We value your privacy

Our website uses cookies to enhance your experience. By continuing to use our website, you are agreeing to our use of cookies. Necessary cookies are always enabled. You can read more about our Cookie Policy in our Privacy policy

We value your privacy

Strictly Neccessary

Essential cookies enable core website functionality, such as secure logins and preference settings, without tracking personal activities or collecting data for ads. They ensure the site's proper operation and legal compliance, remaining always active

Preferences

Preference cookies enhance your browsing by remembering settings like language and regional preferences, tailoring the site to your needs without tracking activity across other websites

Statistical

Statistics cookies gather anonymous data on site interactions and page visits to help improve functionality, ensuring a smoother user experience without personally identifying users

Marketing

Marketing cookies are used to identify visitors across different websites, such as those operated by content partners or ad networks. These cookies allow companies to build a profile of a visitor’s interests and preferences, enabling the delivery of personalized ads that are relevant and engaging on other websites.

Cookies are small text files stored on your computer by websites you visit. They help users navigate websites efficiently and enable certain essential functions. Cookies necessary for the website to function properly can be set without your consent, while all other cookies require your approval before being used in your browser.

Additionally, we use cookies to gather data for personalizing and evaluating the effectiveness of our advertising. For more information, please refer to the Google Privacy Policy.

You can find the list of all the cookies that we use on our website here Cookie Declaration Page.

Email us at:

sales@ldireland.ie

Linkedin

Lowara Distributions Ireland Data Subject Request Procedure

Effective Date: 23/06/2025

Tricel (Baldonnell) Ltd, trading as Lowara Distribution Ireland (hereinafter referred to as “Lowara Distribution Ireland” or “the Company”), is a company registered in Ireland under registration number IE497442, with its registered office at 50 Broomhill Close, Tallaght, Dublin 24, D24 APP8, Ireland. 

This procedure is intended to be used when a data subject exercises one or more of the rights they are granted under the European Union General Data Protection Regulation (GDPR). This may be achieved by providing online access to the personal data so that the data subject can verify and amend it as required. 

However, in some cases there is a decision-making process to be followed by Tricel regarding whether a request will be allowed or not; where this is the case, the steps involved in these decisions are explained in this document.  

 

1. SCOPE 

The following general points apply to all of the requests described in this document and are based on Article 12 of the GDPR:  

  • Information shall be provided to the data subject in a concise, transparent,   intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.  
  • Information may be provided in writing, or electronically or by other means.  
  • The data subject may request the information orally (e.g. over the telephone or face to face), as long as the identity of the data subject has been established.  
  • We must act on a request from a data subject, unless we are unable to establish their identity.  
  • We must provide information without undue delay and within a maximum of one month from the receipt of the request.  
  • The response timescale may be extended by up to two further months for complex or a high volume of requests – the data subject must be informed of this within one month of the request, and the reasons for the delay given.  
  • If a request is made via electronic form, the response should be via electronic means where possible, unless the data subject requests otherwise.  
  • If it is decided that we will not comply with a request, we must inform the data subject without delay and at the latest within a month, stating the reason(s) and informing the data subject of their right to complain to the supervisory authority.  
  • Generally, responses to requests will be made free of charge, unless they are “manifestly unfounded or excessive” (GDPR Article 12), in which case we will either charge a reasonable fee or refuse to action the request.  
  • If there is doubt about a data subject’s identity, we may request further information to establish it.  

Please refer to the exact text of the GDPR if clarification of any of the above is required.  

The procedure for responding to requests from data subjects is set out in Figure 1 and expanded on in Table 1. The specifics of each step in the procedure will vary according to the type of request involved – refer to the relevant section of this procedure for more detail.  

 

2. OUT OF SCOPE 

  • Requests from Non-Identifiable Individuals: Requests where the identity of the data subject cannot be confirmed. 
  • Unfounded or Excessive Requests: Requests that are deemed “manifestly unfounded or excessive,” including repetitive requests. 
  • Non-Personal Data: Data that does not qualify as personal data under the GDPR. 
  • Requests Impacting Rights and Freedoms: Instances where fulfilling a request would adversely affect the rights and freedoms of others. 
  • Contractual and Legal Obligations: Situations where data processing is necessary for the performance of a contract or compliance with a legal obligation. 
  • Public Interest: Cases where data processing is carried out in the public interest, such as for public health or historical research purposes.
 

3. ROLES & RESPONSIBILITIES

FIGURE 1 - DATA SUBJECT REQUEST PROCEDURE FLOWCHART

4. PROCEDURE STEPS 

4.1 Procedure Steps  

The steps depicted in the flowchart in Figure 1 are expanded upon in Table 1 and further under the section addressing each type of request. 

 

Step  

Description  

People involved  

Data subject request received  

The data subject submits a request via one of a number of methods, including electronically (via email or via our website), by letter or on the telephone. This may be received by any part of the organization but should ideally be channelled through customer services. A Data Subject Request Form is available for this purpose.   

Customer Services  

Log data subject request  

The fact that the request has been received is logged in the Data Subject Request Register and the date of the request recorded.   

