Privacy Policy
Legal Notice
Privacy Policy
Version: 2.0 • Last updated: 6 November 2025
Scope: This Privacy Policy applies to the website digital-synergy.eu (the “Website”). It explains how we collect and process personal data when you use the Website or contact us.
1) Who we are (Controller)
Controller: Digital Synergy Ltd
Registered address: Second Floor, 74 South Mall, T12 F3FD Cork, Co. Cork, Republic of Ireland
Company/CRO number: 561118
Tax number: 3384851DH
Email (privacy): legal@digital-synergy.eu
Email (cookies): privacy@digital-synergy.eu
Telephone: +353 21 203 1280
2) What data we process
We process limited personal data when you browse our Website or contact us:
- Browsing & device data (e.g., IP address, device type, HTTP headers, timestamps) generated by your browser and our servers/CDN for security and delivery of the Website.
- Cookies & analytics data (pseudonymous identifiers, events) only with your consent (see Sections 3 and 6).
- Contact enquiries (name, email, the content of your message) if you email us or use any contact route we provide.
We periodically review and delete or anonymise data that is no longer needed.
3) Purposes, Legal Bases and Retention
The table below summarises what we do with your data, the legal basis under GDPR Article 6, how long we keep it, the recipients/processors, and whether data is transferred outside the EEA (and on which mechanism).
| Purpose / Activity | Legal basis (GDPR) | Retention | Recipients / processors (named) | International transfers |
|---|---|---|---|---|
| Website functionality & strictly necessary cookies | Art. 6(1)(f) GDPR (legitimate interests: deliver and operate the website) | Session cookies: until end of session. Server access/error logs: up to 90 days (longer only in case of incidents). | Self-hosted web stack operated by Digital Synergy Ltd on our server. Infrastructure processor: Hetzner Online GmbH (Germany) – DPA: https://www.hetzner.com/AV/DPA_en.pdf. No external CDN is used. |
No (hosted in the EU – Germany) |
| System security & abuse detection | Art. 6(1)(f) GDPR (security and integrity of systems) | Technical/security logs: up to 180 days (longer only if an incident requires). | Hetzner Online GmbH (infrastructure logs) – DPA: https://www.hetzner.com/AV/DPA_en.pdf. |
No (EU) |
| Handling enquiries (contact form or email) | Art. 6(1)(b) GDPR (pre-contractual steps) or Art. 6(1)(f) GDPR (respond to enquiries), depending on context | Up to 12 months from last interaction (longer only for legal claims). | Self-hosted email operated by Digital Synergy Ltd on our server. Infrastructure processor: Hetzner Online GmbH (Germany) – DPA: https://www.hetzner.com/AV/DPA_en.pdf. No external email provider/relay is used. |
No (EU) |
| Audience analytics (Google Analytics 4) | Art. 6(1)(a) GDPR (consent via CMP; Consent Mode v2, ads features disabled until consent) | GA4 event data: 14 months. Consent logs: 24 months. | Google Ireland Limited (processor); Google LLC (USA, support sub-processor). GA4 Measurement ID: G-5MB58K74J8.References: GA4 cookies & durations • Data transfer frameworks • Privacy Policy. |
Yes – transfers to the USA under the EU-US DPF for Google LLC (SCC as fallback) |
4) International Transfers
International data transfers (GA4 and support): We use Google Analytics 4 provided by Google Ireland Limited (processor). In the context of support, transfers to Google LLC (USA) may occur.
- Transfer mechanism: we rely on the EU‑US Data Privacy Framework (DPF) for Google LLC (status: participant/certified — verifiable in the official DPF registry), and we apply EU Standard Contractual Clauses (SCCs) as a fallback mechanism.
- TIA (Transfer Impact Assessment): we have carried out a transfer impact assessment and documented technical and organisational measures (e.g., IP anonymisation, EU regional processing, Ads features disabled). A summary is available here: /privacy/tia-ga4.pdf.
- Additional measures: we use Consent Mode v2, have Ads features disabled, and apply data retention limits (e.g., 14 months for events).
5) Recipients and processors
We share personal data only where necessary for the purposes set out above:
- Infrastructure processor: Hetzner Online GmbH (Germany) — DPA in place: https://www.hetzner.com/AV/DPA_en.pdf
- No separate external email provider/relay is used.
- Analytics: Google Ireland Limited; Google LLC (USA, support) — GA4.
References: https://support.google.com/analytics/answer/11397207
https://policies.google.com/privacy/frameworks
https://policies.google.com/privacy
We ensure appropriate data processing agreements are in place with all processors. For transfers outside the EEA, we use the mechanisms described in Section 4.
6) Cookies and tracking
We use a Consent Management Platform (CMP) with Accept / Reject / Settings options, and implement prior‑blocking so that non‑essential cookies/scripts are blocked until you click Accept.
- You can change your choices at any time via the “Change cookie settings” link in the Website footer.
- Full details (types of cookies, purposes, durations) are set out in our Cookie Policy: https://digital-synergy.eu/cookie-policy/
7) Data security
We apply appropriate technical and organisational measures (Art. 32 GDPR) to protect personal data, including HTTPS, access controls, logging, backups and hardening. While no method of transmission or storage is 100% secure, we continually improve our safeguards.
8) Data retention principles
We keep personal data only for as long as necessary for the purposes described above or to comply with legal obligations. Specific periods are listed in the table in Section 3.
9) Your rights and how to exercise them
You have the rights of access, rectification, erasure, restriction, objection, and data portability. Where processing is based on consent, you may withdraw your consent at any time (use the “Change cookie settings” link in the footer for cookies/analytics).
How to contact us for privacy requests (DSAR): Email legal@digital-synergy.eu (cookies: privacy@digital-synergy.eu) or write to Second Floor, 74 South Mall, T12 F3FD Cork, Co. Cork, Republic of Ireland. We will respond within one month of receiving your request (we may extend by up to two further months where necessary due to complexity or number of requests; we will inform you of any extension).
You also have the right to lodge a complaint with the Data Protection Commission (Ireland): https://www.dataprotection.ie/.
10) Automated decision‑making
We do not use automated decision‑making, including profiling, that produces legal or similarly significant effects about you.
11) Changes to this policy
If we make material changes (e.g., new processors, changes to legal bases or retention), we will update this page and indicate the new “Last updated” date. For significant changes, we may also provide a more prominent notice on our Website.
12) Contact
For any privacy questions, contact us at legal@digital-synergy.eu (cookies: privacy@digital-synergy.eu) or by post at the address above.
