1. Who we are:
1.1 Activity Days Ireland Limited a company incorporated under Irish law with company number 559999 and having its registered office at 10 Bracken Wood, Blarney, Co. Cork, t/a as Activity Days (“Activity Days”, “the Company”) are committed to ensuring the privacy of its customers and guides. We are fully compliant with the General Data Protection Regulation (“GDPR”). The purpose of this policy is to explain what information we collect, how we process same, and how you can instruct us to limit the processing of that information if you so wish.
1.2 Our Data Protection Representative is Maire Ni Mhurchu who can be contacted at team@Activitydays.ie.
2. Purpose and Basis for Processing of your Data
2.1 Activity Days process data on behalf of natural persons comprising their customers and tour guides. We will ensure that your data is processed in a lawful, fair and transparent manner at all times for a specific and legitimate purpose.
2.2 Activity Days relies on the following legal basis for the processing of your data;
2.2.1 Entry into and performance of the contract entered into between you and Activity Days at your request;
2.2.2 Legitimate interests of the business of the Company in promoting its services and activities;
2.2.3 Compliance with statutory obligations (where applicable);
2.2.4 Consent
2.3 Activity Days will rely on consent only as a basis for processing in exceptional cases. When relying on legitimate interest as a basis for processing, we will ensure that the rights of the data subject are balanced against the rights of the business in compliance with the GDPR.
2.4 Activity Days will use the data which you provide to us to;
2.4.1 process your order
2.4.2 book your tour or event
2.4.3 to correspond with you and the tour guide regarding arrangements for your booking
2.4.4 to send you our latest publications and information, including special offers
2.4.5 to respond to “contact us” queries
2.4.6 to issue gift vouchers
2.4.7 for marketing purposes
2.4.8 In relation to tour guides only, to process payments in connection with customer bookings
2.4.9 To meet our legal and statutory responsibilities (including legal claims if applicable)
2.5 We utilise your data to contact you by email, phone or mail in relation to our services and/or other events relating to Activity Days and/or to send latest publications and information including special offers. Where we do so, we will always include an unsubscribe button in our communications, so you can opt out of receiving such communications at any time. Alternatively, please email team@activitydays.ie and we will facilitate your request.
3. Data Collected
3.1 We will collect the following data from you whenever you complete a booking form;
3.1.1 Name
3.1.2 Address
3.1.3 Contact number
3.1.4 Email address
If you do not furnish this information to us, we will be unable to process your booking, or to engage you as a tour guide as appropriate.
3.2 We may also obtain sensitive personal data about you and the persons for whom you submit orders for activities, including physical or mental health data on completion of a health and fitness form. This information will be shared with the guides by Activity Days. This information will only be shared where necessary taking into account the nature of the activity you propose to carry out. Sensitive Data will not be retained for longer than necessary to enable performance of the Contract with Activity Days.
3.3 We operate Stripe and Splink to process your payment. Please note that your payment will be processed directly by Stripe and Splink and we will have no access to your financial information. In exceptional circumstances to assist our customers, and with your express authorisation and consent, we may also process the financial information if you specifically request us to do so on your behalf.
4. Sharing of Data
4.1 To enable us to process your booking and arrange your tour or event, we will need to share your data with our tour guides and it is an express term of the contract between you and Activity Days that we do so. Our tour guides may only use this data only for the purpose of providing their services, and no other purpose.
4.2 We will never provide your data to third parties for marketing purposes.
4.3 Activity Days may also need to share your financial information including credit card information with payment providers including Splink and Stripe to enable for order to be completed.
4.4 Activity Days may also share your data with its professional advisers where necessary including lawyers, bankers, auditors and insurers who provide professional services necessary for the operation of the business.
5. Data Retention
5.1 Activity Days will keep your data for no longer than necessary in accordance with the retention periods set out below. The legal basis for the retention of the data referred to below is the legitimate interests of the company in providing its services, and promoting its services, and to enable it to comply with its contractual, statutory and legal obligations.
5.2 The retention periods are as follows;
Data Type | Retention Period |
Customer contact information (client name, address, email address and phone number) | Two years after completion of the booking of your order (or your most recent order as appropriate) |
Financial information (including credit card information) | One month after completion of the activity which you ordered (if any data is in fact held) |
Tour Guide contact information (client name, address, email address and phone number) | One year after termination of your contract with Activity Days |
Customer Health Information | Two months after completion of the activity which you ordered (if any data is in fact held) (save in the event of occurrence of any breach of contract, accident, injury, loss, or other matter which may give rise to a legal claim or dispute) |
Personal Injury, Accidents, Damaged Property or other loss sustained by the Customer in the course of the activity | Three years following the date of the activity, or in the event that the customer is a minor, three years after the minor reaches the age of 18 years. In the event that proceedings are issued or any notification of a claim is made, then Activity Days may retain the data for as long as may be necessary until the proceedings have been concluded. |
Data Law Compliance | Records in relation to our compliance with Data Law and GDPR will be kept for a five year period. |
Breach of Contract related records | Records are retained 6 years from the date of the breach. In the event that proceedings are issued, then Activity Days may retain the data for as long as may be necessary until the proceedings have been concluded.
|
6. Data Storage
6.1 Activity Days will take all reasonable steps to ensure that your data is retained in a safe and secure manner and in compliance with GDPR.
7. Your rights relating to personal data
7.1 You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
- Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
- Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten
- Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes
- Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
- Right to object to processing – You have the right to object to the processing of data under certain conditions.
In order to exercise any of the rights set out above, please contact us at the contact details at the start of this privacy notice.
7.2 If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
7.3 If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.
7.4 You may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.
8. Our use of cookies and other information gathering technologies
We use cookies to improve your browsing experience and for statistical and analytical purposes. Please refer to our cookie policy for further details;
9. Requirement to process personal data
9.1 You may browse our website without providing us with any personal data and this will not affect your ability to view our website.
10. Automated decision-making and profiling
10.1 We do not use any personal data for the purpose of automated decision-making or profiling.
11. Changes to this Privacy Notice
11.1 Our Privacy Notice may change from time to time and changes to the statement will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. If you do not agree to these changes, please do not continue to use this Website to submit personal information.
Dated 15th day of April 2019
Activity Days Ireland Limited