HEYDAY PRIVACY NOTICE CER
Ireland SA Dev Limited (we, us or our) is committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which any personal data we collect about you or that you provide to us will be processed by us.
It should be read in conjunction with our Cookies Policy (https://heydayatcarmanshall.com/cookie-policy/) and the Terms and Conditions of Use of our website (https://heydayatcarmanshall.com/) (the Site).
It also outlines your rights in relation to your personal data. Please read this Privacy Notice carefully to understand our treatment and use of your personal data as a controller and how we will use, store and disclose it.
Processing of your personal data
Personal data means information that identifies you or could identify you. It does not include data where the identity has been removed (i.e. anonymous data). In order to provide our services to you, and in order to comply with our legal obligations, we require certain personal data about you.
If you do not provide us with your personal data we may not be able to provide you with our services or respond to your questions or requests. We will tell you when we ask for personal data which is a contractual requirement, is needed to perform our functions or to comply with our legal obligations.
Where do we collect this personal data?
Most of the personal data we process is obtained from you when you provide it directly to us e.g. when you fill out a form or questionnaire (e.g. the Physical Activity Readiness Questionnaire to use our onsite gymnasium), register as a user on the Site, request information from us, submit comments or send us an email.
We may also obtain your personal data from other sources in the course of the performance of our services and activities. These sources include referrals, previous landlords, publicly available sources (including social media), your health professional where clearance is required to use our onsite gymnasium and table tennis table. 1The personal data gathered or obtained from these sources may include social media profiles, health data and previous tenant history. 2
CCTV data is also recorded when you use our premises including our onsite gymnasium.
Sending personal data outside the European Union (EU) or European Economic Area (EEA)
Your personal data may be stored and transferred within the European Economic Area (EEA) or transferred to, and stored in, countries outside the EEA. Those countries may not provide an adequate level of protection in relation to processing your personal data. Your personal data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
We are committed to protecting the security of your personal data. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. Once we receive your personal data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies come available. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping that password confidential and secure. We ask you not to share your password with anyone.
Why do we collect your personal data?
We will hold, process and may disclose personal data for the following purposes:
Special Categories of personal data
Certain categories of personal data are regarded as “special” including health data (both physical and mental), political opinions, biometric and genetic data, trade union membership, ethnic or racial origin and sexual orientation. We process your special personal data only where we have a legal basis e.g. with your explicit consent which you may withdraw at any time.
Who do we share your personal data with?
How long do we retain your personal data for?
We will only store your personal data for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we provide our services or maintain a relationship with you; (ii) where we are subject to a legal requirement; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Links to other sites
Our Site may, from time to time, contain links to and from other websites and web platforms. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We may request proof of identification to verify your request.
You also have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Authority contact details are:
Data Protection Commission
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
For further information please visit www.dataprotection.ie
Changes to our Privacy Notice
We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the bottom of this Privacy Notice. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your personal data in the new manner in accordance with your rights under Data Protection Law.
Questions, comments and requests regarding this Privacy Notice and your personal data are welcome and should be addressed to us at the below email and/or postal address: