At Irish Formations we take the security of our customers very seriously. We review all security as an ongoing business critical operation.

1. Overview of Our Platform

Irish Formations provides online company formation and related services through an e-commerce-style website.

Our platform includes:

• User accounts (login/register) for purchasing services  
• Checkout/payment system for company formation packages  
• Customer input forms (company details, directors, etc.)
• Contact and enquiry forms (e.g. “Ask Your Questions”, support requests)  
• Newsletter subscription forms  
• Secure document storage and account history access  

This policy reflects how data flows through these systems.

2. Data We Process Through the Website

2.1 Account & Order Data

When users create an account or purchase services, we collect:

• Name, email, phone number
• Billing details
• Company formation details (e.g. directors, shareholders, registered office)
• Order history and service selections

2.2 Sensitive Business Information

As part of company formation, users may submit:

• Identification details of company officers
• Addresses and corporate structure information
• Tax registration data

This is considered high-sensitivity business and personal data.

3. Payment Security (Stripe Integration)

All payments on www.irishformations.ie are processed securely via Stripe.

• We do not store or process card details on our servers
• Payments are handled via Stripe-hosted or embedded secure checkout
• Stripe is PCI-DSS Level 1 compliant
• All payment data is encrypted end-to-end

4. Data Flow & Security Controls

4.1 Website → Server

• All data submitted via forms (checkout, contact, support) is transmitted using HTTPS (SSL/TLS encryption)
• Protection against interception (MITM attacks)

4.2 Server → Internal Systems

• Data is stored in secured hosting environments
• Access restricted to authorised staff only
• Company formation data is processed internally for CRO and tax filings

4.3 User Accounts

• Users can:
  • Log in to view order history
  • Access secure document storage  

Security measures include:

• Password-protected access
• Session management controls
• Access logging (recommended if not already implemented)

5. Forms & Data Collection Points

Your key risk areas (now explicitly covered):

Contact & Enquiry Forms

• “Ask Your Questions” and support forms collect:
  • Name, email, message content  

Security controls:

• Input validation
• Spam

Checkout / Company Formation Forms

• Highest-risk data collection point
• Includes:
  • Personal identity data
  • Company structure information
  • Legal and tax-related inputs

Security controls:

• Encrypted transmission
• Restricted backend access
• No exposure of data in URLs or logs

Newsletter Signup

• Collects email addresses
• Requires explicit consent (GDPR compliant)  

6. Third-Party Processors

We use trusted third parties to operate the service:

• Stripe – payment processing
• Hosting provider (not named — you should insert this)
• Email/CRM systems (if used)

All third parties:

• Are GDPR compliant
• Operate under Data Processing Agreements (DPAs)
• Only process data on our instructions

7. Data Storage & Retention

We store:

• Customer account data
• Company formation records
• Transaction records

Retention is based on:

• Irish legal requirements (e.g. Companies Act, tax compliance)
• Business operational needs

Data is:

• Deleted or anonymised when no longer required
• Retained securely during its lifecycle

8. Access Control & Internal Security

We implement:

• Role-based access control (RBAC)
• Staff access limited to necessary systems
• Secure password policies
• Device and endpoint protection (recommended to explicitly enforce)

9. Infrastructure Security

We maintain:

• SSL encryption across the entire website
• Secure hosting environment
• Regular updates and patching
• Firewall protection

10. Data Breach Response

In the event of a breach:

• Immediate containment and investigation
• Notification to the Data Protection Commission (Ireland) where required
• Notification to affected users if risk is identified

11. User Responsibilities

Users must:

• Keep login credentials secure
• Not share account access
• Ensure accuracy of submitted company information
• Not attempt to compromise the platform

12. Continuous Security Improvement

We regularly:

• Review website security
• Update systems and plugins
• Monitor vulnerabilities
• Improve internal processes

13. Contact

For security-related queries:

Irish Formations

📧 info@irishformations.ie

🌐 www.irishformations.ie