Privacy Policy

Red Oak Personal Financial Ltd., trading as Red Oak Tax Refunds, (referred to as “we”, “our” or “Red Oak” in this policy) is a privately owned company that provides tax review and filing services.

Red Oak Personal Financial Ltd. is fully committed to ensuring that your privacy and personal data is protected at all times. All information given by you which can identify you as an individual will only be used in accordance with this privacy policy as detailed below.

This privacy policy applies to the processing of all personal data supplied to and obtained by Red Oak Personal Financial Ltd., in its role as controller of personal data under the General Data Protection Regulation (GDPR). This Privacy Policy is effective from the 25^th of May 2018.

1. Basis of Processing Data

Red Oak will process data received/obtained under the following grounds:

Necessary for the performance of a contract – where an individual has completed our Tax Refund Application Form or Agent Link Notification for us to register as their Tax Agent with the Revenue Commissioners, in order to provide our service to the named individual as requested.

Consent – where an individual has contacted us via our website, phone, text message, post, social media or by mobile application to request additional information about the services that we provide. This consent to send or reply to communications in relation to our services may be withdrawn at any time on receipt of written confirmation from the individual.

2. Sources of Personal Data

Personal data means any information relating to you which allows us to identify you, such as your name, contact details and PPS number.

Obtained from you
We may collect the following information from you in order to carry out our service as requested:
• Contact details such as name, email address, phone number and postal address.
• All information pertinent to completing a tax return on your behalf, including any financial and personal data required, such as your PPS number, occupation, date of birth and marital status. Additional information may be requested solely for the purposes of providing our service to you as requested.

Obtained from the Revenue Commissioners
In order for us to fully provide our service we will access your Revenue record, through the Revenue Commissioners website, once you have authorised us to do so through our Tax Refund Application Form or Agent Link Notification and once we are registered as your Tax Agent.

3. How do we collect your Personal Data

Personal data may be given by or requested from an individual through our website, Tax Refund Application Form, email, text message, phone conversation, in person, post, social media or by mobile application. Data relating to your Revenue record will be accessed through the Revenue Commissioners website.

4. How we process Personal Data

For people who contact us through our website
We will only use the contact details provided, namely mobile number and email address, to send communications in relation to the services that we provide. If you become a client, your personal data will become part of your file with us.

For people who complete our Tax Refund Application Form or Agent Link Notification
We will only use this data provided to carry out our tax review service as requested. We require this data to fully understand your needs and also your personal tax situation. This information is requested solely to enable us to provide a better service and in particular for the following reasons:
• To provide the service that you have requested
• To administer your account with Red Oak Personal Financial Ltd.
• To send you communications relating to our service

5. Sharing of Personal Data

We will not share your personal data with any other third parties, unless we have a legal obligation to do so, outside of the details in this privacy policy.

Red Oak will only share necessary personal data with a third party in order to provide our service to you as requested. We share certain aspects of your personal data with our IT service providers, including our CRM provider, our cloud storage provider and email server provider. These providers are not permitted to use this data, except on our behalf, and all personal data is held inside of the EU.

6. Consequences of not providing your data

You are not obliged to provide your personal information to Red Oak, however, in order for us to register as our Tax Agent and to provide our service to you we require certain personal data, specifically your full name as per your Revenue record, email address and PPS number. If you are not able to provide these details it may result is us not being able to provide our service to you.

7. Your Data Protection Rights

You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:

• Right to access - you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

• Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete. This can be done via the contact details listed below.

• Right to erasure - you have the right to request us to delete personal data that we hold about you (the ‘right to be forgotten’). Data subjects have the right to request erasure of their personal data where Red Oak does not have a legitimate reason for retaining such data. Where Red Oak receives a request for erasure from a data subject, then Red Oak will assess all personal data held on the data subject. All personal data deemed as not held for a legitimate purpose will be deleted/destroyed in line with Red Oak’s retention policy. If you ask us to erase certain personal data and we are unable to do so, we will explain why not.

• Right to restrict or object to processing - you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes. Where we store your information because it is necessary for our legitimate business interests we will stop storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.

• Right to data portability - you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format. This request may be for all personal data of that data subject held by Red Oak or a subset of the data. We will respond to the request within 1 month, unless we can show that the request is manifestly unfounded or excessive. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.

• Right to withdraw consent - if we are processing personal data based on your consent, you may withdraw that consent at any time.

In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at privacy@redoak.ie or by post at Red Oak Tax Refunds, 1 Centaur St, Carlow, R93 H6D9. You also have the right to lodge a complaint with the Data Protection Commission, whose contact details are as follows:

Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Telephone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757
Website www.dataprotection.ie
Email info@dataprotection.ie

8. Data Retention

Red Oak will retain personal data received/obtained as follows:

For people who contact us through our website
If you have provided contact details to us to find out more about the services that we provide and do not become a client, we will delete your personal data 12 months after your last contact with us.

For people who complete our Tax Refund Application Form or Agent Link Notification
In order to satisfy the requirements of the Revenue Commissioners, specifically an audit, and to demonstrate all aspects of our contractual obligations with our client have been carried out, we will hold all relevant personal data for a minimum period of 6 years from original receipt. After this point we will seek written confirmation that you are happy for us to continue to hold this data. If we receive written or verbal communication that you would like to continue to use our service this period will be renewed.

9. Security Measures

Red Oak takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We have put in place appropriate technical and organisational procedures to safeguard and secure the personal data that we receive.

Examples of practical technical security measures to aid GDPR compliance at our firm include:
• Ensuring that IT security is properly managed and overseen by an appropriate person in the firm with adequate support from IT professionals;
• Adequate Access Control is employed, including identity and access management;
• Appropriate IT education to staff is undertaken. This includes demonstration examples of unauthorised data access and malware;
• Employees and other users are required to change passwords on a regular basis;
• ensuring that all computing devices such as PCs and mobile phones are using an up-to-date operating system;
• ensuring all computing devices are regularly updated with manufacturer’s software and security patches;
• using antivirus software on all devices;
• implementing a strong firewall;
• ensuring that data is collected & stored securely

Examples of practical physical security measures employed at Red Oak include:
• keeping offices and storage units locked and only accessible by authorised personnel;
• implementing clean desk policies;
• ensuring that fire and burglar alarms are in place and functioning as provided at our permanent address as detailed in this privacy policy

To protect the privacy and security of personal data, we will also take reasonable steps to verify your identity before granting access to information as appropriate. Specifically we will only deal with the named individual in relation to their personal data and verify their identity by requesting a combination of their PPS number, name, mobile number, email address, date of birth or postal address as per the completed Tax Refund Application Form or Agent Link Notification we have on file for that individual.

10. Cookies

A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.

We use the Google Analytics cookie "_ga cookie" to determine how you interact with our website and to improve the operation and presentation of our website. When you visit our site for the first time, a cookie is downloaded onto your computer/mobile device. If you continue to use our website we will assume that you are happy with it.

Most web browsers allow some control to restrict or block cookies through the browser settings. For more information about cookies visit https://www.aboutcookies.org

11. Changes to this Privacy Policy

11. Changes to this Privacy Poilcy

Any material changes we make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by email to the email address provided. Please check our website frequently to see any updates or changes to our privacy policy.

12. How to Contact Us

You can contact Red Oak Personal Financial Ltd. in relation to our privacy policy by any of the following means:

• In writing to: Red Oak Tax Refunds, 1 Centaur Street, Carlow, Co. Carlow R93 H6D9
• By Email: privacy@redoak.ie
• By Phone: 059-9173300