Privacy Policy

  • Effective as of 04/09/2023

    Who we are

    “Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.

    For the purposes of the GDPR, Performance Metrics Ltd is the data controller with regard to the Personal Data described in this Privacy Policy. You may have also been directed to this website by your organisation, which we process data on behalf of.

    Performance Metrics Ltd’s mission is to provide a digital, cloud-based culture management system to its customers. It enables credit unions to benchmark their performance year on year.

    We can be contacted directly here:

    Performance Metrics Ltd, Synergy Centre, Tallaght, Dublin 24, Ireland

    Purpose and Scope of this Policy

    This Privacy Policy outlines how Performance Metrics Ltd ("we", "us", or "our") collects, uses, and safeguards personal information when you use our website [] (the "Site"), including its subdomains, and related services. This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) as applicable to residents of the European Union and the United Kingdom of Great Britain and Northern Ireland.

    What is personal data?

    Personal data is any data that identifies a living person or could be used to identify a living person, which is submitted and/or collected by Performance Metrics Ltd. It does not include anonymised data where an individual’s identity has been removed.

    Any personal data that you share with us is treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).

    What personal data do we process?

    We collect and process personal information to provide and enhance our services, communicate with users, and fulfill legal obligations. The types of personal information we collect include:

    • Contact Information: Name, email address, phone number.
    • Communication Data: Information provided through contact forms or direct communication.
    • Usage Data: Information about how you use our website, such as pages visited and time spent.
    • Technical Data: Information including IP address, browser type, device identifiers, and operating system.
    • Performance ratings: Each client has an individual URL on the platform. For the purpose of this privacy policy, the URL is referred to The data subject arrives at the site via a link in an email and rates themselves on 18 performance metrics. The data subject can also leave supporting comments. The ratings and supporting notes can be accessed by various entities all of which are explained to the data subject when they are invited to self-review. The data subject’s data is never shared with anybody not included in the ones outlined in the invitation email.

    Data inputted and stored in by the client and the data subject pertaining to the data subject may include:

    • First name and last name
    • Email address
    • Name of affiliated legal entity or company
    • Password-based Key (with a random salt, HMAC digest algorithm)
    • Assignment of Data Subject to company units, e.g. country/department/team
    • Email templates
    • Time zone
    • Performance ratings
    • Supporting notes on performance ratings

    Surveys ( and

    Member Temperature Check Survey - We process personal data as part of the Member Temperature Check Survey only when an individual opts to volunteer their services. The Member Temperature Check Survey data is collected anonymously, and IP addresses are not collected.

    If the data subject opts in to volunteer at the credit union they are directed to a new survey where they can leave their contact details. These details are forwarded automatically to a pre-assigned email of the relevant office holder. The response does not form part of the original survey so the individual can't be associated with their responses.

    Custom Survey – These surveys include varying questions and are used to collect the goals and training needs of individual staff members for the purpose of including them in the performance management process. These surveys are only visible to the individual's team leader and performance metrics staff.

    Performances Metrics Ltd does not knowingly process children’s data, special category data, or personal data related to criminal convictions or offenses.

    Aggregated Data

    As with most websites, we gather statistical data and other analytical information (for example, demographic information, usage data, etc.) collected on an aggregated basis from all visitors to our website. This data is not considered personal data in law as it does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.


    If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

    When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you log out of your account, the login cookies will be removed.

    If you edit a survey, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the survey ID of the survey you just edited. It expires after 1 day.

    How and why we use your data

    We process personal information for the following purposes:

    • Service Delivery: Providing and enhancing our services.
    • Communication: Responding to inquiries and providing customer support.
    • Marketing: Sending newsletters and promotional materials with your consent.
    • Analytics: Analyzing website performance and functionality.
    • Legal Compliance: Complying with applicable laws and regulations.

    We use Personal Data related to Performance Ratings for several general purposes:

    • to provide you with the service  
    • to support and services offered  
    • to conduct research about’s customer base or services,
    • to allow you to complete your performance review
    • to allow you to leave supporting notes for your performance review

    We may use non-Personal Data such as demographic data to analyse and develop our marketing strategy and further improve and our services.

    We use Personal Data related to Surveys:

    • to allow you to volunteer your services at the credit union
    • to record your goals and training needs for the purpose of including them in the performance management process.

    Legal Bases for Using Your Data

    We use your personal data for the purposes outlined above. In doing so we rely on a number of separate and overlapping legal bases to lawfully process your personal data. These may include:

    • Consent: When you provide explicit consent for processing. If processing occurs based on consent, you will be informed as to how you can withdraw your consent.  Where applicable, you may at any time withdraw your consent for our collection, use, processing, etc. of your personal data. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
    • Contractual Necessity: Where it is necessary to perform our contract with you.
    • Legitimate Interests:  Where processing is based on our legitimate interests, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
    • Where necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims

    Please contact us if you want further information on the legal basis we use for processing personal data.

