Who We Are

The data controller responsible for the personal data you provide to us is:

As a data controller, we determine the purposes and means by which personal data about you is processed. Where we process personal data on behalf of our clients in the course of delivering software development and IT services, we act as a data processor in accordance with the terms of our client agreements and applicable data protection law.

Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

2.1 Identity & Contact Information

• Full name
• Job title and company name
• Email address
• Telephone number
• Postal address (where provided)

2.2 Communication Data

• The content of emails, messages, and enquiries you send to us
• Records of telephone conversations with our team
• Contact form submissions via our website
• Information provided during consultations or discovery meetings

2.3 Technical & Usage Data

• IP address and browser type
• Pages visited on our website and time spent on each page
• Referring website or search terms used to find our website
• Device type and operating system
• Cookie identifiers (see Section 9)

2.4 Business & Project Data

• Information about your business, project requirements, and technical needs shared during consultations
• Documents, specifications, and other materials you provide to us in connection with a project
• Contractual and commercial information including invoicing and payment details

We do not knowingly collect any special categories of personal data (such as data relating to health, ethnicity, religion, or biometric information) unless you specifically provide such information and have given your explicit consent for us to process it.

How We Collect Your Personal Data

We collect personal data through the following means:

• Directly from you — when you complete a contact form on our website, send us an email, call us by telephone, or provide information during a meeting or consultation.
• Automatically — when you visit our website, certain technical and usage data is collected automatically through cookies and similar tracking technologies. Please see Section 9 for full details.
• From third parties — we may occasionally receive information about you from third parties such as business referral partners, professional networks (including LinkedIn), or publicly available sources, where this is lawful and appropriate.
• During the delivery of services — where you engage us to deliver software development or IT consulting services, we may receive personal data as part of our work on your behalf, for example through access to your systems or data as part of a contracted project.

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

We will not use your personal data for purposes that are incompatible with those described above without first informing you and, where required, obtaining your consent.

Legal Basis for Processing

Under the GDPR, we are required to identify a valid legal basis for each processing activity. The legal bases we rely on are:

• Contract (Article 6(1)(b)): Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract. This applies, for example, to the delivery of software development and IT consulting services you have engaged us to provide.
• Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests — such as responding to enquiries, improving our website, managing client relationships, and promoting our services to existing or prospective clients — provided these interests are not overridden by your rights and interests.
• Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject, including obligations under Irish company law, tax legislation, and applicable regulations.
• Consent (Article 6(1)(a)): Where we have obtained your freely given, specific, informed, and unambiguous consent to process your personal data for a particular purpose — for example, subscribing to marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to your withdrawal.

Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any applicable legal, accounting, or reporting requirements.

The following general retention periods apply:

• Client and project records — retained for a minimum of 7 years following completion of the engagement, in accordance with our obligations under Irish company law and revenue requirements.
• Enquiry and contact records — retained for up to 2 years from the date of last contact, unless the enquiry resulted in an engagement (in which case client retention periods apply).
• Website analytics data — retained in accordance with the settings of our analytics provider, typically for a period of up to 26 months.
• Marketing communications — retained until you unsubscribe or withdraw consent, plus a reasonable period thereafter to maintain a suppression list.

When personal data is no longer required and there is no legal basis for retaining it, we will securely delete or anonymise it in accordance with our internal data retention procedures.

Sharing Your Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your personal data with the following categories of recipients, strictly where necessary and on a need-to-know basis:

• Service Providers & Sub-processors: Trusted third-party suppliers who provide services to support our business operations, including cloud hosting providers, email communication platforms, project management tools, accounting software, and website analytics services. All such providers are contractually required to process personal data only on our instructions and in accordance with applicable data protection law.
• Professional Advisers: Legal advisers, accountants, auditors, and other professional advisers where necessary for the operation of our business, subject to strict professional confidentiality obligations.
• Regulatory & Legal Authorities: Where we are required by law, court order, or regulatory authority to disclose personal data. We will notify you of any such disclosure where we are legally permitted to do so.
• Business Successors: In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred to the relevant successor entity, subject to appropriate confidentiality and data protection safeguards.

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes.

International Transfers of Personal Data

Some of our third-party service providers may process personal data outside the European Economic Area (EEA). Where personal data is transferred to countries that have not been recognised by the European Commission as providing an adequate level of data protection, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR.

These safeguards may include the use of Standard Contractual Clauses approved by the European Commission, binding corporate rules, or reliance on other recognised transfer mechanisms. You may request details of the specific safeguards applicable to any international transfer of your personal data by contacting us at info@visionarysoftware.ie.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and support the functionality of our website. A cookie is a small text file placed on your device when you visit a website.

Types of Cookies We Use

Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through your browser settings or by clearing your browser's cookie cache. Please note that disabling certain cookies may affect the functionality of our website.

For more information about how to manage cookies in your browser, visit www.aboutcookies.org.

Your Data Protection Rights

Under the GDPR and applicable Irish data protection law, you have the following rights in relation to your personal data:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how and why we process it.
• Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.
• Right to Erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances — for example, where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn your consent and there is no other legal basis for processing.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while the accuracy of your data is being contested.
• Right to Data Portability (Article 20): Where processing is based on your consent or on a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit this data directly to another controller where technically feasible.
• Right to Object (Article 21): You have the right to object at any time to our processing of your personal data where we rely on legitimate interests as our legal basis, including for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately.
• Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you. We do not currently use automated decision-making processes that produce such effects.
• Right to Withdraw Consent: Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.

We may need to verify your identity before processing your request. We will not charge a fee for responding to requests unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to respond.

Data Security

We take the security of your personal data very seriously. We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures include, but are not limited to:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Encryption of sensitive data at rest
• Role-based access controls ensuring that personal data is only accessible to authorised personnel who need it to perform their duties
• Regular security assessments and reviews of our systems and processes
• Employee training on data protection obligations and information security best practices
• Use of reputable, security-certified cloud infrastructure providers
• Incident response procedures for detecting and responding to potential data security events

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) without undue delay and, where required, will notify you directly. We will provide you with details of the breach, its likely consequences, and the measures we have taken or propose to take to address it.

While we employ robust security measures, no method of transmission over the internet or method of electronic storage is completely secure. We therefore cannot guarantee the absolute security of your personal data.

Links to Third-Party Websites

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies or practices.

We encourage you to read the privacy policy of every website you visit when you leave our website. This Privacy Policy applies only to information collected by Visionary Software Solutions Limited through our website and our direct interactions with you.

Children's Privacy

Our website and services are directed at business clients and adult individuals. We do not knowingly collect personal data from children under the age of 16. If you believe that we have inadvertently collected personal data from a child under 16, please contact us immediately at info@visionarysoftware.ie and we will take prompt steps to delete such data from our records.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, notify you by email or by placing a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website and services after any changes to this policy constitutes your acknowledgement of the updated policy.

Contact Us & How to Make a Complaint

If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or have any concerns about how we handle your personal data, please contact us using the details below. We are committed to resolving any concerns promptly and fairly.

Right to Lodge a Complaint

If you are not satisfied with our response to any concern or complaint, or if you believe we are processing your personal data in breach of applicable data protection law, you have the right to lodge a complaint with the Irish supervisory authority:

We would, however, appreciate the opportunity to address your concerns directly before you approach the DPC, and we encourage you to contact us in the first instance.