspicious links in emails ✗ Fall for phishing attempts ✗ Jailbreak/root your device (compromises security)

7.6 Limitations

No Absolute Guarantee: While we use industry-standard security measures, no system is 100% secure. Internet transmission and electronic storage inherently carry some risk.

We Are Not Liable For:

• Unauthorized access resulting from your sharing of credentials
• Security breaches beyond our reasonable control
• Your device's security vulnerabilities
• Third-party service provider breaches (though we select vendors carefully)

Report Security Issues: If you discover a security vulnerability, please report it responsibly:

• Email: security@emeraldwelcomecentre.ie
• We'll respond within 48 hours
• We appreciate responsible disclosure

8. DATA RETENTION

8.1 How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy and as required by law.

8.2 Retention Periods by Data Type

Active Account Data:

• Retention: While your account is active and for 7 years after last activity
• Reason: Service delivery, legal compliance (tax/accounting records)

Course Progress and Learning Data:

• Retention: While you have course access and for 2 years after
• Reason: Provide ongoing access, issue certificates, analyze educational effectiveness
• Exception: Anonymized for statistical purposes beyond retention period

Payment and Transaction Data:

• Retention: 7 years after transaction
• Reason: Irish tax law requirements, accounting regulations, audit purposes
• Legal Basis: Irish Revenue Commissioners requirements

Communications and Support Data:

• Retention: 3 years after last communication
• Reason: Customer service quality, dispute resolution, legal protection

Marketing Consent:

• Retention: Until you withdraw consent or 2 years of inactivity
• Reason: Respect your communication preferences

Legal Holds:

• Retention: Duration of legal proceedings plus 1 year
• Reason: Legal compliance, defense of legal claims

Backup Data:

• Retention: Backups retained for 90 days then securely deleted
• Reason: Disaster recovery, business continuity

8.3 Deletion of Data

After Retention Periods:

• Data is securely deleted or anonymized
• Deletion methods: Secure overwriting, cryptographic erasure
• Backups are cycled and eventually deleted
• Physical media is securely destroyed

Early Deletion: You can request deletion before retention periods expire (see Section 9 - Right to Erasure), subject to legal exceptions.

8.4 Exceptions to Deletion

We may retain data longer if:

• Required by law (tax records, legal proceedings)
• Necessary for legal claims or defense
• Needed to protect rights of others
• Already anonymized (no longer personal data)

9. YOUR PRIVACY RIGHTS (GDPR)

Under GDPR, you have comprehensive rights regarding your personal data.

9.1 Right to Access (Article 15)

What It Means: You can request confirmation of whether we process your data and obtain a copy.

What You'll Receive:

• Confirmation of data we hold
• Copy of your personal data
• Information about processing purposes
• Categories of data processed
• Recipients of your data
• Retention periods
• Your rights

How to Exercise: Email: privacy@emeraldwelcomecentre.ie with subject "Data Access Request"

Response Time: Within 1 month (may extend to 3 months for complex requests)

Cost: Free (may charge for excessive or repetitive requests)

9.2 Right to Rectification (Article 16)

What It Means: You can correct inaccurate or incomplete personal data.

How to Exercise:

• Update your account information in app settings, OR
• Email: privacy@emeraldwelcomecentre.ie

Response Time: Within 1 month

What We'll Do:

• Correct inaccurate data promptly
• Notify third parties if data was shared
• Confirm changes to you

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

What It Means: You can request deletion of your personal data.

When This Applies:

• Data no longer necessary for original purpose
• You withdraw consent (where consent was legal basis)
• You object and no overriding legitimate grounds exist
• Data processed unlawfully
• Legal obligation requires deletion

Exceptions (We May Retain Data If):

• Required for legal compliance (tax records, legal proceedings)
• Necessary for legal claims or defense
• Public interest or scientific/historical research
• Exercise of freedom of expression

How to Exercise: Email: privacy@emeraldwelcomecentre.ie with subject "Data Deletion Request"

What Happens:

• We verify your request
• Delete data where legally permissible
• Notify third parties where data was shared
• Confirm deletion within 1 month

9.4 Right to Restriction of Processing (Article 18)

What It Means: You can request we limit how we use your data while issues are resolved.

When This Applies:

• You dispute data accuracy (restriction during verification)
• Processing is unlawful but you prefer restriction over deletion
• We no longer need data but you need it for legal claims
• You objected to processing (restriction pending verification)

Effect:

• Data is stored but not actively processed
• We notify you before lifting restriction
• Processing resumes only with your consent or for legal claims

How to Exercise: Email: privacy@emeraldwelcomecentre.ie

9.5 Right to Data Portability (Article 20)

What It Means: You can receive your data in a structured, machine-readable format and transmit it to another service.

