privacy policy
1. GENERAL
Skelligs Retreat are committed to complying with data privacy legislation, including the UK General Data Protection Regulation and the Data Protection Act 2018. Looking after the personal information you share with us is very important to us, and we want you to be confident that your personal information is kept safely and securely. We also want you to understand how we may use personal information we collect before, during and after your relationship with us, how we comply with the law on data protection and what your rights are.
2. WHO THIS NOTICE APPLIES TO
This privacy notice applies to you if you are external to our business and if we process your personal information. You may be, for example, an individual that works at a supplier or customer of ours, an individual which accesses or uses our website, a visitor to one of our premises, a shareholder or investor in our company, an individual whose activities are captured on a CCTV system that we operate or an individual who is affected by our activities or otherwise has a relationship with us. This privacy notice does not apply to you to the extent that you are an officer, employee or worker of ours, a prospective candidate, officer, employee or worker of ours or an individual to whom we have provided a different specific privacy notice.
Please note that not all parts or content of this privacy notice may relate to you, as this will depend on your relationship with us. For example, aspects only relevant to a user of our website would not apply to you unless you visit or use our website, and provisions relating to CCTV would not apply to you unless you visit premises where we operate CCTV. However some parts of this privacy notice will always apply to you, for example the section on your rights and how to make a complaint.
References to you, your and yourself in this privacy notice are to either you as an individual or any organisation that you work for.
We may make changes to this notice from time to time, and if we do make changes, we will update this page with the new version. Therefore, please check this page occasionally to ensure that you’re happy with any changes. For significant changes to this notice, we will try to give you reasonable notice unless we are prevented from doing so or unable to do so.
This notice was last updated on 01.11.2023.
3. WHO WE ARE
References to we, our or us in this privacy notice are Skelligs Retreat.
We have appointed a Data Protection Officer to oversee our compliance with data protection laws. Contact details for our DPO are set out in the “Contacting us” section at the end of this privacy notice.
For the purposes of data protection, except where we act as a processor only, the company in our group which is processing your personal information will be the controller of your personal information. This will usually be Skelligs Retreat that you interact with or have a relationship with. Being a controller of your personal information means that we are responsible for deciding how we hold and use your personal information. Regardless of where you are based and regardless of which part of our group may be a controller of your personal information, any queries you have regarding your personal information will be dealt with by our DPO, whose contact details are set out in the “Contacting us” section at the end of this privacy notice.
Please note that in some circumstances, we may act as a joint controller of your personal information with other organisations (for example our customer) and where this is the case, we have or we will enter into agreements with these organisations which determine our respective rights and responsibilities in relation to your personal information, including in relation to the exercise of your rights as a data subject and the requirement for you to be provided with all prescribed information.
4. PERSONAL INFORMATION WE COLLECT
We may collect the following types of personal information about you:
Contact details: information that allows us to identify and contact you directly such as your name, address, email address, telephone number and address.
Identification information: driving licence, identity cards, passport, information from a third party money laundering check provider, Companies House information and national insurance number.
Personal history and information: this includes date of birth, marital status, family/next of kin contact details and dietary requirements.
Social media information: including your social media handles, social media posts, information about your social media followers, information about any product/services endorsements by you and other aspects of your social media activity.
Publicly available personal information: including any information which you have shared via a public platform, online or on social media.
Details of advisors appointed by you: including lawyers, accountants, financial advisors, consultants and other advisors.
Business information: including transactions, business relationships and amounts paid or owed.
Financial and payment information: including bank details, credit card or other payment details for the purpose of you making payments to us for our products and/or services or us making payment to you for your products and/or services.
Account information: such as your email address, username and password when you set up an account with us.
Responses to surveys and promotions: we keep records of any surveys you respond to for your entry into any promotions that we run.
Creditworthiness: we may undertake investigations into your creditworthiness in order to establish whether to enter into or continue a business relationship with you.
Fraud prevention related information: this may include details of other transactions you have been involved in.
