- Purpose and scope
- What kinds of personal information do we collect and process?
We collect and process your personal data including, but not limited to, the following types of personal data:
- contact details such as phone number, email address, postal address, social media profile;
- [demographic information such as age, gender, employer, profession, geographic location];
- audio or visual recordings;
- CCTV images or footage;
- financial details such as credit or debit card information which you provide us to secure a booking.
The provision of certain personal data is mandatory (and may be required accordance with a contractual requirement or to enter into a contract such as where you are an individual supplying services to us). The collection of any such data will be made clear at the time of collection of the information. If you choose not to submit this information, this may result in us not being able to provide our hospitality services to you or not being able to trade with you.
- How do we use this information?
We use your personal data as necessary to provide our hospitality services and to fulfil our contract with you. We also process personal data in order to fulfil our contracts with business partners, vendors and suppliers.
We may also use your personal data as necessary to manage our business for our legitimate interests. It is also in our legitimate interests to use your personal data for safety and security purposes as is necessary to ensure the security of our assets, personnel and customers.
In particular, we also process your personal data for the following purposes:
a. CCTV and related video surveillance systems
We monitor both the internal and external areas of our business premises using CCTV and related video surveillance systems. Images recorded by surveillance systems are considered personal data. We use this information for our legitimate business purposes to protect the safety and security of our customers and personnel, to protect our property, to deter crime and to investigate any security incidents or accidents.
b. Reservations and bookings
We collect personal data about you when you make a reservation or booking with us. This information may include your contact details and financial data such as credit or debit card information which you provide us in order to secure a booking or reservation. This information is necessary in our legitimate interests of providing our services and carrying out the effective management of our business. It is also necessary for us to perform our agreements with you.
- Sharing of Personal Data
Where necessary, we share your personal data for the purposes already set out in this Policy. Your personal data will be shared with third parties including but not limited to:
- Online websites (including social media companies) and our IT providers
- Media and promotional companies
- Payment processors
- Security companies
- Insurers and legal advisors
We may also share your personal data where we are required to do so by law. Where our business is bought or sold your information may also be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control.
- Retention and Security
We will maintain appropriate technical and organisation measures to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your information. We will provide a level of security that is proportionate to the risks that are presented by the processing activity, having regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing.
We will retain your personal data for as long as is necessary for the purposes set out in this Notice or as needed for us to provide our services or to perform our contract with you. We will retain and use your personal data to the extent necessary to comply with our legal obligations, to resolve disputes and to enforce our agreements.
[Generally, we will only retain CCTV footage for 30 days however we may retain CCTV footage for longer periods for reasons including, but not limited to, when there has been a theft or break-in, the footage is subject to an investigation, or it is necessary for the defence or pursuit of a legal claim].
[DRAFTING NOTE: the 30-day retention period is in line with guidance of the Irish Data Protection Commissioner]
- Your Rights
You have certain rights as a data subject in relation to your information. While some of these rights are general and unrestricted, other rights only apply in certain circumstances.
Your rights include:
- Access – you are entitled to obtain a copy of the personal data which we hold about you.
- Rectification – you can request rectification of your personal data if it is inaccurate or incomplete.
- Restriction – you can restrict our use of your personal data.
- Deletion – you are entitled to request that we erase your personal data.
- Objection – you can object to the processing of your personal data where our legal basis for processing your data is our legitimate interests.
These rights may be restricted in certain circumstances for instance where they may be needed to comply with our legal obligations or for the defence or exercise of legal claims.
You can exercise these rights by contacting us at firstname.lastname@example.org.
In circumstances where you are not satisfied with our use of your personal data or you are not satisfied with how we have responded to your request to exercise your rights, you have the right to lodge a complaint with the Office of the Data Protection Commission who can be contacted at email@example.com or LoCall 1890 25 22 31.
- Policy updates
This Policy may be updated from time to time. If we make changes that are material, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification.