GDPR Compliance

Last updated: 11 April 2026

BuyerIQ is committed to full compliance with the General Data Protection Regulation (EU 2016/679). This page summarises how we meet our obligations and how you can exercise your rights. For full details on what data we collect and how we use it, see our Privacy Policy.

1. Data Controller

The data controller for personal data processed through buyeriq.ie is:

BuyerIQ
Dublin, Ireland
Email: privacy@buyeriq.ie

2. Lawful Basis for Processing

We process personal data under the following legal bases (Article 6 GDPR):

• Performance of a contract (Art. 6(1)(b)): processing your account data, search queries, and payment information is necessary to provide the BuyerIQ service you signed up for.
• Legitimate interest (Art. 6(1)(f)): we process limited usage data (page views, feature usage, IP addresses) for service improvement, fraud prevention, rate limiting, and security monitoring. We have conducted a balancing test and determined that these interests do not override your rights.
• Consent (Art. 6(1)(a)): where applicable, such as optional marketing emails. You can withdraw consent at any time by unsubscribing or contacting us.
• Legal obligation (Art. 6(1)(c)): we retain payment records for 7 years as required by Irish tax legislation.

3. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to object (Art. 21): object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to restrict processing (Art. 18): request that we limit how we use your data in certain circumstances (e.g., while we verify its accuracy).
• Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

4. How to Exercise Your Rights

To exercise any of these rights, email privacy@buyeriq.ie with your request. Please include the email address associated with your BuyerIQ account so we can verify your identity.

We will acknowledge your request within 48 hours and provide a substantive response within 30 days. If we need additional time (up to a further 60 days for complex requests), we will inform you of the reason for the delay.

There is no fee for exercising your rights. We may request additional information to verify your identity before processing a request.

5. Data Retention

• Account data (email, hashed password): retained while your account is active. Deleted within 30 days of account deletion.
• Search history: retained for 12 months for service improvement, then permanently anonymised.
• Payment records: retained for 7 years as required by Irish tax law (Taxes Consolidation Act 1997).
• Analytics data: aggregated and anonymised. Plausible Analytics does not store personal data or use cookies.

6. International Data Transfers

We prioritise EU-based processors. Our primary data storage (Supabase) and analytics (Plausible) are hosted in the EU. Where data is processed outside the EEA (e.g., Stripe for payment processing), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Protection Officer

Given the scale and nature of our processing, we are not required to appoint a Data Protection Officer under Article 37 GDPR. However, all privacy matters can be directed to privacy@buyeriq.ie, and we will respond promptly.

8. Complaints

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority. The relevant authority for BuyerIQ is the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Website: dataprotection.ie
Phone: +353 (0)1 765 0100 / 1800 437 737

We encourage you to contact us first at privacy@buyeriq.ie so we can attempt to resolve your concern directly.