What Data This Covers:

• Data you provided to us
• Data processed based on consent or contract
• Data processed by automated means

What Data This Does NOT Cover:

• Data we derived or inferred
• Data processed based on legal obligation

Format Provided:

• CSV, JSON, or XML files
• Commonly used, machine-readable formats

How to Exercise: Email: privacy@emeraldwelcomecentre.ie with subject "Data Portability Request"

9.6 Right to Object (Article 21)

What It Means: You can object to certain types of processing.

Processing You Can Object To:

• Processing based on legitimate interests (we must stop unless compelling grounds)
• Direct marketing (we must stop immediately - absolute right)
• Profiling for marketing
• Scientific/historical research (unless public interest)

How to Exercise:

• For marketing: Click "Unsubscribe" or email privacy@emeraldwelcomecentre.ie
• For other processing: Email privacy@emeraldwelcomecentre.ie

What Happens:

• Marketing: Immediate cessation
• Other processing: We assess and stop unless compelling legitimate grounds exist

9.7 Rights Related to Automated Decision-Making (Article 22)

What It Means: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Our Practice:

• We do NOT use automated decision-making
• We do NOT use profiling for decisions about you
• All enrollment and support decisions involve human review

9.8 Right to Withdraw Consent

What It Means: Where processing is based on consent, you can withdraw it at any time.

Effect:

• Withdrawal doesn't affect lawfulness of processing before withdrawal
• We stop processing based on that consent
• Other processing (e.g., based on contract or legal obligation) continues

How to Exercise:

• Email: privacy@emeraldwelcomecentre.ie
• In-app settings (for marketing preferences)
• Click "Unsubscribe" in marketing emails

9.9 Right to Lodge a Complaint

What It Means: You can file a complaint with the Data Protection Commission if you believe we've violated your rights.

Data Protection Commission: 21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
Website: www.dataprotection.ie
Online Complaint Form: www.dataprotection.ie/en/contact/how-complain

We Encourage:

• Contact us first: privacy@emeraldwelcomecentre.ie
• We'll work to resolve issues directly
• You can complain to DPC at any time regardless

9.10 How to Exercise Your Rights

General Process:

1. Submit Request:
• Email: privacy@emeraldwelcomecentre.ie
• Include: Your name, email, specific request, account details
• Provide: Proof of identity (for security)
2. Verification:
• We verify your identity
• May request additional information for security
3. Processing:
• We respond within 1 month
• May extend to 3 months for complex requests (we'll notify you)
• We explain our decision
4. No Cost:
• Generally free
• May charge for manifestly unfounded/excessive requests

Need Help? Our Data Protection Officer is available to assist:

• Email: privacy@emeraldwelcomecentre.ie
• Phone: +353 879160804

10. CHILDREN'S PRIVACY

10.1 Age Restriction

Our app is intended for users aged 18 years and older.

• We do not knowingly collect personal data from children under 16
• Irish immigration processes typically involve adults
• Educational content is designed for adult comprehension

10.2 If You're Under 18

If you are between 16-18 years old:

• You may use the app with parental/guardian consent
• A parent/guardian should review this Privacy Policy with you
• A parent/guardian should supervise your use
• Consider having them create the account on your behalf

10.3 If We Discover Data from Children

If we discover we've collected data from a child under 16:

• We will delete the data promptly
• We will terminate the account
• We will not use or share the data

10.4 Parents/Guardians

If you believe your child under 16 has provided us with personal data:

• Contact us immediately: privacy@emeraldwelcomecentre.ie
• We will delete the data within 30 days
• We will confirm deletion to you

10.5 Unaccompanied Minors in Immigration Process

We recognize some asylum-seeking minors may need our educational resources:

• If you're an unaccompanied minor (under 18), contact us first
• We may require guardian/social worker authorization
• We can work with your legal guardian or social worker
• We'll provide appropriate safeguards

11. MOBILE APP SPECIFIC INFORMATION

11.1 Mobile Device Permissions

Our app may request the following permissions:

Storage Permission:

• Why: Save course materials for offline access, cache content
• Android: READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE
• iOS: Photo Library (if saving resources)
• Control: Can deny; limits offline functionality

Network Permission:

• Why: Access course content, sync progress
• Required: Yes, for app to function
• Data Used: Course videos, materials, authentication

Camera Permission (Optional):

• Why: Upload profile photo (if feature available)
• Required: No
• Control: Can deny; profile photo feature won't work

