Privacy Policy

Privacy Policy

Last updated: May 2026

1. Who We Are

SMART Recovery Ireland operates the website smartrecovery.ie. We are committed to protecting your privacy and handling your personal data transparently and lawfully.

2. What Data We Collect

We collect only the minimum data necessary for each purpose:

• Account registration (facilitators and admins): Email address, first name, last name
• Meeting registration: Full name and email address
• Newsletter subscription: Email address (with double opt-in confirmation)
• Contact form: Name, email, subject, and message
• Orders: Name, email, shipping address (for physical products), payment reference

3. How We Use Your Data

Personal data is processed only for the specific purpose for which it was collected:

• Account management and authentication
• Meeting registration confirmations
• Order fulfilment and communication
• Newsletter delivery (only with confirmed consent)
• Responding to contact form enquiries

4. Cookies

We use only strictly necessary cookies:

• Session cookie (sessionid): Maintains your login session. HttpOnly, expires when browser closes or after 2 weeks of inactivity.
• CSRF token (csrftoken): Protects against cross-site request forgery attacks. HttpOnly.

We do not use any third-party tracking cookies, advertising cookies, or analytics cookies.

5. Analytics

We use privacy-friendly analytics that do not use cookies, do not collect personal data, and do not track individual users. No consent is required as no personal data is processed.

6. Data Storage and Security

All data is stored on servers located within the European Union (Hetzner, Germany). We use encryption in transit (TLS/HTTPS) and follow security best practices including password hashing, CSRF protection, and role-based access control.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Portability: Request your data in a commonly used, machine-readable format
• Rectification: Request correction of inaccurate personal information
• Erasure: Request deletion of your personal data
• Restriction: Request we limit processing of your data
• Objection: Object to processing of your data

If you have a registered account, you can export your data and delete your account directly from your account settings. For all other requests, please contact us at info@smartrecovery.ie.

8. Data Retention

• Account data: Retained until you delete your account
• Meeting registrations: Removed after the meeting date
• Order records: Anonymised on account deletion; financial records retained as required by law
• Newsletter subscriptions: Until you unsubscribe
• Contact form submissions: Retained for 12 months

9. Third-Party Services

We use the following third-party services, all of which are GDPR-compliant:

• Stripe / PayPal: Payment processing (they act as independent data controllers)
• SMTP provider: Transactional email delivery

We do not sell, share, or transfer your data to any other third parties.

10. Contact

For privacy-related enquiries, contact us at: info@smartrecovery.ie