Skip to main content

Privacy Policy

At IPASS, we are committed to protecting your privacy and this Privacy Notice sets out how we process your personal and financial data and applies to all Services offered by us.

Version 2.0: This notice was last updated July 2024.

1. WHO WE ARE

We (“IPASS”, “we”, “us”, “our”) are part of the Bright Software Group of companies providing both desktop and online software-as-a-service solutions (“Services”) to businesses, bureaus and accountants across Ireland and the United Kingdom.

Bright
 comprises the following companies (and any other wholly owned legal entities):

  • Bright SG Ltd (Reg. in Ireland: 186005)
  • Bright SG Ltd (Reg. in UK: 4664435)
  • Irish Payroll Associated Ltd (Reg. in Ireland: 327011)
  • MyWorkpapers Ltd (Reg. in UK: 8631892)
  • BTC Software Ltd (Reg. in UK: 04539303)

2. UNDERSTANDING OUR PRIVACY NOTICE

In full compliance with our obligations under the European Union and United Kingdom General Data Protection Regulations (“GDPR”), the purpose of this notice is to provide you with full transparency about how IPASS collects and processes your personal data when you browse our websites and use our Services, or otherwise provide personal data to us. This also includes detailing your rights under GDPR.

This notice applies where you have, directly or indirectly, provided us with your personal data through any of the methods of collection listed below in Section 4 and how and why we process that data according to the required legal bases listed in Section 5.

It is important that you read and understand this Privacy Notice so that you are fully aware as to how and why we are using your data.

3. DATA CONTROLLER / DATA PROCESSOR

IPASS shall be the Data Controller of information provided to us about where you contact or request information from us, register as a student or member, register to attend any of our events, seminars, or courses, visit our website, or avail of any other goods and services offered by IPASS.

IPASS 
Privacy Notice sets out how we process your data on behalf of your employer and the rights that you have in relation to that information.

4. PERSONAL DATA WE COLLECT

In the following situations, we will collect the listed personal data:

  • When you purchase or register to use our Services, the personal data we collect may include your name, home address, email address, mobile/telephone number, date of birth, employer, PPS number, nationality, and IP address of the computer using our Services.
  • Financial information such as your bank account details, credit/debit card details;
  • When you contact us with a support query, either through phone, email or our chatbot. This will primarily include your name and contact details, and IP address.
  • Student and membership information such as student numbers, exam scripts and results, educational details, membership numbers.
  • When you request or download a demo or copy of our Services (including free trials), attend a webinar, sign-up to our mailing list, submit an online query, or complete any surveys, provide a testimonial, or enter any competition. Details gathered may include your name, business name, address, email, telephone number and/or IP address.
  • When you interact with us using social media. This may include name, social media handle, email address and/or business name.
  • When you apply for a job posting. This may include your curriculum vitae, details of qualifications and experience, or any other application form detail that you have provided.
  • When you or your organisation provide(s) services to us. In this context, we may collect basic personal data about you (mainly professional contact details).
  • When third parties provide us with personal data about you. This may happen where we work with a business partner that has an existing relationship with you or where personal details are provided to us by marketing companies.
  • When you contact us and speak to us, such as by telephone or other verbal communication platform, voice recordings for training and quality purposes. Call recordings are kept for up to six (6) months, unless specifically stated otherwise.

IPASS may also receive your data indirectly from the following sources:

A third party such as your employer, a work colleague, or a family member who provides us with your personal data in order for you to avail of our goods and services. When providing your data, third parties should ensure you are made aware that they are doing so and that it may be processed in accordance with the terms of this Notice. Where necessary they should obtain your consent.

At IPASS, we do not process any special categories of personal data as defined under GDPR. Additionally, we do not knowingly collect any personal data from anyone under the age of 16, or knowingly allow such persons to register or use our Services. If we learn that we have collected personal data from a person under the age of 16, and without verification of parental consent, we will endeavour to delete that information as quickly as possible.

We may obtain information through our Services that you or your users install or access. We may gather information related to a user’s use of that Service, and use of specific features within that Service.

Providing us with information about others

Should you give us personal data about someone else, you are responsible for ensuring that you comply with all applicable data protection laws. In advance of submitting any information to us, you should have notified them that their data is shared with IPASS and detailed how we collect, use and retain their personal data by drawing their attention to this Privacy Notice.

5. HOW WE USE YOUR DATA

We undertake to design our Services in such a way as to minimise the use of personal data. For any processing, we must have a valid lawful basis that is specific and necessary, and these reasons are outlined below. We will not use your information for any other purpose.

Please be aware that, should you refuse to provide us with certain mandatory information, it may not be possible for us to provide that Service to you.

Contractual Necessity

We will process data where it is necessary to enter into a contract with you for provision of a IPASS Service and to perform our obligations under that contract. Examples include:

  • Processing and reviewing applications for your use of the requested Service;
  • Providing the information and Service that you have requested from us;
  • Managing and maintaining our relationship with you and for ongoing customer service;
  • Providing software support for our Service and to manage our relationship with you, either through telephone, email, or other online support mechanisms. This may include queries, requests and or/complaints related to the Service;
  • Managing software usage and to ensure compliance with the terms of your contract with us;
  • Processing your payments to us and/or managing payments you make through our Service;
  • Sending essential communication to you about the Service.

Legal Obligation

When you use a IPASS Service, we are required by law to collect and process certain personal information about you. Examples include:

  • To comply with the Qualifications and Quality Assurance (Education and Training) Act 2012 which requires us to send learners’ personal data to Quality and Qualifications Ireland (QQI) and to a third party such as an insurance broker for the purpose of complying with our Protection of Enrolled Learners (PEL) obligations.
  • Confirming your identity and helping to protect against abuse and fraud as part of a model to ensure sure access to our Services;
  • Performing checks on our Services and monitoring transactions and location data for the purpose of preventing and detecting crime and to comply with the laws relating to money laundering, fraud, terrorist financing, bribery, and corruption;
  • Sharing information with police, law enforcement, tax authorities or other government and fraud prevention agencies, where we have a legal requirement to do so, including reporting suspicious activity and complying with production and court orders;
  • Delivering essential communications to Service users, including revised disclosures and/or terms and conditions;
  • Investigating and resolving complaints or actions, where we may need to exercise or defend our legal rights or uphold your rights under law;
  • Performing assessments and analysing customer information for the purposes of managing, improving and fixing data quality where necessary;
  • Providing assurance that we have effective processes to identify, manage, monitor, and report on the risks IPASS might be exposed to (e.g., security; fraud; and client confidentiality).

Legitimate Interest

We will process your personal data within IPASS where it is in our legitimate interests to do so, and without prejudicing your interests or fundamental rights and freedoms. Examples include:

  • Providing you with updates about IPASS Services and functionality, including product developments, new features, essential maintenance, upgrades, and releases;
  • Assist in our sales cycle for the onboarding of new customers;
  • Analysing your data so that we can administer, support, improve and develop our business, customer service and features of the Service;
  • Improving your use and experience of IPASS by:
  1. Gathering feedback from you on your use of, and interactions with our Service;
  2. Tracking your interactions with our Service to tailor content within the Service;
  3. Reporting at an aggregate level on the user experience, utilisation, and performance of the Service;
  4. Performing research and trend analysis to optimise your experience of our Service;
  5. Record and monitoring calls to our telephone and online help facilities;
  6. Providing you with detailed information on your account activity if requested.
  • Using your personal information in an anonymised and aggregated form to create content, including:
  1. Infographics, industry reports and media campaigns;
  2. Blog posts, videos and webinars on the nature and use of IPASS Services;
  3. Social media content, owned and operated by IPASS.
  • Conduct our internal recruitment processes.

Consent

Where we have your explicit consent, we may use your information for the following purposes. You will always have the option to opt-out on any related correspondence from us. Examples include:

  • Receiving requested email communications from us;
  • Marketing new products, features, or Services;
  • Inviting you to provide answers to a questionnaire, research, or survey, or enter any competition;
  • Delivering invitations to events including webinars, seminars, or videos.

We do not employ any automated decision-making processes in relation to your personal data.

6. DATA LOCATION

IPASS stores your data within the European Union (EU) in secure data centre facilities meeting the strictest security standards and in compliance with GDPR.

