Purpose of the Policy
- what information we collect from you;
- how we use that information;
- how that information we collected is shared;
- your rights; and
- other useful privacy and security-related matters.
It is important that you take the time to read and check back often for updates of this policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Service and/or contact you using other methods such as email.
Definition of Terms
- Personal Data. According to Article 2 (a) of Regulation (EC) No 45/2001: “Any information relating to an identified or identifiable natural person, referred to as “data subject” – an identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity”.
- Data Subject is the person whose personal data are collected, held or processed.
- Sensitive Personal Data or the “special categories of personal data”. This includes the racial or ethnic origin, political opinions, religious or philosophical views, trade union membership, sexual orientation, and health, genetic and biometric data where processed to uniquely identify an individual. Personal data relating to criminal convictions and offenses are not included, but similar extra safeguards apply to its processing.
- Data Controller. Any organization, person, or body that determines the purposes and means of processing personal data, controls the data and is responsible for it, alone or jointly. Examples, when the data controller is an individual, include general practitioners, pharmacists, and politicians, where these individuals keep personal information about their patients, clients, constituents etc. Examples of organizations can be data controllers, for profit or not for profit, private or government-owned, large or small, where those organizations keep personal information about their employees, clients, etc.
- Data Processor processes the data on behalf of the data controller. Examples include payroll companies, accountants, and market research companies.
- Accountability is the ability to demonstrate compliance with the GDPR. The Regulation explicitly states that this is the organization’s responsibility.
- Consent is any “freely given, specific, informed and unambiguous” indication of the individual’s wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed for one or more specific purposes.
- Privacy Impact Assessment (PIA) The GDPR imposes a new obligation on data controllers and data processors to conduct a Data Protection Impact Assessment (also known as a privacy impact assessment, or PIA) before undertaking any processing that presents a specific privacy risk by virtue of its nature, scope, or purposes.
- Processing is any operation performed on personal data (sets), such as creation, collection, storage, view, transport, use, modification, transfer, deletion, etc., whether or not by automated means.
- Profiling is any form of automated processing of personal data intended to evaluate certain personal aspects relating to an individual or to analyze or predict in particular that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior.
- Subject Access is the data subject’s right to obtain from the data controller, on request, certain information relating to the processing of his/her personal data.
- The territorial scope of the GDPR includes the European Economic Area (EEA – all 28 EU member states), Iceland, Lichtenstein, and Norway, and does not include Switzerland.
- A third party is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data.
- The transfer of personal data to countries outside the EEA or to international organizations is subject to restrictions. As with the Data Protection Directive, data does not need to be physically transported to be transferred. Viewing data hosted in another location would amount to a transfer for GDPR purposes.
- “DPO” is the Data Protection Officer. The DPO ensures that the organisation possesses the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
What Information We Collect from You
- The Information you provide us
We collect information about you during the account registration process. This includes all registration for any of our Services. This information may include, but is not limited to:
- your name;
- postal address;
- e-mail address;
- phone number;
- credit/debit card details; and
- any other details as might be requested from you for the purpose of registration and/or continued use of our Services.
Other Instances where we collect information from you:
- Your name, contact information and message if you contact us or take part in a survey, contest or promotion;
- Device information including unique device identifier;
- Information and communications on forums on the website.
- Message boards; and
- Profile comments;
- Details such as traffic information, location data and other communication data. These are collected when availing our Services. This includes IP address and browser type;
- Your payments, payment method and other account transactions. These are routinely analysed to assist us in improving the Services we provide to you;
- Your telephone or Live Chat conversations – a customer service call;
- Your response to marketing campaigns from us or through our third parties i.e. open/click on such emails;
- Your social media profile details – which includes the name, profile photo and other information you make available to us. That is when you connect with or contact us through a social media account;
- Information derived based on profiling activity (see below); and
- Information from third-party databases to be legal and regulatory obligations compliant.
- Third party and Publicly Available Sources
Not all the personal information we hold about you will always come directly from you. We may also collect information from third parties. These could be from our partners, service providers and publicly available websites (i.e. social media platforms).
