The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of Allingham Arms Hotel. This includes obligations in dealing with personal data, in order to ensure that the organisation complies with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).
Allingham Arms Hotel must comply with the Data Protection principles set out in the relevant legislation. This Policy applies to all Personal Data collected, processed and stored by Allingham Arms Hotel in relation to its staff, service providers and clients in the course of its activities. Allingham Arms Hotel makes no distinction between the rights of Data Subjects who are employees, and those who are not. All are treated equally under this Policy.
The policy covers both personal and sensitive personal data held in relation to data subjects by Allingham Arms Hotel. The policy applies equally to personal data held in manual and automated form.
All Personal and Sensitive Personal Data will be treated with equal care by Allingham Arms Hotel. Both categories will be equally referred-to as Personal Data in this policy, unless specifically stated otherwise.
This policy should be read in conjunction with the associated Subject Access Request procedure, the Data Retention and Destruction Policy, the Data Retention Periods List and the Data Loss Notification procedure.
Allingham Arms Hotel as a Data Controller
In the course of its daily organisational activities, Allingham Arms Hotel acquires, processes and stores personal data in relation to:
• Employees of Allingham Arms Hotel
• Customers of Allingham Arms Hotel
• Third party service providers engaged by Allingham Arms Hotel
In accordance with the Irish Data Protection legislation, this data must be acquired and managed fairly. Not all staff members will be expected to be experts in Data Protection legislation. However, Allingham Arms Hotel is committed to ensuring that its staff have sufficient awareness of the legislation in order to be able to anticipate and identify a Data Protection issue, should one arise. In such circumstances, staff must ensure that the Data Protection Officer is informed, and in order that appropriate corrective action is taken.
Due to the nature of the services provided by Allingham Arms Hotel, there is regular and active exchange of personal data between Allingham Arms Hotel and its Data Subjects. In addition, Allingham Arms Hotel exchanges personal data with Data Processors on the Data Subjects’ behalf.
This is consistent with Allingham Arms Hotel’s obligations under the terms of its contract with its Data Processors.
This policy provides the guidelines for this exchange of information, as well as the procedure to follow in the event that an Allingham Arms Hotel staff member is unsure whether such data can be disclosed.
In general terms, the staff member should consult with the Data Protection Officer to seek clarification.
Subject Access Requests
Any formal, written request by a Data Subject for a copy of their personal data (a Subject Access Request) will be referred, as soon as possible, to the Data Protection Officer, and will be processed as soon as possible.
It is intended that by complying with these guidelines, Allingham Arms Hotel will adhere to best practice regarding the applicable Data Protection legislation.
In the course of its role as Data Controller, Allingham Arms Hotel engages a number of Data Processors to process Personal Data on its behalf. In each case, a formal, written contract is in place with the Processor, outlining their obligations in relation to the Personal Data, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with the Irish Data Protection legislation.
These Data Processors include:
- Advance Systems