Where we use third party service providers, some of these may be located outside the UK/EU. Please see our list of Subprocessors detailing who we use, what purpose we use them for, where they store the data we share with them, and the adequacy mechanism(s) we rely on to ensure compliance with data protection requirements.

7. DATA RETENTION

We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices.

We will maintain a record of our Service customers to meet our legal and regulatory business requirements, including for the purpose of fraud prevention, for up to six (6) years following discontinuation of the Service.

Your data that we use for marketing purposes will be kept until you notify us that you no longer wish to receive such information. The option to opt-out of marketing messages is available on all related correspondence from us.

To ensure continuity and transparency in our recruitment campaigns, all applicant details will be kept after the end of the recruitment process for at most twelve (12) months.

8. EMAILS FROM US

We will contact you regarding purchases (such as invoices and renewal notifications) as well as emails relating to essential software maintenance, including upgrades and releases, where applicable. We may contact you for this purpose by SMS, WhatsApp or email. These “servicing messages” will be delivered under the legal basis of Legitimate Interests and you cannot unsubscribe from them unless disengaging with our Service(s).

We may contact users and prospective users with additional “marketing messages”, such as free webinars, CPD events, special offers and newsletters from our Group of companies, where you have explicitly opted-in to receive this information. We may contact you for this purpose by telephone, post, SMS, WhatsApp or email. You will always have the ability to unsubscribe from these types of communications at any time by visiting our Preference Centre.

Alternatively, you can let us know your preference by contacting us (see Section 19 below).

9. DISCLOSURE AND SHARING OF YOUR DATA

In the following circumstances, we may send your personal data to other parties:

  • We will share your personal data with a third party where we have a legal obligation to do so, for example to comply with our obligations under the Qualifications and Quality Assurance (Education and Training) Act 2012.
  • Where we have obtained your express consent to share that information;
  • Where we need to share information within the wider Bright Software Group of companies to provide a Service to you, whether paid or unpaid;
  • Where we need to send the information to others who work on behalf of IPASS to provide a Service to you;
  • Where we find that your actions violate the Terms & Conditions, or any of our usage guidelines;
  • Where IPASS is subject to a takeover or merger, in which case the information will be disclosed to the new owners on the understanding that they will protect the information and only use the information in the same way as previously disclosed;
  • Where we must respond to court orders and any other legitimate request made by relevant authorities, and with which we must comply.

We will not sell, trade, or rent any personal data to any other third party not connected with IPASS or part of the normal operation of the Service we provide to you.

We limit access to personal information only to those IPASS employees who need access to that data as part of our providing our Services to you.

Third Party Service Providers (Subprocessors)

In providing you with our Service, we may use carefully selected third party service providers (subprocessors) to help us deliver that Service to you. Such providers may be located outside the EU/UK, in which case the data will only be transferred to countries that have either been identified as providing adequate protection or to a third party where we have approved transfer mechanisms in place, for example, by entering into the European’s Commission’s Standard Contractual Clauses. This may require us to share your data with them. We will always take steps to ensure that the safety and security of your information is considered, implementing and maintaining necessary technical and organisational measures over each transfer of personal information, and mandating that our third parties maintain a similar level of duty and care.

These subprocessors are only permitted to use the information in accordance with our instructions and are not permitted to further transfer your data, nor permitted to use your data for their own business purposes.

Please see our list of Subprocessors detailing who we use, what purpose we use them for, where they store the data we share with them, and the adequacy mechanism(s) we rely on to ensure compliance with data protection requirements.

10. MEASURING OUR VISITORS

We measure visitors to our website using Google Analytics using Cookies. This records how you arrived at our site, what pages you view on our site, and some basic information about your computer. The information we record is anonymous – we do not know who you are, only that you have visited our site – and we use this to help make our website better.

You can learn more about Google Analytics, or opt-out if you wish.

11. USE OF COOKIES

Cookies are small text files that are placed on your computer by websites that you visit. Cookies help make a website work and can provide information to us about how our users interact with our online Services, including this website, to help us improve the Service to our users.

12. PAYMENTS

We never store your credit card details on our systems. Where such information is provided, it is passed directly to our payment service provider solely for the purpose of processing the payments you make via our Service.

