Privacy Policy

BACKGROUND:

Kerry Airport understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our passengers, customers, partners, employees and individuals and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.  We want to ensure that you enjoy our amenities and services and that we use any data to make sure that you have the best possible experience accordingly.

 
1. Information About Us

Kerry Airport PLC is a registered company under company number 26871
Registered and trading address: Farranfore, Killarney. Co. Kerry, Ireland V93KHF7.
VAT number: IE 9i92655t
Data Protection Officer: Mr. Basil Sheerin.
Email address: privacy@kerryairport.ie
Telephone number: ++ 353 66 9764644.

2. What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in Part 5, below.

4. What Are My Rights?

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

15. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 15.
16. The right to access the personal data we hold about you. Part 15 will tell you how to do this.
17. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 15 to find out more.
18. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 15 to find out more.
19. The right to restrict (i.e. prevent) the processing of your personal data.
20. The right to object to us using your personal data for a particular purpose or purposes.
21. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
22. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
23. Rights relating to automated decision-making and profiling. Be advised – we do not use your personal data in this way except in relation to the use of cookies as outlined in Part 12 and Part 13

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Office of the Data Protection Commissioner.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of the Data Protection Commissioner. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 15.

What Personal Data Do You Collect and How?

We collect personally identifiable information (PII) (also known as personal data) that you provide to us, which is information that identifies you as an individual. We only do this when you have provided us with the information and you have given your consent that we can use it in your interest for the purposes set out in this Privacy Notice. We may collect this PII information about you via this website, via telephone, e-mail, online forms, cctv or in person.

We are determined to deliver a first-class welcome and a great service to all passengers, customers, and partners. We describe the different purposes for which we collect your personal data such as individuals who may interact with us in the following ways:

1. Individuals that use services offered by Kerry Airport
2. Individuals who access services by Kerry Airport via its websites and online media.
3. Individuals that sign up to receive information from Kerry Airport.
4. Individuals that send us feedback via our websites or social media channels
5. Visitors to our websites
6. Visitors to our premises and site.

We may collect the following personally identifiable information (PPI) from you in your dealings with Kerry Airport – particularly in relation to bookings flights with our carrier airlines:

• Full name,
• Postal address
• Email address
• Contact Number
• Nationality
• Passport Number
• Date of Birth
• Travel dates
• Vehicle Details & Registration
• Credit Card or Debit Card details (where you are booking with us or availing of our services)
• Special Requests with regards to assistance. We collect this information to enable us to process your request for assistance as a person with reduced mobility and effectively resolving your query. This information is only processed with your consent and we will never use this information for any other purposes than those specified above.

Please note that we do not engage in direct marketing outside of our own subscribed Database as detailed later in this Notice –Part 6(i) (Direct Marketing Communications) and do not disclose or share your personal data with any third party. Any correspondence or literature that we send you will be requested directly by you, freely given via a statement or a clear affirmative action and will be obtained fairly, lawfully and in a transparent manner.

Reasons for Processing your Data:

We fully respect your right to privacy and undertake to only collect data as required to deliver the services you need, or with your clear permission and consent. In addition, we are required to implement statutory regulations in civil aviation as part of our role as an airport operator. The reasons for processing your data may include the following:

1. Delivering the passenger experience – our job is to get you through your airport journey as smoothly and comfortably as possible. Due to the highly regulated nature of air travel, we are required to process data for safety and security reasons as described in detail below.  This personal data will have been provided by you to your airline under your contract of carriage and an agreement will have been entered into to allow same to provide their handlers (which is Kerry Airport in this case) with your information sufficient to complete your contract with the airline and hence complete your journey.
2. Providing additional services at the airport – we provide additional services which you may choose to use to enhance your journey. In providing these services to you, we may need to gather some data. For example, these services may require that we process payments, and keep your name and other details, such as car registration and email address.
3. Providing free Wi-Fi while you use our airport – under Irish law, all ‘Internet Service Providers’ or ISPs are obliged to maintain records of internet access for a period of 12 months. As we do not collect your name as part of the Wi-Fi sign-up, we store the IP address assigned to you and the MAC address of the device you used to access to Wi-Fi service. We keep these records as required by law.
4. Protecting the welfare of passengers, visitors, contractors and staff at Kerry Airport – we may need to record personal details relating to any individuals involved in incidents or accidents in the airport or its environments.
5. We may also perform statistical analysis on passenger and customer flows to improve our services and plan for future enhancements to our airport facilities – in this situation, we will anonymise your data before any analysis is performed so we cannot identify you.
6. Ensuring the safety and security of civil aviation – this includes CCTV recording
7. Safety and Security of our staff, customers and property- (CCTV).  Kerry Airport is obliged to keep the airport, its staff, its property and its users safe and secure. To assist us in this, we operate CCTV security systems both landside and airside and our airport security team manage these important security controls. CCTV images of you are considered to be personal data and we carefully safeguard access to these images. We retain all CCTV footage for 28 days.

