Data Protection Policy - Acorn Learn Hub

Last updated: November 18, 2025

Introduction

This policy describes how personal data is collected, handled and stored to meet Acorn LearnHub Ltd data protection standards and to comply with the law.

The General Data Protection Regulation (GDPR) (2018) and Data Protection Act (2018) applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals.

GDPR applies to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified by such data.

Scope

This policy applies to:

Head office of Acorn LearnHub Ltd
All employees and/or volunteers of Acorn LearnHub Ltd
All sub-contractors, suppliers, Instructors, Assessors, and other people working (paid or unpaid) on behalf of Acorn LearnHub Ltd

It applies to all data that the company collects and holds relating to:

Postal addresses
Email addresses
Telephone numbers
IP addresses, cookies, electronic data
Plus, any other information relating to individuals, learners and or customers

GDPR Rights for Individuals

GDPR provides the following rights for individuals:

The right to be informed
The right to access
The right to rectification
The right to erase
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

Data Protection Commitments of Acorn LearnHub Ltd

Acorn LearnHub Ltd will, through appropriate management & strict applications of controls ensure:

Confidential information is not shared informally
Personal data is not disclosed to unauthorised people
Collect and process appropriate information, only to the extent that is needed
Employees keep all data secure and is only available to those who need it
Strong passwords are used and regularly changed
Appropriate security measures are in place to safeguard personal data
Data is regularly reviewed, updated and archived in line with guidance and schedules
When working with personal data, employees ensure screens of their computers are always locked when left unattended
Hold good quality of information ensuring accuracy of data
ICT systems will be designed, where possible, to encourage and facilitate the entry of accurate data
Training and assessment materials are kept on secure internal systems that are password protected. Printed assessment materials are locked in secure areas and only available to those intended
Data is not transferred outside of the European area without suitable safeguards
Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice
Everyone managing and handling personal information is appropriately trained
Everyone managing and handling personal information is appropriately supervised
Anybody wanting to make enquiries about personal information knows the process
Enquiries are promptly and courteously dealt with
Ensure that the rights of people about whom information is held can be fully exercised under the Act
Methods of handling personal information are clearly described
Methods of handling personal information are regularly reviewed, assessed and evaluated
Data protection risks are monitored

Privacy and Data Protection Rights

Privacy and Data Protection Rights are very important to us.

In the course of our work with you, you give us information about yourself – we respect your trust in us to use, store and share your information in accordance with new laws – including GDPR related legislation. In this Privacy Policy, we explain how we collect personal information about you, how we use it and how you can engage with us about it.

Please be assured that the personal information you provide to us will only be used to ensure that you receive the best Training & Consulting possible, that your data will be held legally, securely and in a compliant manner and that your information can only be assessed by those who require it for the delivery of our services.

Who We Are & Responsibility for Data Protection

When this notice mentions "we" or "us", we mean the Training/eLearning business of Acorn LearnHub Ltd.

Adrian Carmody as DPO has overall responsibility for Data Protection within the Company and may be contacted by email or phone on the details given below; by calling to the office, or by writing to him at our office address.

Adrian currently acts as DPO – Data Protection Officer and can be contacted on 061 514705 or DPO@AcornLearnHub.ie for any queries, Data Access Requests or issues relating to Data Protection or GDPR.

Information & You

So that we can deliver effective Training & Development service to you, we must gather and use personal information about you. If you do not provide the personal information, we may be unable to provide the quality of service you seek.

Why We Collect Your Data

We collect and use personal data information to provide the following services:

The provision of Customer Service, Enquiry Responses, Quotations and other follow up Information on your request
Customisation and Tailoring of Course Content for participants
To manage vendor accounts and for accounting (payment) purposes
To comply with Regulations and Statutory Obligations
To comply with requirements imposed by Certification Bodies
To provide personnel, payroll and pension administration services in connection with our employees
To get and retain Clear and Opt-In Consent for further marketing follow up
For provision of the enforcement of legal rights for the protection of both our interests
For provision of Billing, Payment, Remittance or receipt/payment of money on your behalf

How We Collect Information About You

When you visit our Website:

