Privacy Policy

How we collect and protect your personal information

Last Updated: January 15, 2026

Introduction

Puxap ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website located at https://puxap.ie (the "Site") and use our services.

Company Details:

  • Legal Name: Puxap Limited
  • Registered Address: 11 Shop Street, Galway, Ireland
  • Contact Email: [email protected]
  • Phone: +353 91 763 2114

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site. By accessing and using this Site, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

What Personal Data We Collect

We collect personal information that you voluntarily provide to us, as well as information collected automatically through your use of the Site.

Information You Provide Directly:

  • Contact Form Data: When you submit our contact form, we collect your full name, email address, phone number (optional), subject line, and message content.
  • Email Communications: If you subscribe to our mailing list or contact us via email, we collect and store your email address and any message content you send.
  • Account Information: If you create a user account (where applicable), we collect username, password (hashed), email, and profile details.
  • Payment Information: If you purchase any products or services, payment processing is handled by third-party payment processors. We do not store full credit card numbers; only transaction identifiers and order summaries are retained.

Information Collected Automatically:

  • IP Address: Your Internet Protocol address is logged when you visit the Site.
  • Device Information: Browser type, operating system, device model, and unique device identifiers.
  • Usage Data: Pages visited, time spent on each page, links clicked, referral source, and clickstream data.
  • Cookies and Tracking: Session cookies, persistent cookies, and analytics tracking pixels to understand user behavior and improve the Site.
  • Location Data: General geographic location inferred from IP address (not precise GPS data).
  • Server Logs: Standard web server logs containing IP addresses, access times, pages requested, and HTTP status codes.

How We Collect Data

We collect your personal data through several methods:

  • Contact Forms: The inquiry form on our Site allows you to submit contact information directly.
  • Cookies: We use cookies to track your browsing behavior and preferences. You can control cookie settings through your browser.
  • Analytics Tools: We use Google Analytics (Google LLC, USA) to track Site traffic, user behavior, and engagement metrics. Google Analytics may set cookies and collect data about your browsing activity.
  • Meta Pixel: We may use Meta Pixel (Meta Platforms Ireland Limited, Ireland) for conversion tracking and audience insights on social media platforms.
  • Server Logs: Our hosting provider's servers automatically record technical information about your visit.
  • Third-Party Integrations: Any embedded maps, social media widgets, or external services may collect data as described in their respective privacy policies.

Why We Collect Data (Legal Basis)

Under GDPR and Irish data protection law, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): When you submit a contact form or opt into our mailing list, you provide explicit consent for us to process your data.
  • Contract Performance (Article 6(1)(b) GDPR): If you purchase products or services, we process data necessary to fulfill your order and provide customer support.
  • Legitimate Interest (Article 6(1)(f) GDPR): We collect analytics and usage data to improve our Site, understand user preferences, and ensure website security. Our legitimate interests are balanced against your rights and expectations.
  • Legal Obligation (Article 6(1)(c) GDPR): We may process data to comply with Irish or EU legal obligations, such as tax law or law enforcement requests.

How We Use Your Data

We use the personal information we collect for the following purposes:

  • Service Delivery: To respond to your inquiries, fulfill orders, provide customer support, and deliver the services or content you request.
  • Communication: To send you transactional emails (order confirmations, password resets) and, with your consent, marketing communications (newsletters, product updates).
  • Site Improvement: To analyze user behavior, understand which features are most popular, identify technical issues, and optimize the Site's performance and user experience.
  • Marketing and Analytics: To understand our audience demographics, create user segments, measure campaign effectiveness, and tailor content recommendations.
  • Security and Fraud Prevention: To detect, prevent, and address fraud, abuse, security incidents, and other harmful or illegal activity.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and law enforcement requests.
  • Retargeting: To display targeted advertisements on social media and other platforms based on your prior interaction with our Site.

We do not use your data for automated decision-making or profiling in ways that produce legal or similarly significant effects.

Data Retention

We retain your personal data only as long as necessary for the purposes stated in this Privacy Policy. Specific retention periods are:

  • Contact Form Data: 2 years from submission, unless you request deletion sooner.
  • Email List Subscriptions: Until you unsubscribe or request deletion. Unsubscribe requests are honored within 10 business days.
  • Order and Payment Data: 7 years for tax and accounting purposes (Irish legal requirement), then securely deleted.
  • Cookies: Session cookies are deleted when you close your browser. Persistent cookies expire after 13 months, or sooner if cleared from your device.
  • Analytics Data (Google Analytics): Aggregated, anonymized data retained indefinitely. Individually identifiable data retained for 26 months, then deleted.
  • Server Logs: Retained for 90 days for security and troubleshooting purposes, then permanently deleted.
  • Backup Copies: May be retained for up to 1 year as part of our disaster recovery procedures.

If you request deletion of your data, we will honor your request within 30 days, except where legal obligations or legitimate business purposes require retention.

Data Sharing and Recipients

We do not sell, trade, or rent your personal data to third parties. However, we may share your data with the following categories of recipients:

  • Hosting Provider: Our website is hosted by a third-party provider located in the EU. They access technical data only to maintain Site infrastructure and security.
  • Payment Processors: If you make a purchase, payment details are processed by payment gateways (e.g., Stripe, PayPal). These processors handle payment information in accordance with PCI DSS standards.
  • Analytics Providers: Google Analytics and Meta Pixel receive aggregated and anonymized usage data for analytics and advertising purposes.
  • Email Service Providers: If you subscribe to our newsletter, your email is stored with an email marketing platform (e.g., Mailchimp, ConvertKit) to manage communications.
  • Law Enforcement: We may disclose data if required by law, court order, or government request, or to protect our legal rights.
  • Business Transfers: If Puxap is acquired, merged, or dissolved, customer data may be transferred as part of that transaction. You will be notified of any such change and given the opportunity to opt out.

