Privacy Policy
1. Who we are
Centaur Alarms Limited (“Centaur Alarms”, “we”, “us”, “our”) is a Private Security Authority (PSA) licensed security systems installer operating in Ireland. We are the data controller in respect of personal data collected through our website, by telephone or email enquiry, through our quotation and installation process, and through our ongoing monitoring and maintenance services.
Contact details:
Centaur Alarms Limited: Hazelwood, Castlebar, Galway
Email: info@centauralarms.com
Telephone: 091-771010
This policy applies to personal data we collect about customers, prospective customers, key-holders, website visitors, and enquirers.
2. What This Policy Covers
This policy explains:
– what personal data we collect and why
– the legal basis for each type of processing
– who we share data with
– how long we keep data
– your rights as a data subject
– how to contact us or the Data Protection Commission
3. Data We Collect and Why
If you upload images to the website, you should avoid uploading images with embedded location data (GPS) included. Visitors to the website can download and extract any location data from images on the website.
3.1 Enquiries and Quotations
When you contact us for a quote or general enquiry, we collect:
– Name, address, telephone number, email address
– Details of the property or premises to be surveyed
– Notes from any site survey
Why: To respond to your enquiry and prepare an accurate quotation.
Legal basis: Pre-contractual steps at your request (GDPR Art. 6(1)(b)); our legitimate interest in responding to business enquiries (Art. 6(1)(f)).
Retention: Enquiry records not progressing to a contract are deleted after two (2) years.
3.2 Customers — Installation and Service Contracts
When you become a customer, we collect and process:
– Name, address, contact telephone number(s), email address
– Property access information relevant to the installation
– Details of the security system installed (zones, device types, configuration)
– Invoices, payment records, and any credit or payment plan arrangements
– Correspondence and service records relating to your contract
Why: To fulfil our contract with you, including installation, commissioning, invoicing, and ongoing maintenance.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)); compliance with legal obligations including Revenue record-keeping (Art. 6(1)(c)).
Retention: Six (6) years from the date of the last transaction or the end of the contract, whichever is later, in line with the requirements of the Taxes Consolidation Act 1997.
3.3 Monitoring Service — Key-Holder Data
If you subscribe to our 24-hour monitoring service, we collect and store:
– Names, telephone numbers, and relationship-to-property information for each nominated key-holder
– The sequence in which key-holders are to be contacted
– Any special instructions for alarm response
Why: To operate the monitoring service — specifically, to contact the correct people in the correct order when an alarm event is received.
Legal basis: Performance of the monitoring contract (GDPR Art. 6(1)(b)).
Key-holders are third parties whose data you provide to us. By providing a key-holder’s details you confirm that you have informed that person that their data will be held by Centaur Alarms for alarm response purposes.
Key-holder data is retained for the duration of the monitoring contract and deleted within ninety (90) days of its termination, unless retention is required in connection with an insurance or legal matter arising from an alarm event.
3.4 Alarm Event Records
We maintain a log of alarm events received by our monitoring station, including the date, time, type of event, zones activated, key-holders contacted, and any Garda or emergency service notifications made.
Why: To provide accurate records to customers, insurers, and where required by law, to An Garda Siochana or the PSA.
Legal basis: Performance of contract (Art. 6(1)(b)); compliance with legal obligations (Art. 6(1)(c)); legitimate interests in maintaining accurate operational records (Art. 6(1)(f)).
Retention: Five (5) years from the date of the event.
3.5 Website Visitors
When you visit our website we may collect:
– IP address and browser/device information (via server logs)
– Pages visited and time spent (where analytics are in use)
– Information you submit via any contact or enquiry form
Why: To maintain the security and performance of the website and to respond to enquiries.
Legal basis: Legitimate interests (Art. 6(1)(f)) for server logs; consent (Art. 6(1)(a)) for any non-essential analytics cookies where a cookie banner is presented.
3.6 Marketing Communications
We may from time to time send information about our products, services, promotions, or maintenance reminders to existing customers by email or post.
Why: To keep existing customers informed of services that may be relevant to them.
Legal basis: Legitimate interests (Art. 6(1)(f)) for existing customers, being our interest in promoting our business to people who have already engaged with us.
You can opt out of marketing communications at any time by:
– Clicking the unsubscribe link in any marketing email
– Emailing us at niall@centauralarms.com
– Writing to us at our registered address
We will never sell or share your personal data with third parties for their own marketing purposes.
3.7 CCTV at Our Own Premises
We operate CCTV at our business premises for the purposes of security, crime prevention, and staff safety.
Legal basis: Legitimate interests (Art. 6(1)(f)).
Retention: CCTV footage is overwritten after thirty-one (31) days unless retained in connection with an incident or legal matter.
A CCTV notice is displayed at all points of entry to our monitored premises.
Note: This section concerns CCTV at Centaur Alarms’ own premises only. CCTV systems we install at customer premises are operated by the customer as data controller. Customers operating a CCTV system should have their own privacy notice in place.
3.8 Debt Recovery
Where an account remains unpaid, we may process personal data in connection with debt recovery, including sharing data with solicitors or debt collection agents.
Legal basis: Legitimate interests (Art. 6(1)(f)).
4. Who We Share Your Data With
We share personal data only where necessary:
– Monitoring station partner: key-holder data and alarm event records are shared with our contracted 24-hour monitoring station for the purpose of alarm response. Where our monitoring partner is located outside the European Economic Area, we ensure appropriate safeguards are in place (such as EU standard contractual clauses).
– An Garda Siochana and Emergency Services: in the event of a verified alarm, panic alarm, fire, or medical activation, as described in our Terms and Conditions of Trade.
– The Private Security Authority (PSA): we are subject to regulation by the PSA and may be required to provide information in connection with licensing or compliance inspections.
– Revenue Commissioners: where required by law.
– Legal and professional advisors: solicitors, accountants, and insurers, where necessary.
– Debt collection agents: where an account is overdue and recovery action is required.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
5. Data Transfers Outside the EEA
We aim to keep all personal data within the European Economic Area. Where a service provider (such as a monitoring station or cloud software provider) is located outside the EEA, we put in place appropriate safeguards as required by Chapter V of the GDPR, such as EU standard contractual clauses or reliance on an EU adequacy decision for the relevant country.
6. How Long We Keep Your Data
– Enquiry records (no contract): 2 years
– Customer contracts, invoices, and financial records: 6 years from end of contract / last transaction
– Alarm event logs: 5 years from event date
– Key-holder records: duration of monitoring contract + 90 days
– CCTV footage (own premises): 31 days unless retained for an incident
– Marketing suppression lists (opted-out contacts): indefinitely, to ensure we do not re-contact you
When data is no longer required it is securely deleted or anonymised.
7. Your Rights
Under the GDPR and the Data Protection Acts 1988 to 2018, you have the following rights in respect of your personal data:
7.1 Right of access
You may request a copy of the personal data we hold about you. We will respond within one (1) month. This is free of charge unless a request is manifestly unfounded or excessive.
7.2 Right to rectification
Iif data we hold about you is inaccurate or incomplete, you may ask us to correct it.
7.3 Right to erasure (“right to be forgotten”)
You may ask us to delete your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (where consent was the basis), or where you have objected to processing and there are no overriding legitimate grounds. This right does not apply where we are required to retain data by law (for example, Revenue record-keeping obligations).
7.4 Right to restriction
Yyou may ask us to restrict processing of your data in certain circumstances, for example while the accuracy of data is being verified.
7.5 Right to data portability
Where processing is based on your consent or on a contract with you and is carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format so that you can transmit it to another controller.
7.6 Right to object
You may object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling. You have an absolute right to object to processing for direct marketing purposes, which we must honour without exception.
7.7 Rights related to automated decision-making
We do not make decisions about you solely by automated means that produce legal or similarly significant effects.
To exercise any of these rights, please contact us in writing:
Email: info@centauralarms.com
Post: Centaur Alarms Limited, [registered address, above]
We will respond within one (1) month of receipt of your request. We may ask you to verify your identity before acting on a request.
8. Complaints
If you are unhappy with how we have handled your personal data, we ask that you contact us in the first instance so that we can try to resolve the matter.
If you remain dissatisfied, you have the right to lodge a complaint with the Data Protection Commission (DPC):
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Telephone: 01 765 0100 or 1800 437 737 (lo-call)
Website: www.dataprotection.ie
Online complaint form: www.dataprotection.ie/en/report-a-concern
9. Security
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include password-protected systems, restricted access to customer records, and secure disposal of paper records.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where required, notify affected individuals without undue delay.
10. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or in applicable law. The current version will always be available at [website URL] and is dated at the top of this document. Where a change is material, we will notify affected individuals by email or by a prominent notice on our website.
11. Contact Us
For any query relating to this Privacy Policy or to the personal data we hold about you: