The Mercantile Entertainment Group is committed to protecting and respecting your privacy. We adhere to the Privacy Policy (the “Policy”) together with any disclaimers setting out the basis on which any personal data we collect from you or that you provide to us, or that is provided to us relating to you (“Data”) by any means will be processed. Please read the following carefully to understand our use of personal data. Please note that the Policy relates only to living individuals in relation to personal data relating directly to themselves, and not to persons in any other capacity.
Information we may collect from you
We collect personal data from you which you volunteer when you provide such personal data to us, or via our services with which you interact. We may also be given other personal data relating to you by other persons, or we may obtain such other personal data about you as may be provided to us in the course of our legitimate business activities.
We may collect and process Data. Including the following in the course of providing services to you, which could contain your personal data:
your full name; your address; your various email addresses; your various phone numbers including mobile phone numbers; your nationality; your address; financial information about you, including your bank account details, credit card details, or other payment details; details of contracts you have entered with third parties for us to provide services to you; details of your relationship to other parties; details of your membership of professional or other organisations; your date of birth; details of your children and other relations; medical details, including details of allergies; details of your car registration number; details of your driving licence; details of your passport and all other Data which you ask us to process on your behalf, or which is necessary for us to process in order for us to fulfil our role as providing accommodation, retail, private/ ticketed entertainment events or food related services to you.
We may also process other data, which is not personal data.
When you access our website or wi-fi facilities, your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.
Security and where we store your personal data
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your personal data for their own purposes. Non EEA countries may not provide an adequate level of protection in relation to processing your personal data. By submitting your data, you agree to this transfer, storing and processing.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Any transmission of data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access.
Uses made of your personal data
We use your personal data that we hold to:
- In our legitimate interest of advertising our services, provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes (our list of services below);
- carry out our obligations arising from any contracts entered into between you and us;
- in our legitimate interest of advertising our services, provide details of any loyalty scheme or promotion;
- comply with legislation; and/or
- notify you about changes to our services.
List of services
- Accommodation
- Retail
- Private/ ticketed entertainment events
- Restaurant, bar service and other food related services.
- Any other business activity which we may engage in during our normal course of business
We may use your data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your data in this way, please notify us to that effect.
We keep your Data for varying periods according to our Retention Schedule here.
Disclosure of your information
We may disclose your Data to third parties who provide a service to us or in the event that we sell or buy any business or assets, in which case we may disclose your Data to the prospective seller or buyer of such business or assets or if we are under a duty to disclose or share your Data in order to comply with any legal obligation, or to protect our rights, property, or safety of staff or customers. Currently we disclose your Data to the following providers.
- Third party service providers who assist us with various internal operational workstreams;
- third party service providers who supply us with professional services, insurance and security
- other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure; and
- third party marketing and advertising agencies to ensure our marketing and advertising is delivered effectively in accordance with this Privacy Policy.
We will also share your personal data with third parties in the following circumstances:
- where you have specifically consented to us sharing your data with a particular third party; and
- where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
Some jurisdictions may not have adequate safeguards for the protection of personal data, and where this is the case we comply with Chapter 5 of the General Data Protection Regulation (“GDPR”) to provide an alternative method of safeguarding your personal data.
Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please review those policies before you submit any data to those websites.
Your rights
As an individual, under EU laws you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below: –
- The right to access data relating to you (‘access right’).
- The right to rectify/correct data relating to you (‘right to rectification’).
- The right to object to processing of data relating to you (‘right to object’).
- The right to restrict the processing of data relating to you (‘right to restriction’).
- The right to erase/delete data relating to you (i.e. the “right to erasure”). And;
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
The controller for the purposes of GDPR is
The Mercantile Entertainment Group
Changes to this policy
We reserve the right to change this Policy from time to time at our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to this Policy as modified.
Contact Us
Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us at [email protected]. All requests will be dealt with promptly and efficiently.
Retention Policy
RECORD RETENTION GENERAL GUIDELINES:
HOW DO I KNOW IF I NEED TO RETAIN A RECORD?
Generally, it is desirable to dispose of unnecessary records as promptly as possible, unless required to be retained longer by this Retention Policy. If a retention period is not covered by the applicable retention schedules in the Retention Policy, follow the guiding principles of keeping fewer records and shorter retention periods (“Privacy by Default”). If you are not the person in charge of a record and you can answer “no” to all of these questions, then you should dispose of the record as soon as practicable after it has fulfilled your purpose:
- Does the record have real value as a basis for future decisions?
- Would it be difficult or expensive to reassemble the content of a still-needed document?
- Is the record evidence of a completed material business transaction?
- Does the record support legal action or provide additional information necessary to the complete understanding of a primary document?
- Is the record necessary for regulatory compliance, a threatened or pending government investigation or litigation or in order to comply with a legislative requirement?
- Is the record normally one requested by tax authorities? Does the document provide substantiation which could prevent the loss of tax deductions?
