Privacy Policy
Effective Date: [01.01.2025]
Last Updated: [27.06.2026]
Caron Training and Consulting Limited takes your privacy seriously. This notice explains what personal information we collect about you, why we use it, who we share it with, how long we keep it, and what your rights are under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
We have written this in plain English. If anything is unclear, please contact us using the details at the end.
1. Who we are
We are Caron Training and Consulting Limited. We are the data controller for the personal information described in this notice. We are regulated by the Central Bank of Ireland.
Address: 35 Windfield Gardens, Clybaun Road, Knocknacarra, Galway H91 YNA0
Phone: 087 6486081
General email: james.caron@carontraining.com
Data protection queries: james.caron@carontraining.com
2. Who this notice applies to
This notice applies to anyone whose personal information we hold, including:
Clients and prospective clients.
Employees of corporate clients.
Family members, beneficiaries or next of kin named in a policy or plan.
Third-party claimants.
Visitors to our website.
People who apply for a job with us.
3. What information we collect
The information we collect depends on the service you ask for. It may include:
Contact and identity details — name, address, email, phone, date of birth, signature, photo ID.
Unique identifiers — PPS number, policy numbers, pension scheme references. We need these to meet tax, Revenue and other regulatory requirements.
Personal circumstances — age, marital status, dependants, lifestyle, insurance needs.
Information about people in your household or named on your policy — children, spouse, next of kin, nominated beneficiaries, anyone holding a Power of Attorney or Enduring Power of Attorney for you, and your solicitor, tax adviser or accountant where relevant.
Employment information — role, salary, benefits, employment history. We need this to complete the Fact Find required by the Central Bank of Ireland.
Financial details — bank account, credit history, bankruptcy status, tax code, contribution history.
Health information — medical history, current health, lifestyle factors such as smoking and alcohol, biometric data and disability information. This is a special category of data under GDPR and we collect it only where it is necessary for the product you are arranging.
Pension and insurance information — current benefits, retirement date, voluntary contributions, Pension Adjustment Orders.
Claims information — details of claims by you or by relevant third parties.
Criminal record information — for certain products such as motor insurance.
Background check results — sanctions, anti-money-laundering and credit checks.
Marketing preferences — only where you have given us permission.
Online information — how you use our website, your IP address, and cookies (see our Cookie Policy).
Event information — your interest in and attendance at events we run, including any feedback you give us.
Social media information — when you like, comment on or message our pages.
Calculator inputs — figures you enter into our online quote tools for life insurance or mortgage protection.
4. How we collect your information
We collect information directly from you when you:
Ask us for a quote, advice or any other service.
Sign up for our website or online tools.
Use our website or apps (cookies and similar technologies).
Contact us on social media.
Send us a query or a complaint.
Apply for a job.
We also receive information about you from third parties, including:
Insurers, underwriters and product providers.
Credit reference and identity-verification services (for example, Credit Safe and Vision Net).
The Companies Registration Office (CRO) and, where access is permitted, the Register of Beneficial Owners (RBO).
Other intermediaries or professional advisers who refer you to us.
Public sources, where relevant.
5. Sensitive (special-category) information
GDPR gives extra protection to sensitive information such as health data or criminal-record data. We only collect and use this kind of information where:
You have given us your explicit consent; or
We are permitted to do so under Section 46 of the Data Protection Act 2018, which allows processing for insurance and pension purposes provided we have suitable safeguards in place.
6. Information our website collects automatically
When you visit our website, we use cookies and similar tools to record information such as your IP address, the pages you view, how you reached our site, and your device and browser type. We only use non-essential cookies (analytics, marketing, preferences) if you have given consent. You can change or withdraw your consent at any time using the “Manage Cookies Consent” option on our website. Full details are in our Cookie Policy.
7. Why we use your information and our legal basis
We rely on the following legal bases under GDPR:
Performance of a contract — to arrange and manage the insurance or financial product you have asked for.
Legal obligation — for example, to meet our duties under:
The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (anti-money-laundering and sanctions checks);
The Central Bank of Ireland's Consumer Protection Code (revised 2025, effective 24 March 2026), including the Fact Find / Know Your Customer requirements;
The European Union (Insurance Distribution) Regulations 2018;
Tax and Revenue legislation (for example, Revenue Certificates and pension reporting).
Consent — where required (for example, certain health information, criminal-record checks, or sending you marketing). You can withdraw consent at any time.
Legitimate interests — for example, to prevent fraud, to improve our service, and to run our business. We always weigh our interests against your rights, and you can object to processing on this basis.
8. What we use your information for
Arranging and servicing your insurance and financial products.
