Privacy Policy | IPTV Ireland - GDPR-Compliant Data Protection

Privacy Policy

Last Updated: January 31, 2026 · Effective Date: January 31, 2026

IPTV Ireland 4K Irish ("we," "our," or "us") is committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains how we collect, use, store, and protect your information when you visit iptvireland-4k.irish or subscribe to our IPTV Ireland service. We comply fully with the EU General Data Protection Regulation (GDPR), Ireland's Data Protection Act 2018, and the ePrivacy Directive.

1. Introduction & Who We Are

This Privacy Policy applies to all personal data collected through our website, contact forms, WhatsApp communications, email correspondence, and IPTV subscription services. By using our service, you confirm that you have read and understood this policy.

For the purposes of GDPR, IPTV Ireland 4K Irish is the Data Controller of the personal information we collect. This means we determine how and why your personal data is processed.

2. Information We Collect

We collect personal data in several ways. The table below summarises what we collect and the source of that data:

Type of Data Examples Source
Identity Data Full name, country of residence Contact form, subscription
Contact Data Email address, WhatsApp number, phone number Contact form, WhatsApp, email
Technical Data Device type (Firestick, Smart TV, etc.), IP address, browser type Website visits, subscription setup
Subscription Data Plan type, duration, M3U URL, Xtream Codes credentials Purchase & service delivery
Payment Data Transaction ID, payment method (we do NOT store full card details) Third-party processors (PayPal, Stripe)
Usage Data Stream connection logs, support ticket history Server logs, customer support
Communications Messages you send to us via WhatsApp, email, or contact form Direct communication

What We Do NOT Collect

We never knowingly collect:

  • Special category personal data (e.g. health, religion, political opinions, biometric data).
  • Personal data of children under 16 without verifiable parental consent.
  • Full credit card numbers, CVV codes, or banking credentials — these are handled exclusively by our PCI-DSS-compliant payment processors.
  • The content of what you watch — we do not monitor, log, or share your viewing history.

3. How We Use Your Information

We process your personal data for the following purposes only:

  • Service Delivery: Activating your subscription, generating your M3U URL or Xtream Codes credentials, and providing access to the IPTV service.
  • Customer Support: Responding to your enquiries via WhatsApp, email, or our contact form, troubleshooting issues, and helping with device setup.
  • Payment Processing: Confirming receipt of payment, issuing receipts, and processing refunds under our refund policy.
  • Service Improvement: Analysing aggregated, anonymised usage patterns to improve performance and stability.
  • Security: Detecting fraud, preventing abuse, blocking unauthorised access, and enforcing our Terms of Service.
  • Legal Compliance: Meeting our obligations under EU and Irish law, including responding to lawful requests from authorities.
  • Marketing (with consent only): Sending newsletters or promotional updates — only if you have explicitly opted in. You can opt out at any time.

4. Legal Basis for Processing (GDPR Article 6)

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following:

  • Contract (Art. 6(1)(b)): To deliver the IPTV subscription you have purchased.
  • Legitimate Interests (Art. 6(1)(f)): To run and improve our business, prevent fraud, and ensure service security — balanced against your fundamental rights and freedoms.
  • Consent (Art. 6(1)(a)): For optional marketing communications, cookies, and similar tracking — you can withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, anti-fraud, and other legal requirements.

5. Who We Share Your Data With

We do not sell your personal data. We only share it with the following categories of third parties, and only when necessary to deliver our service:

  • Payment Processors (e.g. PayPal, Stripe, cryptocurrency gateways) — to securely process your payments. These are independent Data Controllers with their own privacy policies.
  • Upstream Content Providers — to provision your subscription and route streams to your device. They receive only the technical credentials needed for service delivery.
  • Hosting & Infrastructure Providers — for website hosting, CDN delivery, and data storage. All providers we work with are GDPR-compliant.
  • Customer Communication Tools — WhatsApp (Meta), Gmail (Google), and email service providers — when you contact us through these channels.
  • Legal & Regulatory Authorities — when required by law, court order, or lawful request from a competent authority.
  • Professional Advisors — accountants, auditors, and legal counsel under strict confidentiality agreements.

