Your Privacy & Security
Thank you for shopping at rainkilt.ie, which is owned and operated by Triscle Fashion Limited, Triscle Tower, Glendree Upper, Feakle, Co. Clare, Ireland (“Triscle/we/us”).
Ensuring the privacy and security of your personal information is very important to us. Our privacy and security policy outlines the information we collect about you, how and why we use the information and the choices you have to restrict our usage of this information.
All data is treated with the utmost confidentiality. We do not share, rent or sell any of our customer’s information to any other individual, business or organization.
*You can easily update your account information by clicking on to rainkilt.ie and logging into: My Account.
**Cookies are bits of information that are automatically stored on your computer. Cookies do not contain any personally identifiable information such as your name, address or any financial information. If you do not wish to have cookies on your system, you can set your browser preferences to disable them.
Email addresses collected at rainkilt.ie are only used internally. We respect your privacy rights and will not sell or rent your email address to other companies.
When you visit or shop on-line at rainkilt.ie, or send e-mails to us, you are communicating with us electronically. We communicate with you by e-mail or by posting notices on the website. For contractual purposes, you consent to receive communications from us electronically and you agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. If you complete your details in the Contact Us section, you agree that you wish to be contacted by us. This condition does not affect your statutory rights.
All payment processing is handled securely by Stripe Payments. The Payment Card Industry Data Security Standards (PCI DSS) is a mandatory compliance standard for all payment service providers. The standard enforces high levels of security in all areas where cardholder data is transmitted or stored. Strong protections such as encryption, intrusion detection and response, formalized policies and standards and security aware development methodologies all contribute to making Stripe Payments the secure choice for payment processing needs.
Never send your bank or credit card details by email Please note that email is not encrypted and is not considered a secure means of transmitting credit card numbers. We will never, ever ask for sensitive information via email.
When ordering products or services on the site, you may be asked to provide a credit card number. Depending upon the activity, some of the information that we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to engage in that activity.
Triscle may periodically update this Privacy & Security Policy for new, unanticipated uses not previously disclosed. Any changes made will be posted here. By visiting our website you agree to accept any changes made to this policy. The Triscle Privacy & Security Policy only addresses the use and disclosure of information we collect from you on our website. Feel free to contact us with any questions about our Privacy & Security Policy by emailing email@example.com
Triscle uses the most current Internet security to keep your information safe.
Please also read our Terms and Conditions on www.rainkilt.ie.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into effect across all EU member states on 25 May 2018. The GDPR provides one framework data protection law for Europe, representing a significant harmonisation of data protection requirements and standards across the EU. Further information.
It’s intention is to enforce the principle of “Privacy by Design” by minimising data collection and retention and ensuring data is obtained only by consent and is available on a strict “need to know” basis. Data Collectors (companies like us) must analyse the risks to the data subjects (our customers and personnel) posed by processing the data (storing it, sharing it). Data Collectors must also provide data subjects with a “right to be forgotten”.
Your privacy is of paramount importance to us.
Data Protection Impact Assessment
The only information we have relating to customers is the absolute minimum we require to enable us to process and deliver an order i.e. the data they enter at the point of ordering on-line:
• Contact Name(s)
• Contact Telephone Number(s) (landline and / or mobile)
• Contact Email Address(es)
• Invoice address
• Delivery address (optional)
• Company Name (optional)
• VAT registration number (optional)
Legal Ground: Contractual necessity.
Location: This information is retained on our webserver which is located within the E.U.
Visible to: Management and Sales personnel.
Risk: In the event of our webserver being hacked, this information would be available to the hacker.
Risk Profile: This information could be used to facilitate identity theft.
Risk Minimisation: Files can only be uploaded to our webserver by means of secure username and password protected access. All communications between our computers and the webserver are by means of secure protocols. There is no provision for anybody outside of our office to upload files to the website. There is no public access to our office network. Browser access to our website is strictly via https using 256-bit encryption so personal data entered by the customer at the point of ordering is encrypted during transmission to our webserver.
Breach Notification: GPDR article 31 requires us to notify data authorities within 72 hours after a breach of personal data has been discovered. Data Subjects i.e. our customers and personnel, have to be notified if the data poses a “high risk to their rights and freedoms”. However, whatever about the legal requirements, if we are hacked, we will tell you.
Most payments go via a third-party service e.g. Paypal or Stripe. In this case, we have NO access to the credit card data.
Risk: In the event of our webserver being hacked, no payment information would be available to the hacker.
We have copies of all email correspondence with our customers. Our email service is hosted by hostingireland.ie.
Risk: In the event of our webserver being hacked, no email correspondence would be available to the hacker.
We categorise data into two areas:
1. Trade Data Data that is specific to and received directly from customers and suppliers with whom we expect to or already have regular business transactions (Trade Contacts).
2. End-User Data Data received from our Trade Contacts relating to their customers or prospective customers (End-Users).
Trade Data. Data relating to our customers and suppliers will used for the purposes of processing orders and associated activities surrounding order processing as well as marketing activity specific to the products and services we sell.
End-User Data. Data provided by our Trade Contacts relating to End-User customers will be used for the sole purpose of processing orders. It is the responsibility of the Trade Contact to ensure all permissions are sought before passing on End-User data and that all End-Users are aware that their data may be used by others to fulfil the order processing and delivery.
Where appropriate Trade and End-User Data may be passed to third party contractors for the sole purposes of fulfilling purchase orders.
Information collected includes:
• Contact Name(s)
• Contact Email Address(es)
• Contact Telephone Number(s)
• Contact Invoice Address
• Contact Delivery Address(es)
• VAT registration number
• Banking details
Data will be held securely on in-house computer servers and back-ups as well as in paper format. Any significant breach of data will be communicated as soon as is reasonably possible by the swiftest and most appropriate means available at the time. Data will be held for a period of 6 years, statutory accounting practice.
Declaration: Triscle Ltd will NOT pass on your personal data to third parties other than those involved in the order processing and delivery without first obtaining your consent.
1. Invoice Data
We are obliged by law to retain invoices for 6 years (revenue.ie).
At present, we do not automatically remove invoices after that time.
We propose to delete invoices after the legally specified retention period of 6 years has expired
2. Email correspondence
At present, we do not automatically delete emails.
We propose to retain emails for the same period as our invoices (6 years) with automatic deletion therafter.
We have no interest in and request no information other than that specified in “Personal Data” above.
Consent is requested from a customer immediately before finalisation of the order. No personal information is transferred to our server until that consent has been given.
Data Protection by default
There are no automatic opt-ins when a customer places an order or registers with us.
Subject Access Requests
We undertake to provide, within one month, a complete breakdown of all data relating to you. Please send an email to firstname.lastname@example.org
We can remove all data relating to you provided it does not conflict with the legally required retention period specified by the Revenue authorities (revenue.ie). Please send an email to email@example.com