Privacy Policy

Last updated: November 25, 2024

1. Introduction and Overview

1.1 Who We Are

IrishDrivingTests.com ("we", "us", "our", or "the Company") operates the website irishdrivingtests.com and provides driving test cancellation monitoring services to customers in the Republic of Ireland. We are committed to protecting and respecting your privacy and personal data.

For the purposes of applicable data protection legislation, including the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (Ireland), IrishDrivingTests.com is the data controller responsible for your personal information.

1.2 Purpose of This Policy

This Privacy Policy explains:

• What personal data we collect from you and why;
• How we use, process, and store your personal data;
• Who we share your data with and why;
• Your rights regarding your personal data;
• How we protect your information; and
• How to contact us about privacy matters.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

1.3 Scope of This Policy

This Privacy Policy applies to personal data collected through:

• Our website (irishdrivingtests.com);
• Account registration and service sign-up processes;
• Communications with us (email, SMS, phone, or other channels);
• Use of our driving test cancellation monitoring service; and
• Any other interactions you have with IrishDrivingTests.com.

This policy does not apply to third-party websites or services that we may link to (such as the RSA website or payment processors). Those third parties have their own privacy policies, which we encourage you to review.

2. Information We Collect

We collect and process various types of personal data to provide our Service effectively. The categories of personal data we collect include:

2.1 Account and Contact Information

When you create an account or sign up for our Service, we collect:

• Full Name: To identify you and personalize communications.
• Email Address: For account verification, service notifications, booking confirmations, and customer support.
• Mobile Phone Number: To send SMS alerts about available test slots and booking confirmations. This is essential for our notification service.
• Password: To secure your account. Passwords are stored in encrypted (hashed) form and are never stored in plain text.

2.2 RSA Booking and Driving Licence Information

To provide our cancellation monitoring service, we require access to your RSA driving test booking details:

• Driving Licence Number: Required to access your RSA booking and verify your identity with the RSA system.
• RSA Booking Reference Number: To locate and manage your existing driving test appointment.
• Theory Test Certificate Number: If applicable, to assist with booking verification.
• Current Test Date, Time, and Location: To understand your existing booking and search for earlier alternatives.

By providing this information, you authorize us to access the RSA booking system on your behalf to search for and (if you select Auto Book mode) rebook your driving test to an earlier date.

2.3 Service Preferences and Settings

To tailor our Service to your needs, we collect:

• Preferred Test Centres: Up to three test centre locations where you are willing to take your test.
• Date Range Preferences: Your earliest and latest acceptable dates for a test.
• Day of Week Preferences: Which days of the week you are available.
• Time of Day Preferences: Whether you prefer morning, afternoon, or any time slots.
• Booking Mode Selection: Whether you choose Auto Book or Manual Mode.
• Add-on Selections: Whether you have opted for Refund Cover or Unlimited Retest Coverage.

2.4 Payment and Transaction Information

When you purchase our Service, we collect:

• Payment Method Details: We use third-party payment processors to handle credit/debit card payments securely. We do not store your full card details on our servers.
• Transaction Records: Order ID, transaction ID, payment amount, currency, payment status, and transaction timestamps.
• Billing Information: Name and email associated with the payment.

All payment card data is processed and stored by our PCI-DSS compliant payment service providers. We never have access to your full card number or CVV.

2.5 Communication Records

We maintain records of our communications with you, including:

• SMS Messages: Copies of text messages we send to you and any replies you send to us.
• Email Correspondence: Emails we send and emails you send to us.
• Customer Support Interactions: Any queries, complaints, or requests you submit, along with our responses.

2.6 Technical and Usage Data

When you visit our website or use our Service, we may automatically collect:

• Device and Browser Information: Type of device, operating system, browser type and version.
• IP Address and Location Data: Your IP address, which may indicate your general geographic location.
• Log Data: Access times, pages viewed, referring website, and clickstream data.
• Cookies: As described in Section 10 below.

3. How We Use Your Personal Data

3.1 To Provide and Deliver Our Service

• Monitor RSA for cancellations matching your criteria
• Rebook your test automatically (if in Auto Book mode)
• Send notifications via SMS and email
• Manage your account and preferences

3.2 To Process Payments and Manage Orders

• Process payments for the Service
• Issue receipts and invoices
• Handle refunds when applicable
• Maintain financial records
• Detect and prevent fraud

3.3 To Communicate with You

• Send service-related communications (booking confirmations, status updates)
• Provide customer support
• Send account and security notifications
• Notify you of policy changes

3.4 To Improve and Develop Our Service

• Understand how customers use our Service
• Develop new features and enhancements
• Optimize performance and reliability
• Conduct internal research and analytics

3.5 For Security, Fraud Prevention, and Legal Compliance

• Protect our Service from unauthorized access and abuse
• Prevent fraudulent transactions
• Comply with legal obligations
• Respond to lawful requests from authorities

3.6 Marketing Communications (With Consent)

If you have given us consent, we may send you promotional offers, information about new features, or surveys. You can opt out at any time by clicking "unsubscribe" in emails or replying STOP to SMS messages.

4. Legal Basis for Processing Your Data

4.1 Performance of a Contract

Most of our data processing is necessary to fulfill our contract with you, including providing the Service, processing payments, and managing your account.

4.2 Consent

We rely on your explicit consent for marketing communications and optional data collection. You can withdraw consent at any time.

4.3 Legitimate Interests

We process certain data based on our legitimate business interests, such as service improvement, security, fraud prevention, and customer support.

4.4 Legal Obligation

We process data to comply with legal requirements, such as retaining financial records for tax purposes and responding to lawful requests from authorities.