6. How do we use your Personal Data?

In the below description, we describe: the purposes and legal basis for collecting and processing your personal data, the categories of personal data we process for those purposes, with whom we share your personal data, and how long we retain your personal data.

(i) Direct Marketing Communications:

If we wish to gather information to contact you, e.g. for marketing purposes, we will ask for your consent to do so in advance. We will only contact you on an adhoc basis with details of airport news, exclusive competitions and exclusive discounts and offers on products and services from Kerry Airport and its airline carriers. If you have provided consent, you can unsubscribe at any time to remove that consent. For further details and our Direct Marketing Permissions statement see below. We use Mail Chimp as our marketing automation platform. You can view the Mail Chimp privacy policy here: https://mailchimp.com/help/collect-consent-with-gdpr-forms/

(ii) Car Parks:

The information we collect about you

We may collect the following personal information from you in connection to your usage of Kerry Airport’s Car Parks

• Entry & Exit dates
• Vehicle Details & Registration
• Credit Card or Debit Card details (where you are paying for our services)
• CCTV of your personal and vehicle movements including accessing payment machines.

The purpose for collecting this information

We collect this information about you to enable us to provide the product / service you have requested. Your personal data is processed for the performance of the contract between Kerry Airport, as data controller, and you, the data subject. Information you provide may also be used to conduct statistical analysis of our products / services, analyse future trends and build customer profiles. This processing is carried out in Kerry Airport’s legitimate interests and allows us to ensure customers continue to find our products valuable and so that we can continue to invest in the infrastructure to meet customers’ future needs at Kerry Airport.

With whom we may share this information

At times, we engage third parties to assist us in providing our products / services. Your personal data may occasionally be shared with these organisations to allow us to provide you with the product / service you have requested. Kerry Airport will never share your information with these organisations for marketing purposes. In this respect, we may share your data with the following types of organisations:

1. Software providers
2. Payment processors.

We do not operate a car park advance booking engine. We engage a specialised software provider (SKIDATA) located in the UK to develop, host, and maintain our car parking operating system. We work hard to ensure your personal data is always kept secure and safeguards are in place to secure your personal data when transferred outside the EU or the EEA. Kerry Airport have contractual agreements in place with our software provider to ensure a high standard of security is maintained when processing your personal data.

Retention – how long we keep this information

When you provide us with personal information, we retain this information as long as necessary.  We will retain the following specific personal data you have provided for the following time periods;

1. Credit card information – we only store a hash of your card number for identification purposes. A ‘hash’ is a secure representation of your card number that can be used to identify your card but cannot be used to recreate your card number. We retain the card number for 30 days.
2. We do not retain full card details unless you have consented to us doing so.

3. We retain CCTV footage for twenty eight (28) days. Thereafter the system overwrites itself. Any CCTV footage identified as relevant to a formally reported incident is retained for as long as necessary where records are required by the airport to defend legal claims against it or subject to statutory and other legal obligations.

1. Audio recordings – we do not record conversations at the car park barrier.

How we treat sensitive information

We will not collect any sensitive information / special categories of personal data relating to you within the operation of our Car Parks.

