Kildare Village Privacy Notice
- Who we are and how to contact us
- How we collect your personal data
- The types of personal data and information we collect
- Why we collect your personal data and how we use it
- Sharing your personal data
- Third party links and services
- How long we keep your personal data for
- Confidentiality and security of your personal data
- How to access your information and your other rights
- Changes to this Notice
Kildare Village is committed to protecting your personal data. It’s your information, and we respect that. This Privacy Notice (the “Notice”) provides detailed information on when and why we collect your personal data, how we use it and how we keep it secure. This Notice also describes your right to request that we delete, update, transfer or provide you with access to your personal data.
This Privacy Notice relates to your visit to Kildare Village, including services you use and other data we collect during your stay. Other Privacy Notices may also apply to our use of your personal data – for example when you engage with Privilege, use our Websites or the Village App.
Who we are and how to contact us This Notice explains how Kildare Village, Nurney Road Kildare Town Co. Kildare, Ireland collect, use and manage your personal data in compliance with applicable data protection law. In most instances, we are the controller of your personal data described in this Notice. If you have any questions about this Notice or want to exercise your rights set out in this Notice, please contact us by email at email@example.com
Please click __[HERE](https://www.tbvsc.com/en/legal/who-we-are)__ to see who we are. The entities listed are the owners and operators of retail outlet villages (Villages) within the Bicester Village Shopping Collection brand. References in this Notice to “we”, “us” or “our” are to the entities listed. Each of the listed entities are joint data controllers and are committed to protecting your privacy.
As joint data controllers, we have arrangements between us to ensure that we handle your personal data properly and in accordance with data protection law. These arrangements reflect our respective roles and responsibilities in relation to you and your personal data, and consider which entity is in the best position to fulfil our services and obligations. This arrangement between us does not affect your rights under data protection law. For more information on these arrangements, feel free to contact us using the address above.
How and for what purposes we collect your personal data
Generally, as a guest in Kildare Village, we collect your information when you decide to use the services and facilities we offer. This could include using our village wi-fi, equipment loan, our personal shopper or other services, participation in photo or film shoots, the purchase of gift cards, redeeming of airmiles or other loyalty scheme points, entering prize draws and competitions or engaging with our Community Teams.
We will also collect your personal data through our surveillance technologies which are in place to provide a safer environment for our guests. We will comply with our information obligations at the respective video surveillance location.
We collect information in a number of ways which are listed below. Please note that some services are not available in some locations: o When you connect to and use our wi-fi services. This data includes your device MAC address (a unique device identifier), the type of device you are using and when you re-connect to the service for administrative and statistical purposes. If you voluntarily provide your email address we will use it to contact you about our Privilege program.
o When you participate in photo or film shoots which will be used for promotional or advertising purposes. We will always obtain your explicit consent when you choose to be part of our campaigns. Signage is always provided in locations where photoshoots are occurring to assist you in avoiding these locations should you wish to.
o When you use equipment belonging to us including umbrellas, wheelchairs, motobility scooters, pushchairs or dog-strollers or when you use our valet parking, childcare, dog kennel, phone charging and left luggage facilities. This may include taking payment information or proof of identity and is used for administrative and statistical purposes.
o When you ask us to record your purchases against loyalty schemes (such as airlines or membership clubs) to facilitate point allocation or when we assist you with queries about those schemes.
o When you use our personal shopper services we will ask you to provide details of your name, contact details, date of birth, brand and style preferences, clothes and shoe sizes and other information to assist us in facilitating and personalising your experience.
o When you purchase gift cards we may need to collect identification information to comply with anti-money laundering requirements, including proof of identity. If you purchase a gift card for another person and ask us to deliver it to them, we will collect the recipient’s name, postal address and email address.
o When you ask us to arrange home delivery of items you have purchased in the village we will collect the delivery address details for administration and service delivery purposes. Note that we use a third party to provide this service.
o When you post information to publicly available social media sites, we may ask for your permission to share your posts with our social community. o When you enter any event, prize draws or competitions run by Ingolstadt Village for administration and delivery purposes. Note that prize draws and competitions will be subject to separate terms and conditions which will be made available to you.
o When we administer services such as lost property for the purposes of attempting to return items to their owners. If you are collecting lost property we may ask you to prove your identity or for proof of ownership.
o When you engage with our Community Teams for consideration in our community support projects. We will use your data for administration purposes.
The types of personal data and information we collect
We only collect the information that is necessary to carry out our business and to provide the particular service or facility you’ve requested.
Information we obtain from you Here are some examples of information we collect about you when you interact with us – which data is collected depends on the services or facilities you use: o Title
o Name and Surname
o Email address
o Date of Birth
o Contact phone number(s)
o Your home country
o The method of transport you use to visit our village
o Purchase information
o Interactions with us
o Payment details
o Delivery address(s)
o Proof of identity
o Billing address
o Attendance at events
o Appointment booking and information given during appointment
o Alterations and repair requests
o Information about accidents and incidents
o Details of children when using our childcare facilities
We may be unable to provide services and facilities to you if you do not provide the personal information we require to deliver them.
