3for3 GDPR Statement
Who We Are?
This is the Data Privacy Statement of CAROLINE'S 3 FOR 3 BRIDGES COMPANY (3for3), with head office based at 7 Sarsfield Street, Limerick, phone number +353 (0)61 413 778.
About This Statement
This Data Privacy Statement is designed to demonstrate our firm commitment to privacy, our compliance with the General Data Protection Regulation (GDPR) and to inform you of the personal data that we collect and process in connection with your interaction with 3for3.
It also sets out details of what personal data we process, why we process it, with whom your personal data is shared, and a description of your rights with respect to your personal data
Personal Data Processed
The personal data we hold, process and retain will be used for the management of your account, for administrative purposes, for meeting our legal and regulatory obligations and for marketing, where you give consent. We hold it and use it to protect your rights and interests and to manage our relationship with you appropriately, effectively and lawfully. At the same time, it enables us to run our business.
Where there is a need to process your data for a purpose other than those set out in this Data Privacy Statement, or otherwise outlined to you, we will inform you of this and, if required, we will seek your consent.
For sales transactions made online or over the phone, we collect your name, phone number, email address, billing and delivery address. We aim to process your credit card details at the point of sale, in which case we do not retain your credit card details. In some cases, credit card details are stored to guarantee a reservation. These are stored securely and deleted as soon as they are no longer required.
Online customers can opt to create an account, where they can review their previous orders and they can edit all of their personal data. Credit card details are not stored by us.
Payments on this website are made through our third party payment gateways Stripe. These systems use a combination of both established and innovative techniques to ensure the security and integrity of all sensitive data. The transfer of credit card details from Hook & Ladder to Stripe are encapsulated using encryption and digitally-signed protocol to ensure that the information passed is 100% secure and tamper-proof.
When purchasing tickets, we collect your personal details, including your name, email address and phone number, through an attendance sheet and a feedback form. We securely retain a copy of the attendance sheet as we use this to obtain your consent to be placed on the email marketing list. We securely dispose of feedback forms once we have reviewed them.
Through the contact form on our website, we collect your name, phone number, email address and a message. This is processed within our secure email system, where access to your details will be restricted to only those who need to deal with your query.
We have an email list, which we use to send a regular newsletter with information about products and offers. We always seek your explicit consent to be placed on this list and you can unsubscribe at any time.
We may also use your personal data to contact you in relation to customer surveys and questionnaires, but will only do so if you have consented to be contacted by us for these purposes.
We use social media, including Facebook, Twitter and Instagram. From time to time we run competitions and promotions, but we do not collect personal data.
We hold onto sales transaction data for customers who are account holders indefinitely in order to provide them with a full purchase history. Once a customer holding an account has been inactive for over five years, all their personal data is deleted. For sales made as one-time purchases, we retain the personal data relating to sales transaction data for fives years only. Your personal data on our marketing list is retained until you withdraw consent.
How Is Your Personal Data Shared?
Your personal data may be disclosed to third parties where we are legally obliged to do so. It will also be disclosed during activities where we have lawful contractual agreements in place that enable us to operate our business.
Where we have sub-contractors in place to handle activities such as operating the cookery school or managing our CCTV, we have professional service contracts in place, which ensure their compliance with GDPR.
Below is a list of third party software providers with whom we share personal data:
- Mailchimp (email marketing)
- Elive.net (website host)
- WooCommerce (online sales)
- Facebook (advertising)
- Stripe (payments)
- Google (analytics)
All software providers we work with are either fully compliant or working diligently to ensure compliance.
What Is A Cookie?
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
Cookies allow a site or services to know if your computer or device has visited that site or service before. They can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience.
Our cookies collect your IP address, which is unique to you and considered personal data. This can then give us information about your browser type, pages on our website that you viewed during your visit, and any search terms you entered.
What Types Of Cookies Does 3for3 Use?
We use two types of cookies; those strictly necessary to operate the functionality of the website, such as managing your shopping cart, and those for analytics, which give us information on how users access our website. We will always seek your consent and fully inform you about the use of any non-necessary cookies.
Subject Access Requests
You have the following rights under data protection law;
- Information Request. The right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data.
- Update Data. The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update your data such that it is complete.
- Data Deletion. The right, in certain circumstances, to request that we erase your personal data.
- Restrict Processing. The right to object to our use of your personal data or the way in which we process it.
- Object to Processing. The right, in certain circumstances, to request that we no longer process your personal data for particular purposes.
- Data Portability. The right, in certain circumstances, to transfer your personal data to another organisation.
- Review Automated Decisions. The right to object to automated decision making and/or profiling.
We fulfil all subject access requests within one month, where possible. In situations where requests are complex, we may need more time, but we will notify you of the delay within one month and will not take longer than two months in total. There are also situations where we cannot supply the personal data, and if this arises we will inform you and give a full explanation.
If you have a request, please contact Sarah Moloney by email at email@example.com or you can contact us in writing at 7 Sarsfield Street, Limerick, Ireland.
You must provide a copy of identification such as a driver’s license or passport, and if you require that we reply by post, you most include a copy of a utility bill from within the last six months to provide proof of your postal address.
You also have the right to complain to the Data Protection Commissioner if you are not satisfied with how 3for3 has dealt with your Subject Access Request.
3for3 processes the personal data of our customers in a proper manner and we are committed to taking appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorized destruction of such Data. The personal data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Data Breach Management
We fully comply with GDPR requirements in relation to data breach management. We commit to report these within 72 hours to the Data Protection Commissioners, to inform affected data subjects as soon as possible, to log all breaches internally and put corrective action in place to ensure that they do not reoccur.
Children Under 16
Under no circumstances may persons under the age of 16 use this website without the consent of a parental authority.
Will Your Personal Data Be Transferred Outside The EU?
All personal data processed by us or our sub-processors is kept on servers based within the EU.
Changes To This Privacy Statement
3for3 reserves the right to make changes to this privacy statement at any time by giving notice to its users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. This Privacy Statement was last updated on 18/07/2022.