Details of your performance: when working with or for us or in relation to any project or work we are engaged in.
How you use our products and/or services: including details relating to our delivery or performance of products and/or services to you and your receipt of the same.
How you use our website: we collect information about the pages you look at, entry and exit data when you look at or leave our website and details of products, services, events and materials that may be of interest to you.
IP address and other technical information: this includes your computer’s or device’s IP address which allows us to track your usage of our website or applications, anonymous data collected by the hosting server for statistical purposes, unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, browser type and version, location, time zone setting, browser plug-in types and versions, operating system and platform and other cookie data.
Usage of IT systems: for example, those that we make available to visitors to our premises or worksite such as any visitor internet facilities at our premises or worksites for example access to the internet and our Wi-Fi.
Videos and photographs: which you or other people take or make and provide to us or we take or make ourselves or which are taken or made on our behalf, for example of meetings, events and worksites.
Audio recordings: which you or other people take or make and provide to us or we take or make ourselves or which are taken or made on our behalf, for example voicemails or recordings of conversations or meetings.
CCTV images and other information obtained through electronic means: including swipe card records and access control systems if you visit our premises or worksites or images if you visit areas of any of our premises or worksites covered by our CCTV system.
Details of the correspondence (including e-mail correspondence) you send to and receive from us and details of any queries, complaints or claims: this includes letters and emails, SMS, MMS and other electronic communications.
Your marketing preferences: so that we know whether and how we should contact you and what is most likely to interest you.
Vehicle registration number, make and model: for example, if you are driving to visit us at our premises, worksites or an event.
Any other personal information you provide to us.
We aim not to collect personal information about children. Our supply of products or services, our website, marketing, events, promotions, social media, materials and other services we provide are not intended for use by anyone under the age of 18 years and generally we do not knowingly collect personal information relating to anyone under the age of 18 years old unless for some reason you provide it to us. We may in some cases collect limited personal information related to children if they are connected to someone who is 18 or older whom we have a relationship with, for example a child who may attend an event, our premises or one of our worksites when accompanied by a responsible adult who is entitled to attend one of our events, our premises or one of our worksites.
5. SPECIAL CATEGORIES OF PERSONAL INFORMATION AND CRIMINAL OFFENCE INFORMATION
We may also in some cases collect and process more sensitive “special categories” of personal information about you including:
information about your health: including where you suffer or you inform us about any ill-health, injury or disability or you are involved in an accident (for example at one of our worksites) as well as any medical condition (including any mental health condition), health and sickness records, medical records and health professional information;
in some cases, information related to equal opportunities monitoring: including information about your race, ethnicity or your religious or philosophical beliefs or about your sex life or sexual orientation;
in very rare cases, other special categories of personal information: including information about your political opinions or trade union memberships, religious or philosophical beliefs, genetic data, biometric data, information concerning your sex life or sexual orientation;
genetic information or biometric information about you.
We may also collect and process certain criminal offence information in relation to you. This includes driving offence codes, endorsement information offence information, drink driving offence information (including alcohol readings), disqualifications, unspent convictions and any previous or pending prosecutions, offences, convictions, cautions and binding over orders.
6. SOURCES WE COLLECT YOUR PERSONAL INFORMATION FROM
We will collect personal information from a number of sources. These may include the following:
Directly from you: when you complete forms we provide to you (including quote requests, audit or risk questionnaires) or forms provided on our behalf, when you submit orders to us for our products and/or services, through insurance certificates provided by you to us, when you or our customers receive or use our products and/or services or use our website or provide information to us through our website or on the site of one of our partners, enter our promotions, make a claim, make a complaint, provide money laundering information to us, contact us by phone, email or communicate with us directly in some other way or you enter an area covered by a CCTV system that we operate.
Our customers and suppliers (including contractors and subcontractors): our customers and suppliers may provide us with personal information so that we can perform our contracts with them or for the purposes of the relationship between us.
