GDPR Compliance

1. Our role

For our website visitors and newsletter subscribers, we act as data controller. When delivering services to clients (e.g. processing data stored in your website or CRM on your behalf), we act as data processor.

2. Lawful bases we rely on

• Contract performance
• Consent (newsletters, marketing cookies)
• Legitimate interest (security, service improvement)
• Legal obligation (tax, accounting)

3. Your rights under GDPR

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent at any time
• Right not to be subject to solely automated decision-making

4. How to make a request

Email info@digitalbridge.ie with "GDPR Request" in the subject line. We will verify identity and respond within 30 days at no cost.

5. Data Processing Agreement (DPA)

Business clients can request a signed DPA before sharing personal data with us for processing. Contact us to receive our standard DPA.

6. Subprocessors

We use vetted EU and global subprocessors (hosting, payments, email, analytics). A current list is available on request and in our Data Processing Policy.

7. International transfers

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable.

8. Data breach notification

In the unlikely event of a personal data breach likely to result in risk to your rights, we will notify the Data Protection Commission within 72 hours and affected individuals without undue delay.

9. Complaints

You have the right to lodge a complaint with the Irish Data Protection Commission — dataprotection.ie.