Cookies are present to store statistical details (See Cookie Section)
Google Analytics identity general data on what pages users access and how long they stay
You might submit Enquiries, Make Bookings or Make a payment through 3rd Party Secure site
Your payments are processed via compliant PCI providers PayPal/Stripe
Shopping Cart & Check Out Area
Contact Us Form
Newsletter Sign Up Form

When you use the eLearning services that we provide:

Details noted when you make enquiry by face to face calls, phone, email or via website
Forms (Registration, Evaluation, Attendance Logs, Examinations) used on training courses
Details required relating to contractual obligations

When you provide us with Consent to send you regular updates:

Email Consent
Newsletter Sign Up Form on Website
Hardcopy Written Consent

When you visit or engage with our Social Media platforms:

Engagement (Likes/Comments/Competitions on Facebook/Twitter/LinkedIn)

The Specific Details We Collect

First Name, Last Name
Contact information including email address and telephone number
Company Role if Applicable
Company or Home Address and Billing address
Sign up time and date
Newsletter subscription (only if you have opted-in)
Transaction data (items purchased, number of items purchased, order value, order time and date)
Banking Details (but we do not store sensitive payment data)
Cookies (please refer to Cookie Policy section)
Google Analytics (no personal identifiable information is passed on - all information is anonymised)

Website Cookie Policy

Our website use 'cookie' technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or apps. They help us make the sites work better for you.

The only function of cookies associated with our website is to track hits so as to monitor the parts of the site which are of most interest to visitors and to enable adjustments to be made to suit those requirements. No information is retained for any other purpose.

Note: You can change the settings on your browser to refuse all cookies. However, you should note that disabling cookies may result in some parts of the site not working efficiently or in slower downloads.

For further information about cookies and how to control their use, please visit the following third party educational resources: www.allaboutcookies.org and www.youronlinechoices.eu. You can also view our full Cookie Policy.

Sharing of Personal Data

The policy of Acorn LearnHub Ltd is not to Share your Personal Data with 3rd Parties. However – from time to time – we may be required to pass your data to 3rd parties.

Please note – this will be clarified to you at the time that the data is collected and will either be done so as to provide you with a better service – or because it is legally required to do so.

Contractor & Third Party Data Protection Compliance

We expect and actively require any Third Parties with whom we work to be compliant with their legal obligations under Data Protection.

It is our policy to require all contractors or those who may come into contact with any Personal Data we hold to show GDPR compliance via self assessment and audit though our Supplier Data Protection Checklist. We will store this checklist for the duration of our working relationship with that 3rd party (+ 12 months).

How We Keep Your Information Safe

We take appropriate measures under the laws that apply, to ensure your data is safe.

IT:

Emails & other Electronic Data is stored in secure cloud system
Database is a Cloud Based secure application
AntiVirus Software is used on all IT Systems
Encryption is enabled on all systems holding Personal Data
A Firewall assists against Network Intrusion
WiFi is secure

Document Storage:

Documents are stored in a locked Office in Individual covered Files
Data is managed Safely and not left in areas where non relevant employees can access
Any data which might be viewed as in any way sensitive is stored in locked cabinets in the office of the Managing Director

Printing:

Printing is completed with Individual Employee Pin Codes to ensure only those who should have access to the printed do so and only data which Employee A prints, is accessible to Employee A

CCTV:

We do not record or retain CCTV footage

Data Disposal:

Although Acorn LearnHub Ltd does not hold sensitive data, it is our policy to engage with a GDPR Compliant Professional Shredding Company and safely/securely dispose of the Personal Data we hold to ensure compliance – see section on Data disposal

Calls relating to Personal Data:

If you contact us about your information, we may need to ask you to identify yourself and furnish proof of identity – this is to help protect your information.

How Long Do We Keep Your Personal Data

We have policy based and regulatory obligations that mean we must keep your data while you are a client and for certain periods of time after you stop being a client. Those periods depend on the nature of the work we have done for you.

General Data Retention Policy (Clients):

We retain general training data for a period of 5 years

General Data Retention Policy (Contractors/Trainers/Vendors):

We retain personal data of the above for the duration of working relationship (+12 months)

Legal Obligations:

Revenue – 6 Years

What is the Legal Basis on Which We Gather and Hold Your Information?