From referrals and recommendations: usually given by other people who know you or have a working relationship with you.
Our website and applications: this includes personal information collected automatically through our websites or other applications which provide us with information about how you use them and the devices that you use to connect to them.
Social media platforms: this includes LinkedIn, Facebook, Instagram and other platforms.
Providers of information: which may include professional bodies or trade associations, money laundering check providers, suppliers of business leads, expo database providers (such as expo event organisers), Companies House, the Land Registry, market/data research and analysis providers, other internet sources, driving authorities, police authorities and courts/tribunals.
Credit reference and other identification agencies: for example, Experian.
Journalists or other investigators: they may provide us with details or make enquires about you or matters concerning you or ourselves.
Training providers: they will provide us with personal information such as certificates of training completion and reports on training performance.
Your employer or the organisation you work for: they may provide us with your name, position, contact details and background information about you in connection with us providing our products and/or services to them or them providing us with products and/or services.
Our professional advisors: such as lawyers, accountants, financial advisors, health and safety consultants, other consultants, surveyors and other advisors.
Your professional advisors: such as lawyers, accountants, financial advisors, consultants, surveyors and other advisors.
The Government, local authorities or relevant regulators: usually to assist with investigations, for example the Information Commissioner’s Office or health and safety bodies.
The police, security services and other law enforcement agencies: usually to assist with the investigation and prevention of crime and the protection of national security.
We will also collect additional personal information throughout the period of our relationship with you.
If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us.
If you are providing us with details about other individuals, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
7. WHAT WE USE YOUR PERSONAL INFORMATION FOR
Special category personal information and criminal offence information:
As stated in the “Special Categories of Personal Information and Criminal Offence Information” section above, we may collect and process certain special category personal information in relation to you. This information will mostly be health information or equal opportunities information.
The main purposes for which we process such personal information are to comply with our legal obligations (e.g. our health and safety obligations to visitors to our premises), to assist third parties in complying with their legal obligations, to share such information with public health authorities, to hold or conduct events, promotions or campaigns and to arrange and manage our insurance policies as well as making claims under such policies. In processing such information for these purposes, we are likely to rely on one or more of the following lawful bases in order to process such personal information, namely your consent, complying with our legal obligations (such as those in relation to health and safety, equal opportunities or social protection), reasons of substantial public interest such as preventing or detecting unlawful acts and protecting the public against dishonesty, establishing, exercising or defending legal claims or protecting your vital interests (or someone else’s vital interests), depending on the applicable circumstances (for example, if you suffer an injury on our premises then we may need to process your health information in order to protect your vital interests). Such processing may also be necessary for our legitimate interests. For example, we have a legitimate interest in ensuring that all visitors to our premises and anyone else for whom we have responsibility are safe and that appropriate medical attention is obtained by anyone who suffers injury, we have a legitimate interest in holding events and tracking attendance and providing appropriate food and drinks at events in accordance with health or dietary requirements and we have a legitimate interest in maintaining appropriate insurances regarding our activities and in making claims under such insurances (for example, when an injury occurs on our premises).
In very rare cases, other special categories of personal information not including health and/or equal opportunities related information may be processed by us, but this will usually only be where you provide it to us, it is relevant to a business relationship with us or it relates to a legal claim in some way. Again, we are likely to rely on one or more of the lawful bases set out in the paragraph above in relation to the processing of such information.
We may also collect and process criminal offence information in relation to you. We will usually only process such information where an offence committed by you or alleged to have been committed by you impacts on your relationship with us, but we may also process such information in order to prevent, detect or prosecute criminal activity. We are likely to rely on one or more of the following lawful bases in order to process such personal information, namely your consent, complying with our legal obligations, reasons of substantial public interest such as preventing or detecting unlawful acts and protecting the public against dishonesty or establishing, exercising or defending legal claims. Such processing may also be necessary for our legitimate interests, for example, we have a legitimate interest in ensuring that those that we have a relationship with are not or have not been engaged in criminal activity.
