GDPR

• What is GDPR?
• What does this mean for Mondello Park?
• Who we are?
• Data Protection Officer?
• How we collect information about you?
• What information do we collect about you?
• Special Categories for Data
• How we use your information?
• Lawful basis for processing
• Meeting our legal and regulatory requirements
• Consent & Direct Marketing
• How we keep your information safe?
• How long we keep your information for?
• Your information and third parties
• International transfers of data
• Your personal info rights & accessing your personal information
• Updating and correcting your personal details
• Removing consent
• Restriction and objection
• Deleting your information (right to be forgotten)
• Moving your information (right to portability)
• The right to lodge a complaint to a supervisory authority
• Updates to this notice
• Glossary
• Appendix

GDPR is the General Data Protection Regulation. It comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardize data protection laws for all EU citizens.

These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.

We have always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to

Act responsibly by putting your security at the front of our priorities;

Improve and manage our controls, processes and systems to improve our level of customer service while providing you with the assurance that your information is safe and secure; and

conduct our business in a fair and transparent way by providing information on data processing where possible and ensure we minimise the risk and impact on their data rights and freedoms.

Our Privacy Policy and Terms and Conditions on our website explains how we collect personal information about you, how we use it and how you can interact with us about it.

When we talk about “Mondello Park”, or “us” or “we” on our Data Protection Notice and this website, we are talking about Mondello Park ltd. and its subsidiaries, affiliates and their respective parent and subsidiary companies (including Early Drive & Mondello Park Sports Club). Mondello Park ltd. is a subsidiary of the Peer Group plc.

 

We share your information over secure networks within Mondello Park and with our subsidiaries and third party software systems to help us provide our services, comply with regulatory and legal requirements, and improve our products.

Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled and is your point of contact within Mondello Park, charged to act on your behalf should you have a query regarding your data. Under the 2018 General Data Protection Regulation, they are responsible for implementing the data protection strategy and maintaining compliance with the new law.

You can contact our Data Protection Officer by emailing info@mondellopark.ie with the subject line “Data Protection Officer”, or by writing to them at Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare.

We will collect information from you if you:

register to use our website; this will include your name, address, email address and telephone number. We may ask you to opt to receive additional information

place an order for products or services on our website, this will include your name (including business name), address, contact details (including telephone number and email address) and your payment details;

complete online forms, take part in surveys, write posts on any message boards, post any blogs, enter any competitions or prize draws, or participate in any other interactive areas that appear on our website or which we offer to you from time to time at the venue or at promotional events.

provide your contact details to us when registering to use or accessing any product or service we provide (including any offers or promotions we may run );

contact us offline for example by telephone, fax, email or post;

visit or browse our website, this will include information about your website visit or use of our products or services using cookies or similar technologies (as described in section below).

In the interest of clarity this section has been divided in to four sections to reflect the four sectors of the business where personal data is collected. These sectors will be divided into the categories below:

• Motorsport Participants
• Product Customers
• Event Customers & Attendees
• Mondello Park staff, vendors and contractors

A. Motorsport Participants

Motorsport Participants refers to any person looking to partake in any on-track activities in Mondello Park

As a race competitor/participant, we collect personal information from you in the interests of liability and as a legal requirement both by Irish Law and under Motorsport Ireland directive and Motorcycling Ireland directive as the governing bodies of Motorsport in Ireland.

The information we collect is as follows:

• Driving Licence information
• Motorsport Ireland Licence information
• Medical Information (where applicable)
• Proof of Identification
• Name
• Address
• Contact information (phone, email or both)
• Next of kin name
• Next of kin contact information
• Guardian contact for u18 competitors (where applicable)
• Payment information
• Imagery and video at the venue

As a right of participation, competitors must be aware that and agree to the potential of medical examinations to determine competence to drive being carried by a medical professional at the request of Mondello Park staff or officials on the day. This may include but is not limited to; Testing for Alcohol in the competitors system, testing for drigs in the competitors system, testing motor functionality, eyesight testing. Failure of any tests or failure to participate in a test may result in your information being passed on to the relevant authorities including Motorsport Ireland, An Garda Shiochana or the relevant health service.

