At South County Dublin Leisure Services (SCDLS) your privacy and data protection rights are very important to us.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988, 2003 (the “Data Protection Acts”) and GDPR 2018 lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts 1988, 2003 and GDPR 2018 also outline an Individual’s right to access personal information relating to them upon request, while having the right for this information to be corrected in the case of errors or information to be removed in some other cases.
This document outlines South County Dublin Leisure Services policy to help ensure that we comply with the Data Protection Acts.
Enquiries about this Data Protection Policy should be made in writing to General Manager, Clondalkin Leisure Centre, Old Nangor Road, Clondalkin, Dublin 22.
Purpose of This Policy
This policy is a statement of SCDLS commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts.
The Purpose of Collecting Information About You
We collect and use information to help with effective administration of our organisation and we will keep any record of your personal information with the highest standard of security and confidentiality, strictly in accordance with the Data Protection Acts, 1900, 2003 and GDPR 2018 to provide the following reasons:
- Control entry to our facilities.
- To provide a safe environment for members to use our facilities.
- To ensure customers and members are not putting themselves at risk by using the facilities.
- To monitor usage of the facilities by recording attendance at fitness classes, swimming lessons, pool and gym attendance.
- To undertake advertising, marketing and public relation exercises relevant to our services.
- To improve our communication with all members and customers of the centre.
- Any information that is gathered from you is to improve our learning based on the best interests of our customers and members experience at the centre.
Data Protection Principles
We shall perform our responsibilities under the Data Protection Acts and GDPR 2018 in accordance with the following eight Data Protection principles:
- Obtain and process information fairly
We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
- Keep it only for one or more specified, explicit and lawful purposes
We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes.
- Retain for no longer than is necessary
Your personal data will be stored for a period of up to 24 months at which point it will be destroyed/purged from our databases or if given permission by you to extend will be held for up to a further 24 months
- Use and disclose only in ways compatible with these purposes
We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
- Keep it safe and secure
We shall take appropriate security measures against unauthorized access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction.
- Keep it accurate, complete and up-to-date
We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date.
- Ensure it is adequate, relevant and not excessive
We shall only hold your personal data to the extent that it is adequate, relevant and not excessive.
- Give a copy of his/ her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.
Overall responsibility for ensuring compliance with Data Protection Acts rests with the General Manager.
All employees and contractors of SCDLS who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. Centre Manager will co-ordinate the provision of support, assistance, advice, and training throughout SCDLS to ensure that SCDLS is in a position to comply with the legislation.
Procedures and Guidelines
SCDLS is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Data Protection Policy is supplemented (and may be amended) by specific policies and procedures by management of SCDLS.
Fair and Lawful Processing
We must process personal data fairly and lawfully in accordance with individual’s rights under the first principle. This means that we should not process personal data unless the individual whose details we are processing has consented to this happening or we have a legitimate interest to do so.
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may
process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests. For example, we may process your information to protect you against fraud. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right in certain circumstances to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR 2018 or DPA with regard to your personal data.
The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Cookies do not harm your computer and do not enable us or any third party to view any information on your computer’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Except for essential cookies, all cookies will expire after 23 days.
To learn more about how to reject cookies, visit allaboutcookies.org or go to the help menu within your internet browser.
This Data Protection Policy will be reviewed annually in light of any legislative or other relevant developments.
To request any personal information, please contact our organisation by letter or email. You will receive this information within 30 days upon request.