Privacy Policy

GDPR & Irish Data Protection Act 2018 Compliant

Last Updated: January 2026

Quick Navigation

1. Introduction2. Data Controller3. Personal Data We Collect4. Legal Basis for Processing5. How We Use Your Data6. Data Sharing & Third Parties7. International Data Transfers8. Data Retention9. Cookies & Tracking10. Data Security11. Your Rights Under GDPR12. Complaints & Supervisory Authority13. Children's Privacy14. Changes to This Policy

1. Introduction

Re-Deem ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Re-Deem - Donate Your Deposit platform and services.

Re-Deem is a donation-routing platform that enables members of the public to donate their Deposit Return Scheme (DRS) refunds to registered charitable organisations, sports clubs, schools, and community groups across Ireland.

This policy is provided in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Irish Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

Re-Deem - Donate Your Deposit

Email: privacy@re-deem.ie

General Enquiries: hello@re-deem.ie

If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Name (first and last name)
  • Email address
  • Password (stored in encrypted/hashed form)
  • Google account information (if using Google Sign-In)

3.2 Donation Information

  • Donation amounts and dates
  • Selected causes/charities
  • Voucher/receipt information
  • Payment transaction details (processed by Stripe)

3.3 Organisation Registration (for Causes)

  • Organisation name and registration number
  • Contact person details
  • Bank account details (IBAN/SWIFT) - stored encrypted
  • Address and county

3.4 Technical Data

  • IP address and device information
  • Browser type and version
  • Usage data and interaction logs
  • Cookies and similar technologies (see Section 9)

5. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your user account
  • To process donations and route funds to selected causes
  • To verify organisation registrations
  • To send transaction confirmations and receipts
  • To provide customer support and respond to enquiries
  • To detect and prevent fraud and abuse
  • To improve our platform and develop new features
  • To comply with legal and regulatory obligations
  • To send service updates and (with consent) marketing communications

6. Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

6.1 Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • MongoDB Atlas: Database hosting (EU region)
  • SendGrid: Email communications
  • Google: Authentication services (if using Google Sign-In)

6.2 Charitable Organisations

We share relevant donation information with the causes you choose to support, enabling them to acknowledge your contribution.

6.3 Legal & Regulatory

We may disclose data to law enforcement, regulators, or other parties where required by law or to protect our legal rights.

7. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contractual protections
  • Data Processing Agreements: With all third-party processors

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

Data TypeRetention Period
Account informationDuration of account + 2 years
Transaction records7 years (legal requirement)
Organisation registrationDuration of registration + 7 years
Technical/usage logs12 months
Marketing preferencesUntil consent withdrawn

After the retention period, data is securely deleted or anonymised.

9. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for the platform to function (authentication, security, session management). These cannot be disabled.

Analytics Cookies

Help us understand how users interact with our platform (e.g., PostHog). You can opt out of these.

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption: TLS/SSL for data in transit; AES-256 for sensitive data at rest
  • Password Security: bcrypt hashing with salt
  • Access Controls: Role-based access, principle of least privilege
  • Audit Logging: Comprehensive logging of security-relevant events
  • Regular Reviews: Security assessments and vulnerability testing
  • Incident Response: Procedures for detecting and responding to breaches

11. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Article 17)

Request deletion of your data ("right to be forgotten") where legally permissible.

Right to Restrict Processing (Article 18)

Request limitation of how we process your data in certain circumstances.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@re-deem.ie

We will respond to your request within 30 days as required by GDPR.

12. Complaints & Supervisory Authority

If you are not satisfied with how we handle your personal data or your rights request, you have the right to lodge a complaint with the Irish supervisory authority:

Data Protection Commission (DPC)

21 Fitzwilliam Square South

Dublin 2, D02 RD28

Ireland

Website: www.dataprotection.ie

Phone: +353 (0)1 765 0100 / 1800 437 737

Email: info@dataprotection.ie

13. Children's Privacy

Re-Deem is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@re-deem.ie and we will delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by posting the updated policy on this page with a new "Last Updated" date. For significant changes, we may also send you a notification via email or display a prominent notice within the app.

Questions About Your Privacy?

We're here to help. Contact our privacy team for any questions or to exercise your data rights.

privacy@re-deem.ie