 (iii). Private Aircraft/ Corporate Jet Handling

(Including Pilot and Passenger information)

The information we collect about you

We may collect information about you via this website, telephone, email, mobile device, form, or in person. We may collect the following personal information from you;

• Full name,
• Postal address
• Email address
• Contact Number
• Passport Numbers
• Nationality
• Date of Birth
• Arrival & Departure dates
• Vehicle Details & Registration
• Credit Card or Debit Card details (where you are booking with us or availing of our services)
• CCTV of your personal and vehicle movements including Arrivals Area, Departures Area and pilot lounges,

The purpose for collecting this information

We collect this information about you to enable us to provide the product / service you have requested. Your personal data is processed for the performance of the contract between Kerry Airport, as data controller, and you, the data subject. This processing is carried out in Kerry Airport’s legitimate interests and allows us to ensure customers continue to find our products valuable and so that we can continue to invest in the infrastructure to meet customers’ future needs at Kerry Airport

With whom we may share this information

At times, we engage third parties to assist us in providing our products / services. Your personal data may occasionally be shared with these organisations to allow us to provide you with the product / service you have requested. Kerry Airport will never share your information with these organisations for marketing purposes. There are also a number of agencies that have a legal right to your data in the interest of the protection of the State and its citizens to which certain elements of your personal data will be shared with as part of our obligations with said agencies.  In this respect, we may share your data with the following types of organisations:

1. Software providers
2. Transport providers
3. Payment processors.
4. Government Agencies including
   • Garda Siochana & National Immigration Services
   • Customs & Revenue Commissioners
   • Department of Agriculture, Food & Marine.

Retention – how long we keep this information

When you provide us with personal information, we delete this information in line with our data retention policy. We will retain the following personal data you have provided for the following time periods;

1. Credit card information – we only store a hash of your card number for identification purposes. A ‘hash’ is a secure representation of your card number that can be used to identify your card but cannot be used to recreate your card number. We retain the card number for 30 days
2. We do not retain full card details unless you have consented to us doing so.
3. We retain CCTV footage for thirty (30) days. Thereafter the system overwrites itself. Any CCTV footage identified as relevant to a formally reported incident is retained for as long as necessary where records are required by the airport to defend legal claims against it or on receipt of appropriate advice.
4. Handling Requests and associated files are kept for a period of 3 years.

How we treat sensitive information

We will not collect any sensitive information / special categories of personal data relating to you within the operation of Private Aircraft & Corporate Jet Handling.

(iv). Gift Shop at Kerry Airport

We may collect the following personal information from you in relation to individual purchases

1. For in-store purchases we do not collect personal data (we do not retain payment data in our shops). However, in order to provide duty free prices and for internal statistical information we collect flight details as provided on your boarding card. The information collected is limited to the item purchased and flight information such as the airline and destination details.

The purpose for collecting this information

2. We collect this information about you to enable us to complete the transaction for the product you have purchased. Your personal data is processed in this respect for the performance of the contract between Kerry Airport, as data controller, and you, the data subject.

1. Boarding Card information may be collected at the till point in our restaurants, shops and bars in order to provide duty free prices (if and when applicable)
2. Competitions – we may collect information when you enter competitions we run in-store or via our social media channels. We process this information to select competition winners and fulfil delivery of any such prizes, in line with our competition terms and conditions. We will ask for your consent in advance to collect this information.
3. Staff purchases – if you are a member of staff at Kerry Airport or its associated affiliates, we may also collect information such as your Airport ID number. This information is required to enable us to complete the transaction for the product you have purchased. We collect this data as part of the fulfilment of a sales contract with you as a person eligible for a discounted price.
4. Information you provide may also be used to conduct statistical analysis of our products / services, analyse future trends and build customer profiles. This processing is carried out in Kerry Airport’s legitimate interests and allows us to ensure customers continue to find our products valuable and so that we can continue to invest in the infrastructure to meet customers’ future needs at Kerry Airport. This does not affect your rights as a data subject. See your rights in relation to your information for more.

With whom we may share this information

At times, we engage third parties to assist us in providing our products / services. Your personal data may be shared with these organisations to allow us to provide you with the product / service you have requested.

We may share your data with the following types of organisations:

1. Software providers
2. Web designers
3. Payment processors.

7. How do you get my Consent?

Where our use of your personal data requires your consent, you can provide consent:

• At the time we collect your information following the instructions provided; or

• By informing us using the contact details set out in this Policy.

