How We Handle Your Personal Data
recyclingcentreireland.org/ is committed to data protection. This page sets out what we collect from you as a visitor, why, and the rights you have under the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and the ePrivacy Regulations (S.I. No. 336/2011).
What’s on this page
- Who we are
- Scope of this policy
- Personal data we collect
- GDPR โ legal basis
- Irish Data Protection Act 2018
- ePrivacy Regulations
- How we collect data
- Why we use it
- Who we share with
- International transfers
- Cookies and analytics
- Retention
- Your GDPR rights
- How to exercise rights
- Children’s data
- Breach notification
- Security
- Data Protection Commission
- Changes to this policy
1. Who We Are
recyclingcentreireland.org/ is an independent informational guide that publishes practical, step-by-step guidance on Ireland's civic amenity sites, bring banks, kerbside services, the Re-turn Deposit Return Scheme, WEEE Ireland and ERP take-back, and the broader recycling framework. We are the data controller for the personal data described on this page.
For any data-protection question, contact us at info@recyclingcentreireland.org with the subject line “Privacy request” and we will respond within the time limits set out below.
2. Scope of This Policy
This privacy policy covers personal data about you, the visitor to recyclingcentreireland.org/. It does not cover personal data held by Irish local authorities, the Department of the Environment, Climate and Communications (DECC), the Environmental Protection Agency (EPA), Re-turn, Repak, WEEE Ireland, ERP Ireland, or any waste collector. If you have a concern about personal data held by your council or by a scheme operator, contact that body directly. Local authorities are public bodies and act under their own statutory frameworks.
3. The Personal Data We Collect About You
| Category | Examples | Source |
|---|---|---|
| Identifiers | Email address, name (if provided), IP address | You ยท Your browser, automatically |
| Contact content | The content of messages you send us | You โ when you email us or use a contact form |
| Internet/network activity | Pages visited, time on page, click paths, referring URL | Cookies and analytics, when you consent |
| Device and technical data | Browser, device type, OS, approximate location from IP (e.g., to suggest your nearest local-authority page) | Your browser, automatically |
| Inferences | Aggregate inferences about which content is most useful | Derived from analytics, where consented |
| Advertising identifiers | Identifiers used to limit ad frequency and measure ad performance | Third-party advertising networks, when you consent |
We do not intentionally collect Special Categories of personal data under Article 9 of the GDPR (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex-life data, sexual-orientation data). We do not ask for it and you should not send it through our contact channel.
4. GDPR โ Legal Basis for Processing
The General Data Protection Regulation (Regulation (EU) 2016/679) requires every processing of personal data to have a clear legal basis. Our bases under Article 6 are:
| Processing | Legal basis (Article 6) |
|---|---|
| Strictly necessary functioning of the website | Article 6(1)(f) โ legitimate interests in operating the site |
| Responding to your contact email | Article 6(1)(b) โ performance of pre-contractual/quasi-contractual steps; or Article 6(1)(f) โ legitimate interests in responding to enquiries |
| Analytics and usage measurement (when consented) | Article 6(1)(a) โ consent; combined with ePrivacy Regulations consent for storage of cookies |
| Display advertising (when consented) | Article 6(1)(a) โ consent |
| Security and abuse prevention | Article 6(1)(f) โ legitimate interests |
| Legal compliance โ including responding to lawful requests from authorities | Article 6(1)(c) โ compliance with a legal obligation |
5. Irish Data Protection Act 2018
The Data Protection Act 2018 gives effect to the GDPR in Ireland and supplements it with national provisions. Key sections that apply to our processing:
- Section 31 โ implements the GDPR’s data-subject rights for individuals in Ireland
- Sections 30โ35 โ supplement the conditions for lawful processing
- Sections 26โ29 โ protections for children’s personal data
- Section 137 โ onward duty of confidentiality of personal data
- Sections 117โ123 โ civil redress for data-protection breaches, including the right to compensation under Article 82 GDPR
The Act is enforced by the Data Protection Commission (DPC), Ireland’s supervisory authority for data protection โ see Section 18 below.
6. ePrivacy Regulations (S.I. No. 336/2011)
The European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 โ implementing the EU ePrivacy Directive โ govern cookies and similar technologies in Ireland. Under Regulation 5, we must obtain your consent before storing any non-strictly-necessary information on your device. The cookie banner you see on your first visit is how we obtain that consent. Full details on our Cookie Policy page.
7. How We Collect Personal Data
- Directly from you โ when you email us, complete a contact form, or set cookie preferences
- Automatically โ when you visit the site, your browser sends standard technical information so the page can load
- From third-party services we use โ analytics and advertising providers, but only after you have given consent through our cookie banner
8. Purposes of Processing
- Providing the website and its content
- Responding to questions, corrections, and feedback
- Securing the site and protecting against abuse, fraud, and unauthorised access
- Auditing interactions and measuring site performance (analytics, where consented)
- Supporting display advertising that funds the site (where consented)
- Complying with legal obligations and responding to lawful requests under Irish and EU law
We do not use personal data for automated decision-making with legal or similarly significant effects within the meaning of Article 22 GDPR.