If you’d like more information about which specific personal data is collected for each service or facility you use, please contact us using the details in Who we are and how to contact us above.
Other Information we obtain: Surveillance Technology
We use surveillance technologies such as CCTV (Closed Circuit Television), ANPR (Automatic Number Plate Recognition), HeadCount Technology and Body Worn Video. These technologies may automatically capture your image data and vehicle registration data when you enter or as you are walking around our villages. We collect information about the number of visitors in our villages which helps us to understand visitor journeys and implement enhanced guest safety measures.
When you connect to and use our wi-fi services. This data includes your device MAC address (a unique device identifier), the type of device you are using and when you re-connect to the service. If you provide your email address we will use it to contact you about our Privilege program.
Why we collect your personal data and how we use it
At Kildare Village we like to get to know our guests – after all, this is how we find new ways to provide you with an extraordinary experience. We use information about you in a number of ways, including providing services and facilities that you have requested and offering you a personalised experience.
We rely on a number of legal justifications to process your personal data which are: o it is necessary to provide you with services and perform a contract
o you have given us your consent;
o we have a legitimate interest – which can include to improve our services, to protect our guests and employees or to pursue our commercial activities;
o it is necessary to comply with our legal obligations
o it is needed to manage legal claims
Whenever we process your personal data we will have a lawful reason to use it in such a way to ensure that we provide the very best services and facilities to all of our guests. These include: o To carry out our business and to provide a service or carry out a contract with you o Fulfilment of services and facilities you have chosen to use
Where we have your consent: When you ask us to inform your loyalty scheme membership provider (e.g. airmiles) of your spend in our village we provide them with details of your transactions and membership number. Note that we act on behalf of your loyalty scheme provider as a data processor to provide this service.
When you purchase gift cards we may share your personal data with our gift card platform provider. We do not collect or share information about the purchases you make using our gift cards.
If we rely on your consent as our lawful basis for processing your data, you are able to withdraw your consent to our processing of your personal data at any time. Please see How to access your information and your other rights for further information.
Where we have justifiable reason (legitimate interest):
o If you decide to attend an event at Kildare Village , we will share your personal data with any applicable third party hosting the event in order to ensure that it runs smoothly.
o Respond to guest enquiries raised while visiting Kildare Village , online, by phone or via social media.
o Invite you to provide feedback about our facilities and services in the form of online or in-village surveys. We use this information to help us provide and design exceptional services and experiences.
o Analyse aggregated guest information with other interactions guests may have with Kildare Village and other villages within the Bicester Village Shopping Collection in order to continually improve the services and experiences we offer.
o Use of our village Wi-Fi; automatic re-connection when you return to the village.
o The use of CCTV recording equipment in and around our premises for monitoring and security purposes. When we are required to do so in order to comply with applicable law, we may share CCTV footage with law enforcement agencies and our insurance companies relating to crime prevention, criminal activity, incident management and legal claims.
Value Retail will process personal data for the purposes of its legitimate business interests as described above. We have conducted an assessment to ensure that the rights and freedoms of our guests do not outweigh our legitimate interests. For further information about that assessment, including to exercise your right to challenge our decision, please contact us using the details at Who we are and how to contact us
Where we are required to comply with a legal obligation:
In exceptional cases, personal data and other information may also be processed for the purposes of crime detection and personal safety and when we are required by law or legal process.
When we have to manage legal claims
In the unfortunate event that you have an accident or feel unwell while at Kildare Village and require first aid, your personal data may be processed for the purposes of administering first aid, liaising with insurance companies and managing legal claims.
Sharing your personal data
We use carefully selected third party partners to help us deliver some of our services; your personal data may be shared with our technology partners to store data, process payments and to deliver other services you use.
We check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We have written contracts with them which provide assurances regarding the protections that they give to your personal data and their compliance with our data security standards.
We may transfer your personal data to service providers outside of the European Economic Area where local laws do not contain equivalent legal rights . Where these transfers occur we apply appropriate safeguards to ensure that the standards described in this Notice remain in place.
If you would like more information about our third party partners, transfers and to request details of the safeguards in place, please contact us using the details at Who we are and how to contact us
We may use third party providers or data processors to support the provision of services including:
o valet parking services
o to process payments made using debit and credit cards. Kildare Village does not store any payment card numbers once your transaction has been completed
o to provide wi-fi services
o shopping packages, including bus trips
o home delivery services
o to contact you with important information relating to your booking or purchase, such as confirming your order and letting you know about important changes
o destruction of paper and other media
o to help us manage our technology and surveillance platforms.
We may also use consultants and professional advisors (for example, our legal advisors) to assist us from time to time. Please contact us if you’d like to know more about this.
