Privacy statement

1. Overview

This Privacy Statement describes how ONICORE Limited (“ONICORE”, “we”, “us”, “our”) collects, uses, shares, and protects personal data in connection with our Website and our business communications. It also explains your rights under the GDPR and how to exercise them.

2. Controller Details

ONICORE Limited is the data controller for personal data processed through this Website and our related communications, unless we explicitly state otherwise in a specific context.

• Legal name: ONICORE Limited
• Company Registration Number (Ireland): 802766
• Registered Office: 61 Windfield Gardens, Knocknacarra, Co. Galway, Galway, Ireland, H91 V3AW
• Email: info@onicore.ie

3. Relevant Laws and Guidance

We prepare and operate this Privacy Statement with reference to applicable Irish and EU rules, including:

• Regulation (EU) 2016/679 (GDPR): https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
• Data Protection Act 2018 (Ireland): https://www.irishstatutebook.ie/eli/2018/act/7/enacted/en/html
• Irish Data Protection Commission (DPC) - Data protection legislation overview: https://www.dataprotection.ie/en/who-we-are/data-protection-legislation
• For cookies and certain electronic marketing: S.I. No. 336/2011 (Irish ePrivacy Regulations): https://www.irishstatutebook.ie/eli/2011/si/336/
• DPC rules overview for direct electronic marketing: https://www.dataprotection.ie/en/organisations/rules-electronic-and-direct-marketing

4. What Personal Data We Collect

4.1 Data you provide to us

When you contact us or interact with our business, you may provide personal data such as:

• Identity and contact details (e.g., name, work email address, phone number).
• Professional information (e.g., job title, company/organisation, sector).
• Communications content (e.g., emails, form messages, meeting notes, attachments).
• Preferences (e.g., marketing preferences, cookie choices where recorded).

4.2 Data we collect automatically (website usage)

When you browse our Website, we may collect limited technical information such as:

• IP address and approximate location inferred from IP (not precise GPS).
• Browser type/version, device type, operating system.
• Log data such as page views, timestamps, referrer URLs, and error logs.
• Cookie identifiers and similar tracking data (where enabled).

For detailed information about cookies and similar technologies, see our Cookies Policy.

4.3 Data from third parties

In some B2B contexts, we may receive business contact information from third parties, such as partners or publicly available sources (for example, a company’s public website), where lawful and relevant.

5. Why We Process Personal Data (Purposes) and Our Legal Bases

Under the GDPR, we must have a lawful basis to process personal data. The lawful basis depends on the context and purpose of the processing.

5.1 Website operation, security, and troubleshooting

Purpose: to operate the Website, keep it secure, and diagnose technical problems.

Legal basis: legitimate interests (Article 6(1)(f) GDPR) in running and securing our business and IT systems, and, where applicable, compliance with legal obligations (Article 6(1)(c) GDPR).

5.2 Responding to enquiries and providing information you request

Purpose: to respond to messages, schedule calls, provide requested materials, and manage communications.

Legal basis: legitimate interests (Article 6(1)(f) GDPR) and/or steps taken at your request prior to entering a contract (Article 6(1)(b) GDPR), depending on the nature of the interaction.

5.3 Business relationship management (customers, prospects, partners, suppliers)

Purpose: to manage and maintain professional relationships, keep records of business communications, and administer contracts where applicable.

Legal basis: performance of a contract (Article 6(1)(b) GDPR) and/or legitimate interests (Article 6(1)(f) GDPR).

5.4 Direct marketing and business communications

Purpose: to send relevant B2B communications such as product updates, event invitations, and insights, where permitted by law.

Legal basis: depends on the channel, recipient type, and Irish ePrivacy rules. For example, certain electronic marketing requires consent under Irish ePrivacy rules, and you always have the right to object to direct marketing under GDPR.

• DPC rules for direct electronic marketing (overview): https://www.dataprotection.ie/en/organisations/rules-electronic-and-direct-marketing

5.5 Analytics and improvements

Purpose: to understand how our Website is used and improve performance and content.

Legal basis: typically consent for non-essential analytics cookies where required, and legitimate interests where a particular implementation is strictly necessary or otherwise permitted under applicable rules (assessment depends on configuration).

