Kathleen Halligan Consulting
Kathleen Halligan Consulting
  • Home
  • About
  • Services
  • Blog
  • Partners and Associates
  • Clients
  • Tips for Remote Working
  • CSR Commitment
  • Our Values
  • The Lighthouse Story
  • More
    • Home
    • About
    • Services
    • Blog
    • Partners and Associates
    • Clients
    • Tips for Remote Working
    • CSR Commitment
    • Our Values
    • The Lighthouse Story
  • Home
  • About
  • Services
  • Blog
  • Partners and Associates
  • Clients
  • Tips for Remote Working
  • CSR Commitment
  • Our Values
  • The Lighthouse Story

GDPR Policy & Procedure

Halligan Business Psychology Ltd. T/A Kathleen Halligan Consulting


Latest Review Date: 1st September, 2025
Review Date: 1st September, 2026
Approved By: Kathleen Halligan, Managing Director


1. Introduction

At Kathleen Halligan Consulting we are committed to protecting the rights and freedoms of individuals in line with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018 (Ireland). This policy applies to all personal data processed by Kathleen Halligan Consulting in the course of providing consulting services.


2. Scope

This policy applies to:

  • Personal data relating to clients, prospective clients, suppliers, contractors, employees, and partners.
  • All processing activities whether carried out electronically, on paper, or otherwise

3. Definitions

  • Personal Data – Any information relating to an identified or identifiable natural person.
  • Processing – Any operation performed on personal data (collection, storage, retrieval, use, disclosure, deletion, etc.).
  • Supervisory Authority – The Data Protection Commission (DPC) in Ireland.


4. Data Protection Principles

We are committed to the GDPR principles of:

  1. Lawfulness, fairness, transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability


5. Legal Bases for Processing

We process personal data lawfully under GDPR, relying on:

  • Performance of a contract (e.g. providing services).
  • Compliance with legal obligations (e.g. tax, employment law).
  • Legitimate interests (balanced with rights of individuals).
  • Consent (where explicit consent is required, e.g. for marketing).


6. Data Collection and Use

  • Only necessary data is collected.
  • Data will only be processed for specified, legitimate purposes.
  • Any international transfers of data outside the EU/EEA will only occur where adequate safeguards are in place (e.g., EU Commission adequacy decisions, Standard Contractual Clauses).


7. Data Subject Rights

Under GDPR, individuals have the right to:

  • Be informed about processing activities.
  • Access their personal data.
  • Rectify inaccurate data.
  • Request erasure (“right to be forgotten”).
  • Restrict processing.
  • Data portability.
  • Object to processing (including direct marketing).
  • Withdraw consent at any time.
  • Lodge a complaint with the DPC.

All requests will be addressed within one month.


8. Data Security

  • As far as practicable, we limit the collection of client data on any of our systems, preferring to use client share folders or document management systems so that the data remains in the possession of the client.
  • Data will be stored securely with access restricted to authorised personnel.
  • Encryption, secure passwords, and role-based access are used where appropriate.
  • Regular staff GDPR awareness training is provided.
  • Data held in physical form will be secured (locked storage).


9. Data Retention

  • Data will be kept only for as long as necessary for its purpose or required by law.
  • Data that is no longer required will be securely deleted or anonymised.
  • A Data Retention Schedule is maintained.


10. Data Breach Procedure

In the event of a data breach:

  1. The breach must be reported immediately to the Data Protection Lead.
  2. The breach will be investigated, with risk and impact assessed.
  3. If high risk to individuals, the Data Protection Commission will be notified within 72 hours.
  4. Where required, affected individuals will also be notified without undue delay.
  5. All breaches will be documented, regardless of severity.


11. Roles and Responsibilities

  • Managing Director – Overall responsibility for compliance.
  • Data Protection Lead (DPL) – Managing Director responsible for policy enforcement, handling subject requests, and reporting breaches.
  • Employees – Responsible for complying with this policy and attending GDPR training.


12. Training and Awareness

  • All new staff and associated receive GDPR training at induction.
  • Annual refresher training and ad hoc updates will be provided.


13. Review

This policy will be reviewed annually or earlier if legislation or business processes change.


14. Contact

For any GDPR-related enquiries, please contact:

Data Protection Lead - Managing Director
Support@Halliganconsulting.com
 

Supervisory Authority: Data Protection Commission, Ireland www.dataprotection.ie 

Privacy Notice

  

Privacy Notice – Kathleen Halligan Consulting

1. Who We Are

The Kathleen Halligan Consulting is a professional services consulting company registered in the Republic of Ireland. We act as a Data Controller when handling client personal data.


Contact: Valleymount, Blessington, Co Wicklow
Support@halliganconsulting.com

2. What Data We Collect

We may collect:

  • Contact details (name, email, phone, address).
  • Business and financial information (for contract performance).
  • Communications between you and us.


3. Why We Collect Data

We process personal data to:

  • Deliver and manage our consulting services.
  • Manage billing and contracts.
  • Meet legal and regulatory obligations.
  • Communicate with you about our services.


4. Lawful Basis

We process data under:

  • Contract (to deliver services).
  • Legal obligation (e.g., tax records).
  • Legitimate interests (e.g., improving services).
  • Consent (for marketing communications).


5. Data Sharing

We do not sell or rent personal data. We may share data with:

  • Professional advisers and service providers who assist us.
  • Regulators or authorities if legally required.
  • IT and cloud service providers (subject to data processing agreements).


6. International Transfers

Where data is transferred outside the EU/EEA, safeguards such as EU Commission adequacy decisions or Standard Contractual Clauses are applied.


7. How Long We Keep Data

We retain personal data only as long as necessary (see our Data Retention Schedule).


8. Your Rights

You have rights to:

  • Access, correct, delete, or restrict your data.
  • Withdraw consent (where applicable).
  • Object to processing.
  • Data portability.
  • Complain to the Data Protection Commission (www.dataprotection.ie).


9. Contact Us

For any queries or to exercise your rights, contact:

Data Protection Lead - Managing Director/ Support@halliganconsulting.com

Copyright © 2025 Kathleen Halligan Consulting - All Rights Reserved.

Powered by

  • Privacy Policy
  • Mentoring
  • Leadership & Talent
  • High Performing Teams
  • Sustainability Commitment
  • Equality and Human Rights
  • GDPR Policy

Cookie Policy

This website uses cookies. By continuing to use this site, you accept our use of cookies. Privacy Policy

DeclineAccept & Close