Request Administrator  

Confirm identity of data subject  

The identity of the data subject is confirmed via an approved method. More information may be requested to confirm identity if required. If the identity of the data subject cannot be confirmed, the request is rejected and the reason for this communicated to the data subject.   

Request Administrator  

Evaluate validity of request  

The test of whether the request is “manifestly unfounded or excessive” is applied. If so, a decision is made whether to reject the request or apply a charge to it.  

In the case of requests for rectification, erasure, restriction of, or objection to, processing, a decision is also taken about whether the request is reasonable and lawful. If not, the request is rejected and the data subject informed of the decision and their right to complain to the supervisory authority.    

 

Request Administrator  

Data Protection Officer  

Charge for request  

If a charge is applied, the data subject is informed of the charge and has an opportunity to decide whether or not to proceed. If the data subject decides not to proceed, the request is rejected and the reasons communicated.   

Request Administrator  

Data Protection Officer  

Compile requested information  

The relevant information is compiled according to the type of request. This may involve planning how the requested action, e.g. erasure or restriction of processing, will be achieved. A maximum of one month is permitted; if the request will take longer than that then a maximum of two further months are allowed and the data subject must be informed of the delay and the reasons for it within one month of the request being submitted.   

Request Administrator  

Data Owner  

Take requested action/provide requested information  

The requested action is carried out (if applicable) and the information requested is provided to the data subject electronically, if that is the preferred method, or via other means.  

Request Administrator  

Close data subject request  

The fact that the request has been responded to is logged in the Data Subject Request Register, together with the date of closure.   

Request Administrator  

 

4.2 The Right To Withdraw Consent  

The data subject has the right to withdraw consent where the basis for processing of their personal data is that of consent (i.e. the processing is not based on a different justification allowed by the GDPR such as contractual or legal obligation).  

Before excluding the data subject’s personal data from processing, it must be confirmed that consent is indeed the basis of the processing. If not, then the request may be rejected on the grounds that the processing does not require the data subject’s consent. Otherwise, the request should be allowed.  

In many cases, the giving and withdrawal of consent will be available electronically i.e. online, and this procedure will not be required.  

Where consent involves a child (defined by the GDPR as age 16+ unless changed by law in individual member states) the giving or withdrawal must be authorised by the holder of parental responsibility over the child.  

 

4.3 The Right To Be Informed  

At the point where personal data are collected from the data subject or obtained from another source, there is a requirement to inform the data subject about our use of that data and their rights over it. Compliance with this right is addressed in a separate document, Privacy Notice Procedure, which describes the information that must be provided and sets out how and when this must be achieved.   

 

4.4 The Right Of Access  

A data subject has the right to ask Tricel whether we process data about them, to have access to that data and in addition the following information:  

  • The purposes of the processing.  
  • The categories of the personal data concerned.  
  • The recipients, or categories of recipients, of the data, if any, in particular any third countries or international organizations.  
  • The length of time that the personal data be stored for (or the criteria used to determine that period).  
  • The data subject’s rights to rectification or erasure of their personal data and restriction of, or objection to, its processing.  
  • The data subject’s right to lodge a complaint with a supervisory authority.  
  • Information about the source of the data, if not directly from the data subject.  
  • Whether the personal data will be subject to automated processing, including profiling and, if so, the logic and potential consequences involved.  
  • Where the data are transferred to a third country or international organization, information about the safeguards that apply.  
  • In most cases, the decision-making process for such requests will be straightforward unless it is judged that the request is manifestly unfounded or excessive. The compilation of the information is likely to require the input of the data owner. 

4.5 The Right To Rectification 

Where personal data is inaccurate, the data subject has the right to request that it be corrected and incomplete personal data completed based on information they may provide.  

Where necessary, Tricel will take steps to validate the information provided by the data subject to ensure that it is accurate before amending it.  

 

4.6 The Right To Erasure  

The Also known as “the right to be forgotten”, the data subject has the right to require Tricel to erase personal data about them without undue delay where one of the following applies:  

  • The personal data are no longer necessary for the purpose for which they were collected.  
  • The data subject withdraws consent and there is no other legal ground for processing.  
  • The data subject objects to the processing of the personal data.  
  • The personal data have been unlawfully processed.  
  • For compliance reasons, i.e. to meet the legal obligations of Tricel.  
  • Where the personal data was relevant to the data subject as a child.  
  • Reasonable efforts must be made to ensure erasure where the personal data has been made public.  

 

Tricel will need to make a decision on each case of such requests as to whether the request can or should be declined for one of the following reasons:  

  • Right of freedom of expression and information 
  • Compliance with a legal obligation 
  • Public interest in the area of public health 
  • To protect archiving purposes in the public interest 
  • The personal data is relevant to a legal claim 

It is likely that such decisions will require the involvement of the Tricel Data Protection Officer and in some cases senior management.  

 

4.7 The Right To Restrict Processing  

The data subject can exercise the right to a restriction of processing of their personal data in one of the following circumstances:  

  • Where the data subject contests the accuracy of the data, until we have been able to verify its accuracy.  
  • As an alternative to erasure in the circumstances that the processing is unlawful.  
  • Where the data subject needs the data for legal claims but it is no longer required by us.  
  • Whilst a decision on an objection to processing is pending.  

Tricel will need to make a decision on each case of such requests as to whether the request should be allowed. It is likely that such decisions will require the involvement of the Tricel’s Data Protection Officer and in some cases senior management.  

Where a restriction of processing is in place, the data may be stored but not processed without the data subject’s consent, unless for legal reasons (in which case the data subject must be informed). Other organizations who may process the data on our behalf must also be informed of the restriction.  

 

4.8 The Right To Data Portability  

The data subject has the right to request that their personal data be provided to them in a “structured, commonly-used and machine-readable format” (GDPR Article 20) and to transfer that data to another party e.g. service provider. This applies to personal data for which processing is based on the data subject’s consent and the processing carried out by automated means.  

Where feasible, the data subject can also request that the personal data be transferred directly from our systems to those of another provider.   

For services that come under this category, little decision-making is required for each case and it is highly desirable that this process is automated in its execution.  

 

4.9 The Right To Object  

The data subject has the right to object to processing that is based on the following legal justifications:  

  • For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.  
  • For the purposes of the legitimate interests of the controller.  

Once an objection has been made, Tricel must justify the grounds on which the processing is based and suspend processing until this is done. Where the personal data is used for direct marketing we have no choice but to no longer process the data.  

 

4.10 Rights In Relation to Automated Decision Making And Profiling 

The data subject has the right to not be the subject of automated decision-making where the decision has a significant effect on them, and can insist on human intervention where appropriate. The data subject also has the right to express their point of view and contest decisions.  

There are exceptions to this right, which are if the decision:  

  • Is necessary for a contract 
  • Is authorised by law 
  • Is based on the data subject’s explicit consent 

In assessing these types of request, a judgement needs to be made about whether the above exceptions apply in the particular case in question.  

 

5. MONITORING AND REVIEW 

5.1 Regular Audits and Reviews: 

  • Periodic audits of data subject requests and their handling are conducted to ensure adherence to the procedure and regulatory requirements. 
  • Regular reviews of the Data Subject Request Register to monitor response times and identify any delays or issues. 

5.2 Compliance Checks: 

  • Verification that all responses to data subject requests are completed within the stipulated timeframe of one month, or within the extended period of two additional months for complex cases. 
  • Ensure that all communications with data subjects are clear, concise, and in plain language as required by GDPR. 

5.3 Decision-Making Oversight: 

  • The GDPR team oversees the decision-making process, particularly for requests that may be deemed “manifestly unfounded or excessive.” 
  • Senior management involvement in complex cases, especially where requests are rejected or involve significant decisions about data processing. 

5.4 Feedback and Improvement: 

  • Collection of feedback from data subjects regarding the request process to identify areas for improvement. 
  • Implementation of changes to the procedure based on audit findings, feedback, and any new regulatory guidelines or best practices. 

5.5 Training and Awareness: 

  • Ongoing training for staff involved in handling data subject requests to ensure they are aware of the latest procedures and GDPR requirements. 
  • Regular updates and refresher courses to keep the team informed about any changes in the policy or legal landscape. 

 

6. SUPPORTING DOCUMENTATION 

 

7. ACKNOWLEDGMENT AND COMPLIANCE 

Tricel acknowledges the receipt of data subject requests as per the procedures outlined in this document, which are in line with the General Data Protection Regulation (GDPR). This includes providing information in a clear, concise, and accessible manner and ensuring that data subjects can easily exercise their rights. 

Compliance: 

7.1 Timelines  

Tricel commits to responding to data subject requests without undue delay and within one month. Extensions of up to two months may be granted for complex or numerous requests, with the data subject informed within the initial month. 

7.2 Identity Verification 

Requests will be acted upon only if the identity of the data subject is confirmed. If identity cannot be established, the request will be denied, and the data subject will be informed. 

7.3 Fee Policy

Responses to requests are generally free unless deemed “manifestly unfounded or excessive,” in which case a reasonable fee may be charged or the request may be refused. 

7.4 Response Formats  

Information can be provided in writing, electronically, or orally if the data subject’s identity is verified. 

7.5 Decision Making 

If a request is denied, the data subject will be informed within one month with the reasons for the denial and their right to complain to the supervisory authority 

7.6 Data Protection Officer Involvement

Decisions, especially those involving the refusal of requests, typically involve the Data Protection Officer and may require senior management input. 

Download Policy

Find Products

Products
Water Pumps
Packaged Pump System
Pump Controllers And Monitoring Equipment
HVAC Solutions

About Lowara

About Us

Support

Find a Location

Contact Us

Copyright 2025 Lowara.

All Rights Reserved.

Terms & Conditions

Terms of Website Use

Terms & Conditions of Sale

Privacy Policy

Privacy Policy

Cookie Policy

Cookie Policy

Data Protection Policy

Data Protection Policy