Notifications Permission:

• Why: Send deadline reminders, course updates
• Required: No
• Control: Manage in device settings

Location Permission (If Applicable):

• Why: Customize content based on region
• Required: No
• What We Collect: Approximate location (city/country level)
• Control: Can deny; doesn't affect core functionality

How to Manage Permissions:

• iOS: Settings > Privacy > [Permission Type] > Emerald Welcome Centre
• Android: Settings > Apps > Emerald Welcome Centre > Permissions

11.2 Push Notifications

What We Send:

• Course access confirmations
• Deadline reminders (if you've shared deadlines)
• Important app updates
• Security alerts
• New course announcements (opt-in)

What's Included:

• Message preview
• Notification may be visible on lock screen
• Controlled by your device settings

How to Disable:

• iOS: Settings > Notifications > Emerald Welcome Centre
• Android: Settings > Apps > Emerald Welcome Centre > Notifications
• In-App: Settings > Notifications

11.3 App Analytics

Tools We Use:

• Google Analytics for Mobile
• Firebase Analytics
• [Any other analytics tools]

What They Track:

• App opens and session duration
• Screen views and navigation
• Feature usage
• Crash reports
• Performance metrics

Data Collected:

• Device type and OS
• App version
• Country/region (approximate)
• Anonymized user ID
• Event data (anonymized)

How to Opt Out:

• iOS: Settings > Privacy > Analytics & Improvements > Share With App Developers (OFF)
• Android: Settings > Google > Ads > Opt out of Ads Personalization (ON)
• In-App: Settings > Privacy > Analytics (if available)

11.4 Crash Reporting

Purpose: Automatically report app crashes to help us fix bugs.

What's Collected:

• Device information
• OS version
• App version
• Crash logs (technical data)
• Actions leading to crash

Privacy:

• Crash logs are anonymized
• No personal information included
• Used solely for debugging

Tools:

• Firebase Crashlytics
• [Any other crash reporting tools]

11.5 App Updates

Automatic Updates:

• App may automatically download updates (if enabled in device settings)
• Updates may change data collection practices
• Material changes will trigger Privacy Policy update notification

Update Notifications:

• We may notify you of important updates
• Security updates are strongly recommended

11.6 Offline Functionality

Downloaded Content:

• Course videos and materials stored locally on your device
• Encrypted storage
• Progress syncs when reconnected
• Delete app to remove all local data

Offline Data:

• Stored securely on your device
• Not accessible to other apps
• Deleted when you uninstall app

11.7 App-to-App Communication

Social Sharing (If Available):

• Share course achievements on social media (opt-in)
• We don't post without your explicit action
• Social platforms have their own privacy policies

Deep Linking:

• App may open from email or web links
• Secure authentication maintained
• Session managed securely

11.8 Biometric Authentication (If Available)

Face ID / Touch ID / Fingerprint:

• Purpose: Quick, secure login
• Data: Biometric data never leaves your device
• Storage: Stored in device's secure enclave, not on our servers
• Control: Enable/disable in app settings

11.9 Background App Activity

What Happens When App Is in Background:

• Sync course progress (if enabled)
• Check for new content
• Download updates
• Process notifications

Battery and Data:

• Designed to minimize battery drain
• Use WiFi for large downloads (when possible)
• Respect device's low power mode

Control:

• iOS: Settings > General > Background App Refresh
• Android: Settings > Apps > Emerald Welcome Centre > Battery > Background restriction

11.10 Third-Party SDKs (Software Development Kits)

Our app uses the following third-party SDKs:

[List SDKs used, e.g.:]

1. Google Firebase:
• Purpose: Analytics, crash reporting, authentication
• Privacy Policy: https://firebase.google.com/support/privacy
2. Stripe SDK:
• Purpose: Payment processing
• Privacy Policy: https://stripe.com/privacy
3. [Other SDKs]:
• Purpose: [State purpose]
• Privacy Policy: [Link]

Each SDK has its own privacy policy. We select SDKs that respect user privacy and comply with GDPR.

