Website Privacy & Cookie Policy
How we handle Website Privacy and Cookie Policy at Advice First Financial
Effective: March 2026
Next Review: March 2027
1. Introduction
This Website Privacy & Cookie Policy explains how Advice First Financial Services Ltd (“we”, “us”, “our”) collects and processes personal data when you visit our website.
This policy applies only to personal data collected through this website. For information about how we process client data in the course of providing financial services, please refer to our separate Client Data Privacy Notice, a copy of which is available on request or on our website.
Our use of cookies and similar tracking technologies is governed by Regulation 5 of S.I. No. 336 of 2011 (European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011), commonly referred to as the Irish ePrivacy Regulations, which complement the GDPR.
2. Who We Are
Advice First Financial Services Ltd
Advice First Building
2 Port Road
Letterkenny
Co. Donegal F92 F99F
Email: info@advicefirst.ie
Telephone: 074 910 3938
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018, we are the Data Controller in respect of personal data collected through this website.
Advice First Financial Services Ltd is regulated by the Central Bank of Ireland as both an Insurance Intermediary and a Mortgage Credit Intermediary.
Data Protection Contact: Pascal Curran
Email: info@advicefirst.ie
3. What Personal Data We Collect
Information You Provide Directly
When you contact us through our website — for example, by completing a contact form, requesting a call back, or subscribing to our newsletter — you may provide us with personal data including your name, email address, telephone number, message content, and marketing preferences.
Providing this information is voluntary. However, if you do not provide the information we request through our contact forms, we may be unable to respond to your enquiry or provide the services you have requested.
Information Collected Automatically (Cookies and Analytics)
When you visit our website, certain technical data is collected automatically through cookies and similar technologies. This may include your IP address (which is not stored in full — see Section 5 below), browser type and version, device type, operating system, the pages you visited, the time and date of your visit, time spent on pages, and the website that referred you to ours.
4. How and Why We Use Your Data
We process your personal data on the following lawful bases under Article 6(1) of the GDPR:
Pre-Contractual Steps and Contract Performance (Article 6(1)(b))
Where you contact us through our website to enquire about our services, we process your data in order to respond to your enquiry and, where applicable, to take steps towards entering into a contract with you.
Legitimate Interests (Article 6(1)(f))
We process certain technical data where it is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include maintaining the security of our website, preventing fraud and misuse, and improving website functionality. You have the right to object to processing based on legitimate interests at any time.
Consent (Article 6(1)(a))
We rely on your explicit, freely given consent for the following processing activities:
- Setting non-essential cookies on your device (analytics cookies)
- Collecting website usage data through Google Analytics 4
- Sending you marketing communications via email through Mailchimp
Non-essential cookies are disabled by default and are only activated where you have provided consent through our cookie banner.
You may withdraw your consent at any time by adjusting your cookie preferences through our cookie banner, by clicking the unsubscribe link in any marketing email, or by contacting us at info@advicefirst.ie. Withdrawal of consent does not affect the lawfulness of any processing carried out on the basis of your consent prior to its withdrawal.
5. Google Analytics 4
We use Google Analytics 4 (“GA4”) to understand how visitors interact with our website. GA4 collects device and browser information, interaction and engagement data, pages visited, and approximate geographic location derived from your IP address.
GA4 does not store full IP addresses. IP addresses are used briefly for geolocation purposes and are not logged or retained by Google in connection with your use of our website.
We use this information to improve website performance, analyse traffic patterns, and improve the user experience.
Google may process data outside the European Economic Area (“EEA”). Where this occurs, transfers are protected by Standard Contractual Clauses approved by the European Commission and, where the recipient is certified under the EU–US Data Privacy Framework, by that adequacy decision.
We have configured GA4 to retain user-level and event-level data for 14 months. Aggregated, non-personal analytics data may be retained indefinitely. You may opt out of GA4 data collection through our cookie banner or by using Google’s browser opt-out add-on.
6. Cookies and Consent Management
A cookie is a small text file that is placed on your device when you visit a website. Cookies serve various purposes, including enabling the website to function properly, remembering your preferences, and helping us understand how visitors use our website.
We use Complianz Cookie Consent Premium as our consent management platform to manage cookie preferences on our website.
Types of Cookies We Use
Strictly Necessary Cookies are required for our website to function. They enable core features such as security, accessibility, and network management. These cookies do not require your consent and cannot be disabled.
Analytics Cookies are used by Google Analytics 4 to collect information about how visitors use our website. This information helps us improve our website. These cookies require your consent.
Cookie Schedule
A live cookie table, listing cookie names, providers, purposes, and expiry periods, is maintained and updated automatically via our Complianz Cookie Consent Premium consent management platform. You can view the current cookie table through the cookie settings on our website.
For reference, the principal analytics cookies deployed when consent is provided are:
|
Cookie Name |
Provider |
Purpose |
Type |
Expiry |
|
_ga |
Google Analytics |
Distinguishes unique users by assigning a randomly generated number |
Analytics — Persistent |
2 years |
|
_ga_[container ID] |
Google Analytics |
Maintains session state |
Analytics — Persistent |
2 years |
|
_gid |
Google Analytics |
Distinguishes unique users |
Analytics — Persistent |
24 hours |
|
_gat_gtag |
Google Analytics |
Throttles request rate |
Analytics — Session |
1 minute |
Complianz Cookie Consent Premium also sets its own strictly necessary cookies to store your consent preferences. These are documented in the Complianz cookie table.
