Privacy Notice
EFFECTIVE: 1st February 2024
This privacy notice (“Notice”) describes how your personal data is used and shared (collectively, “used”) when you visit our website (regardless of where you visit it from) and tells you about your privacy rights and who protects them.
IMPORTANT INFORMATION
Who is the controller and processor of the personal data to which this policy applies?
Controller: Malahide Pavilion and Leisure and Fingal County Council (“Fingal”)
Processor: Campbell Catering Limited trading as Aramark Food Services(“Aramark”).
Aramark provides management services including management of the website to which this Notice applies. It provides these services to Malahide Pavilion and Leisure and Fingal County Council which are responsible for Malahide Pavilion and Leisure (the “Pavilion”) which the Site (defined below) relate to.
For more information on us please go to:
When does this Notice apply? This Notice applies to personal data that we collect and use in relation to the Site and the following website: ·
and any other website or location to which this Notice is posted or linked, unless otherwise indicated (each a “Site”).
Please read this Notice carefully because it provides information on how we collect and process your personal data when you visit our Site, sign up for our newsletter, visit the Site or make a purchase from us.
We collect, process and are responsible for personal data about you in accordance with data protection laws including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the Data Protection Acts 1988 to 2018 and the EC (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.
How will you use my personal data? We use your personal data only as described in this Notice and only when we have a lawful basis to do so. See the How We Use Your Personal Data section1 below for details.
Do you share my personal data with others? We do not sell your personal data or share it with anyone except as described in this notice. See the Who We Share Your Personal Data With2 section below for details.
Where will my personal data be transferred? Aramark is part of a global group of companies with affiliates and service providers within and outside of the European Economic Area (EEA) and the UK. As such, we may transfer your personal data amongst these parties outside the EEA or UK for purposes consistent with this Notice, including to countries with data protection laws which are not comparable to those within the EEA/UK. See the International Data Transfer3 section below for details on the safeguards applied to these transfers.
What are my rights? Data protection laws give you important rights and choices in relation to your personal data. See the section below on Your Rights4 for details.
How can I get more information? We have appointed a privacy compliance team which is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the privacy compliance team using the details set out in the Contact Us section below.
Personal Data We Collect
Personal data, or personal information, means any information about an individual from which that person is or can be identified.
Personal Data You Give Us. This includes personal data you may provide when you:
- sign up to our newsletter;
- contact us to report a problem with our Site;
- contact customer support;
- make payment for a booking or visit and/or receive a refund;
- enter a competition, promotion or survey; or
- otherwise interact with us by phone, email, in person, social media or other means.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Cookies and information collected when you visit this Site. Please refer to our Cookies page or the cookie banner (via the icon at the bottom left of this webpage) for further information on how we use cookies and other tracking tools on this Site.7
How We Use Your Personal Data
To fulfil our contract with you
We use your personal data:
- to take payment for any bookings made; and/or
- to issue any refund.
To operate this Site
We use your personal data:
- to authenticate your access to the Site;
- to operate, maintain, and secure the Site and for system or service diagnostics and administration;
- to study how the Site is used and to improve the Site and our other products and services;
- if you register for an account on the Site, to manage and communicate with you regarding your account, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages;
- to manage membership accounts;
- to better understand your needs and interests, and personalise your experience with the Site;
- to administer promotional activities on the Site; and/or
- to respond to your requests, questions and feedback.
To send marketing communications
If you request information from us, register for an account on the Site or participate in our surveys, promotions or events, we or our group companies may send you marketing communications if permitted by law, but you will be able to opt out. We may use a third party tool to do this.
For marketing or business analysis
We may collect or generate anonymous data, including aggregated or statistical data derived from personal data of our users. We anonymise personal data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes such as, for example, to assess trends amongst our visitors, to evaluate the impact and effectiveness of our marketing campaigns and promotions, and to analyse the number and types of visitors to the Site.
For security, compliance, fraud prevention and safety
We use your personal data as we believe necessary or appropriate to (a) implement and operate security measures designed to protect the Site and your personal data; (b) enforce the terms and conditions that govern the Service; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity.
To provide a requested service
If you participate in a promotion on the Site or request a service through the Site, we may request personal data that we need to facilitate your participation in the promotion or provide the requested service.
