DRAFT EU GDPR PRIVACY STATEMENT
MERCROFT TAVERNS Ltd
Mercroft Taverns Ltd is committed to protecting and respecting your privacy. We wish to be transparent regarding how we process your personal information and demonstrate that we are accountable, in accordance with the EU General Data Protection Regulation (EU 2016/679) and the Data Protection Act 2018. It is the intention of this Privacy Statement to explain to you our privacy management practices in relation to the personal information that we collect and process.
The scope of this Privacy Statement extends to include all personal information which is collected through our website www.marketbar.ie. In addition, this Privacy Statement also extends to all personal information which is collected and processed electronically, including email communication, software applications, CCTV Systems, and all other associated technologies. This Privacy Statement does not relate to personal information which is collected and processed manually.
In accordance with the EU GDPR (2016/679) and the Data Protection Act 2018, we are identified as both a Data Controller, and Data Processor of your personal information.
By willingly providing personal and other information, you consent to the terms and conditions of this Privacy Statement. Please read this statement carefully, as this document sets out the basis on how we collect and process the personal information that you provide to us.
WHO ARE WE?
The Market Bar is located in the Heartland of Dublin, Ireland, and is renowned as Dublin’s favourite Tapas bar and restaurant. Established in ……….., The Market Bar is the perfect venue for casual dining, and all celebrations. Wonderful ambiance and atmosphere together with our creative food and drinks menus, and unique customer service will make an evening at The Market Bar an unforgettable experience.
HOW WE COLLECT PERSONAL INFORMATION ABOUT YOU
Personal information is collected when you register on www.marketbar.ie either by email, or when you complete and submit any of our online forms. The categories of personal information that we collect, and process include, your name, company name, email address, and contact telephone number.
HOW WE USE YOUR PERSONAL INFORMATION
We are legally mandated to identify the specific lawful bases which allow us to collect and process your personal information. In accordance with EU GDPR legislation, we rely on the following legal bases, Consent, Contractual Necessity, Legal Obligation, Legitimate Interest, Public Interest.
There may be occasions when it is necessary to engage with third-party stakeholders and working partners for the following purposes:
To facilitate the delivery of our services
To provide services on our behalf
To perform related services or,
To assist us in analysing how our services are used.
We may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information.
The following table illustrates the various purposes that your personal information may be collected and processed and the legal bases for processing that personal information. Please note, however, that this is not an exhaustive list of our data processing activities.
|PURPOSE||CATEGORY OF DATA||LAWFUL BASIS|
|To register you as a Client, Customer, Guest.
To register you as an external Stakeholder/Supplier
|Name, address, phone no, email address||Contractual Necessity|
|To provide and deliver our products and services to you.
|Name, email address, phone no,||Contractual Necessity, Consent,|
|To allow you to make reservations and bookings.||Name email address, phone no||Contractual Necessity, Consent|
|To allow us to issue invoices.||Name, address, email address||Contractual Necessity, Legitimate Interest|
|To allow us to publish videos and photographs on our website.||Name, mail address, phone no||Consent|
|To reply to your enquiries and emails.||Name, address, phone no, email address||Contractual Necessity, Consent|
|To allow us to keep you updated regarding events and subscribe to our email lists.||Name, email address,||Consent|
|To allow you to subscribe to our Company Newsletters.||Name, Email Address,||Consent|
|To manage and administer the use of our services & relationship with clients, suppliers, stakeholders.||Name, Address, Email address||Contractual Necessity/Legitimate Interest, Consent|
|For the prevention and detection of crime||Name, (possibly address & email address)||Public Interest, Legal obligation|
SOURCE OF COLLECTION
You provide personal information when you visit www.marketbar.ie. Personal information is also collected when you send an email and when you complete and submit any of our online forms.
We use the Social Media platforms of Instagram, Facebook, Snapchat, and Twitter. Personal information may be collected through these channels.
THIRD PARTY SITES
There may be occasions when www.marketbar.ie contain links to other sites. If you click on a third-party link, you will be directed to that site. Please be aware that these third-party sites are not operated by us, we strongly advise that you review the privacy statements of any third-party sites. We do not take any responsibility for the content of privacy statements or practices of any third-party sites or services.
We do not actively transfer personal information beyond European territories. However, personal information entered onto www.marketbar.ie may be transferred to a server in the United States of America and stored there.
Please note that outside the EU and the EEA different standards of data protection might apply. By completing and submitting any online forms on our website, you acknowledge and consent that data may be transferred across international borders, including to countries outside the EU and the EEA.
We will ensure that when personal information is transferred outside the EU and the EEA that local data protection standards meet EU GDPR requirements.
SECURITY OF PERSONAL INFORMATION
We are committed to the protection and security of your personal information. A variety of security technologies and procedures are used to protect your personal information from unauthorised use and access, accidental loss, unlawful destruction, alteration, unlawful disclosure. As effective as security practices are, no physical or electronic system is entirely secure. We cannot guarantee the complete security of databases, nor can we guarantee that information that you supply will not be intercepted while being transmitted to over the internet. Strict security controls have been implemented to ensure that your privacy is safeguarded at every level. We will continue to revise policies and procedures and review systems, and we will implement additional security features as new technologies become available. Any transmission of personal information is at your own risk. When we receive your personal information, we use appropriate security measures to prevent your personal information from being compromised in any way. When you contact us to ask about your personal information, we may ask you to identify yourself, this is to help protect your personal information.
