1. Introduction

This is our privacy policy. It explains how personal data is collected, used, stored, and protected when you engage with Outbooks Ireland through our website, onboarding process, or service agreements. Please read this policy carefully to understand how your data is handled.

If you have any questions or comments regarding this privacy policy, please contact us.

2. Who We Are

For the purposes of applicable data protection laws, we operate in accordance with:

  • The EU General Data Protection Regulation (EU) 2016/679
  • The Data Protection Act 2018 (Ireland)
  • Guidance issued by the Data Protection Commission

Outbooks provides outsourced accounting, bookkeeping, payroll, and financial support services to accountants and businesses operating in Ireland.

We operate as a professional B2B outsourcing provider. Our services are not directed at consumers or children.

3. What We May Collect

We may collect and process the following personal data:

Business Contact Data

  • Name
  • Work email address
  • Work telephone number
  • Company name
  • Job title
  • Correspondence records

Client Service Data

Where engaged to provide services, we may process:

  • Payroll data
  • Financial transaction records
  • Tax-related information
  • Accounting records
  • Supplier and customer data

We do not actively collect or process children’s data. If such data is identified, it will be deleted without undue delay.

4. Cookies

Our website may use cookies or similar technologies to collect information about how the site is used.

This may include analytics tools used to understand website performance and improve user experience.

You can manage cookie preferences through your browser or website settings. Please note that disabling cookies may affect website functionality.

Further details are available in our Cookie Policy.

5. How We Use What We Collect

We use personal data for legitimate business and professional purposes, including to:

  • Provide outsourced accounting, bookkeeping, payroll, and financial services
  • Support onboarding and service delivery
  • Communicate with clients and respond to enquiries
  • Maintain service quality and operational efficiency
  • Meet contractual, legal, and regulatory requirements

Data is not used for purposes unrelated to the services provided.

6. Where We Store Your Data

Personal data is stored within secure systems and controlled environments.

Security measures include:

  • Servers located within Ireland or the EEA
  • Secure VPN-controlled access
  • Role-based access restrictions
  • Encrypted communication channels
  • Monitoring of data transfers
  • Controlled upload and download channels

We retain personal data only for as long as necessary to meet service, legal, and regulatory requirements.

7. Disclosing Your Information

We may share personal data only where necessary for service delivery and operational purposes.

This may include:

  • Authorised internal personnel
  • Approved sub-processors engaged under written agreements
  • Infrastructure and cloud service providers
  • Professional advisers

Where acting as a Data Processor, personal data is processed strictly in accordance with client instructions and GDPR-compliant contracts.

Information may also be disclosed where required by law or regulatory obligations.

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure where legally permissible
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with a supervisory authority

Outbooks does not carry out automated decision-making or profiling that produces legal or significant effects.

9. Links to Other Sites

Our website may contain links to other websites.

This privacy policy does not apply to those websites. We recommend reviewing their privacy policies before providing any personal data.

10. Changes

We may update this privacy policy from time to time to reflect changes in legislation or operational practices.

The latest version will always be available on our Ireland website. Continued use of our services indicates acceptance of the updated policy.

11. Our Role Under Data Protection Law

11.1 Data Controller

We act as a Data Controller when processing personal data relating to website visitors, enquiry contacts, business representatives, and prospective clients.

11.2 Data Processor

We act as a Data Processor when delivering outsourced accounting, bookkeeping, or payroll services on behalf of clients.

In such cases:

  • The client remains the Data Controller
  • Processing is carried out under written contractual instructions in accordance with Article 28 GDPR
  • Sub-processors are engaged only under GDPR-compliant agreements
  • A list of sub-processors is available upon request

12. Lawful Basis for Processing

Personal data is processed under one or more of the following legal bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • Consent, where applicable

Where processing is based on consent, it may be withdrawn at any time.

13. Use of Third-Party Services

We use third-party services for operational and service delivery purposes.

This includes:

  • Website analytics tools such as Google Analytics
  • Secure infrastructure and cloud service providers

All third-party providers are subject to appropriate contractual data protection obligations.

14. Data Security and Confidentiality

We maintain strict security measures to protect personal and financial data.

These include:

  • ISO 27001:2022 certified Information Security Management System
  • Role-based access controls
  • Restricted file permissions
  • Secure systems and encrypted communication
  • Monitoring of data access and transfers
  • Prohibition of removable storage devices
  • Restricted use of personal devices
  • Secure, desktop-only operational environments
  • 24/7 CCTV monitoring and on-site security
  • Staff confidentiality agreements
  • Regular security training

Access to data is strictly limited to authorised personnel.

15. International Transfers

Where personal data is transferred outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses are implemented in line with GDPR requirements.

16. Data Retention

Personal data is retained only for as long as necessary to:

  • Fulfil contractual obligations
  • Comply with Irish statutory and regulatory requirements
  • Meet tax and accounting obligations

Financial and accounting records are typically retained for up to six years in line with Irish legal requirements, unless a longer period is required.

Data minimisation principles are applied at all times.

17. Data Breach Procedures

In the event of a data breach:

  • An internal investigation is initiated immediately
  • A risk assessment is conducted
  • Affected individuals are informed where there is a high risk

Incident response procedures are documented and regularly reviewed.