Last updated: [January 19th, 2026]

1. Introduction

Unirefund (“we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you:

• visit www.unirefund.ie;

• use the Unirefund platform or mobile application; or

• interact with us as a shopper, retailer, or business partner.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

2. Who we are (Data Controller)

Unirefund is the data controller responsible for your personal data.

Company: Uni Retail Solutions Limited, trading as Unirefund.

Registered address: Deerpark Business Centre, Galway, H91 R8X7, Ireland

Email: [email protected]

If you have any questions about this policy or how your data is handled, you can contact us using the details above.

3. Personal data we collect

We collect only the data necessary to deliver tax-free shopping and VAT refund services, operate our platform, and meet legal and regulatory obligations.

3.1 Shoppers

We may collect:

• Full name

• Mobile phone number

• Email address

• Passport and identity details (where required for tax-free eligibility and compliance)

• Nationality and country of residence

• Purchase and transaction details (e.g., retailer, date, value, VAT amount, form reference)

• Refund details (credit card refund information required to pay your refund, such as cardholder name, card number and expiry date, where applicable)

• Communications and support history (e.g., support tickets, messages)

• App usage and interaction data (e.g., device identifiers, login events, feature usage)

3.2 Retailers and partners

We may collect:

• Business name and address

• Contact person details (name, role, email, phone number)

• Transaction and reporting data

• Technical integration data (e.g., API keys, system identifiers, logs needed to support integrations)

3.3 Website users

We may collect:

• IP address

• Device and browser information

• Website usage data via cookies and analytics tools (subject to your cookie choices)

4. How we collect your data

We collect personal data:

• Directly from you when you register, use the app, submit information, or contact support

• Via participating retailers when issuing tax-free transactions

• Automatically through cookies and similar technologies on our website (subject to consent where required)

• Through SMS or app-based interactions linked to tax-free forms and verification steps

5. How we use your data

We use personal data to:

• Issue and process tax-free and VAT refund transactions

• Verify eligibility for tax-free shopping and support customs validation processes

• Pay refunds to your nominated credit card (where approved)

• Provide customer support and service communications (including verification and transaction updates)

• Prevent fraud, protect platform security, and maintain an audit trail (including risk checks and anomaly detection)

• Improve platform performance, usability, and service delivery

• Meet legal, regulatory, tax, customs, and compliance obligations

6. Legal bases for processing

We process personal data under one or more of the following legal bases:

• Performance of a contract (GDPR Art. 6(1)(b)) – to provide the Unirefund service and process refund transactions

• Legal obligation (Art. 6(1)(c)) – to comply with tax, customs, regulatory, and record-keeping requirements

• Legitimate interests (Art. 6(1)(f)) – to operate and improve our services, prevent fraud, secure our systems, and defend legal claims (balanced against your rights)

• Consent (Art. 6(1)(a)) – where required, for example for certain marketing communications or non-essential cookies

Where consent is the legal basis, you may withdraw consent at any time.

7. Sharing your data

We may share your data with:

• Retail partners involved in your transaction

• Payment service providers, processors, and financial institutions to facilitate credit card refunds and related processing

• Customs and tax authorities, where required to support validation and compliance

• Technology, hosting, and support providers acting as processors (e.g., cloud hosting, analytics, customer support tools)

All processors are required to protect your data and use it only on our instructions.

We do not sell personal data.

8. International data transfers

Your data is typically processed within the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• EU Standard Contractual Clauses, and/or

• Adequacy decisions, where applicable

9. Data retention

We retain personal data only for as long as necessary to provide our services and meet legal, regulatory, and audit requirements.

In general:

• Transaction and compliance records may be retained for up to 7 years (or longer where required by law or to defend legal claims).

• Support and communications records may be retained for a shorter period, typically up to 2 years, unless needed for dispute resolution or compliance.

• App and website analytics data is retained in line with our cookie/analytics configurations and your consent settings.

10. Your rights under GDPR

You have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion of your data (where applicable)

• Restrict or object to processing (in certain circumstances)

• Data portability (where applicable)

• Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact [email protected].

You also have the right to lodge a complaint with the Data Protection Commission (Ireland).

11. Security of your data

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure hosting and access controls

• Encryption where appropriate

• Monitoring and risk management measures

• Role-based access to systems and data

No system is completely secure; however, we work continuously to protect your information.

12. Cookies and tracking

Our website uses cookies and similar technologies to:

• Ensure website functionality

• Analyse usage and performance

• Improve user experience

Where required, we use a cookie banner/consent tool to allow you to accept or reject non-essential cookies. You can also manage cookies via your browser settings.

For more information, see our Cookie Policy.

13. Children’s data

Unirefund services are not directed at children. We do not knowingly collect personal data from individuals under 16 years of age.

14. Automated decision-making

We may use automated checks to support fraud prevention, compliance, and service integrity. Where decisions producing legal or similarly significant effects are made, we implement appropriate safeguards and human oversight as required by applicable law.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

16. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, contact:

Email: [email protected]

Address: Unirefund, PO Box 13896, Dublin 14. Ireland.