At Eagle Point Partners, we are committed to protecting and respecting data protection and privacy rights. Please take a moment to read this Privacy Statement to find out more about why and how we collect, process and use personal information.
Who we are
Corbett Quilty Limited trading as Eagle Point Partners (“Eagle Point Partners”) and located at no. 1 Maritana Gate, Canada Street, Waterford.
When processing personal data, Eagle Point Partners acts as a data processor for companies (our “Clients”) that request Eagle Point Partners to provide them with Services. Our Clients provide products and services to their customers, being living individuals or data subjects (the “End Users”). Our Clients are the data controllers of the End Users’ personal data.
Data we process
As a data processor, Eagle Point Partners processes the personal data which is provided to us by our Clients. Depending on the specific nature of the Services being provided, we will process the following personal information on behalf of our Clients:
Why we process personal data
Eagle Point Partners uses End User Data to provide insights at an aggregated level for Clients. The End User Data is processed by Eagle Point Partners only for the purpose of providing services to our Clients, including:
On certain projects, we may process device and browser fingerprinting IDs on behalf of our clients. Device and browser fingerprinting uses information such as device screen resolution, timezone and browser version to assign a unique ID to website or app visitors. We use this information to help us more effectively measure the performance of different marketing channels for our Clients.
You can find more information about this open-source technology here, and about Eagle Point Partners’s use of fingerprinting technology on its own website, here.
Fingerprint IDs and End User Data
Fingerprint IDs do not, on their own, identify a person. However, combined with other data (eg. CRM data), it is possible to link a Fingerprint ID to an End User, and thus, Fingerprint IDs may constitute Personal Data in certain circumstances.
The GDPR offers six lawful bases for the processing of personal data, one of which is the legitimate interests of a data controller. The Data Protection Network has produced a guidance paper on the use of legitimate interests as a lawful basis for processing, and outlines a Legitimate Interests Assessment (LIA) for companies to use:
The UK Information Commissioner’s Office has expressed support for this approach. We expect that most of our Clients will seek to rely on their own legitimate interests in utilising our services. If an End Users wishes to object to such use of legitimate interests as a lawful basis for processing, they should contact the Client who is the controller of their data.
Eagle Point Partners does not process End User Data for any purpose other than the provision of the Services to Clients. In particular, Eagle Point Partners does not deliberately process End User Data for the purpose of identifying living individuals and, where possible, Eagle Point Partners endeavours to ensure that all End User Data that is processed remains anonymous.
The source of personal data
Eagle Point Partners accesses End User Data via Application Programming Interfaces (“APIs”), (for example, the Google Analytics API), to which Clients give Eagle Point Partners access in order to access the relevant End User Data. Eagle Point Partners shall only process the End User Data in accordance with the documented instructions of Clients and for the purpose of providing the Services described in this Privacy Statement to the Clients. The documented instructions of our Clients is normally contained in the statement of work which we agree with them.
Eagle Point Partners from time to time instructs services providers to provide services to Eagle Point Partners. These service providers process End User Data on Eagle Point Partners’s behalf and are therefore the Clients’ sub-processors (“Sub-Processors”). For example, we use the following Sub-Processors to help us deliver our Services:
Sub-Processors are bound by the same or equivalent terms to which the Eagle Point Partners is bound with its Clients. Eagle Point Partners will inform its Clients of the Sub-Processors that process End User Data on behalf of Eagle Point Partners and Eagle Point Partners will inform its Clients of any intended changes concerning the addition to, or replacement of, the Sub-Processors.
Eagle Point Partners will give its Clients the opportunity to object to any changes to the Sub-Processors. Clients may reasonably object to Eagle Point Partners’s replacement of a Sub-Processor or use of a new Sub-Processor by notifying Eagle Point Partners in writing. Clients shall be deemed to have authorized the engagement of a Sub-Processor if the Client does not so object.
In accordance with data protection principles, Eagle Point Partners will not keep or store End User Data for any longer than is necessary. A core element of Eagle Point Partners’s Services involves the comparison of current performance with historical performance. Eagle Point Partners retains the underlying data needed to generate these comparisons and insights for the duration of Eagle Point Partners’s commercial relationship with our Clients, unless directed otherwise by our Clients.
Data Subject Rights
Eagle Point Partners will notify Clients without undue delay if it receives:
Data security is of paramount importance for us. Eagle Point Partners will always access End User Data via an encrypted connection, and the End User Data which Eagle Point Partners accesses is stored on Amazon AWS servers located in Dublin, Ireland. While Amazon, as a leading cloud services provider, has security safeguards put in place, Eagle Point Partners has implemented its own additional data and security safeguards, including:
International Data Transfers
In some cases the personal data we collect from you might be processed outside the European Economic Area (“EEA”). These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.
We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
A data breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, End User Data transmitted, stored or otherwise processed by Eagle Point Partners (a “Data Breach”). Eagle Point Partners has implemented appropriate and technical measures in order to prevent the occurrence of any Data Breach. In the event however that a Data Breach does occur, Eagle Point Partners shall take the following steps:
When Eagle Point Partners becomes aware of an actual or potential Data Breach, Eagle Point Partners shall immediately implement its Data Breach Response Plan. In this regard, Eagle Point Partners shall begin an investigation into the Data Breach.
As part of this investigation, a Eagle Point Partners investigator will be responsible for the management of the Data Breach investigation, completion of a risk assessment, and coordinating with others in the organization as appropriate (e.g., administration, security incident response team, human resources, risk management, public relations, legal counsel, etc,). As part of the investigation, the investigator will conduct a risk assessment, and based on the results of the risk assessment, will begin the process of notifying any Clients affected by the Data Breach.
When Eagle Point Partners becomes aware of a Data Breach, Eagle Point Partners shall without undue delay notify any affected Clients of the Data Breach. Eagle Point Partners will notify any affected Clients of the Data Breach via email and / or telephone.
In respect of any Data Breach of which Eagle Point Partners becomes aware, Eagle Point Partners shall keep a record of the occurrence of that breach. Such record will contain:
Changes to this Privacy Statement
This Privacy Statement was last updated on 22nd May 2018. Eagle Point Partners may from time to time revise or amend this Privacy Statement. If any change to this Privacy Statement materially affects Clients or End Users, Eagle Point Partners will send a notice to Clients to advise of such changes and allow Clients a reasonable time before any proposed changes take effect.
Ronan McDonnell is our Head of Privacy. Any requests, queries or complaints in respect of Eagle Point Partners’s processing of End User Data or in respect of this Privacy Statement can be directed to firstname.lastname@example.org