OUR PRIVACY POLICIES
Lough Mardal Lodge is a limited company registered in Ireland whose registered office is Bradlieve, Ballintra, Co. Donegal F94 W4FE. We operate as Data Controller for the information you provide to us.
Lough Mardal Lodge is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the General Data Protection Regulations (GDPR) in Ireland.
The purpose of this statement is to explain to you what personal information we collect, and how we may use it under the new General Data protection Regulations (EU) 2016 / 679 (GDPR). We have reviewed and updated our policies, processes and procedures to comply with the GDPR and have updated this Privacy Notice accordingly.
If you have any questions about the protection of your data, please email our Data Protection Officer: email@example.com
Personal information we collect when you interact with us:
When you make a booking, we need to know your name, address, telephone number, email address and card details. This allows us to process and fulfill your booking. You have the option to withhold personal information that is not required for the booking process.
We do not sell, rent or exchange your personal information with any third party for commercial reasons, beyond the essential requirement for credit/debit card validation during purchase. We may be required to give information to third parties such as expert witnesses, law enforcement agencies, courts and other professional advisers.
Lough Mardal Lodge never sends emails asking you to provide personal or credit card information. Lough Mardal Lodge does not disclose buyers’ information to third parties.
Web browser cookies:
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers outside of the EEA.
Take and fulfill customer bookings
Administer and enhance the site and service
Any information stored by Lough Mardal Lodge is encrypted for your protection
Your personal identification information is used in a variety of ways, including, but not limited to, when you visit our website, place a booking, subscribe to our newsletter and in connection with other activities, services, features or resources we make available on this site. You may be asked for, as appropriate, name, email address, mailing address, phone number etc. You may, however, visit our site anonymously. We will collect personal identification information from you only if you voluntarily submit such information to us.
Credit Card Information:
Our payment processes are PCI DSS compliant. In booking, to process credit and debit card transactions, the bank or card processing agency may require to verify your personal details for authorisation. We do not store credit card information which is passed through directly to our payment service provider. Your information will not be transferred outside of the EU for any other purpose.
We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the GDPR regulations.
We will send emails to you, for the purpose of informing you of new products, offers and services. You may have consented to us sending you newsletters from time to time as part of the booking process.
If you no longer wish to be contacted, and wish to be unsubscribed from our email communications, please email us on firstname.lastname@example.org. You may also opt out of this notification service by replying to the email that was sent with the word “unsubscribe” (without the quotes) in the subject line.
How we use your information:
We may use your personal information to manage bookings, provision of services, offers, surveys and newsletters you have requested. Specifically:
To keep you informed of any special offers, company news, updates, product information or events that we believe might be of particular interest to you
To administer and operate your account and to fulfill bookings placed through our website
For payment processing associated with the fulfillment of bookings
To respond to your customer service requests
To track activity on our website
For record-keeping purposes
For market research
To confirm your identification when you contact us
Automated decision making:
We do not undertake any automated decision, excluding Google Analytics, making using your data, nor do we use your data for profiling or any other investigative purposes.
Security of your data:
We have taken all reasonable steps to ensure that we and our Data Processors adapt industry standard security protection systems to ensure the security of your data. We have security procedures in place to ensure that we can effectively identify report, manage and resolve any personal data breaches. We have procedures to deal with key data subject rights, like subject access requests and the right to request deletion. We are reviewing our key third-party vendor arrangements to make sure we have the appropriate contractual protections in place to satisfy GDPR requirements.
We have an internal GDPR training program running across key areas of the business to increase awareness of how the legislation impacts their day-to-day roles. We regularly review our data security procedures to ensure they are kept up-to-date.
Your rights under GDPR:
The GDPR provides the following rights for individuals, and please click here for further information:
The right to be informed
The right of access
The right to rectification
The right to erasure – complete deletion of your personal data
The right to restrict processing
The right to data portability
The right to object
Subject Access Request:
Under GDPR, individuals are entitled, subject to certain exceptions, to request access to information held about them. This is called a Subject Access Request. Subject Access Requests should be made by email or in writing addressed to the Data Protection Officer (DPO) at email@example.com The DPO can supply a standard request form, although you do not have to use this.
The information that you are entitled to is:
What information the company holds about you and why
How you can gain access to it.
How to keep it up to date
How the company is meeting its data protection obligations
The DPO will always verify the identity of anyone making a subject access request before handing over any personal information. The DPO will require photo ID and/or proof of address. Our aim is to provide the relevant information to you within 30 days.
Your right to complain about us:
If you are dissatisfied with our handling of your requests about the protection of your data you have the right to complain to the Information Commissioners Office (ICO).