Privacy Notice for Shoppers
1. WHO ARE WE?
We are Jervis Shopping Centre, 125 Abbey Street Upper, Dublin 1, Ireland
We want to reach out to our customers and hear what they’re saying – whether it’s by giving us
feedback or comments, agreeing to receive our newsletter or services or taking part in our
competitions or competitions we’re running – we’re thrilled you’re joining the conversation.
You can use our online services to benefit from our services (such as wifi), take part in
campaigns which we might run from time to time, complete a survey, join our mailing list to
receive our ezine and emails so we can tell you about what’s happening and/or to benefit from
deals and discounts we’re offering
1. WHAT IS THIS NOTICE?
When you interact with us, you may give us Personal Data about you. Personal Data means
data which can be used to identify an individual. The individual who can be identified from the
Personal Data is known as the Data Subject.
In respect of any such Personal Data, we are acting as a Controller (which means we are the
business responsible for making the decision to collect the Personal Data in the first place, and
deciding what to collect and how to use it). To help us to connect with our customers and run
some of our marketing services, we use a marketing agency. Currently we use a company called
Bonfire Ltd to manage our marketing services for us. This means that they may handle Personal
Data as a Processor (they are acting on our behalf and authorised to use the Personal Data in
accordance with our instructions).
This notice deals with our marketing activity and sets out what Personal Data we collect from you
when you interact with our marketing agency and what we do with it.
If you have any questions relating to how we use Personal Data about you, please contact us at
the address above or by email at email@example.com/
1. WHAT INFORMATION DO WE COLLECT AND STORE?
We may collect and process the following data about you, some of which may include Personal
1. INFORMATION WHICH YOU PROVIDE US WITH WHEN YOU USE INTERACT WITH
US ONLINE: for example if you use our services (such as wifi), take part in campaigns
which we might run from time to time, complete a survey, join our mailing list to receive
our ezine and emails so we can tell you about events, and you can benefit from deals
and discounts we’re offering). This may include:
your name, address and phone number
where you come from
online contact information
any opinions or preferences which you express (including your likes and dislikes)
details about your location
1. TRANSACTIONAL DATA: that is, information which we might collect if you use a
voucher, loyalty card, discount code or take part in a promotion which we are running.
This will help us to learn about:
your shopping preferences, interests, hobbies and habits
your health, well-being and lifestyle choices
1. TRAFFIC DATA: that is, information about which websites you access or offers you click
on when you’re using our services.
2. LOCATION DATA: we may collect information about your location from time to time if you
have provided us with certain information. For example we may use the following
technologies to recognise you when you come into our shopping centre:
i-beacons, which enable us to communicate with your device using bluetooth
wi-fi, which enables us to communicate with your device
1. HOW DO WE USE THE DATA WE COLLECT ABOUT YOU AND WHAT’S OUR
We may use the data we collect about you in the following ways:
1. TO CREATE A PROFILE ABOUT YOU TO INFORM OUR MARKETING
DECISIONS: We might do this to make sure we send you information which we think
might be of interest to you, about campaigns we’re running and other events or discounts
we’re offering (including surveys and information about goods and services which we
think you’ll like and which seem to tie in with your interests). To do this, we may need to
undertake analysis of your purchase habits and preferences. Once an account has been
set up, profiling is an automated process which enables us to learn things about you. We
set up the account on the basis that you have agreed we can use the information
you provide us with for marketing purposes. You may ask us to delete your
account at any time and we will promptly comply. You may set up a new account at
2. TO SEND YOU MARKETING COMMUNICATIONS: contacting you by email, SMS, push
notifications in our app, social media (and potentially by other communication channels
which may become available in the future) to provide you with competitions, deals and
information about products and events). We are relying on you signifying your
consent to us. You are entitled to withdraw your consent to all marketing or
marketing via particular channels at any time and we will promptly comply with
3. TO PROVIDE SERVICES: for example, if you have provided us with your details so that
you can receive particular services from us (such as signing in to wifi, taking part in a
campaign, benefiting from a discount or taking part in a competition), we will use your
Personal Data in order to make that happen. For certain campaigns and competitions,
this may include transferring Personal Data related to you to a third providing the prize or
whose goods or services are being promoted. If a transfer of this nature is required, we
will publish the name of the third party recipient and let you know that the transfer is
required before we do so. In this case, we are relying on the fact that such use of
your Personal Data is required to provide you with the services you have
requested. This may be a contractual obligation or based on you giving us your
consent. You may let us know at any time if you want to pull out of a competition
or stop receiving our services and we will promptly comply with your request.
4. INTERNAL BUSINESS REQUIREMENTS: we may use your Personal Data in
accordance with our internal business requirements. For example we may need to retain
back-up copies of data to make sure we have adequate safeguards in place to prevent
loss of the data we hold; we may need to use your data to resolve disputes. In this
instance, we are relying on the fact that such use is essential to protect a
legitimate interest to enable us to run our business successfully. Any copies of the
data held will be held securely and no further use shall be made of such data save
as set out herein. We believe that such use would be generally anticipated by data
subjects and is highly unlikely to cause any damage to or be considered by data
subjects to be invasive of their privacy.