If you are under the age of 18 we may be unable to provide you with our services. If we become aware that we have inadvertently collected personal data from children under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable law.
Parents or legal guardians may provide explicit consent for children to participate in photographic or film shoots.
In circumstances where you use our childcare services, we will collect the information necessary to provide a safe environment for your child and to comply with our legal obligations. Particular care is taken with regard to the security of the information we collect to facilitate childcare services.
How long we keep your personal data for
We retain personal data for as long as it is required for the purposes described in this Notice.
We apply careful analysis to make sure we only hold your personal data for as long as it is needed to manage guest services, for legal reasons or other business purposes.
Where possible, we anonymise personal data so that we can continue to use it for analytical purposes. In cases where this is not possible, we will delete the personal data. If neither anonymisation nor deletion is possible, (for example, because your personal information has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until it is deleted.
If your personal data is recorded or printed on paper we destroy the information in a secure manner (for example by cross-cut shredding). Electronic media is subject to technical destruction measures which make sure the data unable to be restored or reconstructed.
For further information about the period of time for which we hold your personal data, please contact us using the details at Who we are and how to contact us.
Confidentiality and security of your personal data
We are committed to keeping your personal data secure throughout its lifecycle and we will take appropriate precautions to protect it from loss, misuse or alteration. We do not sell your personal data for any purpose.
We have implemented information security policies, rules and technical measures to protect your personal data from:
o unauthorised access
o improper use or disclosure
o unauthorised modification
o unlawful destruction or accidental loss.
All of our employees and the third party partners with whom we share your personal data are obliged to respect the confidentiality of the personal data of all users of our services.
How to access your information and your other rights
You have the following rights in relation to the personal data we are processing about you:
Right to be informed of the personal data we are processing about you
You have the right to be provided with clear, transparent and easily understandable information about how we collect and use your personal data. This is why we’re providing you with the information in this Notice.
Right of access to the personal data we are processing about you
If you ask us, we’ll confirm whether we’re processing your personal data and, if so, provide you with a copy of that personal data and information about how we use it. If you require additional copies, we may need to charge a reasonable fee.
Right to correct the personal data we are processing about you
If the personal data we hold about you is inaccurate or incomplete, you’re entitled to have it corrected (subject to certain exemptions).
Right to delete information the personal data we are processing about you
This is also known as ‘the right to be forgotten’. You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it, if you withdraw your consent and there is no other legal justification for the use of the information, or if you object to the way we process your information and we have no overriding grounds to use it.
Right to restrict the processing of personal data
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it. We will still be able to store your personal data. We’ll tell you before we lift any restriction and why we have done so.
Right to portability of your personal data
You have the right, in certain circumstances, to obtain the personal data you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
Right to object to the personal data we are processing
You can ask us to stop processing your personal data, and we will do so, unless we: o can demonstrate compelling legitimate grounds for the processing or
o need to use your personal data in connection with any legal claims.
Rights in relation to automated decision making and profiling using your personal data
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you. This right is not applicable if profiling is necessary for entering into, or the performance of, a contract between you and us.
Right to withdraw your consent to processing of your personal data
If you have provided your consent to process your personal data and that is our legal basis for processing, you have the right to withdraw that consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
Right to complain to a data protection supervisory authority
If you have a concern about any aspect of our data protection practices, including the way we are processing your personal data, you can report it to the your local data protection Supervisory Authority. Their contact details are contained in the table below.
Country Supervisory Authority Website UK The Information Commissioners’ Office (ICO) https://ico.org.uk/
Ireland The Data Protection Commissioner (DPC) https://www.dataprotection.ie/docs/Home/4.htm
France Commission Nationale de l’Informatique et des Libertés (CNIL) https://www.cnil.fr/fr
Italy Garante per la protezione dei dati personali (Garante) https://www.garanteprivacy.it/web/guest/home
Spain Agencia Española de Protección de Datos (AEPD) https://www.agpd.es/
Belgium Gegevensbeschermingsautoriteit (GBA) https://www.gegevensbeschermingsautoriteit.be/
Germany Data protection for private sector organisations is overseen by regional data protection authorities. Value Retail operates in two regions within Germany and therefore, falls under the jurisdiction of two supervisory authorities.
Bavaria Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) https://www.lda.bayern.de/de/index.html
Baden-Württemberg Der Landesbeauftragte für den Datenschutz Baden-Württemberg https://www.baden-wuerttemberg.datenschutz.de/
Changes to this Privacy Notice We may make changes to this Privacy Notice from time to time. This Notice was updated on 5th November 2019.
To ensure that you are always aware of how we use your personal data we will update this Notice from time to time to reflect any changes to our use of your personal data or when we add new services or facilities. We may also update this Notice to comply with changes in applicable law or regulatory requirements. If we make substantial changes to the way we process your personal data we will let you know if this is possible and practical.