You can choose how we can get in touch with you at the time you provide us with the personal information as well as being able to change this by contacting us. You may withdraw your consent at any time. You will not suffer any detriment for withdrawing your consent. If you withdraw your consent, this will not make processing which we undertook before you withdrew your consent unlawful

8. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, and as previously outlined for different categories of services we provide. We review data annually to ensure that it is still relevant and necessary.

9. How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data within Ireland. This means that it will be fully protected under the Data Protection Legislation.

10. Do You Share My Personal Data?

We may also need to share your data with partners such as your airline or their ground handler to help get you to your destination. Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Notice. Where you provide your data directly to a third party, we have no involvement in that transaction or access to the data and the processing is the responsibility of the third party. An example of this would be going online to rent a car for collection at the airport.

We may also disclose your information to contracted companies who act as “data processors” on our behalf.  Our data processors include external consultants, professional advisers such as lawyers, software and technical support providers, IT consultants, credit card processors and marketing technology platforms and suppliers, credit controllers and fraud prevention companies and of course as required by law.

We only share information with third parties who help us in the delivery of our services to you. These third parties may not use that information for any purpose other than assisting us in providing these services. Any contact information that you provide through our system will not be sold/ rented/leased to any third party for selling or marketing to you. We will only provide third party companies with the personal information they need to deliver the appropriate service.

We require all companies providing such support services to meet the same standards of data protection as our own. They are prohibited from using the information for their own purposes. We do not allow service providers to use your personal data for their own activities.

11. Data Sharing with Law Enforcement:

Where data is provided by us to a regulatory body or law enforcement agency to meet statutory or regulatory obligations, activities undertaken by those parties is outside our control and hence fall outside of the scope of this Privacy Notice. Agencies that we may be obliged to share information with include:

1. An Garda Siochana (National Police Service)
2. Garda National Immigration Bureau (GNIB)
3. Irish Naturalisation and Immigration Service (INIS)
4. Revenue Commissioners – Irish Tax and Customs Service.
5. Irish Aviation Authority including its Air Accident Investigation Unit (AAIU)
6. DAFM – Department of Agriculture, Food & Marine (relative to transport of foods. Pets and Animals).

12. What about Cookies and Other Websites?

Our websites use cookies. Cookies are small text files which are created on your computer or mobile device when you visit a website. They enable your web browser (such as Internet Explorer, Google Chrome or Mozilla Firefox) to remember which pages on a website you have visited and can also allow you to set preferences on some sites. Your web browser then sends these cookies back to the website on each subsequent visit so that they can recognise you and remember things like user preferences.  You can use our websites with no loss of functionality if cookies are disabled in your web browser. By using our website, you are consenting to our use of cookies. You may opt out of the use of cookies by following the guidance provided below.

13. Web Browsing

Technical details in connection with visits to our websites are logged for statistical purposes only. No information is collected that could be used by Kerry Airport to identify website visitors. The technical details logged are confined to the following:

1. The top-level domain name used (e.g. .ie, .com, .org, .co.uk, .net)
2. Data which shows the traffic of visitors around this website (such as pages accessed and documents downloaded)
3. The type of web browser used by the website visitor.
4. Some of the above information is used to create summary statistics, which allow us to measure the number of visitors to our sites, identify what pages are accessed most frequently and generally help us to increase the usability and accessibility of our sites. We do not release any information or statistics to third parties. By using our websites, you accept the practices described in this Privacy Notice.

 How we use cookies

Cookies are small text files a website will place on your hard drive to record your preferences on a site or help identify trends for statistical purposes.

It is important to note that accepting cookies used on our sites does not give us access to any personal information. Most browsers automatically accept cookies by default, but you can usually refuse cookies or selectively accept certain cookies by adjusting the preferences in your browser. You can find information on how to adjust your cookie preferences for popular browsers below.

Third Party Links on our Website

Our website may from time to time provide links to or embed third party websites. This Privacy Notice does not apply to those websites. If you choose to enter such a linked site, you agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:

1. How these websites treat your personal data
2. The content of such websites
3. The use that others make of these websites.

Please ensure you check the legal and privacy statements posted on each website or mobile application you access before entering any personal data

Functional

Content Management System – cookies are used as part of the software used to manage and update our website content. The information gathered is not retained and the cookie is deleted when the browser is closed.

