top of page

Privacy Policy


The Irish School of Reflexology & Wellness needs to gather and use certain information about individuals. These can include customers, students, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

Privacy statement

This statement relates to the privacy practices of the Irish School of Reflexology & Wellness (the ‘School’) in connection with the Schools’ main web pages (i.e. those in

Why this policy exists

This data & privacy protection policy ensures The Irish School of Reflexology & Wellness:

  • Complies with data protection law and follows good practice

  • Protects the rights of students, staff, customers and partners

  • Is open about how it stores and processes individuals’ data

  • Protects itself from the risks of a data breach

Data protection law

The Data Protection Act 1998 describes how organisations — including The Irish School of Reflexology & Wellness — must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. The Data Protection Act is underpinned by eight important principles. These say that personal data must:

  1. Be processed fairly and lawfully

  2. Be obtained only for specific, lawful purposes

  3. Be adequate, relevant and not excessive

  4. Be accurate and kept up to date

  5. Not be held for any longer than necessary

  6. Processed in accordance with the rights of data subjects

  7. Be protected in appropriate ways

  8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection


Policy scope

This policy applies to:

  • The head office of The Irish School of Reflexology & Wellness

  • All branches and schools of The Irish School of Reflexology & Wellness

  • All staff and volunteers of The Irish School of Reflexology & Wellness

  • All contractors, suppliers and other people working on behalf of The Irish School of Reflexology & Wellness

It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:

  • Names of individuals

  • Postal addresses

  • Email addresses

  • Telephone numbers

  • …plus any other information relating to individuals

Data protection risks

This policy helps to protect The Irish School of Reflexology & Wellness from some very real data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately.

  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.

  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.


Everyone who works for or with The Irish School of Reflexology & Wellness has some responsibility for ensuring data is collected, stored and handled appropriately. Each person that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

The Data Protection Role (‘The Data Protection Officer’) for the Irish School of Reflexology & Wellness is undertaken by Tatiana Grosso Lawless whose responsibilities include:

  • Ensuring that The Irish School of Reflexology & Wellness meets its legal obligations.

  • Keeping students, clients, staff, committee members, board members and partners updated about data protection responsibilities, risks and issues.

  • Reviewing all data protection procedures and related policies, in line with an agreed schedule.

  • Arranging data protection training and advice for the people covered by this policy.

  • Handling data protection questions from students, clients, customers and staff and anyone else covered by this policy.

  • Dealing with requests from individuals to see the data The Irish School of Reflexology & Wellness holds about them (also called ‘subject access requests’).

  • Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.

  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards.

  • Performing regular checks and scans to ensure security hardware and software is functioning properly.

  • Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

  • Approving any data protection statements attached to communications such as emails and letters.

  • Addressing any data protection queries from journalists or media outlets like newspapers.

  • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.


General staff guidelines

  • The only people able to access data covered by this policy should be those who need it for their work.

  • Data should not be shared informally. When access to confidential information is required, employees and partners can request it from the Data Protection Officer.

  • The Irish School of Reflexology & Wellness will provide training to all employees to help them understand their responsibilities when handling data.

  • Employees and partners should keep all data secure, by taking sensible precautions and following the guidelines below.

  • In particular, strong passwords must be used and they should never be shared.

  • Personal data should not be disclosed to unauthorised people, either within the school or externally.

  • Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.

  • Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.

Who we are

The Irish School of Reflexology & Wellness values the trust of our students and customers. Any information we collect is used to communicate with our students about academic information related to the courses we run. Any information we communicate with our customers, clients and other interested parties is to better provide services and resources to individuals considering attending our school or using our services including our website.

Consent to collect information.

How do you get my consent?

When you provide us with personal information to complete a transaction, make a booking, register your interest, ask for information, join our mailing list, place an order, send us a query, or otherwise contact us we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason outside of these we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at or mailing us at: The Irish School of Reflexology & Wellness, 43 Garten Drive, Estuary Road, Swords, Co. Dublin.

Access to your personal information

You are entitled to view, amend, or delete the personal information that we hold. Email your request to our data protection officer at with the subject line ‘Data Protection’.


Contact information and Purchasing Data

When you book a place on one of our courses, send us an online or email query, or register for our newsletter through our website your name, address data, email and contact number will be stored in our system. We do not share your personal details with any other company without your consent.