Data Processors: All third-party service providers (hosting, analytics, email, payment) are bound by Data Processing Agreements (DPAs) that comply with GDPR and ensure data is processed only as instructed.

No Sale of Personal Data: We confirm that we do not sell or share your personal data for monetary consideration or for any purpose other than those described in this Privacy Policy.

International Data Transfers

Puxap is based in Ireland (EU/EEA). Some of our service providers, including Google Analytics and Meta Pixel, are based in the United States.

Safeguards for US Transfers: Where data is transferred outside the EEA, we rely on:

  • Standard Contractual Clauses (SCCs): We have executed SCCs with all US-based processors to ensure GDPR-compliant transfers.
  • Data Adequacy Decisions: We rely on the EU-US Data Privacy Framework where applicable.
  • Your Rights: You have the right to request details of safeguards in place for any international transfer. Contact us at [email protected].

Your Rights Under GDPR and Irish Data Protection Law

You have the following rights regarding your personal data:

Right of Access (Article 15 GDPR):

You can request a copy of all personal data we hold about you. We will provide this in a portable, machine-readable format within 30 days of your request.

Right to Rectification (Article 16 GDPR):

If your data is inaccurate or incomplete, you can request correction. We will update your information within 30 days.

Right to Erasure (Article 17 GDPR, "Right to Be Forgotten"):

You can request deletion of your data in most circumstances. We will comply within 30 days, unless we have a legal obligation to retain it (e.g., tax records).

Right to Restrict Processing (Article 18 GDPR):

You can ask us to limit how we use your data while you contest its accuracy, or while we determine if we have a legal obligation to keep it.

Right to Data Portability (Article 20 GDPR):

You can request your data in a structured, commonly used format (e.g., CSV) and ask us to transmit it to another service provider.

Right to Object (Article 21 GDPR):

You can object to processing based on legitimate interest, including marketing communications and profiling. We will honor opt-out requests within 10 business days.

Right to Withdraw Consent:

If you have provided consent for data processing, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint:

If you believe we have violated your rights, you can lodge a complaint with the Irish Data Protection Commissioner (DPC):

How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to:

Please include your full name, email address, and a clear description of your request. We will verify your identity before processing sensitive requests. Verification typically takes 5-10 business days. Once verified, we will respond to your request within 30 days (extendable to 90 days for complex requests).

Cookies

What Are Cookies?

Cookies are small text files stored on your device (computer, phone, tablet) when you visit a website. They help websites remember your preferences and track your behavior.

Types of Cookies We Use:

  • Essential Cookies: Required for the Site to function (e.g., session management, security). These cannot be disabled.
  • Analytics Cookies: Track user behavior, traffic sources, and page performance using Google Analytics. These help us understand how you use the Site.
  • Marketing/Advertising Cookies: Used by Meta Pixel and other ad networks to show you targeted advertisements on social media based on your prior Site visits.
  • Preference Cookies: Remember your language choice, display preferences, and cookie consent choice.

Managing Cookies:

  • Browser Controls: Most browsers allow you to refuse cookies or alert you when they are being set. Visit your browser's "Settings" or "Preferences" to manage cookies.
  • Opt-Out Tools: You can opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout
  • Cookie Consent Banner: When you first visit our Site, a banner asks for your consent to non-essential cookies. You can change your choice at any time by clearing your browser's local storage.

Children's Privacy

Our Site is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete such information immediately and terminate the child's access to the Site.

If you are a parent or guardian and believe your child has provided data to us, please contact us immediately at [email protected].

Third-Party Links and Services

Our Site may contain links to third-party websites (social media, external resources). We are not responsible for the privacy practices of linked sites. We encourage you to review their privacy policies before sharing any personal data.

This Privacy Policy applies only to the Puxap Site. Once you leave our Site via an external link, our data protection policies no longer apply.

Security of Your Data

We implement industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction.

Security Measures Include:

  • HTTPS encryption for all data transmitted to and from the Site.
  • Secure hosting with firewalls and intrusion detection systems.
  • Regular security audits and vulnerability assessments.
  • Password hashing and salting for user accounts.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Encryption of data at rest in our databases and backups.

Limitations: While we strive to protect your data, no security system is impenetrable. We cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately.

Data Breach Notification

In the event of a personal data breach, we will notify affected individuals within 72 hours, as required by GDPR Article 33. Notifications will include:

  • A description of the breach and the data involved.
  • Likely consequences for affected individuals.
  • Steps we are taking to address the breach and mitigate harm.
  • Our contact details and how to get more information.

We will also notify the Irish Data Protection Commissioner if the breach poses a high risk to affected individuals.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated policy on this page with a new "Last Updated" date.
  • Sending an email notification if we have your email address and the change significantly affects your rights.
  • Obtaining your explicit consent if the change requires it under GDPR.

Your continued use of the Site after changes take effect constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

Data Protection Officer

Puxap has not appointed a dedicated Data Protection Officer (DPO), as we do not meet the threshold for mandatory DPO appointment under GDPR. However, we have designated a privacy contact who handles all data protection inquiries:

  • Email: [email protected]
  • Phone: +353 91 763 2114
  • Address: 11 Shop Street, Galway, Ireland

Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 10 business days. If you are not satisfied with our response, you may lodge a complaint with the Irish Data Protection Commissioner as described in the "Your Rights" section above.