13. DATA FILES

IPASS has no control over the authority, quality of safety of the data you input into our Service. You, and you alone, are responsible for the accuracy and completeness of your records.

Where applicable, you are responsible for keeping your user details and any passwords confidential. Our staff have no access to passwords which are stored encrypted on our Service. We will never ask you for your password, so please do not trust anybody asking you for it.

Customers using a cloud service

You acknowledge that, apart from data format validation checks, we do not monitor, edit, or review whether the data you enter into the Service is accurate.

You can edit your stored data at any time by signing into your Service account and making any necessary changes. We reserve the right to delete any data that is deemed out of date or no longer required, in line with applicable data protection legislation and/or our data retention schedule, or where you cease to be a contracted user of that Service.

14. SECURITY

The security of your data is of utmost important to us at IPASS. We have a number of technical and organisational measures in place to protect against unauthorised access, disclosure, loss, misuse or malicious alteration of your personal information.

For further details of the security measures we have implemented, please see the Security section of our website.

Whilst we undertake to maintain the highest possible levels of security practicable to protect your data while using our Service, no system or storage technology can be guaranteed to be 100% secure. Any such transmission of data over the internet is at your own risk.

15. YOUR RIGHTS

Under current data protection laws, you have certain rights in relation to your personal data:

Access to your personal data

You can confirm if we are processing your personal data and obtain a copy of that data by accessing the Service for which you hold an account, or please contact us.

Right to change or withdraw your consent

Where you have given your consent to us to process your data in line with this Privacy Notice, you may withdraw that consent by contacting us. If you wish to change your contact preferences, or no longer wish to be contracted for marketing purposes, please contact us or use our Preference Centre to opt-out.

Right to rectification

If you need to update incorrect information we hold about you, please log in to your Service account to update your personal data or contact us.

Right to erasure

You are free to delete your data at any point, through functionality directly provided by our Service, or by contacting us.

Right to data portability

You may request us to provide you with the personal data that we hold about you in a structured, commonly used, machine-readable format, or ask us to send such personal data to another Data Controller. If this is the case, please contact us.

Right to object

In certain circumstances, you may object to our processing of your data. If this is the case, please contact us.

Right to restrict processing

You can ask us to restrict the processing of the personal data we hold about you in some circumstances. If this is the case, please contact us.

Making a complaint

If you wish to raise a complaint on how we process your personal data, please contact us in the first instance and we will investigate the matter.

Contacting us

Please see Section 17 below.

We may need to request specific information from you to help us confirm your identity to ensure your right to access your personal data, or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any other person who has no right to receive it. We also contact you to ask you for further information in relation to your request to help speed up our response to you.

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have multiple requests. In such cases, we will notify you within one month and keep you updated on progress.

If you exercise a particular right outlined above or opt not to provide the requested personal information for the purposes set out in this Privacy Notice, we may not be able to provide you with access to the related Service. In such cases, we may have to delete any associated Service accounts. Where a Service contains your business financial data, it is your responsibility to maintain the appropriate records for your legal, regulatory and compliance requirements. IPASS is under no obligation to retain any data on your behalf if you are no longer subscribed to our Service.

16. UPDATES TO OUR PRIVACY NOTICE

IPASS may modify or update the content of this Privacy Notice from time to time to reflect changes in our business and/or in line with continuing or improving industry best practice. We will post any changes here on our website, updating the version and date, so you are always aware of what information we collect, how we use it, and under what circumstances we may share or disclose it. We recommend checking the Privacy Notice on a regular basis.

17. CONTACTING US

If you have any queries relating to this Privacy Notice, IPASS use of your data or concerns in relation to the Digital Services Act (Regulation (EU) 2022/2065) (DSA), please contact our Privacy Officer via email at [email protected], or through our office address below.

The Irish Payroll Association
9 Western Parkway Business Centre,
Ballymount Drive,
Dublin
D12 K259

Please note that phone calls to IPASS may be recorded for monitoring, training and security purposes.

If you are not satisfied with our response or believe our processing of your personal data is not in accordance with applicable data processing legislation, you can raise a concern with the Irish Data Protection Commissioner (DPC).

Shopping cart0
There are no products in the cart!