Performance

Analytics – cookies are used to collect information anonymously to Kerry Airport better understand and improve how people interact with our site – they do not record personal information. The cookies collect information including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Advertising Cookies

Kerry Airport use advertising cookies to measure the effectiveness of advertising campaigns and how we can improve them for you. The advertising cookies used by Kerry Airport are anonymous and are not used to collect information which can identify the user.

How to delete or set cookie options in browsers

Should you wish to you can delete or block the use of cookies in your browser settings. However, once you do this, some features of our websites may not work as intended.

You can delete the cookies stored on your device or alternatively you can change your privacy settings on your browser via the following links:

Microsoft Internet Explorer

1. Open the ‘Tools’ menu
2. Select ‘Internet Options’
3. Open the ‘Security’ tab
4. Choose the ‘Internet’ zone
5. Identify the security level ‘High’ for this zone
6. Click ‘OK’

Google Chrome

1. Open the ‘Menu’ (icon) on the toolbar
2. Choose ‘Settings’
3. Open ‘Advanced Settings’
4. Go to the ‘Privacy’ section and click on ‘Content Settings’
5. In the ‘Cookies’ section, you can choose how cookies are used when you browse using Chrome.

Mozilla Firefox

1. Open the ‘Edit’ menu
2. Choose ‘Preferences’
3. Open ‘Privacy & Security’
4. Choose ‘Cookies’.

14. Security and Confidentiality

Any personal information that you provide to Kerry Airport will be treated with the highest standards of security and confidentiality and handled in accordance with Data Protection laws and the General Data Protection Regulation. Security of your personal data is very important to us. We take all reasonable technical and organisational measures to prevent the loss, misuse, unauthorised access, disclosure or alteration of your personal data. These measures include:

1. We apply various levels of access control to restrict access to your personal information to Kerry Airport employees and contractors who require a level of access as part of their role
2. We work with experienced, specialised vendors to develop and maintain our platforms
3. We regularly review and audit our security and data protection policies and procedures to ensure a high level of operational security is maintained.

15. What are my Rights under The Data Privacy Notice?

You have the following rights in relation to the personal information we hold about you:

• Your right of access

If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information.

• Your right to rectification

If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified.

• Your right to erasure

You can ask us to delete or remove your personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your personal data or we should erase your personal data to comply with applicable EU law. If we have shared your personal information, referenced in ‘Who has access to personal data’ above, we will let them know about the erasure where possible.

• Your right to restrict processing

You can ask us to ‘block’ or suppress the processing of your personal information, for example, where you contest the accuracy of that personal information or object to us processing it. If we have shared your personal information with others, we will let them know about the restriction where possible.

• Your right to data portability

You have the right to obtain personal information you have provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or ask us to transfer this to a third party of your choice.

• Your right to object

You can ask us to stop processing your personal information, and we will do so, if we are:

• relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
• processing your personal information for direct marketing; or
• processing your personal information for research unless such processing is necessary for the performance of a task carried out in the public interest.

• Your rights in relation to automated decision-making and profiling

Automated-decision making is when a company uses software to make decisions based on information that has been programmed into software. With automated decision-making, there is usually no human involvement in the decision-making process.

16. Profiling

Profiling is where algorithms and software are used to analyse personal characteristics to identify trends in behaviour or choices.

You have the right not to be subject to a decision when it is based on automatic processing, including profiling, and it produces a legal effect or similarly significantly affects you unless such profiling is necessary for entering into, or the performance of, a contract between you and us.   Be advised – we do not use your personal data in this way except in relation to the use of cookies as outlined in Part 12 and Part 13

17. Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the Data Protection Commissioner. You can find details about how to do this on the website here:

https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/18.htm

Data Protection Commissioner

Office of the Data Protection Commissioner
Canal House,
Station Road,
Portarlington,
Co. Laois.
Ireland.
R32 AP23,

Phone: +353 (0761) 104 800
LoCall: 1890 25 22 31
Fax:     +353 57 868 4757
Email:  info@dataprotection.ie

18. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 15. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 30 working days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

19. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the attached data access request form and sent it to:

Email address: privacy@kerryairport.ie
Telephone number: ++ 353 66 97 64644.
Postal Address: Farranfore, Killarney. Co. Kerry V93KHF7.

20. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our website. This Privacy Notice was last updated on 15^th January 2019.