5. How We Share Your Personal Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes. However, we may share your data with:

5.1 Service Providers and Processors

We engage trusted third-party companies to help us deliver our Service:

• Payment Processors: To process credit and debit card transactions securely in compliance with PCI-DSS standards.
• SMS Service Providers: To send text message notifications about test slots and booking confirmations.
• Email Service Providers: To send transactional and marketing emails.
• Cloud Hosting Providers: To host our website, databases, and applications on secure servers.
• Customer Support Tools: To manage support tickets and communications.

All service providers are contractually obligated to protect your data and use it only for specified purposes. We have data processing agreements in place as required by EU GDPR.

5.2 RSA (Road Safety Authority)

We access the RSA's online booking system on your behalf using the credentials you provide. We act as your authorized agent to interact with the RSA system. The RSA has its own privacy policy, and we are not responsible for their data practices.

5.3 Legal and Regulatory Authorities

We may disclose your data to law enforcement, government agencies, or courts if required by law, necessary to comply with legal obligations, or to protect rights, property, or safety.

5.4 Business Transfers

If IrishDrivingTests.com is involved in a merger, acquisition, or sale of assets, your data may be transferred to the new owner. We will notify you before this occurs.

5.5 Aggregated or Anonymized Data

We may share aggregated, anonymized data that does not identify you personally for statistical or research purposes.

6. International Data Transfers

IrishDrivingTests.com is based in the Republic of Ireland. Some of our service providers may have servers located outside Ireland. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions (transferring to countries with adequate data protection)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional security measures and encryption

7. Data Security and Protection

We implement robust technical and organizational measures to protect your data:

7.1 Technical Security Measures

• Encryption: All data transmitted between your browser and our servers uses SSL/TLS (HTTPS). Sensitive data is encrypted or hashed in our databases.
• Secure Password Storage: Passwords are hashed using bcrypt or similar algorithms and never stored in plain text.
• Firewalls and Intrusion Detection: Our servers are protected by firewalls and intrusion prevention systems.
• Regular Security Updates: We keep our systems up to date with the latest security patches.
• Access Controls: Only authorized personnel can access personal data, and only when necessary.

7.2 Organizational Security Measures

• Staff training on data protection and security best practices
• Confidentiality agreements for all employees and contractors
• Data minimization (collecting only necessary data)
• Regular security audits and reviews

Note: While we implement strong security measures, no method of transmission over the internet is 100% secure. If you become aware of any security breach, please contact us immediately.

8. Data Retention

We retain your personal data only as long as necessary:

8.1 Retention Periods

• Active Service Period: While you have an active account, we retain all necessary data.
• After Service Completion:
  • Transaction and financial records: Up to 7 years (Irish Revenue/accounting requirements)
  • Account and booking data: 6-12 months after service completion
  • Communication records: Up to 2 years
• Marketing Data: Until you opt out or after 2-3 years of inactivity

8.2 Deletion and Anonymization

After the retention period, we securely delete or anonymize your data. You can request deletion at any time (see Section 9).

9. Your Rights Under EU GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Subject Access Request)

You can request a copy of the personal data we hold about you. We will respond within one month, free of charge.

9.2 Right to Rectification

You can request that we correct inaccurate or incomplete data. You can update most information through your account settings.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data in certain circumstances, such as when it's no longer necessary or you withdraw consent. Note that we may need to retain some data for legal obligations.

9.4 Right to Restriction of Processing

You can request that we temporarily suspend processing of your data in certain situations, such as when you contest data accuracy.

9.5 Right to Data Portability

You can receive your data in a structured, machine-readable format (such as CSV or JSON) and request that we transmit it to another service provider.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop marketing immediately upon request.

9.7 Right to Withdraw Consent

Where we process data based on consent, you can withdraw it at any time. This doesn't affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

If you believe we have not handled your data properly, you can complain to the Irish Data Protection Commission (DPC):

• Website: dataprotection.ie
• Phone: +353 (0)76 110 4800
• Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

We encourage you to contact us first so we can address your concerns.

9.9 How to Exercise Your Rights

To exercise any of these rights, contact us using the details in Section 13. We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit.

10.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function (session cookies, CSRF protection, load balancing). You cannot opt out of these.
• Functional Cookies: Remember your choices and preferences to provide enhanced features.
• Performance/Analytics Cookies: Collect aggregated, anonymized information about how visitors use our website to help us improve it.

We do not use:

• Third-party advertising or tracking cookies
• Cross-site tracking cookies
• Cookies for behavioral advertising or profiling

10.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. For more information, visit www.aboutcookies.org.

11. Third-Party Links and Services

Our website may contain links to third-party websites (such as RSA, payment processors, or social media). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to read their privacy policies.

When you use a third-party payment processor, they collect and process your payment information according to their own policies. We do not have access to your full payment card details.

12. Children's Privacy

Our Service is not intended for individuals under 17 (the minimum age for a provisional driving licence in Ireland). We do not knowingly collect data from children under 17.

If we become aware that we have collected data from a child under 17 without appropriate consent, we will delete it immediately. If you are a parent or guardian and believe your child has provided us with data, please contact us.

13. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: [email protected]
Data Controller: IrishDrivingTests.com
Website: irishdrivingtests.com

We aim to respond to all inquiries within 5 business days. For data subject rights requests, we will respond within one month as required by EU GDPR.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy;
• Post the revised policy on our website; and
• For significant changes, notify you via email or a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you do not agree with any changes, you should stop using the Service and may request deletion of your account and data.

15. Additional Information

15.1 Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our automated searching is based on the explicit preferences you set, not on profiling your behavior.

15.2 Do Not Track Signals

Our website does not currently respond to Do Not Track (DNT) signals because there is no industry-wide standard. However, we do not track users across third-party websites for advertising.

---