Managing Your Cookie Preferences
Non-essential cookies are disabled by default. When you first visit our website, a cookie banner will ask you to accept or reject non-essential cookies. You may change your preferences at any time by using the cookie settings link on our website.
Rejecting cookies is as straightforward as accepting them. You are not required to accept non-essential cookies in order to use our website.
In line with Irish Data Protection Commission guidance, we will ask you to reconfirm your cookie preferences no later than six months after consent was first provided.
You can also control cookies through your browser settings. Please be aware that disabling certain cookies may affect website functionality.
7. Mailchimp — Marketing Communications
If you subscribe to our newsletter or marketing updates, your email address and any related contact details will be processed through Mailchimp, operated by The Rocket Science Group LLC d/b/a Mailchimp (a subsidiary of Intuit Inc.). Mailchimp acts as our data processor for this purpose.
We will only send you marketing communications where you have provided your explicit consent. You may unsubscribe at any time by clicking the unsubscribe link included in every marketing email, or by contacting us at info@advicefirst.ie. Following unsubscription, your data will be removed from our active mailing list within 30 days.
You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time under Article 21(2) of the GDPR. Where you exercise this right, we will cease such processing without delay.
Mailchimp may process data outside the EEA. Such transfers are protected by Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
8. Who We Share Your Data With
We may share your personal data with the following categories of recipients:
- Website hosting provider: Cloudways (cloudways.com), which hosts and maintains our website infrastructure
- Analytics provider: Google Ireland Ltd / Google LLC, which provides website analytics services through Google Analytics 4
- Email marketing provider: The Rocket Science Group LLC d/b/a Mailchimp (a subsidiary of Intuit Inc.), which provides our email marketing platform
- Cookie consent management platform: Complianz Cookie Consent Premium, which manages cookie consent preferences on our website
We do not sell your personal data to any third party.
All third parties are subject to contractual safeguards (Data Processing Agreements where acting as processors) or independent legal obligations.
9. International Data Transfers
Some of the service providers described in this policy (including Google and Mailchimp/Intuit) may process personal data outside the European Economic Area, including in the United States.
Where personal data is transferred outside the EEA, we rely primarily on Standard Contractual Clauses approved by the European Commission under Article 46(2)(c) of the GDPR. Where the recipient organisation is certified under the EU–US Data Privacy Framework and the European Commission’s adequacy decision of 10 July 2023 remains in force, transfers may also rely on that adequacy decision under Article 45 of the GDPR.
We also ensure that appropriate technical and organisational safeguards are in place to protect the security of your data during transfer and processing.
10. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our retention periods for website data are as follows:
Contact form enquiries: Where an enquiry does not result in a client relationship, we retain the data for 12 months from the date of your last communication with us. Where a client relationship is established, the data is retained in accordance with our Client Data Privacy Notice.
Analytics data (GA4): Google Analytics 4 is configured to retain user-level and event-level data for 14 months. Aggregated, non-personal analytics data may be retained indefinitely.
Marketing data (Mailchimp): Your data is retained on our mailing list until you unsubscribe or withdraw consent. Following unsubscription, your data is removed from our active list within 30 days. Mailchimp may retain certain data for a limited period in accordance with its own data retention policies.
Cookie data: Cookies are retained for the periods set out in the cookie schedule in Section 6 above. Consent records are retained for the duration of the consent period and for a further 12 months thereafter for the purposes of demonstrating compliance.
11. Is Provision of Data Mandatory?
Personal data collected in connection with a complaint is processed in accordance with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018. Personal data will be used solely for the purpose of investigating and resolving the complaint and will be handled in accordance with our Client Data Privacy Notice, available on our website or on request.
You also have the right to make a complaint to the Data Protection Commission (www.dataprotection.ie) regarding the processing of your personal data.
12. Automated Decision-Making
We do not carry out any automated decision-making or profiling, as defined in Article 22 of the GDPR, based on personal data collected through this website.
13. Links to Third-Party Websites
Our website may contain links to websites operated by third parties. We are not responsible for the privacy practices or content of those websites. We recommend that you review the privacy notices of any third-party website you visit.
14. Children’s Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data through our website, please contact us and we will take steps to delete that information.
15. Your Rights Under GDPR
Under the GDPR, you have the following rights in relation to your personal data:
Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, together with information about how it is processed.
Right to Rectification (Article 16): You have the right to request that we correct any inaccurate personal data, or complete any incomplete data, that we hold about you.
Right to Erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances — for example, where it is no longer necessary for the purpose for which it was collected.
Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data.
Right to Data Portability (Article 20): Where we process your personal data on the basis of consent or contract performance, and the processing is carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
Right to Object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at info@advicefirst.ie. We will respond to your request within one month of receipt. In certain circumstances, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.
We will not charge a fee for responding to your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
16. Complaints
If you are not satisfied with how we handle your personal data or respond to your requests, we would encourage you to contact us first so that we can try to resolve any concerns directly.
You also have the right to lodge a complaint with:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Telephone: +353 (0)1 765 0100 / Lo-call: 1800 437 737
Email: info@dataprotection.ie
Website: www.dataprotection.ie
17. Changes to This Policy
We may update this Website Privacy & Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are significant, we will take reasonable steps to notify you, for example by displaying a notice on our website or by requesting that you review and reconfirm your cookie preferences.
The most recent version of this policy will always be available on our website, with the date of the last update shown at the top.