Carrying out regulatory checks (AML, sanctions, Fact Find).
Managing claims and providing quotes.
Communicating with you and answering your questions.
Marketing — only where you have given us permission. We may use email, post, our website, LinkedIn, Facebook, and customer-communication tools such as Engage Hub and Circulator. These are platforms we use to send updates and marketing messages on our behalf, under written data-processing agreements.
Improving our website and services.
Handling complaints.
Notifying you of important changes to your products or our services.
9. Use of Artificial Intelligence (AI)
We use AI tools to help with internal tasks such as:
Research and information gathering.
Drafting and designing presentations.
Managing schedules and appointments.
Helping with marketing content and planning.
Transcribing meetings.
Where an AI tool may come into contact with personal data (for example, in a meeting transcript), we only use providers that have signed a written data-processing agreement with us. We do not use AI to make any solely automated decisions about you, and a member of our team reviews all AI outputs before they are used.
If you have any questions about how we use AI, please contact us.
10. Who we share your information with
We share your information only where we need to, and only as much as is necessary. The categories of recipients include:
Insurers, underwriters, reinsurers, loss adjusters and other product providers, so they can quote for, issue or manage your policy.
Credit reference, fraud-prevention and identity-verification agencies.
Legal advisers, loss adjusters and claims investigators when needed to handle a claim or defend a legal action.
Medical professionals where you have provided health information for a claim or quote.
Law-enforcement bodies and regulators (including the Central Bank of Ireland, the Revenue Commissioners and the Data Protection Commission) where required by law.
Our service providers — IT, telecoms, accounting, payroll, CRM and back-office providers — who process your data on our instructions under data-processing agreements.
Internal and external auditors.
We do not sell your information to anyone.
11. Transfers outside the European Economic Area (EEA)
Some of the service providers we use (for example, certain cloud or IT providers) are based outside the EEA. Where this happens, we make sure your information is protected by one of the following safeguards:
Transfer to a country that the European Commission has decided provides an adequate level of protection. This currently includes, for example, the United Kingdom and organisations in the United States that are certified under the EU–US Data Privacy Framework.
Standard Contractual Clauses (SCCs) approved by the European Commission, combined with extra safeguards where needed.
Binding Corporate Rules, where the third party has them in place.
You can ask us for more detail or a copy of the relevant safeguard using the contact details below.
12. How we keep your information safe
We have technical and organisational measures in place — including encryption, access controls, staff training, secure storage and incident-response procedures — to protect your information against loss, unauthorised access, alteration or destruction.
13. Record of Processing Activities
As required by Article 30 of the GDPR, we keep a Record of Processing Activities (ROPA) showing what data we hold, why we hold it, who we share it with, how long we keep it and how we secure it. The ROPA is available to the Data Protection Commission on request.
14. How long we keep your information
We do not keep your information for longer than we need to. The actual period depends on the type of record and the legal duties that apply, but the most relevant minimums are:
At least six years after the end of our relationship with you, for general client records. This reflects Central Bank of Ireland requirements and the Statute of Limitations.
At least five years from the end of the business relationship, for anti-money-laundering records, under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended.
Longer periods where a claim, complaint or legal matter is open, or where another law requires it.
Our full Retention Schedule is available on request. When information is no longer needed it is securely destroyed or anonymised.
15. Your rights
While we hold your personal information, you have the right to:
Access — request a copy of the information we hold about you.
Rectification — ask us to correct inaccurate or incomplete information.
Erasure — in certain circumstances, ask us to delete your information. This may not always be possible if we have a legal duty to keep it.
Restriction — ask us to limit how we use your information in certain circumstances.
Portability — receive a copy of the information you have given us in a structured, commonly used and machine-readable format, or have it sent directly to another organisation.
Object — object to certain types of processing, including direct marketing and processing based on our legitimate interests.
Withdraw consent — at any time, where we rely on your consent. For marketing, every email we send contains an unsubscribe link; for other consents, please contact us.
Object to a solely automated decision — ask for a human review, express your point of view, and contest the decision (Article 22(3) GDPR).
Complain — to us first, and to the Data Protection Commission (see below).
To exercise any of these rights, contact us at james.caron@carontraining.com or by post to the address at the top of this notice. We will respond within one month.
16. Automated decisions and profiling
We may use automated tools (a computer making a decision without a person involved) for:
You have the right to ask that any solely automated decision be reviewed by a person. You can also tell us your point of view and challenge the decision. Please contact us to do so.
17. Children’s information
We may hold information about children where you have asked us to include them on a policy or pension plan. Where we do so we rely on the consent of a parent or guardian and we apply extra care to that information.
