The Vaccine Blog

Privacy Policy

This Privacy Policy governs the manner in which the Operator collects, uses, maintains and discloses information collected from users (each, a “User”) of the website [ ] (the “Site”). It will inform you as to how the Operator looks after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Unless otherwise defined in this Privacy Policy, capitalised terms in the policy have the same meaning as in the Site's Terms and Conditions of Use, which can be found here.  The Terms and Conditions of Use also apply to your use of the Site.  

The terms "personal data", "data controller", "data processor", "process" and "processing" have the same meaning as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”).  

The Site is not intended for children and the Operator does not knowingly collect data relating to children.
The “data controller” within the meaning of the GDPR is the legal person responsible for the processing of personal data and which decides alone or in cooperation with others which personal information (which includes Personal Data as defined under the GDPR and set out below) is being collected as well as the purposes and the technical and organizational means with regard to the processing of that personal information. 

For the purposes of the personal data processing pursuant to this section of the Privacy Policy, the data controller is the Operator.  Where personal data has been provided by a User, the Operator remains a data processor on behalf of the User and will not be the data controller in respect of such processing

If you have any questions about this Privacy Policy, the practices of the Site, or your dealings with the Site, please contact the Operator at:   

You have the right to make a complaint at any time to the Data protection Commission (the "DPC"), the Irish supervisory authority for data protection issues using the contact details provided here. The Operator would, however, appreciate the chance to deal with your concerns before you approach the DPC.
This Privacy Policy is kept under review and may change from time to time. This version was last updated on 29th March 2023.
This Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Operator does not control these third-party websites and is not responsible for their privacy statements. When you leave the Site, the Operator encourages you to read the privacy policy of every website you visit.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The Operator may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Profile Data includes any username and password used by you to create an account (if applicable), your interests, preferences, feedback and survey responses.
The Operator does not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) – nor does it collect any information about criminal convictions and offences.

Where the Operator needs to collect personal data by law, or under the terms of any contract with you, and you fail to provide that data when requested, the Operator may not be able to perform the contract or enter into the contract with you.

The Operator will only collect personal data from you in limited circumstances – specifically direct interactions via the Site.  This may include you providing the Operator with your identify or contact data by filling in forms or by corresponding with the Operator by post, phone, email or otherwise.  Other circumstances where your personal data may be collected include when you: 

enter a survey or 
provide feedback to or otherwise contact the Operator.

Please also refer to "Cookies and Google Analytics" below for information on the use of cookies and Google Analytics on the Site.

The Operator will only use your personal data in accordance with the law and particularly the GDPR. Most commonly, the Operator will use your personal data in the following circumstances:
- On the basis of your consent in providing your personal data via the means and for the purposes outlined in this Privacy Policy.
- Where the Operator needs to perform a contract it is about to enter into or has entered into with you.
- Where it is necessary for the Operator's legitimate interests (or those of a third party) – and your interests and fundamental rights do not override those interests.
- Where the Operator needs to comply with a legal obligation.  

Set out below is a description of the ways the Operator may use your personal data, and which of the legal bases under the GDPR it relies on to do so. Also identified are the legitimate interests of the Operator for such use.


The Site uses cookies, which are placed on your hard drive for record-keeping purposes and sometimes to track information about you. In particular, the Site uses Google Analytics to collect data, which is used to understand how you use the Site so that the Operator can improve its design and functionality.

Please refer to the Site Cookie Policy here for further information on the use of cookies and Google Analytics on the Site.

The Operator will only use your personal data for the purposes for which it was collected, unless it reasonably considers that it needs to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the Operator. If the Operator needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis which allows it to do so.  Please note that the Operator may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
The Operator will not transfer your personal data outside the European Economic Area.  Save for the circumstances outlined at 7 (Data Security) below, the Operator will not transfer your personal data to third parties.  As mentioned above, the Site uses the third-party Google Analytics tool.  Please note that Google may transfer your data outside of the European Economic Area (i.e. to the United States).  Please see here for information from Google as to the legal frameworks it relies on for these data transfers.  

The Operator has put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, the Operator limits access to your personal data to those employees, agents, contractors and other third parties who have a legitimate need to access it (for example, where Site maintenance is being carried out by the Operator's IT services provider). They will only process your personal data on the Operator's instructions and they are subject to a duty of confidentiality.
The Operator will notify you and the DPC of a breach where we are legally required to do so.
The Operator will only retain your personal data for as long as reasonably necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, regulatory, reporting requirements. The Operator may retain your personal data for a longer period in the event of a complaint or if it reasonably believes there is a prospect of litigation in respect of its relationship with you.
To determine the appropriate retention period for personal data, the Operator considers the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which it processes your personal data and whether it can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.  These are the rights to request the transfer, access to, erasure of and / or correction of your personal data. You also have the right to object to the processing or request the restriction of your personal data.  You also have the right to withdraw your consent to the processing of your personal data.  If you wish to exercise these rights, please contact the Operator.  

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, the Operator may charge a reasonable fee in certain circumstances or refuse to comply with your request if it is unfounded, repetitive or excessive.