GDPR & DATA PROTECTION POLICY

INTRODUCTION

This GDPR & Data Protection Policy explains how Abbey Blue Legal Ltd, trading as Abbey Blue Formations, processes personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Irish data protection law.This policy applies to all personal data processed through our websites, services, communications, and internal systems.

1. DATA CONTROLLER

Data Controller:

Abbey Blue Legal Ltd

Trading as: Abbey Blue Formations

Address:

49 North Main Street

Wexford Town

Co. Wexford

Y35 YT44

Ireland

Websites:

www.abbeybluelegal.ie
www.abbeyblueformations.ie

Abbey Blue Legal Ltd determines the purposes and means of processing personal data.

2. REGULATORY STATUS

Abbey Blue Legal Ltd is registered in Ireland as a Trust or Company Service Provider (TCSP) and is subject to anti-money laundering, counter-terrorist financing, and data protection obligations under Irish and EU law.

3. PERSONAL DATA WE PROCESS

We may process the following categories of personal data:

•Identity data (name, date of birth, nationality)

•Contact details (address, email, telephone number)

•Business and company information

•Identification and verification documents (for AML/KYC purposes)

•Financial and billing information

•Correspondence and communications

•Website usage and technical data (IP address, cookies, logs)

We only collect data that is relevant, necessary, and proportionate to the services provided.

4. PURPOSES OF PROCESSING

Personal data is processed for the following purposes:

•Providing company formation and related services

•Meeting legal, regulatory, and compliance obligations

•Conducting AML and KYC checks

•Communicating with clients and responding to enquiries

•Billing, payments, and record-keeping

•Improving our services and website functionality

5. LEGAL BASIS FOR PROCESSING

We process personal data under one or more of the following legal bases:

•Contractual necessity – to perform a contract or take steps at your request

•Legal obligation – to comply with Irish and EU law

•Legitimate interests – for business administration, security, and service improvement

•Consent – where explicitly required (e.g. marketing communications)

6. DATA MINIMISATION & ACCURACY

We take reasonable steps to ensure that:

•Personal data is accurate and kept up to date

•Data is limited to what is necessary for its purpose

•Inaccurate or outdated data is corrected or deleted where appropriate

7. DATA RETENTION

Personal data is retained only for as long as necessary to:

•Provide services

•Meet legal and regulatory obligations

•Resolve disputes and enforce agreements

Retention periods vary depending on the type of data and applicable legal requirements.

8. DATA SHARING & PROCESSORS

We may share personal data with:

•Professional advisers and service providers

•IT and cloud service providers

•Payment processors

•Regulatory or law-enforcement authorities where required by law

All third parties are required to process data securely and in accordance with GDPR.

9. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are implemented in accordance with GDPR requirements.

10. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data against:

•Unauthorised access

•Loss or destruction

•Alteration or disclosure

While no system is completely secure, we take reasonable steps to safeguard all personal data.

11. DATA SUBJECT RIGHTS

Under GDPR, individuals have the right to:

•Access their personal data

•Rectify inaccurate or incomplete data

•Request erasure of personal data (where applicable)

•Restrict or object to processing

•Data portability (where applicable)

•Withdraw consent at any time

Requests can be made using the contact details below.

12. COMPLAINTS

If you believe your data protection rights have been breached, you have the right to lodge a complaint with the Data Protection Commission (Ireland).

13. DATA BREACHES

In the event of a personal data breach, we will:

•Assess the risk to individuals

•Notify the Data Protection Commission where required

•Inform affected individuals where legally necessary

14. POLICY REVIEW & UPDATES

This GDPR Policy may be updated from time to time to reflect legal or operational changes. The latest version will always be available on our websites.

15. CONTACT DETAILS

For GDPR-related enquiries or to exercise your data protection rights, please contact:

Abbey Blue Legal Ltd t/a Abbey Blue Formations

49 North Main Street

Wexford Town

Y35 YT44

Ireland