To comply with legal obligations
We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from Government authorities. This may also include management of the health, safety and welfare of visitors to the Heritage Sites in accordance with applicable law and regulation and our health and safety policies.
To protect against legal claims or liability
We may use your personal data to comply with our legal obligations, to protect us against legal claims, or to detect, protect, or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity, to comply with our audit and security requirements, or to audit compliance with our corporate policies, procedures, legal, or contractual obligations.
With your consent
We will request your consent to use your personal data where required by law, such as where we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us.
To share with third parties
We share your personal data with third parties in the limited cases described below.
Information about the legal bases of processing for the purposes above are detailed below:
Processing purpose | Legal basis |
---|---|
To fulfil a contract with you (including taking pre-contractual steps at your request) | Once you have a booking we need to know the booking is yours and send you relevant information about your booking, like an email or postal confirmation. To take payment for any bookings made and to issue any refunds. |
To operate the Site To communicate with you For marketing or business analysis For compliance, fraud prevention and safety | We use your data for our legitimate interest of which further detail is provided above. We consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). |
To provide a requested service | Processing is necessary to provide the requested service or to take steps that you request prior to requesting the service or entering the relevant contract. If we are unable to process your personal data, we may not be able to provide you with the requested service. |
To comply with our legal and regulatory obligations | Processing is necessary to comply with our legal obligations. |
To protect against legal claims or liability | Processing is necessary our legitimate interests or those of a third party as detailed further above and only where is not overridden by your own rights and interests. |
With your consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested your consent or by contacting us. |
Who We Share Your Personal Data With
Affiliates
We may disclose your personal data with companies or other bodies within our corporate group for purposes consistent with this Notice.
Service Providers
We may employ third party companies and individuals to help us process your personal data as described in this Notice (such as hosting, data storage, marketing, website analytics and testing, email delivery and database management services). In particular we would like to highlight that we have engaged Retail Integration to provide us with services in connection with ticket bookings.
Compliance with Laws and Law Enforcement; Protection and Safety
We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate as described above to comply with law and for security, compliance, fraud prevention and safety.
Business Transfers
We may sell, transfer or otherwise share some or all of its business or assets, including your personal data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganisation or sale of assets or in the event of bankruptcy.
Marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Please contact us (details below) for further information on who we share your personal data with and why.
Third Party Websites and Apps
This Notice applies to the Site and services relating to the Site that are owned and operated by us. We do not exercise control over the websites or applications that may be linked from our Site. Our Site may contain links to third party websites and features. This Notice does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.
International Data Transfer
We may transmit, store or permit access to personal data, to our affiliates or service providers located in territories outside the European Economic Area (a “third country”). The safeguards in place with regard to such transfer of your personal data to third countries shall include (but shall not be limited to) (i) reliance by us on a decision of the European Commission confirming an adequate level of data protection in the respective third country under Article 45 of the GDPR; or (ii) the entry by us into appropriate contracts with third parties incorporating standard contractual clauses approved by the European Commission where required or reliance other appropriate safeguards on conditions required by, and in accordance with, Article 46 of the GDPR.
Please contact us (details below) for further information on the specific mechanism used by us if transferring your personal data out of the EEA.
Security – How We Protect Your Personal Data
The transmission of information via the internet is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of any data transmitted to us and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our service may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of personal data arising from such risks.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We have high security standards in order to protect your payment card details and use only “PCI DSS” (The Payment Card Industry Data Security Standard) approved organisations for payment services. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator, such as the Data Protection Commission, of a breach where we are legally required to do so. If you have reason to believe that the Site or personal data you have shared with us is not secure, please contact us immediately.
Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
Our Notice on Children
Our Site is not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.
Sensitive Personal Data
We ask that you not send us, and you not disclose, any sensitive personal data (e.g. social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics, genetic characteristics, criminal convictions or investigations or trade union membership) on or through the Site or otherwise to us.
If you send or disclose any sensitive personal data to us when you use the Site, you must explicitly consent to our processing and use of such sensitive personal data in accordance with this Notice. If you do not consent to our processing and use of such sensitive personal data, you must not submit such sensitive personal data to our Site.
Your Rights
Data protection laws give you certain rights regarding your personal data. You may ask us to take the following actions in relation to your personal data that we hold by contacting us (see Contact Us below):
Right of Access
You have the right to request a copy of your personal data.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible.
If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
We are also entitled to refuse a data access request from you where:
(i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so); or
(ii) we are entitled to do so pursuant to data protection law.
For security reasons, we will take reasonable steps to confirm your identity before providing you with any personal data we may hold about you.
Right of Rectification
You have the right to request that we amend any inaccurate or incomplete personal data that we have about you. If you would like to do this, please (i) email or write to us (see Contact Us below); (ii) let us have enough information to identify you (e.g. name, registration details); and (iii) let us know the information that is incorrect and what it should be replaced with.
If we are required to update your personal data, we will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.
It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (see ‘How to Contact Us’ below).
Right to Object
You may exercise the right to object:
(i) at any time to your personal data being processed for direct marketing (including profiling); or
(ii) in certain other situations to our continued processing of your personal data, such as processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Right to Erasure (also known as the ‘right to be forgotten’)
You can ask us to erase your personal data:
(i) where we do not need your personal data in order to process it for the purposes set out in this Notice;
(ii) if you had given us consent to process your personal data, you withdraw that consent and we cannot otherwise legally process your personal data;
(iii) you object to our processing and we do not have any legal basis for continuing to process your personal data;
(iv) your personal data has been processed unlawfully or have not been erased when it should have been; or
(v) the personal data have to be erased to comply with law.
We may continue to process your personal data in certain circumstances in accordance with Data Protection Laws. Where you have requested the erasure of your personal data, we will inform recipients to whom that personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
Right to Restriction of Processing
You may request that we stop processing your personal data temporarily if:
(i) you do not think that your personal data is accurate (but we may start processing again once we have checked and confirmed that it is accurate);
(ii) the processing is unlawful but you do not want us to erase your personal data;
(iii) we no longer need the personal data for our processing; or
(iv) you have objected to processing because you believe that your interests should override the basis upon which we process your personal data.
If you exercise your right to restrict us from processing your personal data, we will continue to process the personal data if:
(i) you consent to such processing;
(ii) the processing is necessary for the exercise or defence of legal claims;
(iii) the processing is necessary for the protection of the rights of other individuals or legal persons; or
(iv) the processing is necessary for public interest reasons.
Right to Data Portability
You may ask for an electronic copy of your personal data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal data that you have provided to us – it does not extend to data generated by us. This right also only applies where:
(i) the processing is based on your consent or for the performance of a contract; and
(ii) the processing is carried out by automated means.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw your consent at any time with future effect by contacting us.
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
Rights in relation to automated decision making
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
Right to lodge a complaint with the Data Protection Commission
If you do not think that we have processed your personal data in accordance with this Notice, please contact us in the first instance (see Contact Us below).
If you are not satisfied, you can complain to the Data Protection Commission or exercise any of your other rights pursuant to Data Protection Laws. Information about how to do this is available at: https://www.dataprotection.ie.
You can submit these requests by using our contact details in the Contact Us section below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.
Closed Circuit Television Systems (CCTV)
CCTV systems are operated at the Site by Aramark on behalf of Fingal County Council and Malahide Pavilion and Leisure. For more information on how CCTV is used at the Site, please see the Fingal County Council CCTV Policy (CCTV Policy) which is available on the Fingal County Council website or on request from Fingal County Council. CCTV operated at the Site is done in accordance with the CCTV Policy. The maximum retention period for CCTV images/footage is 30 days, by which such footage will be deleted (except in exceptional circumstances).
Changes to this Notice
We keep our privacy policy under regular review. This version was last updated in January 2024 We reserve the right to modify this Notice at any time. If we make material changes to this Notice (other than changes to reflect changes in applicable law), you will be notified via e-mail (if you have an account linked to your email address) or another manner through the Site that we believe reasonably likely to reach you (which may include post a new announcement or notice on the Site.
Any modifications to this Notice will be effective upon our posting of the modified Notice (or as otherwise indicated at the time of posting) on this page.
Contact Us
You can reach us at the contact details below with any questions or concerns you may have regarding this policy or our processing of your personal data [email protected]