RETENTION OF PERSONAL INFORMATION
Personal information is not retained for longer than is considered necessary to enable us to provide our products and services. Independent Statutory legislation, and Regulatory obligations will influence the retention period of various categories of personal information that we collect and further process. Further information regarding the retention of personal information is detailed in our separate EU GDPR Retention Policy, a copy of which is available upon request.
We do not collect or process personal information pertaining to children under the age of 13 years. If you are under 13, do not access, use, or provide and personal information on www.marketbar.ie or through any of their features. If we learn that we have collected or received personal information from a child under 13 without parental consent, we will delete that information.
DO WE SHARE YOUR PERSONAL INFORMATION?
There may be circumstances when we are legally mandated to share personal information, in accordance with Independent Statutory legislation and regulatory requirements. In addition, there may be circumstances where it is necessary to share personal information with our Working Partners and Stakeholders to enable us to provide our products and services efficiently. We will ensure that all Data Sharing Agreements and Contracts have been implemented prior to the sharing of any personal information. Access to personal information to external Stakeholders and Working Partners will only be afforded when a specific legal and lawful purpose (s) has been identified. Detailed below is a list of Stakeholders and Working Partners with whom personal information may be shared for the purposes of providing our services to our clients. This list is, however, not exhaustive:
- IT Provider/Support
- Web Hosting Co
- Business Partners/External Stakeholders
- Saas Providers
DATA SUBJECT RIGHTS
In accordance with the EU General Data Protection Regulation (EU 2016/679) and the Data Protection Act (2018) you are afforded the following rights in certain circumstances.
Right of Access: You have the right to obtain confirmation whether personal information is collected and processed about you and where that is the case, access to the personal data, including the purposes of processing and the categories of personal data concerned. The recipients or categories or recipients to whom the personal information have been or will be disclosed. You may also submit a written request for a copy of personal information you believe is processed about you.
Right to Rectification: You have the right to the rectification of inaccurate personal information about you without undue delay.
Right to Erasure: You may request us to delete your personal information however, this is not an absolute right, and any such request will be considered in accordance with EU GDPR legislation and local legislation.
Right to Restrict & Object: You have the right to restrict and object to us collecting and further processing your personal information.
Right to Data Portability: Upon receipt of your written request, where possible, a digital copy of your personal information can be shared with you or another organisation.
HOW TO CONTACT US
Taking into consideration the nature of our data processing activities we are not mandated to appoint a designated Data Protection Officer. However, should you have any questions regarding how we collect and further process your personal information please send an email to: firstname.lastname@example.org
Contact Details for the Data Commissioners Office are as follows: 21 Fitzwilliam Square, Dublin 2. Telephone No (00 353 578684800)
CHANGES TO THIS PRIVACY STATEMENT
This Privacy Statement will be updated from time to time, particularly to reflect any changes made, regarding how we collect and process your personal information. Details of any changes made will be posted here. By continuing to use www.marketbar.ie after any changes are posted, you accept and agree to the privacy statement as modified.
Cookies & Privacy
Cookies are small text files that websites use to remember information about you. They’re stored on your computer and can only be accessed by the website that created them or your web browser. It is possible to change the cookie settings of your browser to allow or block cookies depending on your preference.
This website uses a number of different cookies depending on how you use the website:
(a third-party cookie)
These cookies are set by Google Analytics and are used to collect information about how visitors use our site. We use this information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
(a first-party cookie)
These cookies are set by this website and are essential to provide visitors with the information they request as they navigate through the site.
The cookies that are used for Google Analytics in order for us to understand what content people find useful, and for us to then provide better content on the website. This information is collected in anonymous form and includes information such as visits to the site, how you arrived at the site and what pages you visited. If you wish to opt out of this then follow this link: https://tools.google.com/dlpage/gaoptout
3rd Party Analytics or re targeting that we are using
Google Tag Manager
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience.
When do we collect information?
We collect information from you when you fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To follow up with them after correspondence (live chat, email or phone inquiries)
How do we protect your information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use ‘cookies’?
• Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.It won’t affect the user’s experience that make your site experience more efficient and may not function properly.
We do not sell, trade, or otherwise transfer to outside parties you’re personally identifiable Information.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
• Re-marketing with Google AdSense
• Google Display Network Impression Reporting
• Demographics and Interests Reporting
• DoubleClick Platform Integration
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
How does our site handle Do Not Track signals?
We don’t honour Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. We don’t honor them because:
We do not have the facility to do that.
Does our site allow third-party behavioural tracking?
It’s also important to note that we do not allow third-party behavioural tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Do we let third-parties, including ad networks or plug-ins collect PII from children under 13?
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at
• Follow the instructions at the bottom of each email.
and we will promptly remove you from ALL correspondence.
TEL – 01-6139094
Email – email@example.com