Privacy Policy
For Polygon Digital Service Providers & Business Partners
Updated: 16 February 2026
Polygon Digital, Ireland (“Polygon Digital”, “we”, “us”, or “our”) is committed to protecting your personal data. This privacy policy explains how we collect, use, and share your personal information when you interact with our services, platforms, or products as a provider, partner, or business user (“you”). This policy applies to our operations in Ireland and the European Union, ensuring compliance with the General Data Protection Regulation (GDPR).
For how Polygon Digital processes the personal data of end-users of our clients' services, please refer to our separate End-User Privacy Policy.
We have appointed a Data Protection Officer (DPO) who can be contacted at:
For any questions regarding your data, you can also contact us at info@polygondigital.co.
1. What Personal Data Do We Process?
We collect personal data about you when you have a contractual relationship with us or use our services.
| Category | Data Items |
|---|---|
| Identity Data | Name, job title, company name, email address, phone number, IP address, user account credentials. |
| Business Details | Your role, place of work, business contact information, and professional online profiles (e.g., LinkedIn). |
| Financial Data | Bank account details, VAT number, company registration number, invoicing address, and payment transaction data. |
| Usage Data | Information on how you use our platform, including log data, feature interactions, and session dates and times. |
| Communications | Information you provide in support requests, surveys, or direct communications with our team. |
2. Why and How Do We Use Your Data?
We process your personal data for specific purposes, relying on defined legal bases under the GDPR. You may not be obliged to provide all data, but failure to do so may impact our ability to work with you.
| Purpose | Data Category | Legal Basis (GDPR) | Mandatory? | Retention |
|---|---|---|---|---|
| Contract Performance | Identity, Financial, Business Details | Art. 6(1)(b) | Yes | Contract + 6 years |
| Service Delivery & Account Management | Identity, Usage, Communications | Art. 6(1)(b) | Yes | Duration of contract |
| System Security & Integrity | Identity, Usage | Art. 6(1)(f) | Auto-collected | 6 months |
| Customer Support | Identity, Communications | Art. 6(1)(b) | Yes | Duration of contract |
| Product Improvement & Analytics | Usage | Art. 6(1)(f) | No (can object) | 3 years |
| Direct Marketing | Identity | Art. 6(1)(a) / Legitimate Interest | No (can opt-out) | Until withdrawn |
| Legal Compliance | Identity, Financial | Art. 6(1)(c) | Yes | As required by law |
3. Who Do We Share Your Data With?
We share your personal data only as necessary and in accordance with the GDPR. Recipients include:
- Service Providers: IT hosting providers (e.g., AWS in the EU), payment processors, CRM platforms, and email communication tools, all acting as our data processors under strict contractual obligations.
- Professional Advisers: Lawyers, accountants, and auditors where necessary.
- Public or Legal Authorities: Where we are under a legal obligation to disclose data (e.g., to the Irish Revenue Commissioners, Data Protection Commission, or An Garda Síochána).
A full list of our sub-processors is available upon request by contacting info@polygondigital.co.
4. International Data Transfers
As a company based in Ireland, our primary data processing occurs within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA (e.g., in the UK, US, or other countries).
Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:
- Transferring to countries deemed to have an “adequacy decision” by the European Commission.
- Using Standard Contractual Clauses (SCCs) approved by the European Commission, with supplementary measures where necessary.
You can contact our DPO to obtain a copy of these safeguards.
5. Data Security
We have implemented robust technical and organizational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are regularly reviewed and updated.
6. Your Rights Under GDPR
Under the GDPR, you have the following rights concerning your personal data:
- Right to Access: Request a copy of your data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure (‘Right to be Forgotten’): Request deletion of your data where there is no compelling reason for its continued processing.
- Right to Restrict Processing: Request we suspend the processing of your data.
- Right to Data Portability: Request a transfer of your data to another party in a structured, commonly used format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time where we relied on it (this does not affect the lawfulness of processing before withdrawal).
To exercise any of these rights, please contact our DPO at info@polygondigital.co. We will respond within one month. You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or your local supervisory authority.
7. HIPAA Compliance Considerations
Polygon Digital is an Irish company and primarily operates under the GDPR framework. While we are not a “Covered Entity” or “Business Associate” as defined by the US Health Insurance Portability and Accountability Act (HIPAA), we recognize that some of our clients may be subject to HIPAA requirements.
If you are entering into a services agreement with Polygon Digital that involves the handling of Protected Health Information (PHI) on behalf of a US healthcare client, we will work with you to execute a separate Business Associate Agreement (BAA). This agreement will outline specific safeguards and responsibilities for processing PHI in compliance with HIPAA, supplementing the protections provided by this policy and our standard Data Processing Agreement.
8. Information from Our Integrations (e.g., Google APIs)
Polygon Digital offers integrations with third-party services like Google Calendar or Gmail to enhance your experience (e.g., for scheduling). To provide these connections, we may obtain, process, and store certain data from your connected account (“Third-Party User Data”) only with your explicit consent.
Our use and transfer of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we will:
- Use this data only to provide or improve user-facing features that are prominent in our service's user interface.
- Not transfer this data to third parties except to provide/improve these features, to comply with the law, or as part of a merger/acquisition with notice to you.
- Not use this data for serving ads, including retargeting or personalized advertising.
- Not allow humans to read this data unless we have your affirmative agreement for specific messages, it is necessary for security or legal compliance, or it is for internal operations on aggregated and de-identified data.
Contact Us
If you have any questions about this privacy policy or our data practices, please contact us at: