Last updated August 2020
We at The Scullery respect your right to privacy and comply with our obligations under Irish data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and the Data Protection Acts 1988 to 2018, as such laws may be updated from time to time (“Data Protection Laws”).
Where we need to process your personal data, or where we have a legal obligation to process your personal data (for example, in order to comply with our legal obligations), we will not be able to provide you with the full benefit of these operations if you do not provide this information to us.
2. About us
We are a “controller”. This means that we are responsible for deciding how we hold and use personal data about you. It is important that you read this privacy statement so that you are aware of how and why we are using your personal data.
3. The personal data we collect and use about you
The personal data you give us may include:
- Identity Data: your full name, address, e-mail address, phone number, title and photograph.
- Financial Data: your debit card, credit card and bank account details.
- Competition Data: comments you may post on the Site in connection with a specific competition.
- General Communication Data: When you contact us or we contact you or you take part in promotions, campaigns, surveys or reviews about our Services
We also gather statistical and other non-personal analytical information collected on an aggregate basis of all visitors to our website. This comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.
The non-personal data we will automatically collect with regard to each of your visits to our Site may include the following information:
- Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you use the application and other performance data; and
- Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the Site (including date and time), page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
4. Why we use your personal data
We process personal data you provide to us for the following purposes:
- For processing your online purchases, including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations.
- To screen purchase orders for potential risk or fraud.
- To provide you with eZines and newsletters for which you subscribe.
- To process your participation in promotions, campaigns, surveys or reviews about our Services
- To respond to your communications to us via the Site or contact points referred to on the Site.
- To post photographs you send to us on the Site or on our social media accounts.
- To comply with applicable laws, tax and regulatory reporting obligations.
5. Legal basis for using your personal data
For each of the situations listed in section 4 which your personal data is processed, one, several, or all of the following grounds justify this use of your personal data:
- Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request (e.g. to send you a t-shirt that you have requested).
- Processing is necessary to comply with our legal obligations (e.g. we are required by law to keep records of donations for 7 years according to The Revenue Commissioners).
- To pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override our legitimate interests. Our use will be fair and balanced and never unduly have an impact on your rights.
6. Third Party Information
Other Individuals’ Personal Data
Where you provide us with personal data relating to other people, you represent and warrant that you will only do so in accordance with Data Protection Laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this privacy statement, the Site Terms & Conditions, and where necessary you will obtain their consent to our use of their information. You will provide anyone that you provide us with personal data about with a copy of this privacy statement. We may notify those individuals that you have provided their details to us.
Information Collected by Third Parties through Third-Party Links and Content.
7. Disclosure of your personal data
We reserve the right to disclose your personal data to third parties:
- If we are under any legal or regulatory duty to do so.
- To protect our rights or the safety of us, our personnel, users or others.
We also use third party service providers as our processors to only hold and use personal data on our behalf in order to provide us with a service. We may also disclose personal data to our professional advisors and experts in order to obtain their assistance in carrying out our services and our activities.
8. International transfers of your personal data
We may transfer your personal data outside the European Union (“EU”), to service providers which use resources, or which carry on data processing facilities outside of the EU. We will only transfer your personal data to these entities where the EU Commission has decided that the third country in question in which they are located ensures an adequate level of protection in line with EU data protection laws or where we have agreed with these recipients to use EU Commission approved standard contractual clauses to transfer the personal data.
9. Data security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data within our organisation and to third parties that need access to your information in connection with the Campaign. They will only process your personal data on our instructions and are required to protect personal data.
Please be aware that when you transmit information to us or to our service provider over the internet or another telecommunications network this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a recognised third party online secure payment system, and we are not responsible for the security of this system. You should contact these third parties for information about the security of these internet, telecommunications systems or payment systems if you need further information.
We cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data but we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your personal data and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. How long we retain your personal data for
We endeavour to ensure that personal data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We generally retain personal data for as long as is required to satisfy the purpose for which it was collected. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. Some of your personal data may need to be retained because of circumstances such as a legal dispute or regulatory investigation, which would not normally be subject to retention.
11. Your rights in relation to your personal data
You have various rights under Data Protection Laws, subject to certain exemptions, in connection with our processing of your personal data, including the right to:
- Gain access to and copies of your personal data. You are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that person’s consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you.
- Ensure that your personal data is accurate. You may request have inaccurate or incomplete information corrected and updated by us.
- Request erasure of your personal data. This right enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. However, where we hold and process your personal data in order to comply with legal obligations, such as compliance with tax requirements and exemptions, or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your personal data is limited;
- Object to our processing your personal data. You may object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your personal data and there is something about your particular situation which makes you wish to object to processing on this ground.
- Request that we restrict processing of your personal data. This right enables you to ask us to suspend the processing of your personal data (e.g., if you want us to establish its accuracy or the reason for processing it).
- Data Portability. Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you are entitled, where technically feasible to request that we transmit your personal data in this format to another controller.
- To not be subject to solely automated decision. You have the right to be informed if your personal data will be subject to automated decision making, including profiling, where that decision impacts on your legal rights. Profiling is an automated form of processing of personal data often used to analyse or predict personal aspects about an individual person. We do not engage in profiling.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data, or to exercise any of your other rights. We may ask you to provide us with your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), and once verified we will delete this data. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you have any questions or wish to exercise any of your rights please contact us by email at firstname.lastname@example.org or write to The Scullery, Unit 4C, Stafford St. Business Pk. Nenagh, Co. Tipperary, Ireland. You have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie.
12. Changes to this Privacy Statement
We reserve the right to amend this Privacy Statement at any time, for any reason, without notice to you, other than the posting of the amended Privacy Statement on the Site. We recommend that you check the Site often, referring to the date of the last modification listed at the top.