Other personal information:
The table below describes the main purposes for which we process your other personal information (being information which is not special category personal information or criminal offence information). The types of personal information involved and our lawful basis for being able to do process such data for the relevant purpose stated below are also set out. Which will apply will depend upon the nature of your relationship and interactions with us. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information.
Purpose | Personal information used | Lawful basis including (where relevant) the legitimate interest pursued |
To provide products and/or services to customers and customer management | Name and contact details, publicly available information, information provided to us (e.g. on order forms), customer preferences (e.g. in relation to marketing), financial details, contractual details (e.g. services provided). | To enter into and perform contracts with yourself.
Necessary for our legitimate interests. We have a legitimate interest to properly perform contracts with customers and to manage our relationships with customers. |
To receive products and/or services from suppliers and contractors (e.g. suppliers of labour, plant, equipment or materials) and supplier management | Name and contact details, publicly available information, information provided to us (e.g. on marketing material or service proposals) financial details, contractual details (e.g. services received). | Necessary for our legitimate interests. We have a legitimate interest to properly perform contracts with suppliers and contractors and to manage our relationships with suppliers. |
To make payments to and receive payments from you or the organisation you work for. | Financial details and transaction and payment information. | Necessary for our legitimate interests. We have a legitimate interest to properly perform contracts with third suppliers. |
To build/develop profiles for customers or potential customers | Name and contact details, publicly available information, information provided to us (e.g. on request or enquiry forms), financial details, contractual details (e.g. services provided), preferences (e.g. in relation to desired products and/or services or marketing) and customer activity details. | Necessary for our legitimate interests. We have a legitimate interest in acquiring information on products and/or services our current customers are receiving and products and/or services our potential customers may want to receive. |
To manage relationships with data subjects other than those who are customers or suppliers (e.g. website users and interactions via social media) | Name and contact details, website user activity, information provided to us (e.g. via telephone or email or provided via direct messaging on social media) and preferences (e.g. in relation to desired products and/or services or marketing). | Necessary for our legitimate interests. We have a legitimate interest in corresponding and dealing properly with all third parties with whom we come into contact with or with whom we have a relationship, not just our customers and suppliers. |
To carry out identity, credit and anti-money laundering checks. | Name and contact details, identification and proof of address documents, publicly available information, information provided to us (e.g. on enquiry forms) and financial details (e.g. credit history). | We may have a legal obligation to undertake identity, credit and anti-money laundering checks.
Necessary for our legitimate interests. We have a legitimate interest in knowing your identity, carrying out anti-money laundering checks and ensuring that we are likely to be paid. |
To deal with enquiries or complaints, claims, legal disputes (including those received from members of the public) or raise queries, claims, legal disputes or complaints with you or the organisation you work for | Name and contact details, publicly available information, contractual details (e.g. services provided or received, financial details, information provided to us (e.g. on request, enquiry or complaint forms).
| To enter into and perform contracts with yourself.
Necessary for our legitimate interests. We have a legitimate interest to improve the services and/or products we provide, to ensure that we operate efficiently and to deal with any enquiries, complaints or other communications received. We also have a legitimate interest in being able to raise queries, claims or complaints of our own and to ensure that all legal claims are managed effectively.
To defend, bring or establish legal claims. |
To deal with requests from data subjects in relation to exercising their rights | Name and contact details any other information processed by us for the purposes listed elsewhere in this table which is relevant to the request received. | To comply with our legal obligations under data protection laws.