To use your information lawfully, we rely on one or more of the following legal bases:

Performance of a contract
Legal obligation
Protecting the vital interests of you or others
Public interest
Our legitimate interests
Your consent

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our services.

Disposal of Personal Data

Once the period of stated storage is complete or based on a Request to delete personal data (presuming we have no legal or statutory obligation to retain it) – it is our policy to have your personal date securely disposed of – through 3 monthly scheduled contracts with our professional shredding company.

This service will dispose of personal data such as has been collected on Attendance Logs, Forms, Feedback, Examinations and more.

Date will be securely deleted from the following media:

Paper Based Files
CRM & Database Systems
Electronic Storage – including Hard Disks, External Hard Drives, Memory Sticks & Email
Backup Date will be deleted also in relation to these files

Consent

Sometimes we need your consent to use your personal information. With direct marketing for example, we need your consent to make you aware of services which may be of interest to you. We may do this by phone, post, email, text or through other digital media. It is our policy to keep, in as far as is possible, a documented record of this consent.

Often, at the end of a course or piece of work for you, we contact you to give and get feedback. We will generally provide options at this point in relation to how you might provide consent or otherwise for us to contact you with updates, marketing material and other promotions.

Breach Reporting

The DPO will conduct regular inspections and maintain a systematic audit schedule to monitor compliance and Acorn LearnHub will actively record and report any Breaches in relation to Data Protection.

Any employee, client or 3rd party can alert the DPO to the breach, who will update the Breach Log before identifying the breach type and evaluate any risk associated with the breach. Where there is a possibility of risk, and where the personal data breached is neither Encrypted or Anonymised, the DPO will report the breach to the DPC, and depending on the severity/urgency of the risk – may also notify the data subject. This will be done as soon as possible – and within the required 72 hour limit.

Staff Awareness & Training

Training sessions are completed each 6 months. All future induction sessions with include a specific session on data protection and we undertake an annual refresher session for all staff.

Your Data Rights

You can exercise your rights by contacting us on 061 514705, emailing us on Info@AcornLearnHub.ie or calling into our Office - Acorn LearnHub Ltd, Unit 5, Castletroy Business Park, Castletroy, Limerick V94 C780.

Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information. Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people without consent.

We generally do not charge you when you contact us to ask about your information. However, if requests are deemed excessive or manifestly unfounded, we may charge a reasonable fee to cover the additional administrative costs or choose to refuse the requests.

Right to obtain a copy of your information:

You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information.

Right to update or correct:

If you want to update or correct any of your personal details, please contact us at 061 514705, emailing us on Info@AcornLearnHub.ie or calling into our Office.

Right to withdraw consent:

You can change your mind wherever you have given us your consent, such as for direct marketing or processing your information.

Right to restrict or object:

You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where:

The personal data is inaccurate, and you request restriction while we verify the accuracy
The processing of your personal data is unlawful
You oppose the erasure of the data, requesting restriction of processing instead
You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing
You disagree with the legitimate interest legal basis and processing is restricted until the legitimate basis is verified

Right to erasure:

You may ask us to delete your personal information, or we may delete your personal information under the following conditions:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
You withdraw your consent where there is no other legal ground for the processing
You withdraw your consent for direct marketing purposes
You withdraw your consent for processing a child's data
You object to automated decision making
The personal data have been unlawfully processed
The personal data has to be erased for compliance with a legal obligation
You declare to us that you are no longer a client of ours

Data Protection Feedback, Further Information & Complaints

If you have a complaint about the use of your personal information, please let a member of staff in our Office know, giving them the opportunity to put things right as quickly as possible.

If you wish to make a complaint you may do so in person, by phone, in writing and by email. We will fully investigate all the complaints we receive. We ask that you supply as much information as possible to help us resolve your complaint quickly.

You can also contact the Office of the Data Protection Commissioner in Ireland:

Visit their website www.dataprotection.ie
Email info@dataprotection.ie
Phone on +353 (0)57 8684800 or +353 (0)761 104 800
Write to Data Protection Office - 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Contact Information

Enquiries about this Data Protection Policy should be made to:

Acorn LearnHub Ltd
Unit 5, Castletroy Business Park
Castletroy, Limerick - V94 C780
Email: info@acornlearnhub.ie

Review

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments. We will inform you of any changes to our Privacy Policy in the future.