PRIVACY POLICY
Who are we
We are O Callaghan Collection residing at Hospitality House, 16-20 South Cumberland Street D02 Y097 Dublin 2 Ireland with company registration number 366204 .
We care about your privacy and every time we deal with your personal data we do so in accordance with the provisions of the general data protection regulation and the national law relating to the processing of personal data.
We are required under data protection legislation to make the information contained in this privacy policy accessible to you. This privacy policy sets out which measures are taken to protect your privacy when using our services or products, and what rights you have in this respect.
When processing your personal data we are in most cases the “data controller”. This means that we determine the purpose and means of the processing.
By using our services and/or products, you agree to the collection and processing of some of your personal data in accordance with the purpose described in our privacy policy. You are invited to read this privacy policy carefully and familiarise yourself with its content.
James Cusack is our Privacy Coordinator and you can reach them at james.cusack@ocallaghancollection.com for any questions or to exercise your rights. Future amendments to this policy cannot be excluded. We therefore ask that you read the privacy policy from time to time.
Processing of your Personal Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We try to collect as little personal information as possible in order to achieve our goals.
We comply with data protection laws which require that the personal information we process about you must be:
-
- Collected only for valid purpose(s) that we have informed you about.
- Used lawfully, fairly and in a transparent way which means in a way that is relevant to the purpose(s) we informed you about, limited only to those purpose(s) and in no way incompatible with those purpose(s).
- Accurate and kept up to date, kept only as long as necessary for the purpose(s) we have told you about and handled securely.
We may request certain information from you in order to enable you to use or purchase our services or products. If you have any questions do contact our privacy coordinator.
More specifically we will collect any or all of the following data elements :
-
- Bank account
- Birthday / Age
- Company Role
- Company address
- Consent
- Correspondence content
- Customer file
- Customer name
- Date & time
- Electronic identification data
- Essential cookies
- Family composition data
- Gender
- Home address
- IP address
- Images from security camera
- Individual Profile ID
- Involved party name
- Leisure time activities and interests
- Nationality
- Payment History
- Payment balance data
- Payment card details
- Personal email address
- Personal phone number
- Purchase history data
- Signature
- Work email address
- Work phone number
We rely on you to provide us with correct data. If the data changes, we invite you to let us know, so we can keep the data up to date.
We process the data to allow us to deliver the services/products, and to continually improve the services/products available to you and adapt them to your needs. More specifically we perform the below processing:
-
- Correspondence
Description: Communication with interested parties in electronic or paper form
Purpose: To provide proper service
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Personal email address, Customer name, Correspondence content
Data is processed in the EU
- Security camera
Description: Capturing and / or storing of security images or video
Purpose: To ensure security, prevent fraud or theft…
Legal basis: Legitimate interests
Retention period: Maximum 4 weeks, unless in case of evidence of the incident: until the incident has been handled
Data items: Images from security camera, Date & time
Data is processed in the EU
- Customer card and App payments
Description: Processing payments through debit card, credit card or payment App
Purpose: To ensure proper payment
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Payment card details, Customer name, Date & time, Signature
Data is processed in the EU
- Corporate website
Description: Corporate website for public consultation. May include customer login area.
Purpose: To inform interested and / or business parties
Legal basis: Legitimate interests
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Electronic identification data, Essential cookies
Data is processed in the EU
- Hotel Reservations and Registration
Description: Register guest booking received directly or indirectly via third parties into our booking system. Activities associated with this purpose include: facilitating reservations and bookings of hotel accommodations and related services; engaging in pre‑arrival communications (logistics, changes, preferences, etc.); and processing payments and security deposits.
Purpose: Booking and guest registration
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Home address , Nationality, Payment card details, Gender , Customer name, Date & time, Correspondence content, Signature
Data is processed in the EU
- Meeting & Event Planning
Description: Communicating with customers and vendors to plan meetings and events and group bookings
Purpose: Event Planning
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Home address , Personal email address, Work phone number, Payment card details, Gender , Family composition data, Purchase history data, Customer name, Involved party name, Customer file, Company address, Date & time, Company Role, Individual Profile ID, Email
Data is processed in the EU
- Customer invoicing & accounting
Description: Calculating the fee owed, sending out invoices and ensuring payment
Purpose: To ensure proper payment
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Home address , Personal email address, Bank account, Payment History, Work email address, Customer name, Payment balance data, Company address, Signature
Data is processed in the EU
- Newsletter and Promotion
Description: Sending you information and updates on our products and services and other products and services that we think may be of interests to you, including latest promotions, competitions, and joint- and cross promotions with our business partners.
Purpose: Promote hotel services
Legal basis: Consent
Retention period: As long as you remain an active subscriber, or 12 months post non-activity
Data items: Customer name, Consent, Email
Data is processed in the EU
- Guest Relations and Loyalty
Description: Guest stay information and lifestyle information, such as arrival and departure dates, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests
Purpose: Customer service and retention
Legal basis: Legitimate interests
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Home address , Personal phone number, Birthday / Age, Gender , Family composition data, Leisure time activities and interests, Customer name, Involved party name, Company address, Date & time, Correspondence content, Company Role, Individual Profile ID, Email
Data is processed in the EU
- Sale of Gift Vouchers
Description: Sale of online gift vouchers
Purpose: Sales
Legal basis: Contract
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: Payment card details, Customer name, Involved party name, Email
Data is processed in the EU
- Guest and Visitor WiFi
Description: Provision of free wifi
Purpose: Provision of wifi
Legal basis: Legitimate interests
Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
Data items: IP address
Data is processed in the EU
- Correspondence
In the above processing we are the data controller.
