🇪🇺 GDPR & Irish Data Protection Act 2018 Compliant

GDPR Compliance

Route2Pass is fully compliant with the General Data Protection Regulation (GDPR) and Irish Data Protection Act 2018. Learn about your rights and how we protect your personal data.

Last updated: January 2025 | Certified GDPR compliant by Irish Data Protection Commission standards

Your Data Protection Rights

As an Irish company, Route2Pass is subject to the GDPR and Irish Data Protection Act 2018. We respect your fundamental right to privacy and give you full control over your personal data. You have enforceable rights, and we're here to help you exercise them.

Supervisory Authority:

Irish Data Protection Commission (DPC) • Registration Number: [Route2Pass DPC Registration] • Complaint Portal: dataprotection.ie

Your GDPR Rights

Right of Access

Request copies of your personal data and information about how we process it.

Includes:

  • What personal data we hold
  • Purposes of processing
  • Categories of recipients
  • Retention periods
Response: 1 monthFree

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Includes:

  • Correct wrong information
  • Complete incomplete data
  • Update outdated details
  • Modify contact information
Response: 1 monthFree

Right to Erasure

Request deletion of your personal data in certain circumstances.

Includes:

  • Data no longer necessary
  • Withdrawal of consent
  • Unlawful processing
  • Legal obligation to delete
Response: 1 monthFree

Right to Restrict Processing

Request limitation of how we process your personal data.

Includes:

  • Accuracy is contested
  • Processing is unlawful
  • Data no longer needed
  • Objection is pending
Response: 1 monthFree

Right to Data Portability

Receive your personal data in a structured, machine-readable format.

Includes:

  • Structured format (JSON/CSV)
  • Machine-readable
  • Transmit to another controller
  • Automated processing based on consent
Response: 1 monthFree

Right to Object

Object to processing of your personal data in certain situations.

Includes:

  • Direct marketing (absolute right)
  • Legitimate interests
  • Public task performance
  • Scientific/historical research
Response: ImmediateFree

Lawful Basis for Data Processing

Primary Legal Bases

  • Contract (Article 6(1)(b)): Service delivery and account management
  • Consent (Article 6(1)(a)): Marketing communications and analytics
  • Legal Obligation (Article 6(1)(c)): Tax records and payment compliance
  • Legitimate Interests (Article 6(1)(f)): Security and fraud prevention

Special Categories

Route2Pass does not process special categories of personal data (racial origin, political opinions, religious beliefs, health data, etc.) as defined in Article 9 GDPR.

Our data processing is limited to basic contact and payment information necessary for service provision.

Data Processing Activities

What We Process

1

Identity Data

Name, email address (required for Google Maps sharing)

2

Financial Data

Payment information processed by Stripe (PCI DSS compliant)

3

Technical Data

IP address, browser info, usage analytics (with consent)

Data Recipients

  • Google (Maps API): Route sharing with your explicit consent
  • Stripe: Payment processing (GDPR compliant, EU-based)
  • MongoDB Atlas: Data hosting (EU region, Data Processing Agreement)
  • Vercel: Website hosting (GDPR compliant)
  • Irish Revenue: Tax compliance (legal obligation)

International Transfers: Limited to Google services with appropriate safeguards (adequacy decisions/SCCs).

Technical & Organizational Measures

Technical Safeguards

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access Controls: Multi-factor authentication
  • Monitoring: 24/7 security monitoring
  • Backups: Regular encrypted backups

Organizational Measures

  • Staff Training: Regular GDPR training
  • Access Limitation: Need-to-know basis only
  • Privacy by Design: Built into all systems
  • Regular Audits: Internal privacy assessments

Breach Procedures

  • Detection: Automated monitoring systems
  • Response: 72-hour DPC notification
  • Communication: Individual notification if required
  • Remediation: Immediate containment measures

How to Exercise Your GDPR Rights

Making a Request

1. Contact Our DPO

Email: dpo@route2pass.ie

Subject: "GDPR Request - [Type of Request]"

2. Provide Required Information

  • • Full name and email address used for account
  • • Specific right you wish to exercise
  • • Details of your request
  • • Proof of identity (if requested)

What Happens Next

Response Timeline

  • Acknowledgment: Within 24 hours
  • Identity Verification: If required (2-3 days)
  • Full Response: Within 1 month
  • Complex Requests: May extend to 3 months

No Cost to You

All GDPR requests are processed free of charge unless requests are manifestly unfounded or excessive.

Complaints & Supervisory Authority

If you're not satisfied with how we handle your personal data or GDPR request, you have the right to lodge a complaint with the Irish Data Protection Commission.

Data Protection Officer

dpo@route2pass.ie

Internal complaints first

Irish Data Protection Commission

dataprotection.ie

Official complaint portal

Contact DPC

21 Fitzwilliam Square South, Dublin 2

Phone: +353 57 868 4757

This GDPR compliance page was last updated in January 2025 and is reviewed regularly to ensure continued compliance with Irish and EU data protection law.