Privacy Policy HeyDay

Processing of your personal data

Personal data means information that identifies you or could identify you. It does not include data where the identity has been removed (i.e. anonymous data). In order to provide our services to you, and in order to comply with our legal obligations, we require certain personal data about you.

If you do not provide us with your personal data we may not be able to provide you with our services or respond to your questions or requests. We will tell you when we ask for personal data which is a contractual requirement, is needed to perform our functions or to comply with our legal obligations.

Where do we collect this personal data?

Most of the personal data we process is obtained from you when you provide it directly to us e.g. when you fill out a form or questionnaire (e.g. the Physical Activity Readiness Questionnaire to use our onsite gymnasium), register as a user on the Site, request information from us, submit comments or send us an email.

We may also obtain your personal data from other sources in the course of the performance of our services and activities. These sources include referrals, previous landlords, publicly available sources (including social media), your health professional where clearance is required to use our onsite gymnasium and table tennis table. 1The personal data gathered or obtained from these sources may include social media profiles, health data and previous tenant history. 2

We may collect and process your personal data when you visit the Site. This may include traffic data, location data, weblogs and other communication data. For more information on how we collect such personal data please see our Cookie Policy.

CCTV data is also recorded when you use our premises including our onsite gymnasium.

Sending personal data outside the European Union (EU) or European Economic Area (EEA)

Your personal data may be stored and transferred within the European Economic Area (EEA) or transferred to, and stored in, countries outside the EEA. Those countries may not provide an adequate level of protection in relation to processing your personal data. Your personal data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).

Security

We are committed to protecting the security of your personal data. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. Once we receive your personal data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies come available. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping that password confidential and secure. We ask you not to share your password with anyone.

Why do we collect your personal data?

We will hold, process and may disclose personal data for the following purposes:

Purpose(s) for processing

Legal basis for processing

• To monitor our premises including our onsite gymnasium for the purposes of security and safety

• The processing is necessary to support our legitimate interests in managing our business (for running and or developing our business, the provision of security and to prevent fraud) provided such interests are not overridden by your interests and rights.

• In the event that we sell or buy business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets

• The processing is necessary to support our legitimate interests in managing our business (for running and or developing our business and in the context of a business reorganisation or restructuring exercise) provided such interests are not overridden by your interests and rights

• To anonymise your information so that you are no longer identifiable to us

• The processing is necessary to support our legitimate interests in managing our business (to ensure data minimisation) provided such interests are not overridden by your interests and rights

• To comply with our regulatory (for example disclosing tax data to the Office of the Revenue Commissioners) and professional requirements
• To prevent and detect fraud, money laundering or other offences
• To exercise our right to defend, respond or conduct legal proceedings.

• The processing is necessary for us to comply with legal and regulatory obligations

• To carry out direct marketing
• To provide you, or permit selected third
parties to provide you, with information about events hosted or co-sponsored by us or about events we feel may interest you
• To send you email alerts and newsletters that you have opted-in to receive by filling in our online forms or contacting us by email or by other means
• To contact you regarding the services and activities provided by us

• Where you have given consent to the processing of your personal data for direct marketing – which you may withdraw at any time
• Where your consent is not required and you have not objected, the use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests.

Special Categories of personal data

Certain categories of personal data are regarded as “special” including health data (both physical and mental), political opinions, biometric and genetic data, trade union membership, ethnic or racial origin and sexual orientation. We process your special personal data only where we have a legal basis e.g. with your explicit consent which you may withdraw at any time.

Who do we share your personal data with?

In order to provide you with our services, carry out our activities and to comply with legal obligations, we may share your personal data with certain third parties such as:
service providers, insurers, agents and professional advisors (e.g. our lawyers) appointed by us;
analytics and search engine providers who assist us in the improvement and optimisation of the Site;
business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
the prospective buyer of any part of our business or assets that we may sell;
An Gardaí Síochána, local authorities, the Revenue Commissioners, the courts and any other central or local government bodies where they request it and we may
lawfully disclose it, for example for the prevention and detection of crime; and others who work for us in connection with the provision of our services to you.

How long do we retain your personal data for?

We will only store your personal data for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we provide our services or maintain a relationship with you; (ii) where we are subject to a legal requirement; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Links to other sites

Our Site may, from time to time, contain links to and from other websites and web platforms. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

Your Rights

You have several rights in relation to your personal data, which may be subject to certain limitations and restrictions. These rights are to:
access a copy of the personal data we hold about you;
have us correct any inaccurate personal data about you and complete any personal
data that is incomplete;
erasure of your personal data. Please note, this right does not apply for example,
where the processing is necessary to comply with a legal obligation or for the
establishment, exercise or defence of legal claims;
request a copy of your personal data in a portable format.
request a restriction of the processing of your personal data;
withdraw your consent. If we are processing your personal data on the legal basis
of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent;
not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
- necessary for entering into a contract, or for performing a contract with you;
- based on your explicit consent – which you may withdraw at any time; or
- is authorized by EU or Member State law.
object to the processing of your personal data where we are processing your
personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.

Guest Privacy Policy

While similar to the resident policy, there are a few differences. Our Guest and short term resident privacy policy can be found here.

If you wish to exercise any of these rights, please contact us (see Contact Us below). We may request proof of identification to verify your request.

You also have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Authority contact details are:

Data Protection Commission

Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231

E-mail: info@dataprotection.ie

For further information please visit www.dataprotection.ie

Changes to our Privacy Notice

We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the bottom of this Privacy Notice. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your personal data in the new manner in accordance with your rights under Data Protection Law.

Contact Us

Questions, comments and requests regarding this Privacy Notice and your personal data are welcome and should be addressed to us at the below email and/or postal address:

Email: carmanshall@heyday.ie

Address: Heyday–Carmans Hall, Dublin 8, Ireland.