As a right of admission, competitors must be aware that and agree to Mondello Park having active cctv security on site and occassionally CCTV will be recorded and stored for no more than 7 days post an event.  As well as CCTV; security personnel may also be in attendance at events held at Mondello Park and again competitors and attendees, as a right of admission, must be aware that and agree to, security personnel conducting searches of the persons and their vehicle(s) where requested. Competitors are entitled to have these searches conducted by a member of An Garda Siochana if and when requested.

B. Product Customers

Product Customers refers to any member of the public who purchases/attends or is present at a publically accessible driving experience; including but not limited to the Motor Race Experience, Supercar Experience, BMW Driving Experience Powered by M, Drift Games Experience, D.A.R.E. Experience, Lola Hot Laps & Autotest.

As a product customer, it is a requirement that we collect and store personal information from you and the product receiver/user, (where the product is purchased for a third party) in the interests of public liability and as a legal requirement of Irish Law and also to ensure we can offer the best customer service and experience until the product voucher/experience is redeemed and/or expires. In the case of all our customer products, we are required to keep this information for 12 months.

The information we collect from Product Customers is as follows:

• Driving Licence information
• Proof of Identification
• Purchaser Name
• Purchaser Address
• Purchaser Contact information (phone & email)
• Product
• Next of kin contact information
• Next of kin relationship
• Guardian contact for u18 customers (where applicable)
• Payment information
• Proof of Indemnity form
• Insurance Excess waiver form
• Imagery and video at the venue

As a right of admission, customers must be aware that and agree to Mondello Park having active cctv security on site and occassionally CCTV will be recorded and stored for no more than 7 days post an event.  As well as CCTV; security personnel may also be in attendance at events and experience days held at Mondello Park and again customers and attendees, as a right of admission, must be aware that and agree to, security personnel conducting searches of the persons and their vehicle(s) where requested. Patrons are entitled to have these searches conducted by a member of An Garda Siochana if and when requested.

C. Event Customers & Attendees

Event customers and attendees refers to any person who attends a public or privately hosted event at the Mondello Park venue, including but not limited to; Mondello Park hosted events, corporate parties, third party venue hires, track days, Motorsport Ireland licenced events, charity fundraiser events, fun runs, cycles and other unnamed events taking place on the grounds of Mondello Park.

As an attendee at an event at Mondello Park, we collect information from patrons and attendee’s in the interest of safety and security and to enhance the customer experience at the venue. The information collected varies dependent on the type and size of the event and also on whether the event is internally or externally hosted (by Mondello Park or a third party)

The information we collect is as follows:

• Attendee Name
• Attendee Contact information (phone or email or both)
• Attendee Delivery address (where applicable or requested)
• Attendee Age (where applicable)
• Proof of ID (where applicable)
• Payment/Card details (where applicable)
• Imagery and Video at the venue

As a right of admission, patrons must be aware that and agree to Mondello Park having active cctv security on site and occassionally CCTV will be recorded and stored for no more than 7 days post an event.  As well as CCTV; security personnel may also be in attendance at events held at Mondello Park and again patrons and attendees, as a right of admission, must be aware that and agree to, security personnel conducting searches of the persons and their vehicle(s) where requested. Patrons are entitled to have these searches conducted by a member of An Garda Siochana if and when requested.

D. Mondello Park Staff, Vendors and Contractors

Staff, vendors and contractors refers to any individual working on behalf of or in partnership with Mondello Park at the venue including full and part-time staff, promotional staff, third party traders, third party contractors, track hire staff and any other individual conducting business at the Mondello Park venue on behalf of Mondello Park, it’s affiliates or third party contractors.

As an individual working at the venue, it is your right to be aware of where information is being collected at the venue relating to you in the course of conducting your duties. In the interest of safety, security, public law, public liability and to protect business interests; Mondello Park on occasion collect the following information:

• Staff Name
• Staff Address
• Staff Contact information (phone & email)
• Staff PPS number
• Staff CV and reference contact information
• Staff history including disciplinary, attendance and conduct reports
• Staff payment information (including tax details and relevant revenue information)
• Certificate(s) of compliance (health certificate etc. where applicable)
• Video and Imagery

As an agreement of employment; staff, vendors and contractors must be aware that and agree to, Mondello Park having active cctv security on site and occassionally CCTV will be recorded and stored for no more than 7 days. This includes CCTV being recorded in the offices and other areas where staff conduct their work. This is in the interest of staff safety as well as protecting business interests, particularly regarding the handling of large volumes of cash and is used in relation to any disputes or claims being placed against Mondello Park and can be used in the cases of theft, mismanagement, attendance and staff/customer interactions.