Necessary for our legitimate interests. We have a legitimate interest in ensuring that requests are dealt with properly and expediently and in constantly improving our data protection procedures and processes in relation to data subject requests. |
To maintain our website, including conducting data analytics and market research in connection with our website. | Website user activity details, browser and browsing details, publicly available information, preferences (e.g. in relation to desired products and/or services or marketing), electronic identification information and information collected through cookies. | Necessary for our legitimate interests. We have a legitimate interest to maintain and improve the online services provide and user experience. |
To support network and system security and system auditing | Website user activity details, browser and browsing details, electronic identification information and information collected through cookies. | Necessary for our legitimate interests. We have a legitimate interest in ensuring the security of our IT systems and in auditing our systems. |
To monitor use of website and other communication systems. | Website user activity details browser and browsing details, electronic identification information and information collected through cookies. | Necessary for our legitimate interests. We have a legitimate interest to monitor the use of our website to correct usage as well as to maintain and improve the online services provide and user experience. |
To carry out marketing of our products and/or services | Name and contact details, publicly available information, information provided to us (e.g. on request or enquiry forms), customer preferences (e.g. in relation to marketing or desired products and/or services), financial details and contractual details (e.g. details of services provided).
| We may ask for your consent to process your personal information for this purpose, and you may with-draw or otherwise revoke your consent at any point.
Necessary for our legitimate interests. If you or your organisation has purchased similar services or products from us previously, we may market similar products or services as a legitimate interest in developing our business. You have the right to opt out from such marketing at any time. |
To carry out staff training | Name and contact details, publicly available information, information provided to us (e.g. on request or enquiry forms), customer preferences (e.g. in relation to marketing), financial details and contractual details (e.g. services provided or received). | Necessary for our legitimate interests. We have a legitimate interest to train our staff adequately for the purposes of our internal processes but also so that our staff can provide you with a high level of service.
|
To manage site administration e.g. managing site visitors and health and safety | Name and contact details, visitor information, contractual details (e.g. services provided or received), CCTV images, premises or site access logs, location information, information you provide to us, customer activity or supplier activity details, qualification information, injury/accident information. | To comply with legal obligations, for example in relation to health and safety.
Necessary for our legitimate interests. We have a legitimate interest to manage our worksites for, including in relation to safety and the efficient provision of our products and/or services. |
To carry out general business administration and business management, including audits | All personal information that we process under the other processes mentioned in this table. | To enter into and perform contracts with yourself.
To comply with legal obligations, for example in relation to taxation.
Necessary for our legitimate interests. We have a legitimate interest to ensure that we operate our business properly and efficiently way and to expand our business. We also have a legitimate interest to perform our contracts with third parties. |
To obtain referrals from other organisations you have worked with | Name and contact details and information provided to us (e.g. by the referee). | Necessary for our legitimate interests. We have a legitimate interest in obtaining information regarding potential customers or suppliers before engaging with them. |
To prevent, detect or prosecute criminal activity | Name and contact details, publicly available information, CCTV images, premises or site access logs, location information, information you provide to us, customer activity, supplier activity or website user activity details, financial details, contractual details (e.g. services received or provided), browser and browsing details, location details, electronic identification information such as IP address and information collected through cookies. | To comply with legal obligations.
To defend, bring or establish legal claims.
Necessary for our legitimate interests. We have a legitimate interest in preventing, detecting or prosecuting criminal activity that is or may be harmful to our business or our staff. |
To gather evidence for or involvement with legal cases | Name and contact details, publicly available information, CCTV images, premises or site access logs, location information, information you provide to us, customer activity, supplier activity or website user activity details, financial details, contractual details (e.g. services received or provided), browser and browsing details, location details, electronic identification information such as IP address and information collected through cookies. | To comply with legal obligations.
To defend, bring or establish legal claims.
Necessary for our legitimate interests. We have a legitimate interest in ensuring that all legal claims and cases are managed effectively. |
To assess, managing and administrate shareholdings, membership and/or facilitating investments | Name and contact details, publicly available information, information provided to us (e.g. information requested in order to facilitate becoming a shareholder or investor), shareholding or membership details (e.g. number of types of shares held) and investment details. | To enter into and perform contracts with either yourself or the organisation that you represent.
To comply with legal obligations, for example in relation to filing requirements at Companies House.
To defend, bring or establish legal claims.