Where you provided consent, you have the right to revoke it. You have the right to withdraw your consent at any time.
In case you object to the processing of your data, please contact us so we can evaluate together if a contractual relationship is possible and a continuation of the use of our services is possible.
We also handle supplier data. When we collect, process and store supplier data, we want to make sure we only collect, process and store data we really need and are entitled to handle in this way. In dealing with our suppliers we typically collect, process and store the name, work email and work phone of the person(s) interacting with us. We also collect, process and store the VAT number of our suppliers.
Processing of personal data on your behalf
Transfer of personal data
In order to provide certain services or products we might work with third parties such as IT partners, insurance partners, accounting partners, legal advisors. More specifically we reserve the right to transfer your personal data to our partners.
-
- Reservation channel – Booking.com
Purpose: To generate business
Legal basis: Contract
Data items: Date & time, Personal phone number, Customer name
Data is processed in the EU
- Insurance
Purpose: To ensure proper handling of company liabilities
Legal basis: Legitimate interests
Data items: Involved party name, Staff member name, Claim specific information, Customer name
Data is processed in the EU
- Hotel CRM
Purpose: Loyalty Programs, Accounts and Relationship Management
Legal basis: Legitimate interests
Data items: Individual Profile ID, Gender , Personal email address, Purchase history data, Personal phone number, Home address , Customer name, Birthday / Age, Consent, Survey data
Data is processed outside the EU
- Online Gift Vouchers
Purpose: Sale of vouchers
Legal basis: Contract
Data items: Email , Customer name, Payment card details
Data is processed in the EU
- Social media – Facebook / Instagram
Purpose: To promote the company and its services
Legal basis: Legitimate interests
Data items: Electronic localisation data, Date & time, Customer name
Data is processed in the EU
- Insurance
Purpose: To ensure proper handling of company liabilities
Legal basis: Legitimate interests
Data items: Involved party name, Staff member name, Claim specific information, Customer name
Data is processed in the EU
- Recruitment
Purpose: Recruitment
Legal basis: Legitimate interests
Data items: Birthday / Age
Data is processed in the EU
- Purchasing
Purpose: Manage purchasing effectively
Legal basis: Contract
Data items: Supplier Name, Bank account, Work email address
Data is processed in the EU
- Payment partner
Purpose: To process payments
Legal basis: Contract
Data items: Home address , Customer name, Signature, Payment card details
Data is processed in the EU
- Reservation channel – Booking.com
These third parties will generally act as data processor. Please do note that social media platforms, commerce platforms and structural sales partners are often regarded as joint controllers.
If you participate in an online call, meeting, conference,… do note that any data you choose to share will be visible and/or audible to the other participants. Please consider this before sharing your personal details, video, audio or any other data.
In case you object to the transfer of your data, please contact us so we can evaluate together if a contractual relation is possible and a continuation of the use of our services is possible.
Please do note that we may be required by law to process certain data and, as the case may be, to transmit them to the relevant authorities. As this is a legal obligation you can not object this transfer.
Security & Confidentiality
We undertake to keep your personal data secure & confidential and have established security procedures to avoid any loss, abuse or alteration to this personal data in line with industry best practices.
Website & cookies
Navigation on our website may result in cookies being saved to your computer. They simplify the visit and improve your experience. When visiting our website you will be informed of the cookies being used and we will ask you for your consent. Furthermore, each time you visit our website, the webserver automatically processes your IP address and/or your domain name.
We may publish links to websites owned and operated by third parties. If you click on such a link you will navigate to another website. Please make sure you read and understand the privacy policy of that website, as it may differ from our policy and is outside of our control. If you feel unsure or cannot agree with the policy, we suggest you leave that website.
Social media
If you use the social media functions such as eg “like” or “share” button that may be on our website, or if you visit our social media page, please know that your personal data will be processed by the social media platform. In this processing, the European regulator considers us and the social media platform both to be joint data controllers, which means that we jointly determine why and how your personal data is processed. You can find out how we process your personal data in this privacy statement. You can find information about the processing by the relevant social media platform in their privacy statement. We ask you to read the privacy statement of the social media platform carefully before visiting the social media items on our page or our page on the social media platform.
If we hold an event such as a client network event, opening event, premiere etc. we might have photographers or videographers present. The photos and videos they shoot are purposed to be used in marketing materials and / or published on our social media pages. When you are not the main subject of these materials the data protection authority’s guidance is that your GDPR explicit consent is not required. However, should you oppose to us using materials where you are depicted, please let us know.
Exercising your rights
In accordance with the general data protection regulation you have the right to:
-
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Withdraw your prior consent to processing at any time.
- The right to object to a decision based solely on automated processing, including profiling.
- The right to receive your personal data in a structured, commonly used and machine-readable format and have transmit those data to another controller (commonly known as a “data portability request”).
We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You can exercises your rights by contacting our Privacy Coordinator James Cusack via james.cusack@ocallaghancollection.com or at the below company address:
O Callaghan Collection
c/o James Cusack
Hospitality House, 16-20 South Cumberland Street D02 Y097 Dublin 2 Ireland
Data Protection Authority
You can direct any complaints and comments to the competent data protection authority at the below address:
The Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28 https://www.dataprotection.ie