Xtreme Signs Privacy Policy
Effective Date: December 1, 2025
Xtreme Signs respects your privacy and is committed to protecting your personal data. We comply with our obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy describes how we collect, use, disclose, and protect the personal data you provide to us when you use our website, place an order, or otherwise interact with us.
1. Who We Are (Data Controller)
Xtreme Signs,
Oak Road Business Park,
Unit 20 New Nangor Road,
Knockmitten,
Dublin 12, D12 YV79
Email: info@xtremesigns.ie
We are the Data Controller responsible for your personal data.
2. The Personal Data We Collect
We collect and process the following categories of personal data:
| Category of Data | Examples of Data | Purpose of Collection (Legal Basis) |
|---|---|---|
| Identity Data | Name, title, company name | For order processing, account setup, and communication (Contractual Necessity, Legitimate Interest). |
| Contact Data | Billing address, delivery address, email address, telephone numbers | To deliver orders, manage your account, and communicate regarding your order (Contractual Necessity, Legitimate Interest). |
| Financial Data | Payment card details (processed securely via third-party providers), purchase history | To process payments for orders (Contractual Necessity). |
| Marketing and Communications Data | Your preferences in receiving marketing from us and our third parties, and your communication preferences | To send you relevant marketing, subject to your consent (Consent, Legitimate Interest). |
| Technical/Usage Data | Internet Protocol (IP) address, login data, browser type and version, time zone setting, location, operating system and platform, and other technology on the devices you use to access this website | To improve our website and ensure security (Legitimate Interest). |
3. How We Use Your Personal Data (Legal Basis)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Contractual Necessity: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to process and fulfil your order).
Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., to improve our services, prevent fraud, or keep our website secure).
Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., to send you marketing emails).
Legal Obligation: Where we need to comply with a legal obligation (e.g., tax or accounting laws).
4. Direct Marketing, Opt-In, and Opt-Out
Email Marketing: We will only send you marketing emails about our products, services, promotions, or contests where you have given your explicit Consent (Opt-in). You can withdraw your consent at any time by clicking the "unsubscribe" link in the email or by contacting us using the details in Section 1.
Processing Orders: Please note that when you make a purchase, you will receive service emails related to your order (such as order confirmation and shipping updates). These are based on Contractual Necessity and are not marketing emails.
Removing Data: If you wish to be removed from all marketing lists, please contact us. Note that it may take up to 28 days for your request to be fully processed across all systems.
5. Sharing Your Personal Data
We may share your personal data with third parties in the following circumstances:
Service Providers: We engage trusted third-party companies and individuals to help us operate our business, such as payment processors, delivery/courier companies, IT services, and marketing service providers. We only share the information necessary for them to perform their function and require them to treat your data securely and in accordance with the law.
Legal Requirements: Where required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our customers.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to a new entity.
We do not sell or rent your personal data to unaffiliated third parties for their own marketing purposes.
6. International Transfers
We may transfer your personal data outside the European Economic Area (EEA). If we do so, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.12
Where we use certain service providers, we may use specific contracts approved by the European Commission which give p3ersonal data the same protection it has in the EEA (e.g.4, Standard Contractual Clauses).
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to a new entity.
7. Data Security and Retention
Security: We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
Retention: We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8. Your Data Protection Rights (GDPR)
Under Irish Data Protection Law, you have the following rights regarding your personal data. You can exercise these rights by contacting us using the details in Section 1.
Right of Access: You have the right to request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification: You have the right to have inaccurate or incomplete data corrected.
Right to Erasure ('Right to be Forgotten'): You have the right to request that we delete your personal data, subject to certain exceptions (e.g., where we need the data to comply with a legal obligation).
Right to Restrict Processing: You have the right to 'block' or suppress the processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
Right to Object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party).
Rights related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
9. Children's Privacy
Our website and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently received personal data from a child under 16, we will delete such information from our records.
10. Cookies
Our website uses cookies. A cookie is a small data file placed on your device to collect standard internet log information and visitor behaviour information. We use them to improve your shopping experience (e.g., keeping track of your order) and to analyse website usage.
We will obtain your explicit consent to use cookies that are not strictly necessary for the operation of the website. You can manage your cookie preferences through your browser settings or our cookie banner.
11. Complaints
If you have any concerns about our use of your personal data, you can make a complaint to us directly using the contact information in Section 1.
You also have the right to lodge a complaint with the Irish supervisory authority for data protection:
The Data Protection Commission (DPC)
Contact details for the DPC can be found on their website: www.dataprotection.ie