Privacy policy
Last updated: 6 April 2026
This policy explains how Forcefloraai.world (“we”, “us”) processes personal data when you use our website. We comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) as it applies in Ireland, and with the Data Protection Act 2018 (Ireland), which gives further effect to the GDPR (including provisions on processing, enforcement, and the role of the Data Protection Commission). Where we use cookies or similar technologies, the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336 of 2011), as amended (“Irish ePrivacy Regulations”), also applies alongside the GDPR.
This notice is provided for transparency. It is not legal advice. If you need guidance on your own situation, consider independent advice or the resources published by the Data Protection Commission.
1. Data controller
The controller responsible for this site is the publisher operating at:
- Postal address: Croi Nua, Rosary Ln, Taylor's Hill Rd, Galway, H91 WY2A, Ireland
- Email: request@forcefloraai.world
- Phone: +353 87 242 7992
We do not appoint a Data Protection Officer (DPO) unless Irish or EU law requires it. For any question about this policy or your personal data, contact us using the details above. You may also contact the Data Protection Commission (see section 13).
2. Scope and children
The site provides general lifestyle information intended primarily for adults. Under Article 8 GDPR and the Data Protection Act 2018, where information society services are offered directly to a child, the digital age of consent in Ireland is 16 unless consent is given or authorised by the holder of parental responsibility. We do not target children and do not knowingly collect personal data from anyone under 16 without appropriate authority. If you believe we have received such data, contact us and we will delete it without undue delay where the law requires.
3. Categories of data we process
- Technical data: IP address, device type, browser, referring URL, timestamps—typically through server logs or analytics if you enable that category.
- Communication data: name, email address, and message body when you use the contact form or send email.
- Preference data: cookie consent choices stored locally in your browser (see cookie policy).
- Newsletter or interest forms: email address if you submit the hero form or equivalent field.
We do not intentionally collect special categories of personal data (Article 9 GDPR) or data relating to criminal convictions (Article 10 GDPR). Please do not send health or other sensitive information via the contact form unless you choose to; we will process it only to the minimum extent needed to handle your message and in line with applicable law.
4. Sources of data
We receive personal data directly from you when you browse (technical data), use forms, email us, or subscribe. We do not buy marketing lists for this website.
5. Purposes and lawful bases
| Activity | Lawful basis (GDPR Article 6) |
|---|---|
| Operate and secure the website | Legitimate interests in secure hosting (balanced with your rights) |
| Respond to messages you initiate | Steps prior to contract / legitimate interests; consent where requested |
| Optional analytics cookies | Consent (Art. 6(1)(a)) |
| Optional marketing or advertising cookies and similar technologies (including ad measurement) | Consent (Art. 6(1)(a)) |
| Occasional editorial emails when you use the homepage sign-up and tick the consent box | Consent (Art. 6(1)(a)) |
| Legal compliance and defence of claims | Legal obligation / legitimate interests |
Where we rely on legitimate interests (Article 6(1)(f) GDPR), we balance our interests against your rights; you may object on grounds relating to your particular situation as described in section 9. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Direct electronic marketing (for example, a newsletter or “updates” messages) is sent only where we have a valid basis under Irish and EU law—typically your prior opt-in consent, clearly separated from other matters. We do not use the homepage email field to add you to a mailing list unless you tick the separate consent checkbox on that form. You may opt out using the link in any email or by writing to us.
Online advertising. If we display ads through third-party networks (for example Google Ads), those partners may process technical data, identifiers, or usage signals in line with their own policies and with your cookie choices on this site. Such processing typically relies on your consent where Irish and EU ePrivacy rules require it for storage or access on your device, or on other lawful bases where the law permits. We do not control independent platforms’ internal ad systems; you may use our cookie banner, browser settings, and any industry opt-out tools those vendors publish.
6. Embedded maps and third-party widgets
Pages that show a Google Maps embed load resources from Google (for example Google Ireland Limited and its affiliates). When your browser requests the map, Google may process technical data (such as IP address and device signals) under its own terms and privacy notices. We embed the map only to help you find our approximate postal location in Galway. If you prefer not to load Google’s player, avoid scrolling to the map section or use browser tools that block third-party requests; you can always contact us for directions in plain text.
7. Storage locations and international transfers
Data may be processed on servers in the European Economic Area (EEA). If a processor transfers personal data outside the EEA (for example to the United Kingdom or the United States), we require a transfer mechanism recognised under Chapter V GDPR, such as an adequacy decision by the European Commission, Standard Contractual Clauses (SCCs) approved by the Commission, or another Article 46 safeguard, together with any supplementary measures that are appropriate in context.
We do not sell personal data. Sub-processors (hosting, email delivery, analytics or advertising technology if enabled with your consent) are engaged under written terms that require them to protect personal data in line with the GDPR and, where applicable, the Data Protection Act 2018.
8. Retention
- Contact messages: kept only as long as needed to complete the conversation and for ordinary limitation periods, usually up to three years unless law requires longer.
- Server logs: rotated within 90 days unless security investigations require a longer window.
- Marketing records: until you withdraw consent or unsubscribe, then deletion within 30 days.
- Cookie consent records: stored according to the logic described in the cookie policy.
Retention may be longer where we must comply with a legal obligation or establish, exercise, or defend legal claims. When data is no longer needed, we delete or anonymise it.
9. Your rights under the GDPR and Irish law
Subject to conditions in the GDPR and the Data Protection Act 2018, you have the following rights in respect of your personal data:
- Access to your personal data
- Rectification of inaccurate data
- Erasure (“right to be forgotten”) where grounds apply
- Restriction of processing
- Data portability for data you provided where processing relies on consent or contract
- Objection to processing based on legitimate interests
- Withdrawal of consent at any time where processing is consent-based (without affecting prior lawfulness)
- Lodge a complaint with a supervisory authority (in Ireland, the Data Protection Commission)
To exercise a right, email or write to us using the contact details in section 1. We will respond without undue delay and in any event within one month of receiving your request, as required by Article 12 GDPR (that period may be extended by two further months in complex cases, in which case we will inform you). You are not required to pay a fee unless your request is manifestly unfounded or excessive.
You may lodge a complaint with the Data Protection Commission (DPC), the independent supervisory authority for Ireland. See section 13 for contact details.
10. Security and personal data breaches
We apply appropriate technical and organisational measures under Article 32 GDPR, including TLS encryption in transit, access controls, and reasonable vendor due diligence. No method of transmission over the internet is completely secure; notify us promptly if you suspect unauthorised access to your data.
If a breach of personal data is likely to result in a risk to your rights and freedoms, we will notify the DPC and, where required, affected individuals, in accordance with Articles 33–34 GDPR and Irish law.
11. Automated decision-making
We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.
12. Changes
We may update this policy to reflect legal, regulatory, or organisational changes. Material updates will be posted on this page with a revised “Last updated” date. Where required by law, we will obtain fresh consent or give additional notice.
13. Supervisory authority (Ireland)
Data Protection Commission
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Website: www.dataprotection.ie
The DPC publishes guidance on data-protection rights and how to lodge a complaint.