Necessary for our legitimate interests. We have a legitimate interest to in managing and administrating shareholdings and investments in our business. |
To maintain and improve our services and/or products, including conducting audits, data analytics and market research in connection with our product and/or services. | Name and contact details, information provided to us (e.g. on request or enquiry forms), customer preferences (e.g. in relation to marketing and desired products and/or services), financial details, contractual details (e.g. in relation to services provided), website user activity details, browser and browsing details, publicly available information, electronic identification information and information collected through cookies. | Necessary for our legitimate interests. We have a legitimate interest to improve the services and/or products we provide.
|
To hold or conduct events, promotions or campaigns | Name and contact details, information provided to us (e.g. on request or enquiry forms), customer preferences (e.g. in relation to marketing), financial details and contractual details, and CCTV images. | To comply with legal obligations, for example in relation to health and safety.
Necessary for our legitimate interests. We have a legitimate interest in holding events and tracking attendance. |
To comply with legal obligations (e.g. data protection laws, health and safety when visiting our premises or to assist third parties to comply with their legal obligations | Name and contact details, publicly available information, information provided to us (e.g. on order forms), customer preferences (e.g. in relation to marketing), financial details (e.g. credit history), anti-money laundering information, contractual details (e.g. services provided or received), CCTV images, premises or site access logs, location information, information you provide to us, website user, customer or supplier activity details and qualification information. | To comply with legal obligations, for example in relation to data protection laws and health and safety.
Necessary for our legitimate interests. We have a legitimate interest in complying with legal obligations. |
To arrange and manage our insurance policies as well as making claims under such policies | Name and contact details, publicly available information, information provided to us (e.g. on order forms), financial details, contractual details (e.g. services provided or received, CCTV images, premises or site access logs, location information, information you provide to us, customer activity or supplier activity details and qualification information. | To comply with legal obligations, for example in relation to required insurances and health and safety.
Necessary for our legitimate interests. We have a legitimate interest to maintain appropriate insurances regarding our activities and to make claims under such insurances. |
To keep records e.g. for general business purposes or in relation to incidents or accidents on our premises. | All personal information that we process under the other processes mentioned in this table. | To comply with legal obligations, for example in relation to health and safety or taxation.
To enter into and perform contracts with either yourself or the organisation that you represent.
Necessary for our legitimate interests. We have a legitimate interest to keep proper records in relation to all of our activities. |
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or we are legally permitted to use it for another purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates.
We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymised and aggregated information for purposes that include providing certain products and/or services to our customers, testing our IT systems, research, data analysis, improving our site and developing new products and services.
For some of your personal information, there will be a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the required personal information, we may not be able to properly perform our contract with you, continue our relationship with you or comply with legal obligations. For other personal information, whilst you may not be under an obligation to provide it to us, if you do not provide it then we may not be able to properly perform our services for you or provide you with our products or we may be unable to continue our relationship with you.
You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and we do not usually rely on consent as a basis for processing your personal information. However if we have asked you for consent, and you have given us your consent to use your personal information, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.
Please note however that the withdrawal of your consent will not affect any use of your personal information made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to carry out certain activities or continue our relationship with you.
8. AUTOMATED PROCESSING AND DECISION MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention, which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decision-making in our business in relation to you. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
However, as part of our processing of your personal information, your personal information may be processed using automated or partially automated means. For example, we may use automated processing so that we can send you personalised marketing communications. Any marketing you receive may relate to your browsing activity on our website or applications from your computer or other devices. Please refer to our Cookie Policy for further information.
We may also analyse your responses to marketing communications. The results of this analysis, together with other demographic information, allow us to decide what marketing materials are suitable for you and to ensure that we draw to your attention to products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated processing. This allows us to provide a more personalised service and experience.
We aim to update you about products and services which are of interest and relevance to you as an individual. In addition, to help us to update you about products and services which are interest and relevance to you, we may process personal information by profiling and segmenting, identifying what our customers like and ensuring that marketing communications that we send to you are more relevant based on demographics, interests, previous order history or products and/or services requested from us and engagement with previous communications.
