ComplianceHub

Privacy Policy

We simplify compliance

HomeAboutContact

Privacy Policy

Last updated: 2/8/2025

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and Irish Data Protection Act 2018

Table of Contents

1. Introduction2. Data Controller3. Data We Collect4. Legal Basis for Processing5. How We Use Your Data6. Data Sharing7. Data Security8. Data Retention9. Your Rights10. Cookies11. Third-Party Services12. International Transfers13. Children's Privacy14. Policy Changes15. Contact Information

1. Introduction

ComplianceHub ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our management systems platform and related services.

As an Irish company, we comply with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. We are committed to transparency and giving you control over your personal data.

2. Data Controller

ComplianceHub is the data controller for your personal data.

Company: ComplianceHub Limited

Address: Ireland

Email: privacy@compliancehub.ie

Data Protection Officer: dpo@compliancehub.ie

3. Data We Collect

Personal Information

  • Name and contact details (email address, phone number)
  • Company information and job title
  • Account credentials and authentication data
  • Profile information and preferences

Usage Data

  • Platform usage patterns and feature interactions
  • Session duration and frequency of use
  • Device information and browser type
  • IP address and location data (country level)

Business Data

  • Company processes and procedures
  • Quality management system documentation
  • Audit reports and compliance records
  • Files and documents uploaded to the platform

5. How We Use Your Data

Service Provision

Providing and maintaining our platform, processing your requests, and delivering support

Security & Fraud Prevention

Protecting our platform and users from security threats, fraud, and unauthorized access

Service Improvement

Analyzing usage patterns to improve our platform and develop new features

Communications

Sending service updates, security alerts, and marketing communications (with consent)

Legal Compliance

Meeting our legal obligations under Irish and EU law

6. Data Sharing

We do not sell your personal data to third parties.

We only share data in the limited circumstances outlined below.

Service Providers

Trusted third-party providers who help us deliver our services (hosting, email, analytics) under strict data processing agreements.

Legal Requirements

When required by Irish or EU law, court orders, or to protect our legal rights and those of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, with appropriate safeguards for your data.

7. Data Security

We implement industry-standard security measures to protect your data.

Technical Safeguards

  • End-to-end encryption for data transmission
  • Encrypted data storage and backups
  • Multi-factor authentication options
  • Continuous security monitoring

Organizational Measures

  • Staff training on data protection
  • Regular security audits and assessments
  • Access controls and role-based permissions
  • Data processing agreements with vendors

8. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy or as required by Irish law.

Account Data

Retained while your account is active plus 3 years after closure for legal compliance.

Usage Data

Anonymized after 2 years and retained for analytics and service improvement.

Business Data

Retained as per your subscription terms and deleted upon request or account closure.

9. Your Rights Under GDPR

As an individual in the EU/EEA, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data in certain circumstances.

Right to Restrict Processing

Limit how we process your data in certain situations.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for marketing.

Right to Withdraw Consent

Withdraw consent for processing where consent is the legal basis.

Right to Complain

Lodge a complaint with the Irish Data Protection Commission.

To exercise your rights: Contact us at privacy@compliancehub.ie. We will respond within 30 days and may require identity verification.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze platform usage.

Essential Cookies

Required for platform functionality, security, and user authentication. Cannot be disabled.

Analytics Cookies

Help us understand how you use our platform to improve performance and user experience.

Marketing Cookies

Used to deliver relevant advertisements and measure campaign effectiveness (with consent).

Cookie Management: You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

11. Third-Party Services

We work with trusted third-party providers to deliver our services. All providers are carefully vetted and bound by data processing agreements.

Service Categories

  • Cloud hosting and infrastructure
  • Email delivery services
  • Analytics and monitoring
  • Payment processing
  • Customer support tools

Data Protection Measures

  • Data Processing Agreements (DPAs)
  • GDPR compliance requirements
  • Encryption and security standards
  • Data minimization principles
  • Limited data retention periods

12. International Data Transfers

We primarily process data within the EU/EEA to ensure GDPR protection.

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place:

Adequacy Decisions

Transfers to countries with EU adequacy decisions (e.g., UK, Switzerland).

Standard Contractual Clauses

EU-approved contracts ensuring GDPR-level protection in third countries.

13. Children's Privacy

Our services are not intended for children under 16.

We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately for deletion.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through:

Email Notification

Direct email to registered users

Platform Notice

In-app notifications and banners

30-Day Notice

Advance notice for material changes

15. Contact Information

Data Protection Queries

privacy@compliancehub.ie
Data Protection Officer: dpo@compliancehub.ie
ComplianceHub Limited, Ireland

Regulatory Authority

If you're not satisfied with our response to your privacy concerns, you can contact the Irish Data Protection Commission:

www.dataprotection.ie

We are committed to protecting your privacy and will respond to all inquiries within 30 days.