Effective Date: 01/03/2026
Business Name: KARPLY
Legal Status: Sole Trader (Registered in Ireland)
Registration Number: 778630
Business Address: Flat 5, 85 main street, Templemore, Tipperary, Ireland
Contact Email: timofeevoles2@gmail.com
Website: https://karply.com

---

## 1. Who We Are

KARPLY ("we", "us", "our") is a marketing and automation business operating from Ireland.

We provide services such as website and funnel development, CRM setup, chatbot and automation implementation, marketing consulting, lead routing, workflow automation, and related digital services.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use our website, contact us, book a call, purchase services, or otherwise interact with us.

---

## 2. Scope of This Policy

This Policy applies to personal data collected through:

- our website;
- contact forms;
- booking forms and scheduling tools;
- email, direct messages, and other communications;
- consultations and client onboarding;
- payment and invoicing processes;
- CRM and workflow systems used to deliver our services.

This Policy also applies where we process personal data in connection with lead routing, web forms, email communication, analytics, and automation workflows.

---

## 3. Applicable Law

We process personal data in accordance with:

- Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR");
- the Irish Data Protection Act 2018;
- applicable Irish and EU rules relating to cookies and electronic communications.

If you are located outside the EEA, additional local laws may also apply to your rights.

---

## 4. Our Role Under Data Protection Law

Depending on the situation, KARPLY may act as either:

### 4.1 Data Controller
We act as a **Data Controller** when we decide why and how personal data is processed, including when:

- you submit an enquiry to us;
- you book a consultation;
- you subscribe to our emails;
- you purchase our services directly;
- you interact with our website and marketing channels.

### 4.2 Data Processor
We may act as a **Data Processor** when we process personal data on behalf of a client, for example when we:

- configure or manage a CRM;
- build automations or workflows;
- process leads on behalf of a client;
- route form submissions into a client system;
- manage marketing systems using a client's instructions.

Where we act as a Data Processor, we process data only on documented instructions from the relevant client, except where otherwise required by law.

---

## 5. Categories of Personal Data We May Collect

We may collect and process the following categories of personal data:

### 5.1 Identity and Contact Data
- name;
- email address;
- phone number;
- business name;
- job title;
- country or general location;
- social profile links if you provide them.

### 5.2 Enquiry and Communication Data
- the content of messages, form submissions, emails, and consultation requests;
- notes relating to your enquiry or project;
- preferences you communicate to us.

### 5.3 Technical and Usage Data
- IP address;
- browser type and version;
- device information;
- operating system;
- pages visited;
- time and date of visits;
- referrer URL;
- click and interaction data;
- UTM parameters and campaign identifiers;
- cookie and similar tracking identifiers.

### 5.4 Transaction and Payment Data
- payment status;
- billing-related information;
- limited transaction metadata required for records and service delivery.

**Important:** card payments are processed by third-party payment providers (such as Stripe). We do **not** store full payment card details.

### 5.5 Client-Supplied Data
If you become our client, you may provide us with personal data relating to your staff, leads, prospects, or customers for the purpose of implementing services. In those cases, we usually process that data on your behalf and under your instructions.

---

## 6. Data We Ask You Not to Send

Unless specifically requested and lawfully needed, please do not send us:

- special category data (for example data revealing health, biometric, religious, ethnic, or political information);
- data about criminal convictions or offences;
- highly sensitive personal information that is not necessary for your enquiry or our services.

If such data is sent to us without being necessary, we may delete it or limit its use where appropriate.

---

## 7. How We Collect Personal Data

We collect personal data:

- directly from you when you fill in forms, book calls, email us, or contact us;
- automatically through website technologies such as cookies, logs, analytics tools, and tracking parameters;
- from clients who instruct us to process data on their behalf;
- from publicly available business sources where relevant to a legitimate business enquiry;
- from payment, booking, CRM, and automation systems used in connection with our services.