We may provide course facilitators, lecturers and admin staff with your contact details, name and email address so that they can provide you with materials for the duration of your course. Facilitators are not permitted to use your information for any other purpose unless expressly given permission by you.

We may contact you regarding your experience of The Irish School of Reflexology & Wellness and our associated resources. This feedback and information is used to improve our services and is never passed on to other organisations.

Mailing Lists

As part of the registration process for our e-newsletter, we collect personal information limited to your name and email address. We use that information for a couple of reasons: to inform you about the activities of The Irish School of Reflexology & Wellness; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied with what we are doing. We don't rent or trade email lists with other organisations and businesses and we never will.

We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing us at with UNSUBSCRIBE in the subject line of the email.

Payment Data

Our online bookings and payment are taken via Paypal, one of the worlds’ leading online payment methods. They provide us with the online e-commerce platform that allows us to make payment transactions for our courses. When you make a payment transaction with us via our website your data is stored in Paypal using their data storage, databases and applications. Their privacy policy can be viewed here.


When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Data storage

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.

These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

  • When not required, the paper or files should be kept in a locked drawer or filing cabinet.

  • Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.

  • Data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:

  • Data should be protected by strong passwords that are changed regularly and never shared between employees.

  • If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.

  • Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.

  • Servers containing personal data should be sited in a secure location, away from general office space.

  • Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.

  • Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.

  • All servers and computers containing data should be protected by approved security software and a firewall.


Data use

Personal data is of no value to Irish School of Reflexology unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:

  • When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.

  • Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.

  • Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.

  • Personal data should never be transferred outside of the European Economic Area.

  • Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.

Data accuracy

The law requires The Irish School of Reflexology & Wellness to take reasonable steps to ensure data is kept accurate and up to date. The more important it is that the personal data is accurate, the greater the effort The Irish School of Reflexology & Wellness should put into ensuring its accuracy.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

  • Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.

  • Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.

  • The Irish School of Reflexology & Wellness will make it easy for data subjects to update the information we hold about them.

  • Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.

  • It is the marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.


Subject access requests

All individuals who are the subject of personal data held by The Irish School of Reflexology & Wellness are entitled to:

  • Ask what information the company holds about them and why.

  • Ask how to gain access to it.

  • Be informed how to keep it up to date.

  • Be informed how the company is meeting its data protection obligations.

If an individual contacts the company requesting this information, this is called a subject access request.

Subject access requests from individuals should be made by email, addressed to the data controller at The data controller will aim to provide the relevant data within 14 working days.

The data controller will always verify the identity of anyone making a subject access request before handing over any information by requesting a copy of the licence or passport of the requester.


Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Irish School of Reflexology will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from legal advisers where necessary.

General statement

Irish School of Reflexology fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share personal information (also known as personal data) with us.

How we use your personal data and our legal basis for this

On some parts of the website, you may volunteer personal information (for example by using our online forms, booking a course etc.). We principally use your information under the legal basis of consent. For example you may request to be added to our mailing list by signing up with your name and email address. This will be used to send you newsletters and information. As this information is provided on the basis of consent, you are free to withdraw your consent at any time.

Your Data Rights

You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data, including the right:

- to find out if we use your personal data, access your personal data and receive copies of your personal data;

- to have inaccurate/incomplete information corrected and updated;

in certain circumstances, to have your details deleted from systems that we use to process your personal data or have the use of your personal data restricted in certain ways;

- to object to certain processing of your data by ISR;

- to exercise your right to data portability where applicable (i.e. obtain a copy of your personal data in a commonly used electronic form;

where we have relied upon consent as a lawful basis for processing, to withdraw your consent to the processing at any time;

- to not be subject to solely automated decision;

- to request that we stop sending you direct marketing communications.


If you wish to avail of any of these rights, please email: with FOI in the subject line.

Changes to Privacy Statement

The Irish School of Reflexology may revise this privacy statement from time to time. Changes to this statement will be posted here so you should periodically check this page to review the most recent statement. If you have any questions about this privacy statement or the practices of The Irish School of Reflexology & Wellness in relation to privacy and data please contact the Data Protection Officer at the address set out above.



Please direct any queries or concerns regarding this privacy policy to The Irish School of Reflexology & Wellness’s Data Protection Officer, Tatiana Grosso Lawless,

Changes to this policy

This policy was reviewed on 20.05.2019 and will be re-examined on a yearly basis.

bottom of page