Lotus International, based at 21 Castle Village Crescent Celbridge W23EW42 Co Kildare Ireland , is the data controller responsible for your personal data. For services provided in Ireland and other European countries, we comply with GDPR requirements and have appointed a representative in the EU for data protection matters:

2.1 Personal Data

2.2 Non-Personal Data

2.3 Legal Basis for Processing (GDPR Article 6)

3.1 Service Delivery

3.2 Analytics and Improvements

Non-personal data is used to analyze website performance, enhance user experience, and improve our services, based on our legitimate interests.

3.3 Legal Compliance

We process data to comply with legal obligations, such as immigration regulations in Ireland or other European countries.

4.1 Third Parties

4.2 International Data Transfers (GDPR Articles 44-49)

5.1 Safeguards

We implement appropriate technical and organizational measures, such as encryption, access controls, and regular security assessments, to protect your personal data from unauthorized access, loss, or misuse, as required by GDPR (Article 32).

5.2 Client Responsibility

You are responsible for maintaining the confidentiality of any account credentials or sensitive information you provide.

6.1 Cookies

Our website uses cookies to enhance user experience, track usage, and deliver personalized content. We obtain your explicit consent for non-essential cookies (e.g., analytics, marketing) as required by GDPR and the ePrivacy Directive.

6.2 Third-Party Analytics

We may use third-party tools (e.g., Google Analytics) to collect non-personal data, ensuring compliance with GDPR through anonymization or data processing agreements.

6.3 Managing Cookies

You can manage cookie preferences through our website’s cookie consent tool or your browser settings.

Under GDPR (Articles 15-22), you have the following rights regarding your personal data:

• Right to Access: Request access to the personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data (“right to be forgotten”), subject to legal obligations.
• Right to Restrict Processing: Limit how we process your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time, where processing is based on consent.
• Right to Lodge a Complaint: Contact a supervisory authority, such as the Irish Data Protection Commission or another EU data protection authority.

To exercise these rights, contact our Data Protection Officer (details below). We will respond within one month, extendable by two months for complex requests, as per GDPR (Article 12).

8.1 Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy (e.g., service delivery), comply with legal obligations (e.g., immigration or tax records), or resolve disputes, in accordance with GDPR (Article 5(1)(e)).

8.2 Data Minimization

We collect and retain only the data necessary for the intended purpose, as per GDPR principles.

9.1 External Websites

Our website may contain links to third-party websites (e.g., universities, immigration authorities). We are not responsible for their privacy practices or content. Please review their privacy policies.

10.1 Age Restriction

Our services are not directed to individuals under 16. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly, as required by GDPR (Article 8).

11.1 Updates

We may update this Privacy Policy to reflect changes in our practices or GDPR requirements. Updates will be posted on our website, and significant changes will be notified to you via email or prominent notice, as required by GDPR (Article 13).