Website Privacy and Security Statement


(A) Privacy

Personal data supplied to CRO via this website pursuant to the Companies Act 2014 (for instance, notification of appointment of a company officer, change of company officer’s particulars) or the Registration of Business Names Act 1963 (for instance, registration of a business name by an individual, firm or body corporate, or change of address of the owner of a registered business name) does not come within the Data Protection Acts 1988-2018, being "personal data consisting of information that the person keeping the data is required by law to make available to the public". Such data therefore falls outside the terms of this Privacy Statement. This means that the conditions and information set out below do not apply to any personal data supplied to CRO on this website by any person pursuant to the Companies Act 2014  and/or Registration of Business Names Act 1963.

Identity

This website is www.cro.ie. If you wish to discuss any matters relating to the processing of personal data on the CRO's website, please contact us at crowebmaster@enterprise.gov.ie or by post at CRO, Bloom House, Gloucester Place Lower, Dublin 1.

Purpose

The purposes for which personal data supplied by you on our website will be used will be:

(a) in respect of payment for services supplied to you by CRO - either to debit the account maintained by you with CRO with the search fees/transaction fees incurred by you during your use of this website, or to debit your credit/laser card if you opt to use same to pay for those services while using this website. CRO policy is to retain the minimum amount of information necessary to be able to deal with any subsequent queries regarding the transaction. In connection with payment by laser/credit card, we retain the customer e-mail address and IP address only. The documents requested are supplied to this address. We do not retain any laser/credit card details. Such details are retained on our behalf by Realex (see under Disclosure, below) and may be reviewed by CRO through a web link. In relation to services paid for by debiting of customer accounts, the customer’s email address is retained.

The IP address is an address from which you access our website (an IP address is the number automatically assigned to your computer when you are surfing the web. IP addresses are used to analyse trends, administer the site, track users' movements, and gather statistical information and are not linked to personally identifiable information).

(b) to register you as a subscriber to our email newsletter service. For this purpose, only your email address has to be supplied to us, and this is retained by CRO in order that the newsletter may be transmitted to you. If you at any time cancel your subscription to the email newsletter, your email address will be retained by us for record purposes concerning your subscription to the newsletter service but will be used by CRO for no other purpose.

(c) To register you for our online e-filing service. The personal information collected is user name, address, email, PPSN, phone number, fax number, and DX number and exchange, and details of the user’s administrator, if relevant. These details are retained indefinitely, and are used by CRO to identify the registered user whenever he/she logs on to our online e-filing service and for populating the presenter detail field on any e-filed forms being submitted by such user. The CRO may also issue emails to users that have filed on behalf of companies, in relation to important updates or changes affecting the obligations of companies and other entities registered by the CRO and RFS. If you do not wish to receive these updates, just let us know by e-mailing us at: optoutCRO@enterprise.gov.ie and we will remove you from our mailing list. Please be advised that if you ask us to remove your details from our mailing list, you will not receive e-mails or correspondence from us that may be important in relation to supports or other information that may be of interest to you.

Disclosure

Personal data supplied will not be released to any third parties, save that credit card information will be securely transferred to Realex, a secure online payments provider.

Right of Access

A person has the right of access to the personal data held by CRO as a result of what has been supplied by him/her on this website. An individual can make a data protection access request by completing a Subject Access Request (SAR) form.

Submitting a Subject Access Request (SAR)
You must complete a Subject Access Request (SAR) form in order to request a copy of your personal information from us. This Form must be completed in full and sent to: CRO, Bloom House, Gloucester Place Lower, Dublin 1. Applications can also be sent electronically to dprequest@enterprise.gov.ie.

You should try to be as specific as possible in identifying the personal information that you are seeking from us. Also, if possible, try to specify the areas of the CRO where you feel would be most relevant to your request. This will assist us in providing you with an effective and efficient service. In general, there is no charge for individuals who seek access to their personal records under the Data Protection Acts and requests must be completed within one month. You will be required to provide Proof of Identity when making a request such as a copy of your photo ID, duly certified, signed and dated by a Garda, Doctor, Solicitor, Priest, Peace Commissioner or Commissioner for Oaths.

Exceptions to the right of access
In a small number of circumstances your right to access personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand.

Further information about an individual’s rights under the Data Protection Acts
The Data Protection Commission website offers an explanation of the rights and responsibilities under the Data Protection Acts.

Information is also available from:
Portarlington Office
Office of the Data Protection Commission
Canal House
Station Road
Portarlington
R32 AP23

Dublin Office
Office of the Data Protection Commission
21 Fitzwilliam Square
Dublin 2
D02 RD28
You can contact the Office of the Data Protection Commission by emailing info@dataprotection.ie or by telephone at: 057 868 4800/076 110 4800.  

Document

Subject Access Request (SAR) Form -  Subject-Access-Request-SAR-form fillable.pdf

Right of Rectification

If the personal data supplied by you to this website in the context of payment for services supplied, or registration for the CRO email newsletter service or online filing service is inaccurate, you have the right to have said personal data corrected. There is no charge for complying with such a request and we will comply with your request within 30 days. Please forward a written request for rectification to CRO, Bloom House, Gloucester Place Lower, Dublin 1.

Right of Erasure

You have the right to have your data erased if one of the following grounds applies:

1. Where your personal data is no longer necessary in relation to the purpose for which it was collected or processed;
2. Where you withdraw your consent to the processing and there is no other lawful basis for processing the data;
3. Where you object to the processing and there is no overriding legitimate grounds for continuing the processing (See point 6 below).
4. Where you object to the processing and your personal data is being processed for direct marketing purposes (See point 6 below);
5. Where your personal data has been unlawfully processed;
6. Where your personal data have to be erased in order to comply with a legal obligation;
7. Where your personal data has been collected in relation to the offer of information services to a child.

There are certain circumstances where this right does not apply. This includes:

- Exercising the right of freedom of expression and information;
- Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority;
- Reasons of public interest in the area of public health (See Article 9(2)(h) & (i) and Article 9(3), GDPR)
- Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- Establishment, exercise or defence of legal claims.

Right to Data Portability

In some circumstances, you may be entitled to obtain your personal data in a format that makes it easier to reuse in another context, and to transmit these data without hindrance. This is referred to as the right to data portability.

This right only applies where processing of personal data (supplied by you) is carried out by automated means, and where you have either consented to processing, or where processing is conducted on the basis of a contract.

This right only applies to the extent that it does not affect the rights and freedoms of others. 
 
Right to Object

You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks in the public interest, or under official authority, or in the legitimate interests of others.

Where a data controller is using your personal data for the purpose of marketing something directly to you, or profiling you for direct marketing purposes, you can object at any time, and the data controller must stop processing as soon as they receive your objection.

You may also object to processing of your personal data for research purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

Right of Restriction
You have a limited right of restriction of processing of your personal data. Where processing of your data is restricted, it can be stored by the CRO, but most other processing actions, such as deletion, will require your permission.

Cookies

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purpose set out above.

(B) Security

CRO takes its security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness, and these measures are reviewed regularly.

To ensure the security of your credit card information when you use same to discharge CRO fees on this site, we use Secure Socket Layer (SSL) technology. You will see the padlock in your browser’s security display indicating that the transfer of all data between your browser and our site has been encrypted.

When you supply us with your laser/credit card information in the context of an online transaction for services supplied to you, this information is not retained on this site. Rather, it is securely transferred to Realex, a secure online payments provider. All CRO retains is your email address.