Privacy policy

SIQA Booking Privacy Notice

 

Effective date: 17 December 2025

Controller: SIQA / Gillian Coleman. 76 Furze road, Sandyford Business Park, D18 VHK2 the “Controller”

Contact: gill.coleman@SIQA.ie | 0872349709

 

1) What this notice covers

This notice explains how SIQA collects and uses personal data when you book, manage, or receive services via the SIQA website booking process. It is intended to meet transparency requirements under GDPR (including the information typically provided at the point of collection).

 

2) Personal data we collect via bookings

Depending on what you submit and what is required to deliver your booking, SIQA may collect:

  •  Identity and contact data: name, email, phone number.
  • Organisation/professional data: employer/organisation name, role/title, sector, billing contact.
  • Booking and service data: booking type, dates/times, meeting preferences, location (if onsite), notes you provide, service scope queries.
  • Billing/transaction data (if applicable): invoicing details, VAT/tax details, payment status (note: card numbers are typically processed by the payment provider, not SIQA).
  • Communications: emails/messages with SIQA regarding your booking.
  • Technical data: IP address, device/browser information, booking-page interactions (via logs/cookies if enabled).
  • Special category data: Please do not enter health data or other special-category personal data in booking notes unless SIQA explicitly asks for it and confirms the lawful basis. If you do provide it, SIQA will only process it where lawful and necessary, with appropriate safeguards.

 

3) Why we use your data and our legal bases

SIQA uses booking-related personal data for the purposes below:

  • To provide and administer your booking and deliver services (including confirming appointments, scheduling, and carrying out contracted work).

Legal basis: performance of a contract or steps at your request before entering a contract.

  • To communicate with you about the booking (changes, cancellations, scope clarification, deliverables).

Legal basis: contract and/or legitimate interests (operational communications).

  • To issue invoices, keep accounts, and meet tax/legal obligations.

Legal basis: legal obligation and contract (as applicable).

  • To improve services and manage quality, security, and dispute handling (for example, maintaining records of instructions and deliverables).

Legal basis: legitimate interests.

  • Marketing (optional): to send updates or insights if you opt in (or where otherwise permitted by applicable rules).

Legal basis: consent (where required).

  • You can withdraw consent at any time (see Section 8).

 

4) Who we share your data with

SIQA shares booking personal data only as necessary with:

  • Service providers (processors) who help operate bookings and delivery, such as: website/hosting, booking/scheduling platform, video conferencing, email services, invoicing/accounting, and (if used) payment processing. Processors act on SIQA’s instructions and are typically bound by contractual terms appropriate under GDPR.
  • Professional advisers (legal, tax, insurance) where needed.
  • Authorities where required by law.
  • Important (client services / processor role): If SIQA provides services where you are the Controller of a separate dataset (for example, quality documentation containing staff/patient data) SIQA may act as a processor on your behalf under a separate Data Processing Agreement (DPA) or contract schedule.

 

5) International transfers

If any service provider stores or processes data outside the EEA/UK, SIQA will ensure an appropriate transfer mechanism is used (for example, adequacy decisions and/or Standard Contractual Clauses, as applicable).

 

6) How long we keep booking data

SIQA keeps booking personal data only as long as necessary for the purposes above, including:

  • Booking administration records: typically up to [12–24 months] after last interaction (adjust to your operational need).
  • Contracts, invoices, and accounting records: typically [6–7 years] (align to your accountant’s/tax guidance).
  • Marketing preferences: until you opt out/withdraw consent.
  • Retention must be communicated transparently at collection or by clear criteria.

 

7) Security

SIQA uses reasonable administrative, technical, and organisational measures to protect personal data (access controls, least-privilege access, secure storage, and processor due diligence). No method of transmission/storage is 100% secure, but SIQA aims to apply proportionate safeguards.

 

8) Your data protection rights

Subject to conditions and exceptions under GDPR, you have rights to:

  • Access your data
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Object (notably where processing is based on legitimate interests)
  • Withdraw consent (where processing is based on consent)
  • To exercise rights, contact gill.coleman@SIQA.ie

 

9) Complaints

If you have concerns, SIQA encourages you to contact us first. You also have the right to lodge a complaint with the Data Protection Commission (Ireland).

 

10) Changes to this notice

SIQA may update this notice from time to time. The latest version will be posted on the website with an updated effective date.