Dublin Zoo understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website (Our Site), accesses our premises and uses our services. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the GDPR and applicable Data Protection Laws.
Who We Are?
Dublin Zoo is a registered charity and works in partnership with zoos worldwide to make a significant contribution to the conservation of bio-diversity on earth.
You can contact us at:
Dublin Zoo, Phoenix Park, Dublin 8, Ireland.
Our registered charity number is: 20003715
What Does This Policy Cover?
What Data Do We Collect?
Information you give us:
As a general policy, no personal information is automatically collected from visitors to Our Site. Depending upon your use of Our Site or services, we may collect some or all of the following personal and non-personal data:
- age range
- records of your purchases/ bookings with us (if you purchase something)
- records of your donations and gift (if you donate to us)
- contact information such as email addresses and telephone numbers
- financial information such as credit / debit card numbers
- IP address
- cookies (see below for further information)
- dietary/ accessibility/ mobility information (if provided)
- CCTV footage of those visiting our premises (see below for further information)
- photographs and images of individuals
- company name/ address
- educational institute name/ address
- job title
We may also collect data where it is appropriate and relevant, for example:
- for purely business-related reasons, including managing relationships with third party and partner organisations.
- We will only process sensitive personal data also known as special categories of data (e.g. in relation to your health), with your explicit consent, for reasons of substantial public interests or where necessary for the establishment, exercise or defence of legal claims.
Some areas of Dublin Zoo are equipped with Closed Circuit Television (CCTV). We may
collect your personal data through the operation of the CCTV cameras.
It is in our legitimate interests to use the CCTV as follows:
- In the detection and prevention of crime
- To safeguard all those who access our premises and facilities
- To investigate security, health & safety incidents.
Recorded images are held for up to 30 days and then destroyed. Any CCTV footage identified as relevant to a formally reported incident may be retained for longer. Any CCTV footage identified as relevant to a formally reported incident involving a minor is retained for up to 18 years from the date of the reported incident (where an investigation or claim arising from such a reported incident takes longer than 18 years to be processed, the CCTV footage identified as relevant to that incident may be retained for longer than 18 years).
These records will not be shared with third parties unless there is suspicion of a crime, in which case we may be required to share your information to comply with our legal and regulatory obligations. This may then be shared with An Garda Síochana or other competent authorities.
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times.
Our use of your personal data will always have a lawful basis as follows:
- You have provided your consent to us using your personal data for direct marketing (i.e. to receive our newsletter) or to share your data with a third party for purposes of processing donations.
- It is necessary for our performance of a contract with you (where you have purchased something from Our Site, donated online or other business arrangements)
- It is necessary for compliance with a legal obligation to which we are subject (for example, to manage health and safety)
- It is within our legitimate interests for the proper administration of Dublin Zoo, and to manage our operations (for example, for the detection and prevention of crime and safeguarding all those who access our premises and facilities)
- the processing is necessary for reasons of public interest including in the area of public health
Specifically, we may use your data for the following purposes:
- Providing and managing your access to Our Site
- Supplying tickets, gifts, annual passes or options to donate to you (please note that we require your personal data in order to enter into a contract with you)
- Communication with you via email or another method that you have opted into (At any stage you may choose to opt out of such communications – contact us at email@example.com)
- Arranging events for your organisation/ institution/ company and communicating these details to you
- Assist government bodies or other competent authorities relating to public health requirements
How and Where Do We Store Your Data?
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected. Data will be deleted in line with our data retention policy.
We are committed to ensuring that there are appropriate technical controls in place to protect your personal data including protection from misuse and unauthorised access. For example, our network is protected and routinely tested.
Do We Share Your Data?
We engage with third parties to supply some services to us. These may be for:
- payment processing:
- delivery of goods
- ticket processing
- search engine facilities
- audit, legal and financial management
- insurance purposes
- Health & Safety
Whilst we allow relevant staff, consultants and/or external third party service providers acting on our behalf to access and use your personal data for the activities we have described in this policy (e.g. to provide services or products to you, to process payments), we only permit them to use it to deliver the relevant information, goods or services. Where we have engaged the services of a third-party processor, we have reviewed their privacy policies and security arrangements and conducted any necessary risk assessments. We also enter into a Data Processing Agreement to ensure that third parties are as committed to the security of your personal data as we are.
Some of your data may be stored in or outside of the European Economic Area (“the EEA”). If we do store data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be in Ireland.
We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, to comply with legal requirements, public interests or public health grounds, a court order, or a governmental authority.
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
Right to be informed:
This privacy notice explains how we collect, use and store your personal data
Right to access:
You have the right to find out if we are holding personal data on you. To exercise this right, you can make a “Subject Access Request” by contacting us as above
Right to rectification:
You have the right to have inaccurate personal data changed or removed. It is important to us that the information that we hold about you is accurate and up to date. Please let us know if any of your details have changed.
Right to erasure (the right to be forgotten):
You have the right to ask for your personal data to be erased from our records. However, this right is not absolute, and we can refuse this request, if this is the case, we will explain our reasons for our decision.
Right to restrict processing:
You have the right to ask us to restrict the processing of your data. This is an alternative to erasure and usually a temporary measure to limit the way we use your data whilst another data related matter is being resolved.
Right to data portability:
This right allows you to obtain and reuse the data that we hold on you in a machine-readable format for transmission to another data controller.
Right to object:
You have the right to object to us processing your personal data in some circumstances where we process data based on a legitimate interest or in the public interest.
Rights with respect to automated decision making and profiling.
We do not process your data in this way.
All requests, if valid, will usually be processed within a month. If we need longer to process your request, we will inform you at the earliest opportunity and in any case within one month from receiving your request. Please contact us at: firstname.lastname@example.org on any of these rights.
Further information on your data privacy rights is available on the website of the Data Protection Commission www.dataprotection.ie.