Skip to content

Cookie Policy


This Privacy Notice provides guidance and information to Galway Tool and Mould Limited (“GTM”) customers regarding the processing of personal data by GTM.

GTM (“us“, “we” or “our“) is committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which any personal data we collect from you or that you provide to us will be processed by us. Please read this Privacy Notice carefully to understand our treatment and use of personal data.

In this Privacy Notice, references to “you” means the person whose personal information we collect, use and process.

We will use your personal data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your personal data is in compliance with the Data Protection Acts 1988 to 2018 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

We seek to maintain the privacy, accuracy, and confidentiality of data (including your personal data) that we collect and use concerning our customers.


For the purposes of Data Protection Legislation, the Data Controller is GTM, a private company limited by shares and registered in the Republic of Ireland (Registered Number 169648) and having its registered office address at Unit 101-102 Mervue Business Park, Tuam Road, Co. Galway.

GTM and their affiliated companies will be referred to collectively as the “GTM Group”.


Our data protection officer, Gemma Creaton, can be contacted using the information at the below “Contact Us” section.


This Notice applies to personal information that we collect, use and otherwise process about you in connection with your relationship with us as a customer or potential customer.


How and why do we process your personal data?

The personal data we collect from you or through our systems helps us manage our relationship with you, e.g. customer name, number, and address, but also for the conduct of our business. The personal data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties, including other members of the GTM Group (see “Sharing of Personal Data” section below).

Personal data

Basis of processing


Purpose of processing

Personal data including (name, gender, address, sales history, correspondence data, feedback from customers on products and services provided)

It is necessary for the performance of our contract with you, or to take steps for entering into our contract with you.

This is required to enable GTM to administer the contractual relationship with you.

Financial information (including bank and accounts details).

It is necessary for the performance of our contract with you, or to comply with legal obligations.This is required to enable GTM to process your payment, to pay taxes and to comply with our legal obligations.

Where does GTM obtain my personal data from?

Most of the personal data we process is obtained from you when you provide it to us, but we also obtain personal data about you in the course of the performance of your contract with us.

In some circumstances, we may request your explicit consent to process (specific types of) personal data. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave consent or at the contact details below.


Our Group Companies

Personal data will only be shared across the GTM Group in certain circumstances and where lawful to do so, i.e. it may be necessary to share your personal data with other members of the GTM Group, which includes our ultimate holding company and its subsidiaries for the purposes of our business management, including workforce management and administration, management information, forecasting and other related functions.

Access rights between members of the GTM Group are limited and granted only on a need-to-know basis, depending on job functions and roles.

Service Providers

We use third party service providers who provide services including IT and legal services. In providing the services, your personal data will, where applicable, be processed by the service provider on our behalf.

We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We will have written contracts with them which provide assurances regarding the protections that they will give to your personal data and their compliance with our data security standards and international transfer restrictions.

Disclosures to Third Parties

In certain circumstances, we share and/or are obliged to share your personal data with third parties outside the GTM Group, for the purposes described above and in accordance with Data Protection Legislation.

These third parties may include:

regulatory authorities;

financial institutions;


relevant industry bodies;

external professional advisors; and

others, where it is permitted by law, or where we have your consent.


Your personal information may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), for example, when one of our service providers use employees or equipment based outside the EEA. For transfers of your personal data to third parties outside of the EEA, we take additional steps in line with Data Protection Legislation. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses.

If you would like to see a copy of any relevant provisions, please contact the data protection officer (see “Contact Us” section below).


GTM operate and use appropriate technical and physical security measures to protect your personal data.

We have in particular taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.


We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:

Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;

Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and

Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after the period described in 9.1.2 because of a legal or regulatory requirement.


You may have various rights under data protection legislation in your country (where applicable).

These may include (as relevant):

Your rightWhat does it mean?How do I execute this right?

Conditions to exercise?


Right of accessSubject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”).

Requests for such information should be made in writing to If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.

We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other customers. Data solely retained for data backup purposes is principally excluded.

Right of data portabilitySubject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format.Requests should be made in writing to If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations.The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Hence, it does, as a rule, not apply to personal data that was created by GTM.
Rights in relation to inaccurate personal or incomplete dataYou may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.

We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status.

Please always check first whether self-help tools are available.

If no such tools are available, requests should be made in writing to

This right only applies to your own personal data. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processingSubject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

Requests should be made in writing to

This right applies only if the processing of your personal data is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.
Right to have personal data erasedSubject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.

Requests should be made in writing to

There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes.
Right to withdrawalYou have the right to withdraw your consent to any processing for which you have previously given that consent.

Requests should be made in writing to

If you withdraw your consent, this will only take effect for the future.


Without prejudice to any other administrative or judicial remedy you might have, you may have the right under data protection legislation in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country (i.e. the Data Protection Commission in Ireland) if you consider that we have infringed applicable data protection legislation when processing your personal data. This means the country where you are habitually resident, where you work or where the alleged infringement took place.


We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will display the update as a pop-up notice on our website so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our services after we post any such changes, you accept and agree to this Privacy Notice as modified.


For further information or if you have any questions or queries about this Privacy Notice, please contact our data protection officer, Gemma Creaton, at .