- Is the document necessary to comply with the requirements of government agencies or to conform to EU, Irish, and other requirements for reporting?
- Does the record or document provide important research data about the Mercantile Entertainment Group and its products?
- Does the document have a historical value, such as providing a unique reflection of significant trends in the development of the Mercantile Entertainment Group?
If the answer is “yes to any of the above questions, make sure that the original record is safe before you dispose of your copy.
RECORD RENTION GENERAL GUIDELINES
DO
- Keep records active only if the retention schedule requires it. Otherwise, inactive records should be archived for the required retention period.
- Review active files at least once a year for disposal of records, or for archiving, as appropriate.
- Post a destruction date on records (or file folders) to facilitate annual file review.
- At least once annually dispose of unneeded copies of magazines, trade journals, articles and other publications of general circulation.
- If you are not the person in charge of the record, dispose of your copy when you are finished using them, unless they are needed for further reference.
- Dispose of duplicate paper copies of records or duplicates retained on disks, USB keys, or other electronic or digital media.
- Maintain the privacy and security of records at all times.
- Be sure to place records where they can be retrieved efficiently.
- Consult the Privacy Compliance Co-ordinator on the retention of any records that you believe may not be covered by the Retention Policy that you believe should be retained for special or unforeseen circumstances (for example, potential litigation, investigation or business needs). The Group may update this Retention Policy to capture such previously uncaptured records in the policy.
- When disposing of any records in accordance with the Retention Policy, be sure to dispose of such records properly, in a manner that will not allow the records to be retrieved and reviewed by unauthorised persons.
- For records related to a continuous serial transaction or a continuous ongoing project, event or relationship, the applicable retention schedules for such records should be deemed to begin to run from the creation of the most recent such record created for such serial transaction or ongoing project, unless earlier related records no longer serve a business purpose. In any event, as with all records, each record created as part of a serial transaction or ongoing project should be retained for at least the period of time identified on the applicable retention schedule for that type of record.
- The Mercantile Entertainment Group may occasionally enter into confidentiality or other agreements with third parties that require it to return or dispose of confidential information provided by the third parties.
DO NOT
- Do not destroy any records required to be held by applicable legislation or where legal proceedings are apprehended or threated until the required period or the threat of litigation has expired.
- Do not fail to produce or disclose any records, including e-mails or other electronic data, when required to be disclosed by court subpoena or discovery proceedings, or by a data subject data access request under the GDPR.
- Do not alter or dispose of any records, including e-mails or other electronic data, which have been required to be disclosed by court subpoena or discovery proceedings, or by a data subject access request under the GDPR.
- Except when such records are subject to potential or pending litigation or investigation, do not retain drafts, handwritten notes, calendars, planners, telephone logs or historical files maintained for your own personal use any longer than is reasonably needed.
- Do not dispose of records other than in compliance with this Retention Policy.
- Do not remove records from Mercantile Entertainment Group’s locations for storage at home or any other non-company location.
- Do not allow access to private or confidential records (specifically including health, financial or other personal data) except to those Mercantile Entertainment Group personnel and other authorised persons who you specifically know to have a right to such access.
RECORD CREATION GENERAL GUIDELINES
DO
- Make sure you are truthful and accurate in what you say
- Treat e-mails with the same level of care as other written records
- Follow Mercantile Entertainment Group’s policies in creating records
- Keep e-mail and voicemail messages short
- Make everything clear and unambiguous. A reader may not have a chance to ask for clarification
- Use concrete terms and facts objectively so that the reader will have a clearer idea of your meaning
- Consider the appropriateness of expressing information in person rather than in writing or by voicemail
- Proofread what you plan to send
- Be prepared to explain the implications of words used in e-mails and voicemails
DO NOT
- Do not include confidential information unless essential.
- Do not put something in a document that you would not want to see printed on the front page of the newspaper, or have read in a courtroom.
- Do not be too informal or emotional – anything that you say in an e-mail or voicemail can easily be passed on to someone else
- Do not send a document when person-to-person communication serves your purposes better.
- Do not use insincere praise or make promises that cannot be honoured
- Do not act illegally or make statements that violate the law
- Do not overstate – a single overstatement can diminish your entire document
- Do not write false and malicious statements
- Do not create documents, especially e-mails, as a vehicle for “venting” about an issue.
GUIDELINES REGARDLING E-MAILS, INSTANT MESSAGING, TEXT MESSAGES AND OTHER ELECTRONIC RECORDS
“Records” include e-mails and other electronically and digitally stored information. This includes business-related information that may be stored in digital and electronic form. The below is a non-exhaustive list to illustrate the wide range of storage being discussed:
- Desktop personal computers
- CD’s, Flash Drives, Zip disks and other portable drives
- Network drives
- Cloud based services
- Home computers
- Laptop computers
- Internet backup files
- Smart phones and tablets
- E-mail services
- Program files
- Hard drives
- Voicemail
- Digital cameras
- Backup tapes
- Central processing units (CPUs)
Because it is one of the primary means of communication in business, e-mail has great value. E-mail messages, however, often sent too hastily, without the level of thought and consideration that typically accompanies formal letters or memoranda. Mercantile Entertainment Group’s employees should avoid using e-mail to communicate partial thoughts, incomplete ideas or messages that may be ambiguous and that may be misinterpreted by a reader. E-mail is not conversation, and often will be read by others in addition to the original addressees. Person-to-person communication is recommended for “brainstorming” or “thinking-out-loud” sessions.