18. Third-party rights against insurers
Under Section 21 of the Consumer Insurance Contracts Act 2019, if you have liability insurance and you cannot be found, die, become insolvent, or where a court decides it is just and equitable, your rights under the insurance contract may transfer to the injured third party — even though they are not named in the contract. The third party can then claim directly from the insurer.
If a third party reasonably believes that you have caused them a loss covered by insurance, they can ask us, the insurer or other relevant parties for information about:
We must respond to such requests within 28 days, in line with the Act.
19. What happens if you do not give us the information we ask for
If we ask for information so that we can meet our legal duties or arrange your insurance, and you choose not to provide it, we may not be able to give you the service you have asked for.
20. How to complain
If you have any concerns about how we have handled your information, please contact our Head of Compliance first so we can try to resolve the issue:
You also have the right to lodge a complaint with the Data Protection Commission:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Phone: 01 765 0100 / lo-call 1800 437 737
Email: info@dataprotection.ie
Web: www.dataprotection.ie
21. Changes to this notice
We may update this notice from time to time. The current version will always be on our website, and changes take effect from the date they are posted. Please check back from time to time.
Last reviewed: 06/05/2026
22. Contact us
Cookie Policy
Our website uses cookies. Cookies are small text files that a website saves on your device. They help websites work properly and let the site owner understand how the site is used.
Some cookies are strictly necessary - without them the site cannot work, and your consent is not required for these. For all other cookies (preferences, statistics, marketing) we ask for your consent. You can change or withdraw your consent at any time using the “Manage Cookies Consent” option at the bottom of every page.
Modern browsers also let you control or delete cookies. For more information about cookies generally, visit www.allaboutcookies.org.
Categories of cookies we use
Necessary — enable basic functions such as page navigation and access to secure areas.
Preferences — remember information that changes how the site behaves or looks, such as your preferred language.
Statistics — help us understand how visitors interact with the site by collecting anonymous information.
Marketing — used to track visitors across websites so that ads shown are relevant.
Unclassified — cookies we are still in the process of classifying.
Cookies in detail
Necessary
These cookies are required to enable basic website functionality, such as page navigation, secure areas, and spam protection.
Name | Provider | Purpose | Max storage | Type |
wordpress_logged_in_* | carontrainingconsulting.com | Used by WordPress to check if the current visitor is a logged-in user or administrator. | Session | HTTP Cookie |
wordpress_sec_* | carontrainingconsulting.com | Provides protection against hackers and stores account authentication details. | Session | HTTP Cookie |
wp-settings-* / wp-settings-time-* | carontrainingconsulting.com | Used to persist and customize the user's view of the WordPress admin interface. | 1 Year | HTTP Cookie |
elementor | carontrainingconsulting.com | Used by the website's WordPress theme/page builder to optimize layout and design responsiveness. | Persistent | Local Storage |
_grecaptcha | Google | Used by the Google reCAPTCHA risk-analysis engine to protect contact forms against spam and automated bots. | 6 Months | HTTP Cookie |
Preferences
These cookies allow the website to remember information that changes the way the site behaves or looks, such as your preferred layout settings.
Name | Provider | Purpose | Max storage | Type |
wp_lang | carontrainingconsulting.com | Remembers the user's selected language settings to display content correctly if multi-language features are used. | Session | HTTP Cookie |
Statistics
These cookies collect anonymous data about how visitors interact with your website, allowing you to track page views and traffic sources.
Name | Provider | Purpose | Max storage | Type |
_ga | Google Analytics | Registers a unique, randomized ID used to generate statistical data on how visitors move through the website. | 2 Years | HTTP Cookie |
ga* | Google Analytics | Used by Google Analytics to track and store individual page-view session states. | 2 Years | HTTP Cookie |
_gid | Google Analytics | Registers a unique ID used to generate statistical data for a 24-hour cycle to count daily unique visitors. | 24 Hours | HTTP Cookie |
gat_gtag_UA* | Google Analytics | Set by Google Tag Manager to throttle the data collection rate on high-traffic pages, keeping site performance fast. | 1 Minute | HTTP Cookie |
Marketing
These cookies are used to track visitors across websites to measure marketing efficiency or enable targeted advertising features.
Name | Provider | Purpose | Max storage | Type |
_gcl_au | Google AdSense | Used by Google to track conversions and experiment with ad efficiency for users arriving via Google advertisements. | 3 Months | HTTP Cookie |
IDE / test_cookie | Google (doubleclick.net) | Used by Google DoubleClick to measure the efficacy of online marketing campaigns and display relevant ads on other sites. | 1 Year / Session |
Cookie declaration last updated: 27/05/2026
