General Data Protection Regulation


The community services programme is aware that the law is changing for the General Data Protection Regulation which will come into force on 25th March 2018 replacing the existing data protection framework under the EU Data Protection Directive. We have identified that our customer data may cause compliance problems under the GDPR.



  • Why are we holding this data?

The personal data that we hold for Tru Irish is customer names, addresses and telephone numbers. We hold this information to fulfill orders, to justify what sales we have made and to whom over the working year and for legal reasons. We also use website users information such as geographical information, gender, age etc. to use as statistical information in our research on how to better understand our customers who visit our website and make purchases from us. 


  • How did we obtain this data?

We obtained this information from the customer over our online platforms –, eBay, Etsy, Amazon, who sent it to us through PayPal and other online banking tools. We also gathered information from Google Analytics to comprise data.


  • Why was the data originally gathered?

The information was originally gathered so that we can fulfill orders for our customers.


  • How long will we retain it?

We will retain the information for 7 years for accounting purposes.


  • How secure is it, both in terms of encryption and accessibility?

We secure the paper forms in a filling-system in the office and the online data is secured on a password entry computer on online systems such as Paypal which are secured with an email and password entry system.


  • Do we ever share it with third parties and why do we share it?

We share that information with our suppliers/crafters who send the products to the customers. We do not share banking information with our crafters.