When responding to e-mails, try to avoid the “Reply All” tool, instead limiting your reply to only those who really need to receive it. Otherwise, a single “Reply All” message may create numerous unnecessary non-custodial records. In addition, careless use of the Reply All function can send an email to recipients who really should not be privy to your reply.
Business records created, sent and received in electronic form (e-mails) should be printed and filed in the appropriate filing system just like any other business record and in accordance with the Retention Policy – this is particularly true of those in charge of original or primary records. Each employee has a responsibility to make sure that existing computer personal folders, whether in outlook and on your PC or file server, are reviewed and records deleted that have been superseded or are no longer required to be kept by the Retention Policy. Routine e-mails will be deleted 7 years after they are last edited. This applies to e-mails in all folders within the mailbox, including, Outbox, Sent Items, Inbox and all sub-folders.
VOICEMAIL
All voicemail should be deleted after the message has been heard.
RETENTION SCHEDULE
SPECIFIC RECORDS
Record Type Category | Retention Period | Reason | Start of Retention Period | Notes |
Books of Accounts | Varies, but generally 6 years from the end of the accounting period originally recorded in, so up to 7 years. | Statute | Generally, date of creation of record | Often held for 7 years |
Payroll and salary records | Minimum 6 years or such shorter period as the Revenue Commissioners may authorise in writing | From the end of the year to which such records reflect | Often held for 7 years | |
Working time records | 3 years | From the date of the leave | Often held for 4 years | |
Parental leave/force majeure records | 8 years | From the date of the leave | Often held for 9 years | |
Employee tax records | 7 years | Termination of employment | Often held for 8 years | |
Employment contract | Duration of employment + 6 years | Date of termination | Often held for 7 years | |
Record of ID documents of employees. Do not keep copies of passports or driving licences. If required, the last four digits of such documents can be recorded, once Mercantile Entertainment Group has seen the original and satisfied themselves as to the ID of the employee | Duration of employment + 1 year | Date of termination | Often held for 2 years | |
Data documents concerning pension schemes | Permanently | |||
Data of rejected job applicants | 1 week | From date of interview/application | Often held for 1-3 months | |
Reports on employee performance review meetings and assessment interviews (e.g. evaluations, employment application forms of successful applicants, copies of academic and other training received, employment contracts and their amendments, correspondence concerning appointment, appraisals, promotions and demotions, agreements concerning activities in relation to the works council, references and sick leave records) | 6 years | From date of creation | ||
List of employees who have worked under dangerous conditions or whose health has otherwise been under threat | Varies: for as long as issue remains. If no issue, hold for no longer than 1 year after employment ends, unless litigation apprehended or threatened | From cessation of issue | ||
Accident reports | 6 years | From the date of the accident or dangerous occurrence | ||
General ledger, accounts receivable, accounts payable department, procurement and sales administration, inventory records | 6 years from the end of the accounting period originally recorded in, so up to 7 years | |||
Emails | Unless specifically saved to a folder – 2 years | Archive after 2 years | ||
Subject access requests | 6 years | Access request | To show access request has been met | |
HR data other than leave or pension documents | Until no longer operationally necessary/ until termination of employment | 1-year post archiving/ post termination, whichever is earlier | ||
HR data on pension or leave | Until no longer operationally necessary/ until termination of employment | 6 years post termination | ||
Details of unsuccessful candidates | 3 months | Archive once outcome of candidature is known | ||
Electronic marketing data – non- customers | 1 year | Last point of contract provided target individual originally consented to receiving marketing data | ||
Electronic marketing data – customers | 1 year | From last point of contact with customer | ||
Booking data, check-in data, special requests data | For as long as the guest remains a customer | A customer relationship is generally considered terminated form a data protection viewpoint if a transaction has not occurred within the previous year | ||
Financial data and credit card information | For as long as it is necessary to process the transaction, including any queries which may arise. | |||
Loyalty scheme (gift vouchers) information | For as long as the customer/ guest is an active participant in the loyalty scheme | Non-use of the scheme for a year or more, would indicate cessation | ||
Contact information of guest | As long as the guest remains a customer | Typically one from the last transaction | ||
Information provided via tour operators and other 3rdparties. (guest lists etc). | One year from the date of the visit | |||
Details of current registration number, details of driving licence, details of passport | One year from the date of visit | |||
Hotel register data | One year from the date of last nights’ stay | |||
CCTV footage | 6 months | From time it was taken |