GDPR & Your Data Rights

Our GDPR Commitment

2Flow (a trading name of Cyclone Corporate Services Group Limited) takes data protection seriously. We comply with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Acts in how we collect, process, store and protect personal data.

This page is a summary. For the full detail of how we handle personal data, please read our Privacy Policy.

Your Rights Under GDPR

If we process your personal data, you have the following rights. You can exercise any of these by contacting our Data Protection Officer using the details at the bottom of this page.

How to Exercise Your Rights

To exercise any of the rights above, please write to our Data Protection Officer at the address below. Please include:

• Your full name and contact details
• A description of the right you wish to exercise
• Sufficient information for us to identify you and verify your request

We will respond within 30 days. In complex cases we may extend this by up to a further 60 days, and we will let you know within 10 days of your request if that is the case.

Please note: for security reasons, we do not accept Right of Access requests by telephone, email or text message. Written requests can be posted or submitted via our contact process with a signed letter.

Our Role as a Data Processor

When our clients engage us to handle fulfilment, warehousing, delivery or related services, we act as a Data Processor on their behalf. The client is the Data Controller and decides the purposes and means of processing. In that capacity, we:

• Only process personal data on the client's documented instructions and in line with the signed services agreement.
• Adopt appropriate technical and organisational measures to protect personal data against unauthorised access, loss or destruction.
• Notify the client promptly of any personal data breach affecting data we process on their behalf.
• Ensure all 2Flow personnel who handle personal data are bound by confidentiality obligations and appropriately trained.
• Support the client in meeting their own GDPR obligations, including responding to data subject requests and carrying out Data Protection Impact Assessments.
• Observe all obligations around sub-processing and international data transfers.
• Delete or return all personal data on termination of services, unless legally required to retain it.

International Data Transfers

Where personal data is transferred outside the European Economic Area, we put in place appropriate safeguards (such as Standard Contractual Clauses) to ensure your data receives a level of protection equivalent to that provided within the EEA.

Data Breaches

We have processes in place to detect, investigate and report personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Irish Data Protection Commission within 72 hours and, where required, notify affected individuals without undue delay.

Lodging a Complaint

If you are not satisfied with how we have handled your personal data or a request to exercise your rights, you have the right to lodge a complaint with the Irish Data Protection Commission.

Data Protection Commission website: www.dataprotection.ie
Email: info@dataprotection.ie

Contact Our Data Protection Officer