11.11 Uninstalling the App

What Happens When You Uninstall:

• All locally stored data is deleted from your device
• Your account and cloud data remain (unless you request deletion)
• You can reinstall and access your courses again
• To fully delete your account: Email privacy@emeraldwelcomecentre.ie

12. THIRD-PARTY SERVICES AND LINKS

12.1 Third-Party Services We Use

We use trusted third-party services to operate our app. Each has its own privacy policy:

Payment Processors:

• Stripe: https://stripe.com/privacy
• PayPal: https://www.paypal.com/privacy

Cloud Hosting:

• [Your provider]: [Privacy policy link]

Email Services:

• [Your provider]: [Privacy policy link]

Analytics:

• Google Analytics: https://policies.google.com/privacy

Customer Support:

• [Your provider]: [Privacy policy link]

12.2 Links to External Websites

Our app may contain links to:

• Irish government websites (IPO, IPAT, INIS)
• Legal resources
• Support organizations
• Reference materials

Important:

• These websites have their own privacy policies
• We are not responsible for their privacy practices
• Review their policies before providing personal information
• Our Privacy Policy doesn't apply to external sites

12.3 Government Websites

Links to government sites:

• International Protection Office (IPO): www.ipo.gov.ie
• International Protection Appeals Tribunal (IPAT): www.ipat.ie
• Irish Naturalisation and Immigration Service (INIS): www.inis.gov.ie

These sites are operated independently and have their own privacy policies.

12.4 Social Media

If we link to or integrate with social media:

• Social platforms have their own privacy policies
• We don't control social media platforms
• Be cautious about what you share publicly
• Review social platform privacy settings

Our Social Media Presence: [List your social media accounts if applicable]

• Facebook: [Your page]
• Twitter: [Your account]
• Instagram: [Your account]

12.5 No Endorsement

Links to third-party sites do not imply endorsement:

• We link for informational purposes
• We don't control third-party content
• Third-party privacy practices may differ from ours
• Use external sites at your own discretion

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Technology changes
• User feedback and best practices

13.2 How We Notify You

Material Changes: For significant changes that affect your rights:

• Email notification to your registered address
• In-app notification when you next open the app
• Prominent notice on app homepage
• 30 days' notice before changes take effect (where possible)

Minor Changes: For non-material updates:

• Updated "Last Updated" date at top of policy
• Notice in app
• Changes effective upon posting

13.3 Your Options

When we update our Privacy Policy:

You Can:

• Review the updated policy
• Contact us with questions: privacy@emeraldwelcomecentre.ie
• Object to changes (exercise your GDPR rights)
• Delete your account if you disagree with changes

Continued Use:

• Continuing to use the app after changes constitutes acceptance
• If you don't agree, please stop using the app and contact us about account deletion

13.4 Version History

Current Version: 1.0
Effective Date: January 1, 2026
Last Updated: January 1, 2026

Previous Versions: [Maintain list of previous versions and dates]

Access Previous Versions: Request previous versions: privacy@emeraldwelcomecentre.ie

14. CONTACT US

14.1 Privacy Questions and Requests

For any privacy-related questions, concerns, or requests:

Email: privacy@emeraldwelcomecentre.ie
Subject Line: [Specify: Data Access Request, Deletion Request, General Privacy Question, etc.]

Phone: +353 [Your Phone Number]
Hours: Monday-Friday, 9:00 AM - 5:00 PM Irish Time

Post:
Data Protection Officer
Emerald Support Welcome Centre CLG
[Your Full Registered Address]
Ireland

14.2 Data Protection Officer

Our Data Protection Officer oversees our privacy practices:

Contact:
Email: dpo@emeraldwelcomecentre.ie
Phone: +353 [DPO Phone Number]

Responsibilities:

• Oversee GDPR compliance
• Handle data subject requests
• Coordinate with Data Protection Commission
• Monitor data protection practices
• Provide guidance on privacy matters

14.3 General Inquiries

For non-privacy questions:

General Support: support@emeraldwelcomecentre.ie
Course Questions: courses@emeraldwelcomecentre.ie
Technical Issues: tech@emeraldwelcomecentre.ie

14.4 Response Time

We aim to respond to:

• Privacy requests: Within 1 month (GDPR requirement)
• General questions: Within 5 business days
• Urgent security issues: Within 48 hours

14.5 Provide These Details

When contacting us about privacy:

• Your full name
• Email address associated with account
• Account username (if applicable)
• Specific request or question
• Proof of identity (for security)
• Preferred contact method

15. SUPERVISORY AUTHORITY

15.1 Right to Complain

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Irish Data Protection Commission.

