As part of our commitment to processing personal data in a lawful, fair and transparent manner, this Privacy & Cookies Policy explains how we handle information relating to identifiable living people. This policy was last updated on 25 July 2023; it is reviewed from time to time and the latest version can always be found on this website.
Our contact details
Ciara Chivers, trading as Shamrock Roots, is the Data Controller for the personal information we process and is registered with the Information Commissioner’s Office (registration number ZB326195).
+44 28 9621 8628
Shamrock Roots
Unit 823, Moat House
54 Bloomfield Avenue
Belfast
BT5 5AD
United Kingdom
The type of personal information we collect
We currently collect and process the following information about identifiable living people:
- personal data relating to clients and other people with whom we interact in the course of business (e.g. names; email addresses; telephone numbers; addresses; recordings of calls and messages);
- personal data relating to the subjects of client requests for research or related goods and services (e.g. names; addresses; dates and places of birth; dates and places of marriage; professions; images); and
- special categories of personal data relating to the subjects of client requests for research or related goods and services (e.g. religious or philosophical beliefs; racial or ethnic origins; genetic data).
How we collect personal information and why we have it
Most of the personal information we process is collected in one of the following ways:
- it is provided to us by the data subject or someone acting on their behalf;
- it is discovered by us from publicly accessible sources in the course of performing research at the request of clients; or
- it is provided to us by individuals or organisations that we have contacted in the course of performing research at the request of clients.
We may combine personal information from a number of different sources.
Under the General Data Protection Regulation (GDPR), the lawful bases that we rely on for processing this information are contractual obligation and legitimate interest. We further rely on the research condition (UK GDPR Article 9(2)(j) and Data Protection Act 2018, Schedule 1, paragraph 4) for processing special category data.
We use this information to respond to pre-contractual requests from clients and to comply with our obligations under client contracts. We use this information in ways that data subjects should reasonably expect, considering the legitimate interest in people finding out about their family history and local history, and the individual and societal benefits of this activity. We also use clients’ names and contact details for business administration (e.g. invoicing; marketing). We could not reasonably achieve these purposes without processing this information.
The primary recipients of the information we process are our clients. If we contact another individual at the request of a client, personal data they provide to us will only be transmitted to the client with that individual’s consent. The rest of the information that we transmit to clients is usually either publicly accessible or already known to the client so our processing of it has minimal impact on the privacy of the data subjects.
To the extent necessary for us to deliver the goods and services requested by clients, we may share personal information with trusted third-party service providers (e.g. archives from which we request records; printers from which we procure print services; document management services through which we process contracts; financial service providers through which we process invoices and payments). This may involve a transfer of personal data outside of the UK if such transfer would be covered by UK “adequacy regulations” or appropriate safeguards or a relevant exception. We do not permit third-party service providers to use the information for their own purposes and only permit them to process it for our purposes.
How we store personal information
For the purpose of business administration (e.g. invoicing; marketing), we retain clients’ names and contact details for up to ten years from the last time that we delivered goods or services to them. We also retain information collected in course of delivering goods and services for up to ten years from the point of delivery in order to respond to follow-up requests from clients effectively.
The information is stored securely in digital formats on private devices and/or in cloud storage accounts and/or in email accounts, in each case protected by passwords and/or biometric authentication. The information may be recorded on paper temporarily before it is transferred to digital storage and the paper record is destroyed. Storage may involve a transfer of personal data outside of the UK if such transfer would be covered by UK “adequacy regulations” or appropriate safeguards or a relevant exception. At the end of the standard retention period, we dispose of the information by deleting the documents (or the relevant parts thereof) from our devices and cloud storage accounts as well as deleting relevant emails from our email accounts. We may dispose of some of the information sooner if we decide that we no longer need it or we accept a request to erase it.
Children’s information
Our services are not directed at children and we do not proactively collect or solicit personal information about living children. We are sometimes given information about living children as part of requests for research or related goods and services; in such circumstances, the relevant parts of this policy apply to information about children as well as adults.
Data protection rights
Under data protection law, the subjects of the personal information that we hold have rights including:
- right of access – they have the right to ask us for copies of their personal information;
- right to rectification – they have the right to ask us to rectify personal information they think is inaccurate and to complete information they think is incomplete;
- right to erasure – they have the right to ask us to erase their personal information in certain circumstances;
- right to restriction of processing – they have the right to ask us to restrict the processing of their personal information in certain circumstances;
- right to object to processing – they have the right to object to the processing of their personal information in certain circumstances; and
- right to data portability – they have the right to ask that we transfer the personal information that they gave us to another organisation, or to themselves, in certain circumstances.
Anyone who wishes to exercise any of these rights should email their request to hello@shamrockroots.com and we will respond within one month. Data subjects are not usually required to pay a charge for exercising these rights.
How to complain
Anyone who has concerns about how we use their personal information can email their complaint to hello@shamrockroots.com.
They can also complain to the Information Commissioner’s Office (ICO) if they are unhappy with how we have used their data. The ICO’s contact details are as follows:
Helpline number: +44 303 123 1113
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
Cookies
We process anonymous data relating to users of the website https://shamrockroots.com. This data is collected using cookies. Cookies are small text files that are placed on users’ devices by websites that they visit. Cookies allow websites to recognise users’ devices and store some information about users’ preferences and actions. Websites can use cookies to help users navigate efficiently and perform certain functions, and the information they collect can help to understand how the website is used so that the user experience can be improved. Cookies that are required for a website to operate properly are allowed to be set without user permission. All other cookies need to be approved before they can be set. Users can opt out of the use of non-essential cookies by this website on the banner that appears when they first visit. Users can check and edit their consent status at any time at the bottom of our Privacy & Cookies Policy page. Users can also disable cookies in their browser settings and this website will respond to Do Not Track requests. Users who accept cookies can later delete them from their devices at any time via their browser settings.
These are the cookies used by this website with their durations and purposes:
| Cookie | Duration | Description |
|---|---|---|
| _ga | 1 year 1 month 4 days | Used by Google Analytics to calculate visitor, session and campaign data and also keep track of site usage for the site's analytics report. It stores information anonymously and assigns a randomly-generated number to recognise unique visitors. |
| _ga_[container-id] | 1 year 1 month 4 days | Used by Google Analytics to store and count page views. |
| cookielawinfo-checkbox-advertisement | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Advertisement". |
| cookielawinfo-checkbox-analytics | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Others". |
| cookielawinfo-checkbox-performance | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record user consent for cookies in the category "Performance". |
| CookieLawInfoConsent | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to record the default button state of the corresponding category. It works only in coordination with the primary cookie. |
| viewed_cookie_policy | 1 year | Used by the CookieYes GDPR Cookie Consent plugin to monitor the user's consent to the use of cookies. |
| wpEmojiSettingsSupports | session | Set by WordPress when a user interacts with emojis on a WordPress site to determine if the user's browser can display emojis properly. |