10. International Transfers
Some service providers we use (hosting, analytics, advertising, CDN) are based outside the European Economic Area (EEA) โ primarily in the United States and the United Kingdom. Where personal data is transferred outside the EEA, we rely on:
- Adequacy decisions โ for transfers to countries the European Commission has decided provide adequate protection (currently including the United Kingdom, and the United States under the EUโUS Data Privacy Framework for self-certified organisations)
- Standard Contractual Clauses (SCCs) โ Commission Implementing Decision (EU) 2021/914, where applicable
- Supplementary measures โ where required following a Transfer Impact Assessment under Schrems II (Case C-311/18)
11. Cookies, Analytics, and Advertising
For full detail โ including the cookies used, third-party services, and how to manage them โ see our Cookie Policy. Key controls: the cookie banner (shown on first visit, with affirmative opt-in for non-strictly-necessary cookies under the ePrivacy Regulations), the “Cookie settings” link in the footer, browser-level controls, and the Global Privacy Control signal.
12. How Long We Keep Personal Data
| Category | Retention |
|---|---|
| Email correspondence and contact-form messages | Up to 24 months from last contact, then deleted unless an active matter requires longer retention |
| Server access logs (IP addresses, request data) | Up to 90 days, then aggregated or deleted |
| Analytics data | Aggregated; identifiable data retained no longer than 14 months |
| Cookie consent records | 12 months from when you set your preference |
| Backups | Rotating backups deleted on a 30โ90 day cycle |
13. Your Rights Under the GDPR
Right of access
Confirm whether we hold personal data about you and obtain a copy (Article 15).
Right to rectification
Correct inaccurate or incomplete personal data (Article 16).
Right to erasure
Have personal data deleted in defined circumstances (“right to be forgotten”) (Article 17).
Right to restrict processing
Limit how we process your personal data in defined circumstances (Article 18).
Right to data portability
Receive a copy of certain personal data in a structured, commonly used, machine-readable format (Article 20).
Right to object
Object to processing based on legitimate interests, including for direct marketing (Article 21).
Right not to be subject to automated decision-making
Article 22 โ we do not engage in such processing.
Right to withdraw consent
Where processing is based on consent, you may withdraw at any time without affecting prior lawful processing (Article 7(3)).
Right to lodge a complaint
With the Data Protection Commission (DPC) in Ireland โ see Section 18 below.
14. How to Exercise Your Rights
For all GDPR requests, email info@recyclingcentreireland.org with the subject line “GDPR request.” Include enough information for us to identify the data you’re asking about. We may need to verify your identity before responding โ most commonly by confirming you control the email address that submitted the request. We respond within one calendar month as required by Article 12(3) GDPR, with a possible extension of up to two further months for complex requests where we will explain the reason for the extension.
Requests are handled free of charge under Article 12(5), unless the request is manifestly unfounded or excessive, in particular because of its repetitive character.
15. Children’s Personal Data
This site is not directed at children. Under section 31(1) of the Irish Data Protection Act 2018 and Article 8 GDPR, the digital age of consent in Ireland is 16; the consent of a person with parental responsibility is required for the processing of personal data of children below 16 in the context of an offer of information-society services directly to children. We do not knowingly process personal data of children under 16. If we learn that we have, we will delete it promptly.
16. Breach Notification
Under Articles 33 and 34 GDPR, we will notify the Data Protection Commission (DPC) of a personal data breach without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the breach is likely to result in a high risk to data subjects, we will also communicate the breach to the affected individuals without undue delay.
17. Security Measures
Under Article 32 GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk: encryption of data in transit (HTTPS across the site), access controls on administrative tools, regular software updates, secure authentication for our editorial team, and contractual security commitments from data processors.
18. Data Protection Commission (DPC)
If you believe we have processed your personal data in breach of the GDPR or the Irish Data Protection Act 2018, you have the right under Article 77 GDPR to lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission (DPC), headquartered at 21 Fitzwilliam Square South, Dublin 2, D02 RD28. The DPC is also the lead supervisory authority for many large technology companies under the GDPR’s One-Stop-Shop mechanism. Contact the DPC at dataprotection.ie or by phone on +353 (0)761 104 800.
19. Changes to This Policy
We update this policy when our practices change or when Irish or EU data-protection law changes. The “Last reviewed” date at the top reflects the current version. Substantive changes will be flagged on the homepage banner for at least 30 days. This policy is read alongside our Cookie Policy, Terms of Service, and Disclaimer.
Questions About Your Personal Data?
Email us. We respond to general privacy questions within seven business days, and to formal GDPR requests within one calendar month as required by Article 12(3).
๐ง info@recyclingcentreireland.org