15.2 Data Protection Commission (Ireland)

Contact Information:

Address:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Phone:
+353 (0)761 104 800
+353 57 868 4800

Email:
info@dataprotection.ie

Website:
www.dataprotection.ie

Online Complaint Form:
www.dataprotection.ie/en/contact/how-complain

Office Hours:
Monday-Friday: 9:30 AM - 5:30 PM Irish Time

15.3 How to File a Complaint

Steps:

1. Try Resolving with Us First:
• Contact privacy@emeraldwelcomecentre.ie
• We may resolve the issue directly
• This doesn't affect your right to complain to DPC
2. File Complaint with DPC:
• Use online complaint form (preferred)
• Send written complaint by post
• Include:
• Your contact details
• Details of the concern
• What happened and when
• What you want to happen
• Any relevant correspondence with us
3. DPC Investigation:
• DPC will review your complaint
• May contact us for information
• Will investigate and make determination
• You'll be informed of the outcome

15.4 Other EU Supervisory Authorities

If you reside in another EU country, you may also complain to your local supervisory authority:

Find Your Authority:
https://edpb.europa.eu/about-edpb/board/members_en

Examples:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Germany: Federal Commissioner for Data Protection - bfdi.bund.de
• France: CNIL - cnil.fr

15.5 We Welcome Feedback

Before filing a formal complaint, please contact us:

• We value your privacy concerns
• We want to resolve issues promptly
• We're committed to continuous improvement
• Your feedback helps us improve

However:

• You can complain to DPC at any time
• You don't need to contact us first
• Your right to complain is absolute

APPENDIX A: GLOSSARY OF TERMS

Personal Data: Information relating to an identified or identifiable person.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).

Data Controller: Entity that determines purposes and means of processing (Emerald Welcome Centre).

Data Processor: Entity that processes data on behalf of controller (our service providers).

Data Subject: The individual to whom personal data relates (you).

GDPR: General Data Protection Regulation - EU Regulation 2016/679.

EEA: European Economic Area (EU + Iceland, Liechtenstein, Norway).

Consent: Freely given, specific, informed indication of agreement to processing.

Legitimate Interest: Legal basis for processing when necessary for controller's interests (balanced against data subject's rights).

Special Category Data: Sensitive data requiring extra protection (race, health, religion, etc.).

Anonymization: Processing data so it can no longer identify an individual.

Pseudonymization: Replacing identifying information with pseudonyms (still personal data but with reduced risk).

Data Breach: Security incident leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure/access to personal data.

APPENDIX B: YOUR RIGHTS AT A GLANCE

Right

What It Means

How to Exercise

Access

Get copy of your data

Email privacy@emeraldwelcomecentre.ie

Rectification

Correct inaccurate data

Update in app or email us

Erasure

Delete your data

Email deletion request

Restriction

Limit how we use data

Email restriction request

Portability

Get data in transferable format

Email portability request

Object

Object to processing

Email objection or click unsubscribe

Withdraw Consent

Cancel consent-based processing

Email us or manage in app settings

Complain

File complaint with DPC

www.dataprotection.ie

Response Time: 1 month (may extend to 3 months)
Cost: Free (generally)

APPENDIX C: DATA WE COLLECT - SUMMARY TABLE

Data Type

Examples

Purpose

Legal Basis

Account Info

Name, email, password

Provide services

Contract

Payment Data

Billing address, transaction history

Process payments

Contract

Course Data

Progress, quiz scores

Deliver courses

Contract

Device Info

OS, device type

App functionality

Legitimate interest

Usage Data

Pages viewed, time spent

Improve app

Legitimate interest

Communications

Support requests

Customer service

Contract

Marketing

Email preferences

Send updates

Consent

APPENDIX D: THIRD-PARTY SERVICE PROVIDERS

Service

Provider

Purpose

Data Shared

Privacy Policy

Payment

Stripe

Process payments

Payment details

stripe.com/privacy

Hosting

[Provider]

Store data

All account data

[Link]

Email

[Provider]

Send emails

Email address

[Link]

Analytics

Google Analytics

Usage analytics

Anonymized data

policies.google.com/privacy

Support

[Provider]

Customer support

Support tickets

[Link]

CONCLUSION

Thank you for trusting Emerald Welcome Centre with your personal information. We are committed to protecting your privacy and empowering your immigration journey through education.

If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us.

Contact Information:

Emerald Welcome Centre
Company Number: 754759

Privacy Queries:
Email: privacy@emeraldwelcomecentre.ie
Phone: +353 [Your Number]

General Support:
Email: support@emeraldwelcomecentre.ie
Website: www.emeraldwelcomecentre.ie

Data Protection Commission:
www.dataprotection.ie
+353 (0)761 104 800

Document Information:

• Title: Emerald Welcome Centre Mobile App Privacy Policy
• Version: 1.0
• Effective Date: January 1, 2026
• Last Updated: January 1, 2026
• Applicable Law: Irish Data Protection Act 2018, GDPR (EU 2016/679)
• Language: English (legally binding version)

END OF PRIVACY POLICY