6. International Data Transfers

Your personal data may be processed in countries outside the European Economic Area (EEA), including the United Kingdom and the United States, where some of our service providers operate. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy Decisions by the European Commission (e.g. UK Adequacy Decision).
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • EU-US Data Privacy Framework certification, where applicable.

You can request a copy of these safeguards by contacting us using the details in Section 12.

7. Data Retention

We only keep your personal data for as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods are:

Data Type Retention Period
Active subscription records Duration of subscription + 12 months
Payment & invoice records 7 years (Irish tax law requirement)
Customer support correspondence 3 years from last contact
Marketing data (consented users) Until consent is withdrawn
Website analytics (anonymised) 26 months
Server access logs 30 days

After these periods, your data is either permanently deleted or fully anonymised so that you can no longer be identified.

8. Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Your Eight GDPR Rights

1. Right of Access (Art. 15)

Request a copy of all personal data we hold about you, free of charge.

2. Right to Rectification (Art. 16)

Ask us to correct any inaccurate or incomplete data.

3. Right to Erasure (Art. 17)

Request deletion of your data ("right to be forgotten") in certain circumstances.

4. Right to Restriction (Art. 18)

Ask us to limit how we process your data while a complaint is investigated.

5. Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format (e.g. CSV, JSON).

6. Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

7. Rights re. Automated Decisions (Art. 22)

Not be subject to decisions based solely on automated processing.

8. Right to Withdraw Consent

Withdraw consent at any time, without affecting lawful processing already done.

To exercise any of these rights, email us at [email protected] with the subject line "GDPR Data Request". We will respond within 30 calendar days as required by Article 12(3) of GDPR.

9. Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Ireland is:

Data Protection Commission (DPC) Ireland

Website: www.dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Email: [email protected]
Phone: +353 (0)761 104 800

We would, however, appreciate the opportunity to address your concerns directly before you approach the DPC, so please contact us first using the details in Section 12.

10. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience. Cookies are small text files placed on your device when you visit a website.

Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the website to function (e.g. session management, security). These do not require consent.
  • Performance & Analytics Cookies: Help us understand how visitors use our site (e.g. Google Analytics). Set only with your consent.
  • Functionality Cookies: Remember your preferences (e.g. country selector, plan toggle). Set only with your consent.
  • Marketing Cookies: We do not use third-party advertising cookies on our website.

Managing Cookies

You can accept or reject non-essential cookies through our cookie banner when you first visit the site. You can also manage cookies directly through your browser settings. Disabling certain cookies may affect site functionality.

11. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

  • SSL/TLS encryption for all data transmitted to and from our website.
  • Encrypted storage for sensitive subscription credentials.
  • Access controls limiting personal data access to authorised staff only.
  • Regular security audits and vulnerability assessments.
  • PCI-DSS-compliant third-party payment processing — we never see or store your full card details.
  • Two-factor authentication on all administrative accounts.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  1. Notify the Irish Data Protection Commission within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.
  2. Notify affected individuals without undue delay, providing clear information about the nature of the breach, likely consequences, and the measures we have taken.
  3. Document the breach and our response in our internal breach register, as required by Article 33(5) GDPR.

13. Third-Party Links & Services

Our website and service may contain links to third-party websites, apps, and services (e.g. payment processors, IPTV player apps, our blog, social media). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

14. Children's Privacy

Our service is intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately at [email protected], and we will delete the information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page will always show when the policy was most recently revised. We encourage you to review this policy periodically. For material changes, we will notify subscribers by email or through a prominent notice on our website.

16. Contact Us & Data Controller Details

If you have any questions about this Privacy Policy, wish to exercise your GDPR rights, or have any concerns about how we handle your personal data, please contact us:

IPTV Ireland 4K Irish — Data Controller

Email (Privacy / GDPR Requests): [email protected]

Subject Line: Use "GDPR Data Request" or "Privacy Question" for fastest routing

WhatsApp: +44 7309 572838

Contact Form: https://iptvireland-4k.irish/contact

Response Time: Within 30 calendar days for GDPR requests (Art. 12(3)); within 24 hours for general enquiries.

For more information about our service and your rights, please review our Terms of Service, Refund Policy, and DMCA Policy.