Privacy Notice

Purpose of this Privacy Notice

 

This Privacy Notice provides information on how  Stonehouse Blue Limited collects and processes your Personal Data when you visit our pubs, use our website (‘the website’) (including any data which you may provide through the website when you contact us to provide feedback or to make a complaint),

This Privacy Notice (“Notice “) together with any disclaimers sets out the basis on which any personal data we collect from you or that you provide to us, or that is provided to us relating to you (“Personal Data”) by any means will be processed. Please read the following carefully to understand our use of personal data. Please note that this Privacy Notice relates only to living individuals in relation to personal data relating directly to themselves, and not to persons in any other capacity. This Privacy Notice is provided to you, in line with the following Personal Data Protection Legislation:

  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
  • The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;.

This Privacy Notice sets out the basis on which any Personal Data we collect from you, or from others, will be processed by us.  Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

 

Purpose of this Privacy Notice

Controller

Contact details

The data which we collect about you

How is your personal data collected?

How we use your personal data

Purposes for which we will use your personal data

Cookies

Change of purpose

Disclosures of your personal data

International transfers

Data security

Data retention

For how long will you use my personal data?

Your legal rights

Links to other sites

Changes to this Notice

Contact Us

 

Controller

Stonehouse Blue Ltd  when  visiting the Pav is the Controller.

Contact details

If you have any questions about this Privacy Notice or our privacy practices, including any requests to exercise your legal rights, contact [email protected]

At any time, you have the right to make a data protection complaint to the relevant supervisory authority. However, before doing so, we do request that you contact us in the first instance to provide us with an opportunity to resolve the matter.

If we have been unable to resolve your concerns and you wish to lodge a complaint with a supervisory authority, Data Protection Commission (www.dataprotection.ie).

The data which we collect about you.

Personal data means any information about an individual from which that person can be identified. I

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity data includes first and last names, images captured on CCTV (including body camera)footage.
  • Contact data includes postal address, e-mail address and telephone number(s).
  • Financial data includes  the card-holder’s name, card type, card number, issue date (not mandatory), expiry date, issue number and CVV number.
  • Transaction data includes details about payments for our products or services.
  • Technical data includes Internet protocol addresses, location data (to order and pay for products, uses GPS technology to determine your current location and requires location data for certain features to work), browser plug-in types and versions, operating system/platform and other technology on the devices you use to access our website or to use, install or uninstall our apps. See our  Cookie Notice for further details.
  • Usage data includes information about how you use our website, apps and other services.

We do not collect any special categories of personal data about you as a Customer (this includes details about your race, ethnicity, religious/philosophical beliefs, sexual orientation, political opinions, health and genetic/biometric data).

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and, when requested you fail to provide that data, we may be unable to perform the contract we have or are trying to enter into with you (e.g., to complete a booking). As a result, we may have to cancel a product or service which you have with us; if this is the case, we will notify you.

How is your personal data collected?

We use different methods to collect data from and about you, including through:

  • direct interactions – including any information you provide to us when booking a table visiting our pubs , purchasing food and drinks in our pubs or lodging a complaint.
  • automated technologies or interactions – as you interact with our website,  we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this data using cookies and other similar technologies. See our  Cookie Notice  for further details.
  • third parties or publicly available sources – we receive personal data about you from various third parties and public sources, as set out below:
    • technical data from analytics providers, such as Google, based outside of the European Economic Area (EEA)
    • contact, financial and transaction data from providers of technical, payment and delivery services, such as Stripe

We will use your personal data only when the law allows permits it. Most commonly, we will use your personal data in the circumstances where:

  • we need to perform the contract into which we are about to enter/have entered into with you.
  • it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
  • we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data. We do not send third-party direct marketing communications to our customers.

Purposes for which we will use your personal data.

 

 

The table below describes the purposes for which we may use your personal data and the legal basis for data-processing.