5. STATISTICAL ANALYSIS: we may collect and use aggregate data, for internal market
research, statistical analysis and data mining purposes and we may transfer this data at
will to third parties. This data will be anonymised and you will not be identifiable from it.
6. WILL PERSONAL DATA ABOUT YOU BE DISCLOSED TO ANYONE ELSE?
7. We will not pass Personal Data about you to third parties for marketing purposes
unless you have expressly consented to it.
8. We may disclose your Personal Data to third parties for the following purposes:
to our licensors, employees and third parties who are contracted to provide
services to help us to carry out our business. Any employees and/or data processors
(including Bonfire) contracted by us will be subject to strict contractual requirements only
to use your personal data in accordance with our instructions.
if we are under a duty to disclose or share your Personal Data in order to comply
agreements or to protect the operation of our website, or the rights, property, or safety of
us, our customers, or others.
If we sell or buy any business or assets. We will never sell Personal Data as a sole
1. We may disclose aggregate data to third parties for analysis and market research
purposes. Any data so disclosed will not contain Personal Data.
2. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
1. It is our policy to ensure that all Personal Data held by us (or any Processors we
use) is handled correctly and appropriately according to the nature of the
information, the risk associated with mishandling the data, including the damage
that could be caused to an individual as a result of loss, corruption and/or
accidental disclosure of any such data, and in accordance with any applicable
2. We undertake regular security and risk reviews and we monitor all of the controls
that we have in place to ensure the security, accuracy and integrity of the
Personal Data we hold. We also endeavour to ensure that such data is only
accessed by authorised personnel for a legitimate purpose (in accordance with
our privacy notice).
3. We have a set of formal procedures that must be adhered to within our
organisation to ensure that security standards are maintained and that data
privacy is respected.
4. Our marketing agent, Bonfire Ltd manages any data it collects for marketing
5. There are some steps you can take to help make sure that your data is protected.
(a) if you are contacting us with a query or complaint, only ever give us your work details rather
than your personal contact details;
(b) if you are sending any financial details or sensitive information, consider sending it in
separate emails or encrypted, password protected documents; and
(c) make sure that you keep any passwords associated with your account secure.
1. WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
Our supplier’s Data Processing Addendum (DPA) allows the transfer of European personal data to Mailchimp in the United States and to permit Mailchimp to lawfully process that data on our behalf. Mailchimp has certified its compliance to the EU-US Privacy Shield Framework and has put a number of measures in place that ensure European data remains protected when it is transferred outside of Europe.
1. FOR HOW LONG DO WE STORE PERSONAL DATA ABOUT YOU?
8.1 We will retain and use Personal Data which we collect for marketing purposes in accordance
with the following provisions:
We will hold identity and contact data until asked by you to delete the data or cease such
processing. In order to make sure that we are doing this transparently, we will give you
the option to opt out in every communication we send. If we haven’t heard from you or
had any interaction with you for over 2 years, we will contact you and ask you if you
would like to be removed from our database.
9. WHAT RIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD
9.1 Data Subjects have the following rights in respect of Personal Data relating to them which
can be enforced against the Controller:
1. Right to be informed: the right to be informed about what Personal Data the Controller
collects and stores about you and how it’s used.
2. Right of access: the right to request a copy of the Personal Data held, as well as
3. the purposes of the processing;
4. the categories of personal data concerned;
5. the recipients to whom the personal data has/will be disclosed;
6. for how long it will be stored; and
7. if data wasn’t collected directly from the Data Subject, information about the source.
8. Right of rectification: the right to require the Controller to correct any Personal Data
held about the Data Subject which is inaccurate or incomplete.
9. Right to be forgotten: in certain circumstances, the right to have the Personal Data held
about the Data Subject erased from the Controller’s records.
10. Right to restriction of processing: the right to request the Controller to restrict the
processing carried out in respect of Personal Data relating to the Data Subject. You might
want to do this, for instance, if you think the data held by the Controller is inaccurate and
you would like to restrict processing the data has been reviewed and updated if
11. Right of portability: the right to have the Personal Data held by the Controller about the
Data Subject transferred to another organisation, to the extent it was provided in a
structured, commonly used and machine-readable format.
12. Right to object to direct marketing: the right to object where processing is carried out
for direct marketing purposes (including profiling in connection with that purpose).
13. Right to object to automated processing: the right not to be subject to a decision
based solely on automated processing (including profiling) which produces legal effects
(or other similar significant effects) on the Data Subject.
We may need to ask you for further information and identification to help us to comply with this
10. WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR
If you have any questions or concerns about how we are using Personal Data about you, please
contact our Data Protection Officer immediately at our registered address (see clause 1.1 above)
or by email to firstname.lastname@example.org/
If you wish to make a complaint about how we have handled Personal Data about you, you may
lodge a complaint with the Office of the Data Protection by following this