Child Paths Logo

Privacy Policy


This is the Privacy Policy for Child Paths Limited of DCU Invent, Dublin City University, Glasnevin, Dublin 9. (‘Child Paths’)

Child Paths endeavours to comply with the General Data Protection Regulation, the Data Protection Act 2018 and data protection best practices. This policy informs individuals how Child Paths processes personal data in accordance with the principles of data protection identified in data protection legislation.

The Child Paths will process any personal information provided to us by individuals, whether it be provided through our website or, in person, by any form, correspondence, telephone, email or by any other means, or otherwise held by us in relation to you in the manner set out in this policy.

By submitting your information to us and or by using our website you confirm your consent to the use of your personal information as set out by this Privacy Policy. If you do not agree with the terms of this Privacy Policy please do not use our website or provide us with any personal information.

Information collected by us

The information about you that we may process (e.g. use and store) includes information:

  • Necessary in order to facilitate, process, deliver, or any related billing or collection of monies relating to, an agreed business transaction or any transaction associated with the use of any service provided by and or available on the Child Paths website or associated Child Paths app (any such person is a ‘service user’).
  • Necessary to set up and administer Child Paths services as provide to clients and or users who consent to our terms of service.
  • You provide to us by voluntarily filling out any forms on the website, app or by way of emailing us.
  • Necessary to discharge or comply with a statutory duty of care or standard of care.
  • Necessary for the reporting of any suspected any criminal offences that may affect us or our members.
  • Necessary to provide ‘reasonable accommodation’ to any member of the public or service user, if requested, in accordance with the Equality Acts.
  • Details of any business, commercial or website or app membership transactions you carry out with us, whether through email, the website, telephone, or by any other means.
  • Details of your visits to our website and or use of app including location data, weblogs and other communication data in accordance with our Cookie Policy that may identify personal information (e.g. cookies) and non-personal information (e.g. information of an anonymised or technical nature).

How we use your personal information

We may use your personal information for the purposes of:

  1. Processing any enquiry requested by you;
  2. Providing any support or administrative services requested by you;
  • Entering into and or completing any sales and or services requested by you;
  1. Setting up, operating and managing any membership or account for you to access or use any services, if applicable;
  2. Setting up, operating and managing any marketing and or advertising services that may be personalised or addressed specifically to you subject to your explicit consent (please see Marketing & Advertising below);
  3. Complying with our legal duties and responsibilities;
  • To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
  • Engaging in a review of our registered members or account holders to ensure ongoing adherence to industry best practices and continued professional development;
  1. Debt collection and the collection of any outstanding monies;
  2. Providing, monitoring, reviewing and supporting our online presence via our website and social media (please see our Cookie Policy)
  3. For internal training, quality assurance and or auditing purposes;
  • To understand and assess the interests, wants, and changing needs of our members, to improve our website, our current range of services, and or for the development of new products and services

We do not engage in profiling nor do we engage in any automated decision-making processes.

Categories of data we may process

The categories of data we process is only data that you provide to us for use of the services which may include your name, address, contact details, account details, payment details, child’s name, photographs/profile pictures of whatever you upload. We also allow for you to upload special instructions for your child’s career in order to provide assistant or in case of emergency (such as medical data, allergies, emergency contact details, etc.). Such special categories of personal data are voluntarily uploaded by a user and only used for specific purposes or shared with a child’s career as authorised by the user (who is the parent or guardian of the child).

Marketing & Advertising

With your explicit consent, Child Paths may use your data for the provision of direct marketing or advertising purposes, including but not limited to:

  1. Marketing emails or newsletters (updates of services, announcements, etc.),
  2. Providing you with information about ourselves as an organisations,
  • Providing you with information about our current and or future range of products and or services.
  1. Carrying out any research or survey that may assist us in our commercial and or professional activities.

At some interactions with Child Paths you may be asked to consent to your data being used for marketing purposes. In such cases, consent will require a positive action on your part. For example, if you were to complete a membership or user form, you would be given the option of ticking a box to consent to your personal data being used for marketing purposes.

Child Paths is committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing processes; you will only ever have the option of ‘opting in’ if you’d like to be included.

We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed.

You are free to withdraw consent for any marketing related matters at any time you want without having to provide any reason as we respect your right of privacy.

Social media

Child Paths engages in social media but we do not refer to clients or any person without their explicit consent. Due to the nature of various social media platforms, we are unable to continuously monitor our social media accounts and, as such, we cannot be held liable for any third party public posts.

In the highly unlikely situation where an unauthorised third party has publicly posted personal data to any of our social media accounts without of the consent of the data subject then we will remove and delete such content as soon as possible.

Who do we share your personal data with?

Child Paths may share your personal data with selected third-party service providers who we may contract with to provide specific commercial services (discussed below) and any relevant authorities in the case of any mandatory disclosures under law. At a user’s request, and with their explicit consent, we share information about a child to their carer, e.g. contact details in case of emergency, allegories or specific instructions for the care giver. Such sharing of data is only done at the request and with the consent of the parent or legal guarding of the child and can be freely withdrawn at any time.

Third-party services providers. In order to carry out your requests, fulfil contractual relations, respond to your enquiries or make various features or services or products available to you in connection with the use of our website, or any non-tangible service or product, we may share your personal data with third-party service providers who require it to enable them fulfil their function but they are not allowed process data beyond the scope for which it was given, subject to this privacy policy, and subject to any contractual terms and conditions in place, or any data processing agreement in place, that limits their use of said data for stated purposes.

Child Paths third-party service providers may include auditors, accountants, lawyers, administrative support organisations who may assist Child Paths in complying with any governance, risk assessment, financial regulatory or legal compliance matters.

In order to provide functionally support to this website or associated app, any party that hosts or operates Child Paths’ website, process payments, analyse data, provide member and or client services, may require access to personal data to identify, fix or prevent service outage but these parties can only process personal data in accordance with this privacy policy and as permitted by legislation.

Other third-parties. Under data protection legislation it is only with your explicit consent that your personal data may be shared with marketing partners, advertisers, marketing and or advertising network, social media networks and analytics companies and or any third-parties in connection with marketing, promotional, data enrichment and other advertisement services.

Child Paths does not engage with any third-party marketing or advertising services that target individuals or use personal data.

Legal transfers. We may transfer and disclose your personal data to third parties to:

  • Comply with a legal obligation.
  • For the purposes of reporting and or preventing criminal activity or suspected criminal activity.
  • Detect and or protect against fraud, or any technical or security vulnerabilities.
  • Respond to an emergency and or to protect the health, safety and wellbeing of a person in danger.
  • Protect the rights, property, safety or security of employees, any agent and or servant of Child Paths, visitors to the Child Paths website or users of the app, members, clients, consumers or visitors to Child Paths premises.
  • Comply with any investigation by or request from the Data Protection Commission.

Does anyone else process my data?

Only with your explicit consent, as a parent or legal guardian of a child, you can allow a crèche or childminder take a photograph of your child and upload it to the Child Paths app for your inspection. This service is only for a parent or legal guardian of a child and only applies to their child and solely when done by an authorised person (e.g. crèche or childminder) with the explicit consent of the parent or legal guardian. This allows a parent or legal guardian monitor the progress of their child.

International data transfers

All personal data processed by Child Paths is kept within the EU, specifically all data is stored and processed within Ireland.

Child Paths does not transfer or process personal data outside of the EEA or EU unless it is specifically requested by a data subject, or on foot of performance of a contract outside of the EEA or EU, on a case-by-case basis.

If we do transfer personal data to outside of the EEA, Child Paths will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of the following safeguards:

  • Transfer to a non-EEA country whose privacy legislation ensures an adequate level of protection of personal data to the EEA one (in terms of GDPR requirements),
  • Put in place a contract with the foreign third-party that means they must protect personal data to the same standards as the EEA (to the same standards as GDPR), or,
  • transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the European Union (e.g. corporate rules, privacy shield, etc.)

Information Storage

We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, and, any computers or devices that can access data are encrypted. We do store some personal data in physical forms and they are kept in an appropriately secure environment.

All personal data processed by Child Paths is kept within the EU, specifically all data is stored and processed within Ireland.

Data Retention Policy

We have a general data retention policy that relates to the retention of relevant data for seven years. We identify this based on business/commercial needs, legal requirements and any member of consumer queries and or issues to which the Statute of Limitations may apply.

There are some legal exceptions to the seven year retention policy but each is on a case-by-case basis, e.g. investigation of accidents in the work place under Health & Safety legislation.

Personal data that is no longer required will be destroyed and or deleted in secure manner.

Requesting your data

Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.

If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:

Data Protection
Child Paths Limited
DCU Invent,
Dublin City University,
Dublin 9.

Or email

In order to process your request, we may request that you send us a copy of your identification (passport, driver’s licence, etc.).  The reason we may ask for personal identification is to ensure that you are the correct person making the request for your personal data.

Unfortunately, verbal data access requests cannot be entertained as we need to establish a data subject’s identity and retain a paper/auditing trail of any data access request to establish ongoing compliance with GDPR and the Data Protection Act 2018.

In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you would notify us first of any issue so that we may help resolve it as quickly as possible.

The Data Protection Commission can also provide you with full information as to your rights as a data subject at

Rectifying mistakes

You have the right to rectify any incorrect or inaccurate personal data at no cost to you.

If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above or emailing

Queries or complaints

If you have any queries or complaints regarding our Privacy Policy or any data protection matter, please let us know by writing to the above or emailing us at

Individuals have the right to refer any matter to the Data Protection Commission by contacting them at or by writing to:

Data Protection Commission
Canal House
Station Road
Co. Laois

If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our website.

Any changes will become effective upon posting the revised Privacy Policy on our website. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, notice on our website or any other agreed communications channels.

Privacy Policy last updated: September 2018