Legal Document

Privacy Policy

Last Updated: 22 June 2026

22 June 2026

1. Who We Are

Kunolu Pasopo is an independent editorial project operated from 31 Eyre Square, Galway, H91 P5Y8, Ireland. We can be contacted at [email protected] or by telephone at +353 91 566 577.

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Data Protection Acts 1988 to 2018 (as amended by the Data Protection Act 2018, which gave effect to GDPR in Ireland), Kunolu Pasopo is the data controller in respect of personal data collected through this website.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it. We are committed to processing personal data lawfully, fairly, and transparently in accordance with applicable Irish and EU data protection law.

Data Collected

2. What Personal Data We Collect

We collect personal data only when you voluntarily provide it to us. The categories of personal data we may collect include:

  • Contact enquiries: When you use our contact form, we collect your name, email address, and the content of your message.
  • Email correspondence: If you contact us directly by email, we receive and store any personal data contained in that correspondence.
  • Technical data: Our web server may collect standard technical information such as your IP address, browser type, operating system, referring URL, and pages visited. This is collected automatically and is used only for technical administration and security purposes.
  • Cookie data: We use cookies and similar technologies. Please see our Cookie Policy for full details of what cookies we use and for what purposes.

We do not collect sensitive personal data (also called special category data under GDPR), including data about health, financial position, or similar sensitive matters, except where you voluntarily include such information in a message to us.

Legal Basis

3. Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases for processing personal data:

  • Legitimate interests (Article 6(1)(f)): We process technical data and contact enquiries on the basis of our legitimate interests in operating and maintaining this website and responding to correspondence. We have assessed that these interests are not overridden by your rights and freedoms.
  • Consent (Article 6(1)(a)): Where you have consented to the use of non-essential cookies, we process cookie-related data on that basis. You may withdraw consent at any time by adjusting your cookie preferences.
  • Contractual necessity (Article 6(1)(b)): If any service or arrangement arises from contact initiated by you, processing necessary to fulfil that arrangement is lawful under this basis.
How We Use It

4. How We Use Your Personal Data

We use personal data for the following purposes:

  • To respond to enquiries submitted through our contact form or by email
  • To maintain the technical operation and security of this website
  • To comply with legal obligations, including data protection law
  • To understand how visitors use this site in aggregate, in order to improve its content and usability

We do not use your personal data for automated decision-making or profiling. We do not use your personal data for marketing purposes. We do not sell, rent, or otherwise transfer personal data to third parties for their own commercial use.

Data Sharing

5. Sharing and Disclosure

We do not share personal data with third parties except in the following limited circumstances:

  • Service providers: We may use third-party service providers (such as web hosting providers) who process personal data on our behalf as data processors. Such providers are bound by data processing agreements and may not use personal data for their own purposes.
  • Legal requirements: We may disclose personal data where required to do so by law, court order, or at the request of a competent regulatory authority, including the Data Protection Commission of Ireland.
  • Business transfers: In the unlikely event of a transfer or restructuring of this project, personal data may be transferred to a successor entity, subject to the same protections.

Any third-party processors we engage are required to process personal data only on our documented instructions and to implement appropriate technical and organisational security measures.

International Transfers

6. International Data Transfers

We are based in Ireland and aim to process personal data within the European Economic Area (EEA). Where any transfer of personal data outside the EEA is necessary (for example, through the use of certain technical service providers), we ensure that such transfers are made only to countries with an adequacy decision from the European Commission, or subject to appropriate safeguards such as Standard Contractual Clauses as provided for under GDPR Article 46.

Retention

7. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Specifically:

  • Contact enquiry data is retained for a period sufficient to respond to and follow up on the enquiry, and is then securely deleted or anonymised.
  • Technical server logs are retained for a limited period for security purposes and are then automatically deleted.
  • Cookie consent records are retained for as long as the consent remains valid or until it is withdrawn.

When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be linked to an individual.

Your Rights

8. Your Rights Under GDPR

Under the GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access (Article 15): You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data and information about how it is processed.
  • Right to rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (Article 17): You have the right to request deletion of your personal data where it is no longer necessary, where consent has been withdrawn, or where processing is unlawful.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Rights related to automated decision-making (Article 22): We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month as required by GDPR Article 12. We may need to verify your identity before processing your request.

Complaints

9. Right to Lodge a Complaint

If you believe that we have processed your personal data in a manner that is not consistent with applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission of Ireland, which is the supervisory authority for data protection in Ireland.

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: dataprotection.ie
Phone: +353 (0)57 868 4800

We would, however, appreciate the opportunity to address your concerns before you contact the DPC, and invite you to contact us in the first instance.

Security

10. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, as required by GDPR Article 32. These measures are reviewed and updated as necessary.

Where a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours as required by GDPR Article 33, and will notify affected individuals where required under GDPR Article 34.

Children

11. Children's Data

This website is not directed at children under the age of 16. We do not knowingly collect personal data from children. Under the Data Protection Act 2018 as it applies in Ireland, the digital age of consent for processing based on consent is 16 years. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete it promptly.

Changes

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this document. We encourage you to review this policy periodically. Continued use of this website after changes are posted constitutes your acknowledgement of the updated policy.