 

Purpose/activity Type of data Lawful basis for processing, including basis of
legitimate interest
To register you as a new customer (a) identity

(b) contact

Performance of a contract with you
To process and deliver your food and drinks order or table booking, including:

(a) managing payments, fees and charges

(b) collecting and recovering money owed to us

(c) sending receipts to you

(a) identity

(b) contact

(c) financial

(d) transaction

(a) performance of a contract with you

(b) necessary for our legitimate interests (to recover debts due to us)

To enable you to:

(a) correspond with us via post, phone, e-mail or otherwise

(b) provide feedback, submit a subject access request or lodge a complaint

(a) identity

(b) contact

 

 

(a) performance of a contract with you

(b) necessary for our legitimate interests (to obtain feedback from our customers, process complaints and grow our business around our customers’ needs)

To use application improvement analytics to improve our website, products/services (a) technical

(b) usage

Necessary for our legitimate interests (to keep our website updated/relevant and to develop our business). Google analytics used only on consent.
Log information – for order history and troubleshooting (a) identity

(b) technical

(b) usage

 

(a) performance of a contract with you

(b) necessary for our legitimate interests (to help resolve problems)

 Checking and verifying your identification for the prevention of crime and disorder  (a) identity  (a) compliance with legal and regulatory requirements
 CCTV recording in the communal areas of our pubs , café and brewery to ensure the safety of our employees and customers  (a) identity  (b) Compliance with our legal and regulatory obligations and for the prevention of crime and disorder

 

Cookies

 

You can set your browser to refuse some or all browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website or apps may become inaccessible or may not function properly. For more information about the cookies we use, see our Cookie Notice

 

Change of purpose

We will use your personal information only for the purposes for which we collect it, unless we reasonably consider that we need to use it for another purpose which is compatible with the original one.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where required or permitted by law.

Disclosures of your personal data

We may share your personal data with provide you with our services. For example, our web hosting provider and our table booking service providers.

In addition, we may disclose your personal information to third parties If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may share your information with selected third parties including:

  • Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
  • Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii)you ask us to share your information.
  • Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and / or court orders.
  • Service providers who provide us with marketing including, Wi Fi services, website and online platforms, and subcontractors who provide a service to us, and sub processors.

We attach at Schedule 1 a list of  some  of the entities with whom your personal data is shared. A full list is available on request.

We do not allow our third-party processors to use your personal data for their own purposes. We permit them to process your personal data only for specified purposes and in accordance with our instructions.

Any payment transactions carried out by us or our chosen third-party provider of payment-processing services will be encrypted.

International transfers

We  will, from time to time, make use of services provided by third parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Microsoft Office 365 and Google. Where Personal Data needs to be transferred or processed outside the EU/EEA, we chose providers who process Personal Data on the basis of:

  • SCC
  • An Adequacy Decision from the European Commission.

If you want further information on the specific mechanism used by us, if your data is transferred outside of the EEA, please contact us.

Data security

We have appropriate security measures in place to prevent your personal data from being accidentally lost, altered, disclosed or accessed/used in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties with a business need to know. They will process your personal data only on our instruction and are subject to a duty of confidentiality.

We have implemented procedures to deal with any suspected personal data breach – where legally required to do so, we will notify you (and any applicable regulator) of a breach.

Data retention

For how long will you use my personal data?

 

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

In some circumstances, you can ask us to delete your data – see ‘Your legal rights’, below, for further information.

Your legal rights

As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Personal Data. These rights apply in certain circumstances and are set out below: –

  1. The right to access Personal Data relating to you (‘access right’).
  2. The right to rectify/correct Personal Data relating to you (‘right to rectification’).
  3. The right to object to processing of Personal Data relating to you (‘right to object’).
  4. The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
  5. The right to erase/delete Personal Data relating to you (i.e., the “right to erasure”)and
  6. The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to Personal Data portability’).

These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by sending an e-mail to [email protected]

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence we may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.

Links to other sites

Our website  may include links to third-party websites, plug-ins and applications, e.g., links to third-party sites such as Table path with which we work to provide certain services. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy statements. When you leave our website or apps, we encourage you to read the privacy notice of every website plug-in and/or application which you visit.

We are  not the data controller for table-service payments made via contactless devices. Contactless payments are processed via  Stripe devices. Please see their respective websites for more information about the way these companies process your personal data.

 

Changes to this Notice

We reserve the right to change this Notice from time to time in our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree.

Contact Us

Questions, comments, requests and complaints regarding this Notice and your Personal Data we hold are welcome and should be addressed to us at Privacy Compliance Co-Ordinator at [email protected]

All requests will be dealt with promptly and efficiently.

This Notice is effective from November 16th 2023

 

 

 

 

Schedule 1

We have set out below a list of some of the third parties with whom we share your Personal Data.

Third party name Description of services provided
Web hosting Blacknight
Payments Stripe
Email Service Providers Microsoft/ Google