Home Our Background For Businesses Compliance Guide Contact
Get Started
Legal

Privacy Policy

Last Updated: 25 February 2026

1. Introduction

OpenReferium ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect personal information in connection with our document digitisation and filing system services.

We operate from Block 5 High St, Tallaght, Dublin, D24 YK8N, Ireland. Our email address is [email protected].

This policy applies to all personal data we process in connection with our website at OpenReferium.info and the services we provide. It is written in compliance with the General Data Protection Regulation (GDPR) as retained and supplemented by the Data Protection Act 2018 (Ireland) and the Data Protection Acts 1988–2018.

2. Data Controller

OpenReferium is the data controller for personal data collected through this website and in connection with our services. As data controller, we determine the purposes and means of processing your personal data.

If you have any questions about how we handle your personal data, you can contact us at:

  • Email: [email protected]
  • Phone: +353 1 963 0600
  • Post: Block 5 High St, Tallaght, Dublin, D24 YK8N, Ireland

3. What Personal Data We Collect

We collect personal data in the following circumstances:

3.1 Contact Form Submissions

When you submit an enquiry through our website, we collect:

  • Your name
  • Your email address
  • Your phone number
  • Your trade or business type (if provided)
  • The content of your message

3.2 Service Delivery

When you engage our document digitisation services, we may process:

  • Business contact information (name, address, phone, email)
  • Business documentation provided for scanning and digitisation
  • Document metadata (document types, dates, expiry dates)

3.3 Website Usage Data

If you consent to analytics cookies, we may collect anonymised data about how you use our website, including pages visited, time spent on pages, and general geographic location.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the services you have requested or to take steps prior to entering into a contract with you.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including responding to enquiries, improving our services, and maintaining business records, where these interests are not overridden by your rights.
  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as for non-essential cookies or marketing communications.
  • Legal obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation applicable to us.

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to enquiries submitted through our contact form
  • Providing document collection, scanning, digitisation and filing system services
  • Setting up and managing automated reminder systems for document renewals
  • Communicating with you about your account or service
  • Maintaining records required for legal and regulatory compliance
  • Improving our website and services
  • Complying with legal obligations

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, subject to any legal retention requirements. Our general retention periods are:

  • Contact form enquiries: Up to 2 years from the date of enquiry
  • Service records: Up to 7 years from the end of the service relationship, in line with Irish Revenue requirements for business records
  • Website analytics data: As determined by the analytics provider's retention settings, typically up to 26 months

When data is no longer required, we delete or anonymise it securely.

7. Data Sharing

We do not sell your personal data to third parties. We may share personal data with:

  • Service providers: Third-party providers who assist us in delivering our services (such as cloud storage providers), who are bound by data processing agreements and required to handle data only on our instructions.
  • Legal and regulatory authorities: Where required by law or to protect our legal rights.
  • Professional advisers: Solicitors, accountants and other advisers where necessary for the conduct of our business.

8. International Data Transfers

Where we use service providers based outside the European Economic Area (EEA), we ensure appropriate safeguards are in place for any transfer of personal data, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.

9. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct inaccurate or incomplete personal data.
  • Right to erasure: You can request that we delete your personal data in certain circumstances.
  • Right to restrict processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You can request that we provide your personal data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request. We may need to verify your identity before processing your request.

10. Cookies

We use cookies on our website. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include secure data storage, access controls, and secure transmission protocols.

In the context of our document digitisation service, we apply particular care to the handling of business documents, which may contain commercially sensitive information.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection in Ireland.

  • Website: www.dataprotection.ie
  • Phone: +353 57 868 4800
  • Post: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28

We would, however, appreciate the opportunity to address your concerns before you contact the DPC. Please contact us first at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.