6. Legitimate Interests Assessments

Where we rely on legitimate interests (Article 6(1)(f) GDPR), we consider:

• the purpose we are pursuing (e.g., security, responding to enquiries, B2B relationship management),
• whether processing is necessary for that purpose, and
• whether your rights and interests override ours, and any appropriate safeguards (e.g., minimisation, access controls, opt-outs).

You have the right to object to processing based on legitimate interests in certain circumstances (see Section 12).

7. Who We Share Personal Data With

We share personal data only where necessary for the purposes described above and with appropriate protections. Recipients may include:

7.1 Service providers (processors)

We may use third-party service providers to help operate our Website and business operations, such as hosting, security, email, collaboration tools, analytics (if enabled), and CRM tools.

We require processors to process personal data only under our instructions and to implement appropriate security measures, as required by the GDPR.

7.2 Professional advisers

We may disclose information to professional advisers (e.g., legal, accounting, audit) where needed for compliance or business management.

7.3 Legal and regulatory disclosures

We may disclose information where required by law, court order, or where necessary to protect rights, safety, and security.

8. International Transfers (Outside the EEA)

Some service providers may process personal data outside the EEA. Where GDPR international transfer rules apply, we use recognised safeguards such as EU Standard Contractual Clauses and we assess the need for supplementary measures.

• Commission Implementing Decision (EU) 2021/914 (SCCs): https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj/eng
• CJEU Case C-311/18 (Schrems II): https://curia.europa.eu/juris/document/document.jsf?docid=228677&doclang=EN
• EDPB Recommendations 01/2020: https://www.edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en

9. Data Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Statement, and then we delete or anonymise it unless we are legally required to keep it longer.

Retention periods depend on the context. Examples (illustrative, not fixed in all cases):

• Enquiry and contact communications: retained for a reasonable period after the last interaction to maintain context and follow up appropriately.
• Business relationship records (customers/partners/suppliers): retained for the duration of the relationship and for a reasonable period afterward for legal, tax, and contractual management.
• Security logs: retained for as long as needed for security investigations and auditability, and then deleted or aggregated.

If you want more detail, you can request our retention schedule by emailing info@onicore.ie.

10. Security

We implement appropriate technical and organisational measures to protect personal data, taking into account the nature of the data, risk level, and current security practices. These measures may include access controls, least privilege, secure configuration, vendor due diligence, and incident response processes.

No online service can guarantee absolute security; however, we work to reduce risk and respond responsibly.

11. Children

Our Website is intended for business audiences and is not directed at children. If we become aware that personal data has been collected from a child in a manner requiring parental authorisation, we will take appropriate steps to delete the data or obtain required authorisation.

12. Your Rights Under the GDPR

Depending on the circumstances, you may have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase personal data (in certain cases).
• Restrict processing (in certain cases).
• Object to processing (especially where based on legitimate interests and for direct marketing).
• Data portability (in certain cases).
• Withdraw consent at any time where processing is based on consent.

You can exercise your rights by contacting us at info@onicore.ie. We may request information to verify your identity.

13. Complaints (Ireland)

If you have concerns, please contact us first. You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC).

• DPC contact: https://www.dataprotection.ie/en/contact/how-contact-us
• Making a complaint: https://www.dataprotection.ie/en/faqs/initial-contact-dpc/making-complaint-dpc

14. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. The 'Last updated' date at the top will show when changes were made.

15. Reference List (Links)

For convenience, key legal texts and guidance referenced in this Privacy Statement include:

• GDPR (Regulation (EU) 2016/679): https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
• Data Protection Act 2018 (Ireland): https://www.irishstatutebook.ie/eli/2018/act/7/enacted/en/html
• Irish ePrivacy Regulations (S.I. No. 336/2011): https://www.irishstatutebook.ie/eli/2011/si/336/
• DPC direct marketing rules overview: https://www.dataprotection.ie/en/organisations/rules-electronic-and-direct-marketing
• EU SCCs (Decision (EU) 2021/914): https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj/eng
• Schrems II (C-311/18): https://curia.europa.eu/juris/document/document.jsf?docid=228677&doclang=EN
• EDPB Recommendations 01/2020: https://www.edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en

‍