---

## 8. Purposes of Processing and Legal Bases

We only process personal data where we have a lawful basis to do so.

| Purpose | Examples | Legal Basis |
|---|---|---|
| Responding to enquiries | replying to messages, assessing fit, following up | Legitimate interests; steps prior to entering a contract |
| Booking and consultations | scheduling calls, reminders, rescheduling | Contract; legitimate interests |
| Delivering services | website work, CRM setup, automation implementation, support | Contract |
| Client account management | maintaining project records, support history, internal notes | Contract; legitimate interests |
| Payments and invoicing | processing payments, issuing invoices, keeping records | Contract; legal obligation |
| Website security and fraud prevention | monitoring misuse, abuse prevention, technical protection | Legitimate interests; legal obligation where applicable |
| Website analytics and performance | traffic analysis, campaign attribution, service improvement | Consent where required; legitimate interests where lawful |
| Marketing emails | newsletters, updates, offers | Consent; legitimate interests only where lawfully permitted |
| Legal compliance | tax, accounting, legal claims, regulatory requests | Legal obligation; legitimate interests |
| Processing on behalf of clients | CRM handling, form routing, workflow automation | Client instructions; contract; legal obligation where applicable |

Where we rely on **legitimate interests**, we aim to ensure our interests are not overridden by your rights and freedoms.

Where we rely on **consent**, you may withdraw that consent at any time. Withdrawal does not affect processing carried out before withdrawal.

---

## 9. If You Do Not Provide Data

You are not required to provide personal data in every case. However, if you do not provide information that is necessary for us to respond, contract with you, verify a transaction, or deliver services, we may be unable to:

- answer your enquiry fully;
- schedule a consultation;
- provide a proposal;
- deliver services;
- process a payment.

---

## 10. Marketing Communications

If you opt in, we may send you:

- service updates;
- educational content;
- promotional offers;
- relevant business communications.

You can unsubscribe at any time by:

- using the unsubscribe link in the email; or
- contacting us at the email address listed below.

We do not intend to send marketing communications where consent is required and has not been obtained.

---

## 11. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

- make the website function properly;
- remember preferences;
- understand how visitors use the site;
- measure campaign performance;
- improve user experience and marketing effectiveness.

Where required by law, non-essential cookies or similar technologies will only be used after valid consent has been obtained.

You can manage cookies through:

- our cookie banner or consent tool (if available);
- your browser settings.

For more detail, please see our Cookie Policy if published separately.

---

## 12. Sharing and Disclosure of Personal Data

We do not sell your personal data.

We may share personal data only where necessary with:

- payment providers (such as Stripe);
- CRM providers (such as HubSpot);
- workflow and automation providers (such as n8n or related infrastructure);
- scheduling providers (such as Cal.com);
- email delivery providers;
- analytics providers;
- hosting and technical service providers;
- accountants, legal advisers, insurers, or professional advisers;
- courts, regulators, law enforcement, or public authorities where legally required;
- a buyer, successor, or restructuring party if our business is reorganised, sold, or transferred.

We require service providers acting for us to process personal data only as needed and with appropriate protections, where applicable.

---

## 13. International Transfers

Because we work globally and may use service providers located outside Ireland or the EEA, personal data may be transferred to countries outside the EEA.

Where such transfers occur, we aim to use lawful transfer mechanisms, such as:

- an adequacy decision adopted by the European Commission;
- Standard Contractual Clauses (SCCs);
- another safeguard or derogation permitted under applicable data protection law.

You may contact us if you want more information about the safeguards used for relevant transfers.

---

## 14. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes described in this Policy, including to meet legal, accounting, contractual, and record-keeping obligations.

Data Retention Periods

- **General enquiries:** up to 12 months after the last meaningful contact.
- **Prospect and sales communications:** up to 24 months after the last meaningful contact.
- **Client project records:** for the duration of the project and up to 3 years afterwards for support and documentation purposes.
- **Invoices and accounting records:** retained for at least 6 years in accordance with Irish tax and accounting requirements.
- **Marketing consent records:** retained as long as necessary to maintain proof of consent or until consent is withdrawn.
- **Security and log data:** retained for as long as reasonably necessary for security monitoring, troubleshooting, and fraud prevention.

