Privacy Policy for The Shannon Airport Group ;

Privacy Notice

The Shannon Airport Group incorporates Shannon Group plc, Shannon Airport Authority DAC (‘Shannon Airport’) and Shannon Commercial Enterprises DAC (“SCE”).  

This Privacy Notice applies to all domains and websites owned by The Shannon Airport Group. Any external links to other websites are clearly identifiable as such, and we will not be responsible for the content or the privacy policies of these third party websites.

The purpose of this Privacy Notice is to outline how we collect, process and share personal data. This Privacy Notice will outline the types of personal data we process about you and the legal basis we rely on to do so.

The Shannon Airport Group is committed to protecting and respecting your privacy. We wish to be transparent on how we collect, store and share your personal data and to ensure that you understand your rights under the GDPR.

In this notice, we outline:

 

Legislation

All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the EU General Data Protection Regulation 2016/679, Data Protection Acts 1988 – 2018 and the ePrivacy Regulations S.I. 336/2011.

 

Data Controller

The Shannon Airport Group is the data controller for personal data processed where we decide the purpose and means of processing this data.

 

Queries and Complaints

If you require further information about the way your personal data will be used, or if you are unhappy with the way we have handled your personal data, and wish to contact us, please submit your concerns by email to ‘The Shannon Airport Group’ Data Protection Officer at  dpo@snnairportgroup.ie.

 

We can also be contacted by post at:

Data Protection Officer,

The Shannon Airport Group,

Shannon Airport,

Co. Clare,

V14 EE06,

Ireland.

 

If you are not satisfied with how we process your personal data, you have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission, so please contact us in the first instance.

 

Information Collected

The table below outlines the categories and types of data we collect along with the source of data. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect.

Data Category

Data Type

Source of Data

Recruitment Data

Curriculum Vitae, Identification, Garda Vetting.

Potential Employees, Employees, Recruiters.

Employment Data

Leave Entitlements, Pay Details, Sick Notes, Payroll, Training Certificates, Trade Union Membership,

Employees

Vehicle Data

Car Registration.

Car Park Users

Financial Data

Bank Account Numbers, Card Details, Tax Details

Data Subject

Contact Details

Name, Number, Email Address

Data Subject

Accident Data

Details of Injuries.

Data Subject

CCTV Data

Imagery, Sound, Video.

Data Subject

Identification Data

Passport, ID Cards.

Data Subject

Website Data

Name, email, IP address, aggregated location and pages visited.

Data Subject

Marketing Data

Communication preferences.

Data Subject

Purpose for which we hold your information

The following section provides more details on the purposes for which we process your personal data and the legal basis by which we do this.

Data Category

Reason for processing

Legal basis for processing

Recruitment Data

Used by The Shannon Airport Group to assess your suitability for the role being applied throughout the recruitment process.

Processing is necessary for the performance of a contract or as a precondition for entering a contract

Employment Data

To ensure employees receive their statutory leave entitlements.

To ensure employees are paid for work done.

To ensure Airport-based staff have completed their National Civil Aviation Security mandated safety training.

To comply with employment legislation

Processing is necessary for the performance of a contract

To comply with a legal obligation under the National Civil Aviation Security Programme.

Vehicle Data

To allow customers to pre-book parking spaces at Shannon Airport.

Processing is necessary for the performance of a contract.

Financial Data

To allow customers to purchase goods from our shopping facilities.

To process payments for property letting agreements.

Processing is necessary for the performance of a contract.

Contact Details

To share marketing and promotional emails with you.

 

Consent of the data subject. Where processing is based on consent, the data subject has the right to withdraw their consent.

Accident Data

To maintain a record of all incidents involving equipment or facilities across the Airport Campus.

To comply with a legal obligation under the National Civil Aviation Security Programme.

CCTV Data

To ensure the safety and security of staff, customers and property on a Shannon Airport Group campus including incident investigations.

Legitimate Interests

Identification Data

To verify the identity of boarding pass holders.

To provide employees working on the Airport Campus with access cards and ID.

To comply with a legal obligation under the National Civil Aviation Security Programme.

Website Data

To respond to a query/complaint as requested by the data subject.

Consent of the data subject. Where processing is based on consent, the data subject has the right to withdraw their consent.

 

Sharing information with third parties

There are various circumstances where we may be required to share personal data with third parties. We will only share your personal data with third parties where we have obtained your consent, where it is necessary to comply with a legal obligation or to provide services to you.

In these circumstances, we take steps to ensure that any third parties who handle your personal data comply with data protection legislation and protect your information to the same extent that we do. We will only disclose the personal data which is necessary for them to provide the service they are undertaking on our behalf.

 

International Data Transfers

In general, we do not transfer personal data outside of the European Economic Area however in the event that we do we will ensure that the transfer complies with our data protection obligations, and that any such transfers are based on an approved transfer mechanism, such as the EU Standard Contractual Clauses (SCC) or a relevant adequacy agreement.

 

Marketing

For marketing purposes, we may contact you in relation to special offers, competitions, products and services from The Shannon Airport Group via email, post, SMS or phone.

 

Where we rely on consent for marketing purposes, consent will always be provided in the form of a clear opt-in. You have the right to withdraw your consent at any time using the unsubscribe link on emails/ text messages, alternatively you can contact us using the contact details listed in this Privacy Notice to opt-out of future marketing communications from The Shannon Airport Group.

Where we rely on Legitimate Interest (to develop and grow our business) to communicate with you for marketing purposes we will always provide you with an option to opt-out at the point of data collection and within each communication thereafter. Additionally, you can use the contact details listed in this Privacy Notice to opt-out of receiving future marketing communications.

 

Social Media

We operate social media pages on LinkedIn, Twitter, Meta (Facebook and Instagram), Tic Tok and You Tube.  This notice includes how The Shannon Airport Group uses personal data collected from those pages.  However, it does not cover how the providers of social media websites will use your information.  You are advised to check the privacy policies/notices of these social media sites to find out how they process your personal data.

Data Subject Rights

As a data subject, you have the following rights in relation to the processing of your personal data. However, these rights are not absolute, and restrictions may apply in certain situations.

The right to be informed about the processing of your personal data.

The right to access your personal data.

The right to rectification of your personal data.

The right to erasure of your personal data.

The right to data portability.

The right to object to processing of your personal data.

The right to restrict processing of your personal data.

Rights in relation to automated decision making, including profiling.

Restriction of data subject rights in certain circumstances:

There are some restrictions to these rights, details of which are included in our Data Protection Policy and Subject Access Request Policy. Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances.

 

Where do I send requests?

Please send any requests to dpo@snnairportgroup.ie with as much detail as possible regarding your requirements to allow us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes.

 

How long will a request take to complete?

Upon receipt of a request, we have 30 days to provide an answer with an extension of a further two months if required. If we require more time to deal with your request, we will notify you of the delay and the reasons for it within 30 days of the receipt of your request. If we refuse your request, we will also notify you within 30 days of the receipt of the request accompanied by the reasons for the refusal.

You are entitled to contact the Data Protection Commission if we refuse your request.

 

How much does it cost to submit a request?

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also for multiple copies) or refuse the request.

 

How long we keep your data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

 

How secure is your data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

 

Governing Law & Jurisdiction

This notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

 

Changes to our Privacy Notice

We review this Privacy Notice regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process personal data. This Privacy Notice was last updated in May 2024.