Select Page

Privacy Policy

Privacy Policy and Data Protection Statement


Orion Management Services Limited trading as Served is committed to protecting your privacy, which is why we have set out this Privacy Policy and Data Protection Statement describing the personal data that we might process about you, why we process it, where we might get your personal data from, and how we handle it. This notice also sets out how you can engage with us and how you can contact the Data Protection Commission, if you have any concerns about your personal data.


This data protection policy ensures Served:

  • complies with Data Protection legislation and follows good practice;

  • protects the rights of employees, clients and partners;

  • is transparent in terms of how it stores and processes individuals’ data;

  • protects itself from the risks associated with a data breach.


The General Data Protection Regulation 2016 (GDPR) replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e., living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent. The GDPR came into force on 25 May 2018. In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018.

Data Protection Statement

Served, located at Unit 1E Three Rock Road Sandyford Business Park Dublin 18 is committed to compliance with all relevant EU and Irish law in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information we collect and process in accordance with the (GDPR). We are committed to protecting and respecting personal data. We wish to be transparent on how we process personal data and demonstrate that we are accountable with the GDPR in relation to our processing of the data.

The GDPR describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

Privacy Policy – Data Protection Principles

The GDPR is underpinned by six important principles requiring that personal data be:

1. Processed lawfully, fairly and in a transparent manner;
2. Collected for specified, explicit and legitimate purpose;
3. Adequate, relevant and limited to what is necessary;
4. Accurate and where necessary, kept up to date;
5 . Retained only for as long as necessary;
6 . Processed in an appropriate manner to maintain security.

The GDPR and this policy are applicable to all personal data processing functions, including those performed on customers’, clients’, employees’, suppliers’ and partners’ personal data, and any other personal data the organisation processes from any source.

The Data Protection Officer is responsible for reviewing the register of data processing annually, in light of any changes to Served activities (as determined by changes to the data inventory register and the management review and to any additional requirements identified by means of data protection impact assessments (DPIA’s).

Partners and any third parties working with or for Served, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy.

No third party may access personal data held by Served without having first entered into a data confidentiality agreement, which imposes obligations on the third party no less onerous than those to which we are committed, and which gives us the right to audit compliance with the agreement.

Who we are and how to contact us

Served is a business name owned by Orion Management Services Limited, a company registered in Ireland (Registration Number: 178622) and operates as a summons server involved in the serving of court documents or papers on behalf of parties to legal proceedings. Our Data Protection Officer is contactable at or if you wish to write to us, please use the following address:

Data Protection Officer

Orion Management Services Limited
Unit 1E
Three Rock Road
Sandyford Business Park
Dublin 18

How we get your personal data and our legal basis for processing it:

Our data processing activities

Orion Management Services Limited trading as Served (“We”) processes personal data both as a Data Controller, for our own purposes, and as a Data Processor on behalf of other entities, our clients.

1: Data Controller Activities

Running our business

In the normal course of running our business we process the personal data of employees of our clients, suppliers and other third parties. This includes business contact details such as names, email addresses and phone numbers which may have been provided to us indirectly by your employer or our business partners rather than directly by you. These entities should provide their employees and associates with an appropriate information notice to cover how we process their data. In addition, we process personal data of our own employees.

All such data can be used to enable us to:

  • Provide you with the ability to use our services, to provide support services and to monitor such use for billing or security purposes.

  • Administer your or your employer’s contract with us, including invoicing, debt recovery etc.

Our legal basis for processing this data is either for our legitimate interests, or for the performance of a contract if we are dealing directly with you. If we are dealing with your employer or client, they should be advising you as to why they are providing your personal data to their customers or service providers. We obtain information about current, past or prospective employees either directly from you, or from recruitment consultants and the like. This information is used for HR administration, including payroll and recruitment.

Promoting our services

We process personal data of persons to whom we wish to promote our services. This will include business contact data which we may have collected directly from you either in the course of providing our services to you or from this website.

We may also have gathered your data through your interactions with our website or via email or telephone enquiries. Such data can be used to enable us to keep you informed about developments at Served and our services, conducting market research and analysis, or determining which of our services are most suitable for you. We are doing so on the basis of our legitimate interests in promoting and developing our business.

As with any website, we interact with your device and browser to serve pages to you. This may involve collecting certain information, but we do not use this data to identify you by connecting it to other data. Rather we might only do so for security and fraud prevention purposes. The type of data acquired may include IP addresses, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user.