We may also review personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, LinkedIn, and Facebook.
9. WHO WE SHARE YOUR PERSONAL INFORMATION WITH INTERNALLY
Your personal information may be shared internally with our staff, including with our customer support, order fulfilment, loyalty and retention, customer relationship management, media, insights, events, campaign, technical and legal teams or other member of staff involved in your relationship with us, where access to your personal information is necessary for the performance of their roles. We only provide access to your personal information to those of our staff who need to have access to your personal information.
10. WHO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY
When using your personal information we may share it with third parties, but we will only do so when it is appropriate and we have a legal basis for doing so. Third parties that we may share your personal information with include:
- Any third party approved by you.
- Our customers when we have entered into a contract to provide products and/or services to them, for example, we may need to provide customers with information on risk assessments carried out or the suppliers that we are using.
- Service or product providers to our business, for example information technology services suppliers, credit reference provides and other identification agencies, equipment suppliers, logistics providers, fraud prevention organisations, marketing and public relations service providers and market research and analysis providers.
- Other businesses in our supply chain, for example, so that they can contact you about any issues in the supply chain or where your personal information is required by one of our subcontractors or a business above us in the supply chain.
- Third parties that process personal information on our behalf and in accordance with our instructions, for example, payment service providers.
- Third parties who request referrals from us, so that third parties who are seeking services and/or products which are the same or similar to those that you provide are able to obtain your details or we may provide your details to third parties for the purposes of informing them that we provide or have provided products and/or services to you.
- Purchasers, investors, funders and their advisers if we sell all or part of our business, assets or shares or restructure whether by merger, re-organisation or in another way.
- Our legal and other professional advisers, including our auditors or any professional advisors appointed by you, for example a legal advisor.
- Social media and other online platforms where relevant to our relationship with you.
- Governmental bodies, the HSE, HMRC, any regulators (including the UK’s Information Commissioner’s Office), Companies House, the Land Registry, police, law enforcement agencies, security services, courts/tribunals.
- Health/medical authorities or service providers including hospitals or your GP, including where it is in your (or someone else’s) vital interests to do so, if an accident occurs on our premises for example.
- Insurers and insurance brokers.
We also use Google Analytics which sets cookies to collect information about how visitors use our website. Please refer to our Cookie Policy for further information.
We do not disclose personal information to anyone else except as set out above unless we are legally entitled to do so. [We may provide third parties with aggregate statistical information and analytics about users of our products and services but we will make sure no one can be identified from this information before we disclose it and that therefore none of your personal information is shared for these purposes]. We do not sell, rent or trade your personal information.
11. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
We use third parties located in other countries other than the UK to help us run our business for example our supplier’s secure servers. As a result, personal information may be transferred outside the countries where we are located. This includes countries outside the UK or the European Economic Area and to countries that do not have laws that provide specific protection for personal information.
In certain instances, the laws in those countries may be less protective than the UK or the European Economic Area. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed. We will also take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure. Where a third party processes your personal information on our behalf, we will put in place appropriate safeguards as required under data protection laws. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal information in the overseas location; and we use standard data protection clauses such as European Commission or the UK’s Information Commissioner Office approved contractual clauses.
If you require more details on the arrangements for any of the above then please contact us using the details in the “Contacting us” section below.
12. SECURITY
We have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures will protect information in all cases. We do, however, take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
You should take all reasonable steps to keep your personal information secure, including choosing a secure password if you have an online account with us and not disclosing your passwords or username to anybody else.
13. DIRECT MARKETING
Email, post, telephone, SMS/MMS and social media marketing. From time to time, we may contact you by email, post, telephone or SMS/MMS or via targeted marketing delivered online through social media and other platforms with information about products or services we believe you may be interested in.
We will only send marketing information to you in accordance with the marketing preferences set when you initially contact us, when you open your account with us, when you refresh your marketing preferences after a request from us to do so, that you otherwise tell us you are happy to receive or where you have purchased similar services or goods from us previously.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue to receiving marketing information from us.