As well as CCTV; security personnel may also be in attendance at Mondello Park and again, staff, vendors and third party contractors as an agreement of emplotment, must be aware that and agree to, security personnel conducting searches of the persons and their vehicle(s) where requested and with probable cause. Staff, vendors and contractors are entitled to have these searches conducted by an external third party such as a member of An Garda Siochana if and when requested.

For more information on employee rights and entitlements, please see your Mondello Park employee contract as well as the citizens information website here: http://www.citizensinformation.ie/

Under the new General Data Protection Regulation, there are special categories that require additional safeguards for processing. In certain instances, we are required by law to hold this information for processing. These data types and the reason we collect them are as follows:

 

Health Data:

We may be required to collect health data from you particularly if you are a motorsport competitor or wishing to participate in an on track activity. This is in accordance with Irish Law requiring driver competency and Motorsport Ireland regulations requiring an in date Medical Health check as a pre-requisite to partaking in competitive motorsport.

 

Driving Licence Data:

We may be required to collect Driving Licence Data from you particularly if you are a motorsport competitor or wishing to participate in an on track activity. This is in accordance with Irish Law requiring a driver has an in date driving licence, outlining any penalties and suspensions if applicable.

 

We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our website.

Cookies

This website uses “cookie” technology. A cookie is a little piece of text stored by the browser on your computer, at the request of our server. We may use cookies to deliver content specific to your interests and to save your personal preferences so you do not have to re-enter them each time you connect to our website – our cookies are not available to other websites. Our cookies will record the following: your IP gateway address, the point of entry to the site, search terms used, your navigation through the site and other information that helps us make the site more accessible. You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent. You can also delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of this website.

Personal Data

To provide our products and services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services for legal and insurance reasons.

We will process any Personal Data you provide to us for the following purposes:

(a) to provide you with the goods or services you have ordered.

(b) to contact you if required in connection with your order or to respond to any communications you might send to us.

(c) to send you further information about goods or services that you buy from us.

We analyse the information that we collect on you through your use of our products and services and on our social media, apps and websites. This helps us understand your interests, how we interact with you and our position in our market place. Examples of how we use this information include keeping you up to date with customer experience availability, product expiry, upcoming events and offering you products and services which may be of interest to you.

 

We may report non personal data from our websites and social media to third parties. These trend reports may include information about activity on devices, for example mobile phones, social media platforms, number of page visits, location, age and gender. When we prepare these reports, we DO NOT acquire or include peoples personal information such as name or location. We do not share any personally identifiable information in these reports.

To use your information lawfully, we rely on one or more of the following legal bases:

• performance of a contract;
• legal obligation;
• our legitimate interests;
• your consent;
• protecting the vital interests of you or others; and
• public interest.

Performance of a Contract

Providing relevant products and services

We provide our customers with products such as driving experiences, track days, event tickets, track hire and corporate/private parties.

We process your information to identify and authenticate you to use our products and services, while also streamlining the booking process for repeat and return customers.

Maintaining and monitoring your products and services

As some of our products have a lifespan and/or an expiry date we must continually monitor and update you as the product holder with information to ensure A) you are reliably informed of availability, expiry limits, booking information all while making sure your data is safe, accurate and up to date. This ensures we keep your personal details and financial products secure, and give you the best customer service, ensuring you get full value from your purchase. For this reason we keep your personal information on our record for 24 months from the point of purchase.

To do this, we may share information with third party external systems used to manage our bookings and financial details, namely Optimo Software, Sagepay, AIB Merchant Services and Prosolve Software T/A Rev Up.

Legal Obligation

We must process this information in order to comply with our legal obligations under Irish and EU Law and Motorsport Ireland rules and regulations. This may include sensitive information.

Identify and authenticate our customers

We process your personal information as a legal requirement to identify and authenticate our customers legal provisions, particularly as, in the majority, Mondello Park products involve partaking in or operation of, a mechanically propelled vehicle, which under Irish and EU law has legal restrictions and requirements in place to evaluate and identify competency.

This information may include; driving licence info, driving history checks, medical examinations and any other legal assessments which are required by either Irish Law or Motorsport Ireland Rules and Regulations.

