Privacy Policy

1. Who We Are

Onepct ("we", "us", "our") is a digital marketing agency based in Ireland, specialising in Google Ad Grants management for nonprofit organisations. We are the data controller for personal data collected through this website.

If you have any questions about this policy or how we handle your data, please contact us at hello@onepct.org.

2. Data We Collect

Information you provide directly

When you fill in our contact form, request a free audit, or book a call, we collect:

• Your name
• Your email address
• Your phone number (if provided)
• Your organisation's name
• The content of your message

Information collected automatically

When you visit our website, we may automatically collect certain technical information, including:

• Your IP address and browser type
• Pages visited and time spent on the site
• Referring website or search terms
• Device and operating system information

This information is collected via cookies and similar technologies. See Section 8 for more details.

3. How We Use Your Data

We use the personal data we collect to:

• Respond to your enquiries and provide the services you have requested
• Send you information about our services where you have requested it or given consent
• Improve the performance and usability of our website
• Comply with our legal and regulatory obligations
• Prevent fraud and protect the security of our website

We will not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases to process your personal data:

• Contractual necessity — to deliver the services you have requested or to take steps prior to entering a contract with you.
• Legitimate interests — to respond to enquiries, improve our website, and protect against fraud, where your interests do not override ours.
• Consent — where you have given clear and specific consent, for example to receive marketing communications. You may withdraw consent at any time by contacting us.
• Legal obligation — where we are required to process data to comply with a legal requirement.

5. Sharing Your Data

We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary to operate our services, including:

• Service providers — such as email platforms, scheduling tools (e.g. Calendly), and analytics providers, who process data on our behalf under data processing agreements.
• Google LLC — in connection with Google Ad Grants management services we provide to clients.
• Professional advisers — such as lawyers or accountants, where required.
• Law enforcement or regulators — where we are legally required to disclose information.

All third-party processors are required to maintain appropriate security measures and may only process your data in accordance with our instructions.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law. Specifically:

• Contact form submissions are retained for up to 2 years from the date of last contact.
• Client-related data is retained for up to 7 years following the end of our engagement, in line with Irish tax and commercial law requirements.
• Website analytics data is typically retained for 26 months.

When data is no longer required, we securely delete or anonymise it.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data where there is no legitimate reason for us to continue processing it.
• Right to restriction — to request that we restrict processing of your data in certain circumstances.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@onepct.org. We will respond within one month of receiving your request.

If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at dataprotection.ie.

8. Cookies

Our website uses cookies — small text files stored on your device — to improve your experience and help us understand how the site is used.

Types of cookies we use

• Strictly necessary cookies — essential for the website to function. These cannot be disabled.
• Analytics cookies — help us understand visitor behaviour so we can improve the site (e.g. Google Analytics). These are only set with your consent.
• Functional cookies — remember preferences to improve your experience (e.g. Calendly scheduling widget).

You can control cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of parts of our website. Where required by law, we will obtain your consent before setting non-essential cookies.

9. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with an EU adequacy decision

You can request more information about the specific safeguards in place by contacting us.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction. These include secure data transmission (HTTPS), access controls, and regular security reviews.

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. If you become aware of any security concern, please contact us immediately.

11. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website following any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or the way we handle your personal data, please contact us:

• Email: hello@onepct.org
• Website: onepct.org/contact

We will do our best to respond to all enquiries within 5 business days.