In all cases we will also process data as required by applicable law.

2: Data Processor Activities

Provision of services

Served provides services as a summons or process server in order to assist parties to legal proceedings in all legal practice areas.

For these services, the personal data that we process is supplied to us by our clients; law firms, legal departments, private individuals or corporate entities who have an interest in a legal case, rather than directly by you, the data subject / person or entity to be served.

We act as a Data Processor in the provision of our services and in this role, we process the personal data supplied to us from our client, the Data Controller, and act solely on the instructions of the Data Controller (our client) in the performance of our function:

For these services, we process personal data on the basis of our legitimate interests in providing the services in question, and the legitimate interests of our clients who need to be able to serve legal papers to progress, pursue or defend legal actions. Our processing of personal data in all such cases is balanced as against the fundamental privacy rights and freedoms of the data subject.

Your data protection rights

Where we are processing your personal data as a Data Controller, you may have the right to request of us access to, and rectification or erasure, of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, to the extent that our processing may be based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. Please bear in mind that your rights in relation to your Personal Data are not absolute. It is important to note that we are processing much of the data either on the basis of legitimate interests or performance of contract, rather than consent. This means there is no absolute right to have such data erased, but you may have rights to both object to such processing or to restrict it. In circumstances where we have obtained your data from a third party we may need to confirm the accuracy of the data with that third party before rectification. Marketing communications by electronic means with you will be conducted in compliance with Statutory Instrument 336 of 2011 which give you specific privacy rights in relation to electronic communications. We will provide an opt-out in each communication which allows you express your preferences with regard to receiving subsequent communications. Please contact us at the email or postal addresses above if you wish to make a data subject request. In cases where we act as Data Processor, you would need to contact the respective “Data Controller” to exercise your data protection rights. If you have any such requests we can direct you to the appropriate Data Controller.

How to complain

You can report a concern to the Data Protection Commission:

Data Protection Commission,
21 Fitzwilliam Square South
Dublin 2
D02 RD28



Date: February 2023

Personal data record of Served as a Data Processor:

Subject Matter

The processing of personal data as part of any instructions to serve legal papers as received in writing from the Data Controller.

Data Retention The Data Processor agrees to return and/or destroy all personal data received once the instructions have been completed. Therefore no personal data is retained by the Data Processor.
Nature and Purpose of the Processing

To carry out the serving of legal documents or papers upon individuals or corporate entities on behalf of our clients in the course of ongoing legal proceedings or in anticipation of legal proceedings.

Categories of Data Subjects

Any data subject to whom instructions received from the Data Controller relate to, including but not limited to borrowers, debtors, parties or potential parties to legal proceedings and witnesses.

Types of Personal Data (i.e. any information relating to an identified or identifiable person)

Demographic Data


Contact Details


Financial Data


Digital identifiers


Social Media


Special Data


Criminal Offences/Convictions


Government Identifiers



Recipients of Personal Data

All employees of the Data Processor instructed in accordance with the instructions of the Data Controller.

Data Transfers

No data transfers should occur between the Data Processor and any third party, without prior written consent of the Data Controller.

Security measures

The Data processor has implemented the appropriate technical and organisational measures to provide the Data Controller with sufficient guarantees to confirm that the processing undertaken by the Data Processor will meet with the requirements of the Data Protection Legislation and ensure the protection of the rights of the Data Subject.

The Data Processor ensures that it has at all times appropriate technical and organisational measures in place to protect the Personal Data against accidental, or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access or any other processing in breach of that applicable law in force at any time, including Data Protection Legislation, and that having regard to the state of technological development and the cost of implementing any measures, such measures provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Data to be protected.

The Data Processor has implemented the appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the security of Personal Data, which includes:

(i) The pseudonymisation and encryption of Personal Data.
(ii) The ability to ensure the ongoing confidentiality, integrity and availability of the Data Controller’s Personal Data and resilience of the Data Processor’s system and services for such Processing.
(iii) The ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident.
(iv) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

The ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident.

  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

The Data Processor has ensured that its processing systems and processing services are resilient to attack and system failure, and that they adequately maintain confidentiality.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

This Data Protection Statement and Data Protection Policy is kept under continuous review and subject to an annual audit and therefore is subject to change.