You can let us know at any time that you do not wish to receive marketing information by sending an email to us at interest@skelligsretreat.ie or by using the details set out in the “Contacting us” section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any electronic marketing messages we send to you. This will not stop service messages such as order updates and other non-marketing communications from us. It will also not affect marketing or advertising that may appear on our website, applications or other websites.
14. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR
We will keep your personal information for as long as is necessary for the purpose for which it has been obtained and then for an additional period to cover the risk of a potential dispute or claim arising. The limitation period for claims is typically either 6 years or 12 years depending on the type of claim, and therefore we have determined that the additional period for which will be retain your personal information will typically be a period of either 7 or 13 years, the extra year being necessary to ensure that relevant personal information is available if claims are initiated before the applicable 6 or 12 year limitation period, but not received by us until afterwards. Longer retention periods may apply where we are under a legal duty to retain records for a longer period of time, for example, in relation to some aspects of health and safety. We have set out below the main retention periods which will apply:
- For individual contacts at customers and suppliers this will be for as long as we have a contract or relationship with that customer or supplier and then generally for a period of 7 years afterwards.
- For other persons whose personal information is processed as part of the provision of our products and/or services to our customers, it will generally be a period of 7 years after our relationship with the relevant customer ends.
- For customer or supplier accounting information or other related information this will be for as long as we have a contract with that customer or supplier and then generally for a period of 7 years afterwards.
- For marketing contacts it will be until we receive confirmation of your wish to opt-out of marketing communications or if no such opt out is received, it will generally be a period of 3 years after we were last in contact with you.
- For website and applications users it will generally be a period of 7 years after you last used our website or applications.
- For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 7 years from the date of the correspondence.
- For individuals attending an event (such as a marketing event) it will generally be a period of 7 years after the event.
- For individuals whose images are captured on a CCTV system operated by us it will generally be up to 30 days (after that time the recording media is generally overwritten) unless a request for access to the relevant CCTV images has been made to us during that period, in which case the relevant CCTV images will be retained for as long as they remain relevant. In the case of investigations, e.g. a criminal prosecution, that may be many years.
- For the retention of cookie data, please refer to our Cookie Policy
Whichever time period applies, we do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period.
However where any personal information becomes relevant to legal proceedings or an investigation, then it may be retained for longer periods than those set out above and retained for as long as it remains relevant to the legal proceedings or investigation.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address. you can contact us by using the details set out in the “Contacting us” section below.
To the extent that we act as a processor, we will only process personal information required to be processed pursuant to that role for as long as is necessary in order for us to carry out our duties and obligations as a processor.
15. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
You have the following rights in relation to your personal information:
the right to withdraw any consent you have given to us in relation to our use of your personal information;
the right to be informed about how your personal information is being used;
the right to access the personal information we hold about you;
the right to request the correction of inaccurate personal information we hold about you;
the right to request the erasure of your personal information in certain circumstances;
the right to restrict processing of your personal information where certain requirements are met;
the right to object to the processing of your personal information;
the right to object to us sending you direct marketing materials;
the right to request that we transfer elements of your information either to you or another service provider in certain circumstances; and
the right to object to certain automated decision making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your information to another service provider or the right to object to automated decision making, may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. However some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the UK Information Commissioner Office’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. For complaints to the Information Commissioner’s Office, please see https://ico.org.uk/make-a-complaint/. However, we are here to help and we encourage you to contact us to resolve your complaint first. If you are based outside of the UK, you may have the right to complain to your local data protection regulator.
16. CONTACTING US
In the event of any query or complaint in connection with the information we hold about you or in connection with this notice, please email our DPO at interest@skelligsretreat.ie or write to us at Attention of the Data Protection Officer, Skelligs Retreat, Allagheemore, Ballingskelligs, Killarney, Co Kerry, V23 F990, Eire.