Privacy Policy2018-09-28T11:21:09+00:00

Privacy Policy, Cookie Policy and GDPR Compliance statement


Sherwood & Associates respects your right to privacy and acknowledges our duties to comply with our obligations under the Data Protection Act 1988 & 2003 and the EU General Data Protection Regulation (GDPR) effective from 25th May 2018.  GDPR together with applicable Irish Legislation amends existing data protection law and place enhanced accountability and transparency obligations on committee’s / organisations when using your information.

We take your privacy seriously.  It is important that you know exactly what we do with any personal information that you provide to us and why we gather it.

Who are ‘Sherwood & Associates’ / ‘Sherwood & Associates LTD’?

Sherwood & Associates specialises in finding solutions to difficult challenges. We provide a wide range of management consultancy services to public & private sector clients. We rely on high skills using traditional and non-traditional methods in an interactive goal directed team approach to develop customised solutions for difficult challenges requiring innovation, integration and lateral thinking. We are informed by up to date best practice and cutting edge concepts as developing in a global context.

Sherwood & Associates are located at:

142 Árd Na Mara, Malahide Demesne, Malahide, Co. Dublin, K36 TY46, Ireland.

This statement relates to our privacy practices and GDPR compliance in connection with this website,  or We are not responsible for the content, privacy practices or GDPR compliance of other websites. Any external links to other websites are clearly identifiable as such.

Who is the Data Controller?

Alan Sherwood is the Data Controller for Sherwood & Associates Ltd.

Where is the location of processing? Sherwood & Associates LTD is based at the above address and can be contacted by telephone on +353 86 2577585 or E-mail us via our contact form. Personal Data is processed at our base, registered address or at other locations where we may be conduct meetings with current or prospective clients.

What personal data do we process? How do we process data?

We process the following data: Customer Name, telephone number(s), email addresses and customer queries such as may arrive to Sherwood and Associates via phone conversations or our Contact Us form on the website.

We process information relating to such queries as may be required or requested by the customer. We also process text submitted via forms on our website (which may or may not include names, e-mail addresses and telephone numbers) and IP addresses. Where customers drop into us at our base, we collect information in manual / paper and electronic formats. We do not record telephone calls or conduct audio or video recording.

Our website ( is currently hosted by HostGator; you can read more about their GDPR compliance here: We also use / for our email services – you can learn more about Microsoft’s commitments to business data compliance here:

Sherwood & Associates LTD do not process credit card information on this website nor do we currently accept payments of any kind via the website.

How do we store and protect data?

Physical / paper-based data is stored at our registered address under lock and key. Electronic data is similarly stored at our registered address and devices storing this information are password protected. All data is accessible only by Sherwood & Associates staff. We do not store client information on cloud servers.

<!–This next bit will be true when site is moved / SSL applied: I will remove it and add it back when the site is moved.

Information provide via this website is secured within HTTPS networks. HTTPS is the protocol over which data is sent between your browser and Sherwood & Associates LTD website. The “S” at the end of HTTPS stands for secure and indicates that these communications are encrypted. –>

How long do we retain data for?

Generally speaking we will store client information only as long as it is needed. In terms of your personal details, any work we undertake are tied to these details – we need to be able to contact you to advise on costings to respond to work estimates, and we need to update you as to any changes in any project work required or that we undertake on your behalf.

All of the queries sent to us via our website arrive into our mailboxes which we then respond to – either by phone or email (usually by phone as it’s quicker). These emails are backed up as part of our website system purely so as to ensure a response in terms of any email failure – and they are periodically deleted at regular intervals after any particular job is completed or query answered.

Our stance on data retention is guided by the Irish Government’s Data Protection Commission and their GDPR & You website.

Why do we process personal data?

We process data as part of the process of providing our services. This includes, but is not limited to storing your contact details in order to conduct business with you while you are a potential / current customer; to arrange meetings to discuss potential or current projects; to liaise with other professionals whom we work with to provide our services, for  invoicing, end-of-year accounting and other day-to-day administration purposes that are within our legitimate interests.

Who do we share data with and why?

Sherwood & Associates LTD does not share data with individuals, companies or organisations except under the following circumstances:

  1. With your Consent – in very rare circumstances we may share personal information relating to you / your company or project with other professionals when we have your written permission to do so; this might be where we work with our trusted partners in order to create a project proposal or where you’ve requested a service we do not provide but can refer you onto a trusted third party company with which we are very familiar and can recommend.
  2. For processing by third parties – including Hostgator / Calnet Solutions / (website and primary email host), Gmail (email platform), Google Analytics and Google Adwords (for identifying which parts of our website are most popular and for placing adverts for our website on Google) and our Accountants.
  3. For legal reasons – Sherwood & Associates LTD will share personal information with outside organisations when legally obliged to do so e.g. at the request of the Gardaí or Revenue Commissioners.
  4. Consent: Prior to initial meetings to discuss work / projects being undertaken we provide customers with a Consent Form which must be signed. Our Consent Form does not contain pre-ticked boxes and does not assume Consent; Consent must be freely given. Once provided, Consent remains valid for the estimated period of the project or work undertaken, although customers can withdraw their Consent by advising us in writing of their desire to do so.

What is GDPR?

The General Data Protection Regulation (GDPR) is a piece of legislation prepared by the European Union that aims to give you more control over how your data is used and protected. The new legislation comes into effect on the 25th May 2018. GDPR affords you the following rights:

  1. Right to be Informed: You have the right to be provided with “fair processing information”, which will be completely transparent about how we have gathered and will use your data. You have the right to be notified about any third party processors with whom we share your personal data, along with the reason for doing so.
  2. Right of Access: You have the right to confirmation that your personal data are being processed and to access a copy of your personal data.
  3. Right of Rectification: You have the right to have your personal data corrected if it is inaccurate or incomplete.
  4. Right to Erasure: You have the right to have your personal data deleted from our systems in the following situations:
    • When you withdraw consent
    • Data deletion is to comply with a legal obligation
    • Where the data was unlawfully processed
    • Where it is no longer necessary
    • Where you object to the processing
    • We may have grounds to refuse such deletion requests for the following reasons:
    • Exercise the right of freedom of expression
    • To comply with legal obligations
    • The exercise or defence of legal claims
    • Archiving purposes in the public interest
  5. Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form.
  6. Right to Object: You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail). We do not automatically add any customers details to any direct marketing system or outlet. We do run a periodic email marketing campaigns (usually once per calendar month) but these are only sent out to customers whom have requested to join the specific mailing list(s).
  7. Rights in relation to Automated Decision Making and Profiling: We do not carry out any automated decision making or profiling activities, so this right does not apply in this circumstance.

To exercise these rights, please send an e-mail to We may ask you to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit.

Use of cookies: This website uses temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited. A cookie is a small piece of data that may be stored on your computer or mobile device. Further information on cookies can be found at

Information on stopping unwanted cookies in Chrome, Firefox, Opera, Safari and Internet Explorer browsers is available via your browser’s help/settings menu. Cookies which may be collected include JSESSIONID, PHPSESSID, @@History/@@scroll|#, _ga, _gat, _gid, p.gif, collect, r/collect, crumb, ss_cid, ss_cvisit, ss_cvr, ss_cvt, TrackJS, trustedsite_session and usage.gif.

Technical details in connection with visits to this website are logged by our internet service provider for our statistical purposes. No information is collected that could be used by us to personally identify website visitors. The technical details logged are confined to the following items:

  • the IP address of the visitor’s web server – this is the identifying details for your computer, or your internet company’s computer, expressed in “internet protocol” code (for example 192.16x.xx.xx). Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.
  • the top-level domain name used (for example .ie, .com, .org, .net)
  • the previous website address from which the visitor reached us, including any search terms used
  • Google Analytics which shows the traffic of visitors around this web site (for example pages accessed and documents downloaded). You can read more about Google Analytics’s Privacy Policy here:
  • the type of web browser and operating system used by the website visitor.

“Sherwood & Associates LTD” makes no attempt to identify individual visitors, or to associate the technical details listed above with any individual, nor will we disclose such technical information in respect of individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law. The technical information will be used only by “Sherwood & Associates LTD” and only for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, do not constitute “personal data” for the purposes of the GDPR.

Cross-border data transfer: Our use of HostGator,,, and MailChimp (for our planned future marketing campaigns) means that certain personal data is stored on servers located outside of the EU. We understand that these companies are GDPR compliant and have subscribed to the EU-US and Swiss-US Privacy Shield which is a regulatory implementation designed to guarantee that EU citizens are adequately protected under EU data protection laws as their data passes into and out of the United States. Read more about Privacy Shield here:

Complaints about how your data is processed: If you are concerned about how personal data is processed by Sherwood & Associates LTD, please contact us via this link: or by emailing

Third Party links: This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website to which this website contains a link. The inclusion of a link on the website does not imply endorsement of the linked website by us.

Additionally, we may provide you with access to third-party functionality that permits you to post content to your social media account(s). Please note that any information that you provide through use of this functionality is governed by the applicable third party’s Privacy Policy, and not by this Privacy Policy, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites. We seek to protect the integrity of this site and welcome any feedback about linked sites, including if a specific link does not work.

Updates or Questions: This Privacy Policy is reviewed regularly and amendments will be posted on this page. Last updated 28/09/2018. We expect to update our website hosting very soon and this document will be updated at at that time as appropriate.