Privacy Policy
Effective date: 12 June 2025
1. Purpose of this Policy
This Privacy Policy explains how TrojanTrack Limited (“TrojanTrack”, “we”, “our”, “us”) collects, uses, stores and shares personal data when you use our smartphone application, web portal, APIs, dashboards and related services (the “Service”). It also describes your rights under the EU General Data Protection Regulation (“GDPR”).
2. Who is the Data Controller?
TrojanTrack Limited, CRO 709200, registered office The NEIC, Irish National Stud & Gardens, Tully, Co. Kildare, R51 DD56, Ireland, is the controller for account, billing and support data. For horse‑related video recordings and derived biomechanical data we act as joint controller together with the Customer who created or authorised the Horse Profile.
3. Personal Data We Process
We process the following categories of data:
Account Data – name, email address, password hash, role, organisation.
Billing Data – invoicing address, purchase‑order references, payment history.
Support Data – correspondence, troubleshooting logs, device information.
Horse Video Data – smartphone videos of horses and any incidental audio or images.
Movement Analytics – coordinates, velocities, angles and other biomechanical metrics derived from videos.
Pedigree & Metadata – horse name/ID, age, breed, pedigree details, yard information, recording location/time.
We do not intentionally collect special‑category personal data about users. Videos must not contain children under 16 without verifiable parental consent.
4. Why We Use Your Data (Purpose & Legal Basis)
| Purpose | Lawful Basis |
|---|---|
| Provide and maintain the Service | Contract (Art. 6(1)(b)) |
| Process payments, issue invoices, manage subscriptions | Contract (Art. 6(1)(b)) / Legal obligation |
| Authenticate and secure accounts, prevent fraud | Legitimate interest (Art. 6(1)(f)) |
| Respond to support queries | Contract |
| Develop new features, improve algorithms and produce aggregated benchmarking reports | Legitimate interest / Consent where required |
| Send important service notices or changes to terms | Legal obligation / Legitimate interest |
| Send marketing communications | Consent (opt‑in) |
5. Data Retention
Horse Videos & Horse Profiles – retained while the profile is active plus 30 days after deletion in case of accidental removal, then permanently erased.
De‑identified Movement Analytics – horse and yard identifiers removed; retained indefinitely for algorithm training, R&D and industry reporting.
Account & Billing Records – retained for seven (7) years after the end of the fiscal year to meet Irish tax and accounting requirements.
Support Logs – retained for two (2) years from resolution.
Retention periods may be extended where required by law or to establish, exercise or defend legal claims.
6. Data Sharing & Transfers
We share personal data only with:
Cloud service providers (AWS EU‑West, Google Cloud) for hosting and processing;
Payment processors for subscription billing;
Professional advisers (lawyers, accountants) under confidentiality; and
New owners in connection with a merger, acquisition or sale of assets, when agreed by both parties.
Where data is transferred outside the European Economic Area we rely on EU‑approved Standard Contractual Clauses and implement additional safeguards.
7. Security Measures
We apply ISO/IEC 27001‑aligned technical and organisational measures: encryption in transit and at rest, least‑privilege access controls, penetration testing and continuous monitoring.
8. Your Rights
Right of access – obtain a copy of your personal data.
Right to rectification – correct inaccurate or incomplete data.
Right to erasure – request deletion of data under certain conditions.
Right to restriction – limit our processing under certain circumstances.
Right to data portability – receive data in machine‑readable form.
Right to object – object to processing based on legitimate interest.
Right to withdraw consent – at any time, for future processing.
Right to lodge a complaint with the Irish Data Protection Commission.
9. Cookies & Analytics
Our website uses essential cookies for functionality and optional analytics cookies with your consent. Detailed information is available in our Cookie Notice.
10. Policy Updates
We may update this Privacy Policy to reflect legal or operational changes. Material changes will be notified via email or in‑app message at least 30 days before they take effect.
11. Contact Us
If you have questions or wish to exercise your rights, contact:
Data Protection Officer
TrojanTrack Limited
The NEIC, Irish National Stud & Gardens, Tully, Co. Kildare, R51 DD56, Ireland
Email: info@trojantrack.ie | Phone: +353 87 655 4900