This is because we want to offer Services we think may be of interest. Also, to help us maintain data accuracy and provide and enhance the Services.
If you log into one of our products through Facebook, Facebook provides us with some of your Facebook user details. We may use these details for the purposes of our registration process and to market our products and Services to you on Facebook.
- Cookie Collection
How do we use this information
We process personal information for these Services- and business-related purposes:
- Account setup, verification, and management
We use personal information such as your name, email address, phone number, and information about your device to:
- set up and administer your account;
- provide technical and customer support and training;
- verify your identity, process payment information;
- send important account and Service information;
- As a condition of using our Services. We will ask you to share your precise geolocation so we can ensure that we are authorised to provide the Services to you in your location. This is to provide the Services to you pursuant to our terms and conditions.
- To verify your age and accuracy of your registration details. This includes disclosure of such information to third parties e.g. financial institutions and third-party reference agencies. This is required for the purpose of our complying with our legal obligations.
- We may also use personal information to enforce our terms and conditions.
We use personal information to deliver and suggest tailored content to personalise your experience with our Services. The processing is necessary for the purpose of our legitimate interests in delivering or presenting relevant content to our customers.
- Marketing and events:
Subject to any preferences you have expressed, we use personal information to deliver marketing and event communications to you across various platforms. This includes email, telephone, text messaging, direct mail, online, push notification or otherwise.
We will do this during the period of your relationship with us. Unless specifically instructed otherwise by you for a reasonable period of time after the relationship has ended. This is to inform you about products, services, promotions and special offers which we think may be of interest to you.
- If we send you a marketing email or SMS, it will include instructions on how to opt out of receiving these marketing communications in the future.
You can also manage your information and update your marketing preferences through the “My Account” tab when you log in to your account.
Please allow up to 48 hours for any changes you make to your marketing preferences to be fully processed.
Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
- We will, from time to time, send you marketing material which may of particular interest to you based upon your behaviors i.e. your recent searches. These marketing messages will provide you with information about the products, services, active promotions or offers available to you. As well as information about products and services provided by our selected partners and third parties.
- Except where we use your personal data for marketing purposes on the basis of your prior written consent and subject to any opt-out preferences you notify to us in respect of electronic direct marketing communications, we process personal data for marketing purposes as necessary for the purpose of our legitimate interests in promoting our products and services.
- Show and measure ads and Services:
We use a combination of information collected such as:
- advertising cookies,
- your email address and
- your onsite activity
All these to show you targeted and relevant advertisement on a selection of whitelisted websites across the world wide web and social media websites. This information can also be used to measure and analyse the effectiveness and reach of these ads, to help us improve and refine our marketing strategy in accordance with our legitimate interests.
- Surveys and polls:
If you choose to take part in a survey or poll, any personal information you provide may be used for marketing or market research purposes in accordance with our legitimate interests.
- Diagnostics, research, and development:
We use personal information for internal research and development purposes. This is to help diagnose system problems, to administer our websites, to improve and test the features and functions of our Services, to develop new content, products, and services. To carry out testing and analysis. This processing is necessary for our legitimate interests.
- Legal and regulatory obligations:
We may use and keep personal information for legal and compliance reasons. Such as the prevention, detection, or investigation of a crime; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; and (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
Under our legitimate interests detailed below or to follow our legal obligations, we carry out profiling and analysis based upon your location data, interests and behaviors for the following purposes for customer segmentation to offer you tailored products and services, and more relevant marketing.
- Other purposes:
We may use and keep personal information to protect our rights, privacy, safety, or property, or those of other persons in accordance with our legitimate interests.
How is the information shared
Your personal information may be disclosed to the Group and, subject to an appropriate agreement, to third parties. The processing of that personal information based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures.
Within the Group:
Any reference to the “Group” within this Policy includes all or any of its direct or indirect subsidiary undertakings, joint venture partners, and their related companies wherever located in the world as may exist from time to time. The information you provide and other information it holds about you will be used for the following purposes:
- Account set up, verification and management;
- Marketing and events
- Risk management; and
- Legal and regulatory obligations.
Our third-party service providers & partners:
The Group may, from time to time, keep trusted third parties to process your information. This is to provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys. As part our agreements with our partners, we may be required to share your information for the purposes of calculating fees and benefits owed.
Third parties for legal reasons:
We will share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence;
- In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
- To protect our rights, users, systems, and Services.
The Website operates businesses in many jurisdictions. Some of which are not located in the European Economic Area (“EEA”). Countries outside the EEA do not always have strong data protection laws.
When we transfer personal information from the EEA to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection.
Under the General Data Protection Regulation, as a data subject have rights detailed below. Some of these only apply in specific circumstances. These are applicable in several respects by exemptions in data protection legislation. We will tell you in our response to your request if we are relying on any such exemptions.
- Access to personal data: You have a right to request a copy of the personal information that we hold about you. If you want to make such a request, please see the Contact Us section for information on how to contact us.
- You should include adequate information to identify yourself. Provide other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
- Correction of personal data: You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We provide you with account settings and tools to access the information associated with your account.
- Right to withdraw consent: Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent.
- To opt out of marketing, you can use the unsubscribe link found in the marketing communication you receive from us. For other marketing preferences, you can visit the My Account tab when you log into your account or the “Contact Us” option within the relevant Service.
- The right of erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances, it is not a guaranteed or absolute right.
- Right to data portability: This right allows you to get your personal data that you have provided to us with your consent. That information that was necessary for us to provide you with our products and services in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
- Right to restrict processing of personal data: You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
- Right to object to the processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
- Rights relating to automated decision making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right means you can request that we involve one of our employees or representatives in the decision-making process. We are satisfied that we do not make automated decisions of this nature.
How to contact us
For any requests related to your personal information or any of your rights referenced above, please feel free to contact us in one of the following ways:
- Email: firstname.lastname@example.org
- Office telephone number: (+353) 0667180360
- 80 Boherbee, Tralee, Co. Kerry
Filing a complaint
If you are not satisfied with how we manage your personal data, you have a right to make a complaint to your local Data Protection Authority.
Other useful privacy & data security-related matters
We keep personal information for as long as we need it for legal or business purposes. For the unregulated jurisdictions in which operate, your information will not be retained for longer than 7 years post account closure.
Please note that we may be required in certain circumstances to keep your information indefinitely. We will take all necessary steps to ensure that the privacy of information is maintained for the period of retention.
We acknowledge that online security and data protection is of vital importance for all our customers. Thus, it is important to us that you have confidence in the security of your personal details before you register an account. We are committed to employing security measures to protect your information from access by unauthorised persons and to prevent accidental or unlawful processing, disclosure, destruction, loss, alteration, and damage. Our technological security solutions are very advanced and are governed by a mature framework. Our approach is focused on preventing risks.
In order to help us in this regard, we use pseudonymization and encryption whenever possible. This is to reduce the impact of any potential incidents. As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and the Group will accept no liability for any direct, consequential, incidental, indirect, or punitive losses or damages arising out of such an occurrence.
Castle Off-Licence website may request cookies to be set on your device. Cookies are used to let us know when you visit our websites and how you interact with us. All this to enrich your user experience, and to customise your relationship with Castle Off-Licence You can also change your cookie preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies (always active)
These cookies are strictly necessary to provide you with services available through our websites. You cannot refuse them without impacting how our websites function because these cookies are strictly necessary to deliver the websites. You can block or delete them by changing your browser settings. Read more about it in “How can I control cookies?” in the Cookie Statement.
Performance and Functionality Cookies
These cookies are used to enhance the performance and functionality of our websites. But these are non-essential to the website. However, without these cookies, certain functionality may become unavailable.
Analytics and Customization Cookies
These cookies collect information that is used either in aggregate form to help us understand how our websites are being used or to help us customise our websites and application for you in order to enhance your experience
The Castle Off-Licence website uses Google Analytics (GA).
GA is used to track user interaction. We use the data to determine the number of people using our site. It is used to better understand how they find and use our website, the Castle Off-Licence. Thus, seeing the user’s journey through the Castle Off-Licence.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us, Castle Off-Licence. GA also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this. We consider Google to be a third-party data processor.