Privacy Policy – effective from 04 June 2021
Identity of the Data Controller
“Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
For the purposes of the GDPR, The Shelbourne Bar is the data controller with regard to the Personal Data described in this Privacy Policy. The Shelbourne Bar is based in Cork, Ireland and is acknowledged as an outstanding bar in Cork and beyond and boasts several awards, including the Gold Medal Best Whiskey Bar in Munster (2016, 2017 and 2019), and the Best Whiskey Bar in Ireland (2018 and 2019). In addition to the Bar, since 2020 we have supplied Irish Whiskey Gift Boxes via our online store.
Our Data Protection Lead can be contacted as follows:
Post: 17 MacCurtain Street, Victorian Quarter, Cork, T23 DE79
Ireland
Telephone:+353 (0)21 9615
Email: info@theshelbournecork.ie
Purpose and Scope of this Policy
The purpose of this Privacy Policy is to provide you, as our data subject, with a statement regarding the Data Protection and Privacy practices and obligations of The Shelbourne Bar and an explanation of your rights as a data subject.
This Data Protection and Privacy Policy and Notice applies to our business practices, our website (Websites), which are accessible from www.theshelbournecork.ie.
As the Organisation is established in the Republic of Ireland, this document is written to comply with Irish Data Protection Law, and The Shelbourne Bar falls under the jurisdiction of the Irish Data Protection Commissioner.
This Privacy Policy sets out what Personal Data we collect and process about you in connection with the services and functions of the Organisation. We are not responsible for the content or the privacy notices for any websites to which we may provide external links.
Laws that apply to us:
• General Data Protection Regulation (EU Regulation 679/2016)
• Irish Data Protection Acts 1988 to 2018
• Regulations flowing from DPA 2018
• ePrivacy Regulations 2011 implementing EU Privacy and Electronic
Communications Directive 2002/58/EC on Privacy and Electronic
Communications, otherwise known as ePrivacy Directive (ePD)
Why and how do we ensure compliance?
Data protection and privacy laws provide rights to individuals with regard to the use of their Personal Data by organisations, including our organisation. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.
We must comply with data protection and privacy laws because the law requires us to but we also would like you to have confidence in dealing with us, and compliance with data protection law helps us to maintain a positive reputation in relation to how we handle Personal Data.
We are required to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable data protection and privacy laws, and that we have in fact complied with the laws.
We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules.
We also have certain obligations in relation to keeping records about our data processing.
Who must comply?
All our representatives, which include employees and contractors, are required to comply with our Data Protection and Privacy Policies which inform this Privacy Policy when they process Personal Data on our behalf.
What are the data protection principles and rules?
We aim to comply with the following principles found in Data Protection Law:
Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.
Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.
Retention – Personal data should be kept in an identifiable format for no longer than is necessary.
Integrity and confidentiality – Personal data should be kept secure.
Accountability – Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.
What types of personal data will we process?
Personal Data
We will collect personal data with you in accordance with the purposes outlined in this document. This will be basic or regular personal data used to facilitate a consultant/client type relationship, usually your name and email address and from time to time billing information. If you are a sole trader or partnership, we would consider your address to be personal data.
Ways in which The Shelbourne Bar may process your Personal Data.
The Shelbourne Bar may process your personal data in the normal course of business and including:
To process your enquiry about The Shelbourne Bar.
To enable accurate billing and account processing.
To meet our legal and regulatory obligations.
When you register to use our site or subscribe to our service.
When you search for a product, place an order on our website and / or online store.
When you participate in discussion boards or other social media functions on our site.
When you enter a competition, promotion or survey.
When you sign up for our catalogue mailing list or to receive email offers.
When you log a query through our website.
When you place a customer review on our site or social media channels.
When you report a problem with our site.
Special Category Personal Data
We will not collect special category data from you in relation to your use of this website or for the provision of our goods and services.
Children’s Personal Data
This website in addition to our goods and services are not targeted to children. If we are notified or learn that a child has submitted Personal Data to us through our digital or social media without the correct permissions or consents, we will delete such Personal Data.
Cookies
The Shelbourne Bar Cork website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programmes on your computer.
Squarespace uses necessary cookies because they allow you to navigate and use key features on our site. A comprehensive list of these necessary cookies can be found here. The Shelbourne Bar Cork does not use Analytics and Performance cookies.
Who has access to or processes personal data?
Directors and Employees of the Organisation
Directors and employees of the Organisation who are bound by confidentiality agreements will process personal data on behalf of the Organisation.
Service Providers
We may use trusted service providers who could be considered data processors, sub-processors or third parties. We need to have written agreements in place with all of our service providers and, before we sign each agreement, we need to have vetted and be satisfied with the service provider’s data security. The agreements also need to contain specific clauses that deal with data protection. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with Irish and EU laws on data protection. Any such organisation or individual will have access to Personal Data needed to perform these functions but may not use it for any other purpose.
We may pass on your details if we are
under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or
in order to enforce or apply any contract or other agreements with you, or
to protect our rights, property, or safety of our employees, customers, or others.
This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or Personal Data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
Other than the above, or captured herein or in another agreement with you, we will not disclose personal information to any third party without your consent or prior knowledge except in incidences where an individual is potentially at risk or where the law requires it.
Let’s talk about Consent
By consenting, where this is the appropriate and identified grounds for processing, to our processing your Personal Data in line with this Data Protection and Privacy Policy and Notice you are giving us permission to process your Personal Data specifically for the purposes identified.
You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of Personal Data relating to you.
If you have any queries relating to withdrawing your consent, please contact our Data Protection Coordinator using the contact details set out below.
Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
Your Rights
Under certain circumstances, and dependent on legal basis under which your personal data is processed, by law you have the right to:
Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
How do you exercise your rights?
We have appointed a Data Protection Lead to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Protection Lead.
If you wish to exercise your rights please contact our Data Protection Lead who will respond to the request within one month.
Our Data Protection Lead can be contacted as follows:
Post: 17 MacCurtain Street, Victorian Quarter, Cork, T23 DE79
Ireland
Telephone:+353 (0)21 9615
Email: info@theshelbournecork.ie
Your Right to Lodge a Complaint
You as the Data Subject have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue. As our organisation is located in Ireland and we conduct our data processing here, we are regulated for data protection purposes by the Irish Data Protection Commissioner.
You can contact the Data Protection Commissioner as follows:
Website: www.dataprotection.ie
Phone: +353 57 8684800 or +353 (0)761 104 800
Email: info@dataprotection.ie
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square Dublin 2. D02 RD28 Ireland
Updates
Our practices as described in this Privacy Policy may be changed, but any changes will be posted, and changes will only apply to activities and information on a going forward, not retroactive basis.
You are encouraged to review this Privacy Policy periodically to make sure that you understand how any personal information you provide will be used.
We may also email you in certain circumstances to let you know if and when we update this Privacy Policy to ensure you are informed.
Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your Personal Data in the new manner.