Version: 22 MAY 2018

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

JJ O’Toole Limited will comply with the GDPR as a data controller and processor when it takes effect on 25th May 2018.

Please note that we may amend this policy on a regular basis. Please visit this page to keep up to date.

1) Who is responsible for Data Protection? +353 61 229333

2) Why do we keep your data?

JJ O’Toole Limited only collect the personal information of our customers to keep them up to date with JJ O’Toole related information or special offers that have come available to them as JJ O’Toole customers.

3) What personal data do we keep about you?

Your first name, surname and email address.

4) Who do we share this data with?

We do not share this data with anyone outside of JJ O’Toole.

5) Where did we find your data?

You applied through our website or directly to us by email.

6) Where is your data stored and processed?

You information is held and processed on our own internal servers and on a nightly basis backups are made to a NAS internal storage system (HD back up disks).  We also have remote off site nightly backups with our IT company, DB Computer Solutions for our accounts data.

7) How long do we keep your data?

We keep your data for 12 months from your last interaction with us or through us, or until you tell us to delete your data, whichever is the shortest.

8) How do we protect your data?

To protect your information we have installed multiple securities – Zyxel Firewall / Antivirus / antispam, antimalware and RDF securities.

9) Under the GDPR you have the right to:

  1. Be informed
  2. Access the data we hold about you
  3. Restrict the processing of your data
  4. Rectify the data we hold about you
  5. Erasure (right to be forgotten)
  6. Data portability
  7. Object to the use of your data
  8. Not to be subject to automated decision-making and profiling

10) How can you exercise your rights as a Data Subject?

Email our Data Protection Contact, at or call +353 61 229333 with the right you wish to exercise in the subject line.

Please be aware that you may be asked for a proof of identity, which will not be kept after processing your request. We may also need to ask for more information about your request to process it.

Under the GDPR we have 30 days to comply with your request, unless we have a legal obligation preventing us to do so; in which case we will share that reason with you.

11) I have a question that is not covered in this document:

Please contact our Data Protection Contact, or call +353 61 229333

12) What data do you collect when I visit your site?

We collecting cookie data from visitors to our website for Google Analytics purposes. This lets us know what pages were viewed and what was purchased.


We collect very little data about our Suppliers. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect company bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.