We share your information with third parties and third party external systems when performing these checks such as Motorsport Ireland in order to confirm legitamacy and external systems used to manage our bookings and financial details, namely Optimo Software, Sagepay, AIB Merchant Services and Prosolve Software T/A Rev Up.

Our legitimate Interests

Legitimate interest refers to the interests of Mondello Park ltd. and it’s subsidiaries in conducting and managing our business when providing products and services. The core legitimate interests of Mondello Park are to provide the best customer service, introduce innovative products and services and events, and to protect our customers, staff and shareholders and business interests.

As an ongoing business have assessed whether the legitimate interests of Mondello Park will adversely impact the rights and freedoms of the data subject prior to processing. Our assessments have helped us understand and set out the framework for what information we need, our business requirements, the impact on our customers and employees, alternative options for processing and how long we hold the information for.

Manage and understand risk

As a pubically accessible venue, and a business that operates in the motorsport spectrum, we must manage and understand our risk exposure to ensure our customers are protected.

We produce internal management information to understand risk across the business, to ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards. This includes following and implementing national and international industry standards and insurance requirements.

Perform Customer checks (where necessary)

To ensure that we are operating in a responsible manner, we must perform checks for certain products and services to authenticate our customers and assess suitability to avail of our products.

We may share information withthird parties such as Motorsport Ireland; third party external systems used to manage our bookings and financial details, namely Optimo Software, Sagepay, AIB Merchant Services and Prosolve Software T/A Rev Up and centralised registers such as the National Driver Licence Service for these checks.

Manage our relationship with you

We keep our records up to date to contact you when required and provide the best customer service.

Analyse information and research your experiences dealing with us

We want to continually improve and better understand our customers. By collecting and analysing data from multiple sources, we can better understand the requirements of our customers and how we can improve products and service offerings.

This analysis also helps us run our business more efficiently and effectively.

We may provide Non-Personal Data to third parties, where such information is combined with similar information of other users. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.

We will not disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfill your order (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

Identify ways we can improve our products and services

We are always working to develop new products and events and to provide innovative ways of delivering these to you.

We analyse the market and our customer base to better understand what people like and what people want from their experience of Mondello Park. We do this by collecting data on your purchases, interactions with our website, staff, social media and using customer surveys. We use this information to provide a more personalised service to our customers and improve their experience using our products and services.

Prevent financial crime and cyber attacks

We continually monitor and analyse transactions to detect and prevent fraud and cyber-attacks. This enables us to protect and secure our customers information, our networks and our financial interests.

We share information with third parties to prevent financial crime, report fraud, manage our risks and protect both our interests such as AIB Merchant Services and Sagepay.

Sell whole or part of our business

On sale of loan books, subsidiaries or parts of our business, we will share the necessary information required by the purchaser to assess valuations, perform due diligence and continue processing of the data.

This may include transferring your personal information to the purchaser.

Internal management information

We produce internal management information to run our business and better understand customer needs. This information enables us to make informed decisions and develop our strategy.

In the case of, but not limited to, motorsport competitors and individuals taking part in on track activity we are required to process certain information about you to meet our regulatory and legal obligations. We collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it.

We may also gather information about you from third parties to help us meet our obligations. In the case of motorsport competitors, in order to process your entries, we will supply your personal information to Motorsport Ireland and they will give us information about you, such as about your racing licence, bans, penalties and anything else relating to you as a competitor which may affect your race entry. We do this to assess eligibility, check your identity, manage your race entry and update our systems correctly.

In the event of accidents, incidents or reports, we may disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

 

If you do not provide the information that is required by either ourselves, Motorsport Ireland rules & regulations or Irish & EU law, or help us keep it up to date, we may not be able to provide you with our products and services or our products and services may be cancelled without notice.

Consent

Where there is not a legal or contractual requirement, sometimes we need your consent to use your personal information. For example, when we use sensitive personal information (known as special category information under GDPR) about you, such as medical, we will ask for your clear and explicit consent.

We have controls to ensure that you are informed when making your decision and that you are aware that you can remove your consent at any time by contacting us. We will stop data processing requiring your consent at any time you make valid request.

Direct Marketing

Outside of where there is a legal or contractual requirement such as driving experience customers with valid and in-date vouchers and experiences as well as motorsport competitors; for direct marketing, we need your consent to make you aware of products, services and events which may be of interest to you. We may do this by phone, post, email or through other digital media.

You can decide how much direct marketing you want to accept when you apply for new products and services.

As part of our direct marketing, we analyse the information that we collect on you through your use of our products and services and on our social media and websites. This helps us understand your user behaviour, how we interact with you and our position in a market place. This enables us to personalise your experience and provide you with the most suitable products and services.

 

If we ever contact you regarding our products, services and events, you have the choice to opt out. All our digital correspondence will include an option to opt out of receiving information in this manner. To opt out of all correspondence, you can contact Mondello Park.

We protect your information with security measures under the laws that apply and we meet National, European and International standards. We keep our computers, files and building secure with 24hr on-site CCTV security and anti-theft alarm systems as wel as 24hr IT support.

Storing and protecting your Personal Data

Mondello Park collects, processes and stores your personal data using a small tree of third party systems as well as secure internal networks. Each of these Systems is an internationally recognised software brand and is an integral part of how we manage and maintain our customer and business information.

Internal Servers

Mondello Park stores personal data such as employee details, customers details and interactions on our secure internal servers. These servers are not accessible outside of Mondello Park and are accessible only through an encrypted network.

Optimo Software

Optimo Software is CRM based software used to manage bookings and calendars for Mondello Park products, services and events. Optimo stores any personal data relevant to any product or service an individual has purchased.

Rev Up Software

Rev Up is a software system used to manage motorsport competitor information and championship applications and entries. Rev Up stores and personal and sensitive data relevant to any individual wishing to take part in competitive motorsport at Mondello Park.

AIB Merchant Services

AIB merchant services is the secure payment software used for processing all point of sale and phone transactions including payments made through Rev Up.

Sagepay

Sagepay is the secure payment software used for processing all online transactions including payments made through Optimo.

Mailchimp

Mailchimp is a CRM Direct Marketing Software used by mondello park to contact product and service users regarding expiry dates, availability as well as marketing and promotional correspondence. No sensitive personal information (known as special category information under GDPR) is stored or maintained through Mailchimp.

Programmus t/a Optimo Software GDPR Statement - Appendix B

Prosolve Software t/a Rev Up GDPR Statement - Appendix C

AIB Merchant Services GDPR Statement - Appendix D

Sagepay GDPR Statement - Appendix E

The Rocket Science Group LLC t/a Mailchimp GDPR Statement - Appendix F

In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implemented processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meeting our obligation.

 

When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information. You can contact the Data Protection officer by email via info@mondellopark.ie with the message line “Data Protection Officer” or in writing to: Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare

To meet our legal obligations, motorsport ireland rules and regulations and insurance and indemnity interests, we hold your information while you are a customer and for a period of time after that. To help you understand how long we hold some of your data for, we have outlined our internal retention below. We hold all data while you are an active customer with us as a requirement to conduct our business.

Please note that these retention periods are our policy but are also subject to legal, regulatory and business requirements, which may require us to hold the information for a longer period. For example,should their be any dispute, legal case or internal or external investigation. We must do this to protect both of our interests and the interests of any third party including individual, government or corporate body.

We continuously assess and delete data to ensure it not held for longer than necessary.

In the interest of clarity this section has been divided in to four sections to reflect the four sectors of the business where personal data is collected. These sectors will be divided into the categories below:

• Motorsport Participants
• Product Customers
• Event Customers & Attendees
• Mondello Park staff, vendors and contractors

Non Personal Data

Motorsport Participants

Retention Period - 5 years interaction

Under Motorsport Ireland Rules and Regulations, we are oblidged to retain information relating to motorsport competitors for a minimum of 5 years. This relates to potential claims, disputes and any other Motorsport Ireland related rules or regulations. If/when a competitor returns to competitive action after a gap of a number of years, the retention period begins again from that period. PLEASE NOTE: In circumstances where there is a claim/dispute made or pending, Mondello Park are required to retain this information beyond the retention period outlined above until any outstanding issues have been resolved.

Product and Service Customers

Retention Period - 7 years after last interaction

Mondello Park are required to keep customer and transaction details as a requirement of Irish Law for the purposes of Revenue Auditing. This is in accordance with best business practice. No personally identifiable information is used or accessbile in the case of an audit.

Event Customers and Attendees

Retention Period - 7 years after last interaction

Mondello Park are required to keep customer and transaction details for seven years as a requirement of Irish Law for the purposes of Revenue Auditing. This also relates to potential claims, disputes and any other legal requirements under Irish law. This is in accordance with best business practice.