    How long do we keep your data?

    We retain personal information only as long as necessary for the purposes outlined unless longer retention is required by law.

    Personal data is retained for as long as we need it to provide you with All data stored in our server(s) is retained unless the customer/data controller advises otherwise. The 1872 perform platform allows the customer to export an overview of all personal data related to a user as well as delete such personal data.

    Third Parties and Disclosures of Your Personal Data

    We may share your personal information with the following categories of third parties:

    • Service Providers: Trusted partners aiding in website operation.
    • Technical providers are other entities that interact with us in connection with the services we provide.
    • Professional advisers acting as processors, controllers, or joint controllers including lawyers, bankers, auditors and insurers based in Ireland and EU who provide consultancy, banking, legal, insurance and accounting services.
    • Regulators and other authorities as processors, controllers, or joint controllers based in Ireland and EU who require reporting of processing activities in certain circumstances.

    We may disclose Personal Data to other companies or people under any of the following circumstances:

    • if sharing the information is reasonably necessary to provide or otherwise make available and any feature of or a service that you have requested.
    • if we believe in good faith that we are required to do so by law, in connection with litigation, to prevent a crime, or to protect personal property, the public, or
    • if we believe in good faith that access, use, preservation or disclosure is necessary to: (1) comply with applicable law, regulation, legal process or enforceable governmental request, (2) enforce applicable use terms, including investigation of potential violations, (3) register, prevent or otherwise protect against address fraud, security or technical issues, or (4) indemnifying us, our users or the public's rights, property or safety, as required.
    • in connection with a sale or merger with another entity, consolidation, restructuring, sale of company assets, financing or other corporate change, including during the course of any due diligence process or if Performance Metrics Ltd should ever file for bankruptcy or related proceeding.
    • when we otherwise have the Data Subjects' consent to share the information.

    Performance Metrics Ltd may also share non-personal Data with third parties (e.g. aggregate or demographic data).

    Pages on this site may include embedded content (YouTube videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

    Visitor request may be checked through an automated spam detection service Google reCAPTCHA.

    International Data Transfers

    Your personal information may be transferred and processed outside of Ireland or the European Economic Area (EEA). We will ensure such transfers are necessary, and compliant with applicable data protection laws.

    Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or;
    • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. In such cases, a transfer impact assessment would be carried out.

    Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

    Security features/data location

    It is important for us that Personal Data is kept secure. We have strict security procedures for the collection, storage and transfer of Personal Data to prevent unauthorised access and to comply with applicable law. Our security is checked regularly.

    We have taken necessary technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of applicable law. Performance Metrics Ltd utilises encryption, access controls and other features to ensure the security of your data.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

    Performance Metrics Ltd limits access to your personal data to those employees, contractors and other third parties on a need-to-know basis and under contract. We will only process your personal data for the purposes for which it was collected, and third parties are only permitted to process your data on our instructions.

    Your Rights

    Under certain circumstances, and dependent on the legal basis under which your personal data is processed, by law you have the right to:

    • Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
    • Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
    • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
    • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
    • Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
    • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.
    • Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

    Upon your request, we will provide you with information on whether or not we process personal data concerning you. We will also provide you with information on 1) what information is processed, 2) the purposes, 3) the categories of recipients of the personal data, and 4) available information about the source of the personal data.  We will provide such information to you within 30 days from the date of receipt of your request.

    How do you exercise your rights?

    If you wish to exercise your rights please contact us at the details below. We will respond to the request within one calendar month.

    Performance Metrics Ltd can be contacted as follows:

    Performance Metrics Ltd, Synergy Centre, Tallaght, Dublin 24, Ireland

    Your Right to Lodge a Complaint

    You as the Data Subject have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue.

    You can contact the Data Protection Commission:
    Phone: +353 17650100 or 1800437 737
    Address: Data Protection Commission - 21 Fitzwilliam Square South Dublin 2. D02 RD28 Ireland

    In the UK the contact details are as follows:

    Information Commissioner's Office


    Phone: 0303 123 1113

    Address: Information Commissioner’s Office
    Wycliffe House
    Water Lane
    SK9 5AF


    Our practices as described in this Privacy Policy may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis.

    You are encouraged to review this Privacy Policy periodically to make sure that you understand how any personal information you provide will be used.

    We may also email you in certain circumstances to let you know if and when we update this Privacy Policy to ensure you are informed.

    Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your Personal Data in the new manner.

We are happy to answer any queries you might have

Contact us anywhere
you want


Performance Metric Limited

Second Floor, Synergy Centre Tallaght, Dublin 24 - Ireland

Say Hi!

Get in touch and let's talk

Fergal Brehony: +353 87 858 6206
Mark Ryder: +353 87 2500 034