We may retain data for longer where necessary to establish, exercise, or defend legal claims, or where required by law.

When data is no longer needed, we may delete it, anonymise it, or securely archive it where lawful.

---

## 15. Data Accuracy

We aim to keep personal data accurate and up to date.

If you believe any personal data we hold about you is inaccurate or incomplete, please contact us and we will review and update it where appropriate.

---

## 16. Security Measures

We implement reasonable technical and organisational measures designed to protect personal data against accidental or unlawful:

- access;
- loss;
- misuse;
- alteration;
- disclosure;
- destruction.

These measures may include access controls, account protections, limited-access systems, secure service providers, and internal process controls.

However, no system, website, storage environment, or method of transmission can be fully secure. For that reason, we cannot promise absolute security.

---

## 17. Personal Data Breaches

If we become aware of a personal data breach affecting personal data for which we are responsible, we will assess the incident and take action as required under applicable law.

Where legally required, we may notify:

- the relevant supervisory authority; and/or
- affected individuals.

If we act as a Data Processor for a client, we may notify the relevant client without undue delay in line with our contractual and legal obligations.

---

## 18. Your Rights

If GDPR or similar laws apply to you, you may have the right to:

- request access to your personal data;
- request correction of inaccurate data;
- request deletion of personal data;
- request restriction of processing;
- object to certain processing;
- request data portability in certain circumstances;
- withdraw consent where processing relies on consent;
- object to direct marketing at any time;
- lodge a complaint with a supervisory authority.

These rights are not absolute and may be subject to legal conditions, limitations, or exemptions.

---

## 19. How to Exercise Your Rights

To exercise your rights, contact us at:

Email: timofeevoles2@gmail.com

Please provide enough detail for us to verify your request and identify the relevant data.

Where required by law, we may need to verify your identity before acting on a request.

We aim to respond without undue delay and, where applicable, within the timeframe required by law. In some cases, we may extend the response period where legally permitted, for example where a request is complex or numerous.

Where a request is manifestly unfounded, excessive, or repetitive, we may refuse it or charge a reasonable administrative fee where the law allows this.

---

## 20. Complaints

If you believe your personal data has been handled unlawfully, we encourage you to contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or another competent supervisory authority.

**Irish Data Protection Commission:**
https://www.dataprotection.ie/

---

## 21. Children’s Data

Our services are generally not directed to children.

We do not knowingly collect personal data from children where doing so would require parental consent or another specific legal basis, unless this is clearly necessary and lawful.

If you believe a child has provided us with personal data inappropriately, please contact us and we will review the matter.

---

## 22. No Solely Automated Decision-Making With Legal or Similar Significant Effects

We do not currently make decisions about individuals based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on them.

If that changes, we will update this Policy and provide any additional information required by law.

---

## 23. Data Provided About Other People

If you provide us with personal data about another person (for example, a colleague, staff member, client contact, or referral), you are responsible for ensuring that:

- you are authorised to provide that data;
- you have informed them where required;
- any necessary lawful basis, notice, or consent has been obtained.

---

## 24. Third-Party Websites and Services

Our website, communications, or services may contain links to third-party websites, platforms, or tools.

We are not responsible for the privacy practices of third-party services that we do not control. We encourage you to review their privacy notices separately.

---

## 25. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

- legal or regulatory changes;
- changes to our services;
- operational changes;
- changes to the tools or providers we use.

The latest version will always be published at the relevant location on our website, and the "Effective Date" above will be updated.

---

## 26. Contact Details

If you have any questions about this Privacy Policy or our handling of personal data, please contact:

KARPLY
Ireland
Email: timofeevoles2@gmail.com
Website: https://karply.com