Mondello Park staff, vendors and contractors

Retention Period - 6 months

Mondello Park keep staff, vendor and contractor information for the duration of the employment/contract and for a period of 6 months after cessation of employment. Once the 6 month period has expired, any physical and digital information relating to former employees, vendors and contractors is safely destroyed including, physical shredding, data purging and email database purging. Any requests for employee/vendor/contractor information from previous employee’s, prospective employers or revenue officials must be made within the outlined 6 month period.

Non-personal Data

Retention Period - 2 years

Non-personal data is collected by third party analytic aggregators such as Google Analytics and Wordpress. Non-personal data refers to analytical data such as IP Address, Location, Website navigation and traffic source, Age, Gender, Demographic and any other data correlated through interactions with our websites and social media channels. Any non-personal data collected or retained DOES NOT contain any personally identifiable information or sensitive information.

Sometimes we share information with third parties including but not limited to relevant governing bodies and regulatory bodies as well as potential sponsors advertisers and company partners.

For example to:

• provide products, services and information;
• analyse information;
• Improve customer experiences online and offline;
• research your experiences dealing with us;
• sell whole or part of our business;
• prevent crime;
• trace information; and
• protect both our interests.

Third parties we share information with can include:

• Sponsors;
• Partners;
• External Vendors;
• Third party system suppliers;
• External Suppliers - such as printers;
• Company search databases;
• Regulatory bodies including the Data Protection Commissioner and Motorsport Ireland;
• Companies we have a joint venture or agreement to work with such as Early Drive and Mondello Park Sports Club;
• Insurance companies including our own;
• Government bodies including Revenue;
• Market research companies;
• External consultancy firms including Legal, Accountancy and Marketing; and
• Any entity you request your data to be shared with.

We require that these third parties provided sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms inline with the new GDPR legislation.

We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell the relevant enforcement agencies, which may be either in or outside Ireland.

We may be required on certain occasions to transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. We expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.

 

Any third party services used by Mondello Park, as a business practice, are required to be GDPR compliant. For more information on third party services we use and their GDPR compliance, please see the Appendix contained in this document.

You can exercise your rights and access your information by contacting us via email to info@mondellopark.ie with the subject line “Data Protection Officer” or by post to: Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare.

Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

If your request for a copy of all your information is deemed excessive or manifestly unfounded you will need to pay a nominal fee, currently €6.35 for administration costs to compile and present and send your information to you. If your requests are deemed to be too frequent, excessive or mischievous, we may choose to refuse your request on the basis of prior compliance taking place. Your right to obtain information cannot adversely affect the rights and freedoms of others, therefore, we cannot provide information on other people without consent.

You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information. You can request the following information:

the purposes of the processing;

the categories of personal data concerned;

the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

If we hold any information about you which is incorrect or if there are any changes to your details please let us know so that we can keep our records accurate and up to date.

You can contact us by emailing info@mondellopark.ie with the subject line “Data Protection Officer” or by post to: Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare.

If at any point you wish to rescind your previously given consent, such as for direct marketing or your sensitive information. You can request that we no longer process data we require your consent for by emailing info@mondellopark.ie with the subject line “Data Protection Officer” or by post to: Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare.

You may have the right to restrict or object to us processing your personal information. We will require your written consent to further process this information once restricted. You can request restriction of processing where;

 

The personal data is inaccurate and you request restriction while we verify the accuracy;

The processing of your personal data is unlawful or unrequired;

You oppose the erasure of the data, requesting restriction of processing instead;

You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing;

You disagree with the legitimate interest, legal basis and processing is restricted until the legitimate basis is verified.

You may ask us to delete your personal information or we may delete your personal information under the following conditions:

 

your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

you withdraw your consent where there is no other legal ground for the processing;

you withdraw your consent for direct marketing purposes;

you withdraw your consent for processing a child’s data;

you object to automated decision making;

the personal data have been unlawfully processed;

your personal data has to be erased for compliance with a legal obligation.

Where possible and necessary we can share a digital copy of your information directly with you or another organisation. We will provide this information in a structured, commonly used and machine-readable format. Note, we can only share this information where it has been processed automatically (hard copy documents are excluded for portability) and was processed under your consent or performance of a contract (further details on this are available in our Lawful Basis section)

 

We do not share information processed under legal obligation or our legitimate interest for portability, in line with GDPR guidance.

If you have a complaint about the use of your personal information, please let us know by emailing info@mondellopark.ie with the subject line, “Data Protection Officer” allowing us the opportunity to put things right as quickly as possible.

If you wish to make a complaint you may do so in person, by phone, in writing and by email. The Data Protection Officer will fully investigate all the complaints we receive and report back to you. We ask that you supply as much information as possible to help us resolve your complaint quickly.

You can also contact the Office of the Data Protection Commissioner in Ireland on the below details:

 

Visit their website www.dataprotection.ie.

Email info@dataprotection.ie

Phone on +353 (0)57 8684800 or +353 (0)761 104 800

Write to Data Protection Office, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square, Dublin 2, D02 RD28, Ireland.

The information contained in the notice may change from time to time dependent on if and when we make changes to the use and type of data and information we process and inprovements/advancements in technology and products.

The Mondello Park website will always contain the most up-to-date version of this website which can be accessed at the bottom of the home screen at www.mondellopark.ie or if you would like a printable version or hard copy, please request it by emailing info@mondellopark.ie with the subject line, “Data Protection Officer” or by post to: Data Protection Officer, Mondello Park, Donore, Naas, Co. Kildare.

A Glossary of Terms and Definitions as used in relation to the GDPR.

Binding Corporate Rules (BCRs) - a set of binding rules put in place to allow multinational companies and organisations to transfer personal data that they control from the EU to their affiliates outside the EU (but within the organisation)

Biometric Data - any personal data relating to the physical, physiological, or behavioral characteristics of an individual which allows their unique identification

Consent - freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data

Data Concerning Health - any personal data related to the physical or mental health of an individual or the provision of health services to them

Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Data Erasure - also known as the Right to be Forgotten, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data

Data Portability - the requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller (more info here)

Data Processor - the entity that processes data on behalf of the Data Controller

Data Protection Authority - national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union

Data Protection Officer - an expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR (more info here)

Data Subject - a natural person whose personal data is processed by a controller or processor

Delegated Acts - non-legislative acts enacted in order to supplement existing legislation and provide criteria or clarity

Derogation - an exemption from a law

Directive - a legislative act that sets out a goal that all EU countries must achieve through their own national laws

Encrypted Data - personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access

Enterprise - any entity engaged in economic activity, regardless of legal form, including persons, partnerships, associations, etc.

Filing System - any specific set of personal data that is accessible according to specific criteria, or able to be queried

Genetic Data - data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual

Group of Undertakings - a controlling undertaking and its controlled undertakings

Main Establishment - the place within the Union that the main decisions surrounding data processing are made; with regard to the processor

Personal Data - any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person

Personal Data Breach - a breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data

Privacy by Design - a principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition

Privacy Impact Assessment - a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data

Processing - any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Profiling - any automated processing of personal data intended to evaluate, analyse, or predict data subject behavior

Pseudonymisation - the processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution

Recipient - entity to which the personal data are disclosed

Regulation - a binding legislative act that must be applied in its entirety across the Union

Representative - any person in the Union explicitly designated by the controller to be addressed by the supervisory authorities

Right to be Forgotten - also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data

Right to Access - also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them

Subject Access Right - also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them

Supervisory Authority - a public authority which is established by a member state in accordance with article 46

Trilogues - informal negotiations between the European Commission, the European Parliament, and the Council of the European Union usually held following the first readings of proposed legislation in order to more quickly agree to a compromise text to be adopted.

Appendix A - Motorsport Ireland

 

Appendix B - Programmus t/a Optimo Software GDPR Statement

 

Appendix C - Prosolve Software t/a Rev Up GDPR Statement

Appendix D - AIB Merchant Services GDPR Statement

https://aib.ie/dataprotection

Appendix E - Sagepay GDPR Statement

Appendix F - The Rocket Science Group LLC t/a Mailchimp GDPR Statement

https://kb.mailchimp.com/binaries/content/assets/mailchimpkb/us/en/pdfs/mailchimp_gdpr_sept2017.pdf

Appendix G - EUGDPR Public Info

https://www.eugdpr.org/

Appendix H - Citizens Information

http://www.citizensinformation.ie/en/government_in_ireland/data_protection/rights_under_general_data_protection_regulation.html