We will always comply with General Data Protection Regulation (GDPR) when dealing with your personal data. You can find further details on the GDPR at http://gdprandyou.ie. All personal data is processed in accordance with the requirements of Irish and European data protection legislation, including the:
- General Data Protection Regulation (GDPR) or Regulation (EU) 2016/679
- Data Protection Act 2018
Kiltorcan Raceway understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of licence holders and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law. Kiltorcan Raceway is the data controller and data processor as defined. A Data Protection Officer (DPO) does not need to be appointed.
Type of Data Collected & Usage
We may collect some or all of the following personal data; this may vary according to your type of relationship with us:
- Licence Holder’s name, address, contact number and e-mail address.
- Date of birth
- Qualifications and Training
- Medical information
- Medical contact details
- Licence Holder’s payment information
- Official’s name, address, contact number and e-mail address
- Event entry information
- During events under permit information such as location data collected by GPS technology to record speed location and status
KILTORCAN RACEWAY, complies with its obligation under GDPR by keeping personal data up-to-date, by storing or destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data.
We use your personal data for the following purposes, to:
- maintain our own financial accounts, event records and invoicing.
- supply you with information by telephone, e-mail or post.
- facilitate communication on events
- ensure we are complying with the requirements of our insurers.
- comply with EU and FIA regulatory requirements.
Lawful Bases of Processing
We acknowledge that processing may be only carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity, which can be viewed in the above table. Where no other lawful basis applies, we may seek to rely on the member’s consent in order to process data.
Storage of Personal Data
All of our administrators are aware that hard copy personal information should be kept in a locked filing cabinet, drawer or safe. They are aware of their roles and responsibilities when their role involves the handling and processing of personal data, and are instructed to store files or written information of a confidential nature in a secure manner so that are one accessed by people who have a need and a right to access them and to ensure that screen locks and enabled on all desktops and laptops etc. when unattended. No files or written information of a confidential nature are to be left where they can be read by unauthorised people. Where data is computerised, it should be encrypted or password protected, either on a local hard drive or on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself by kept in a locked filing cabinet, drawer or safe. Personal data relating to licence holders will not be kept or transported on laptops, USB sticks, or similar devices unless prior permission has been received.
Where personal data is recorded on any such device it should be protected by:
- ensuring that data is recorded on such devices only where absolutely necessary
- using an encrypted system – a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
- ensuring that laptops or USB drives etc. are not left where they can be stolen, and in the in case of such an event occurring to report the incident to the relative authorities without delay
Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of principles. In accordance with these principles, we will ensure that:
- processing will be fair, lawful and transparent.
- data be collected for specific, explicit and legitimate purposes.
- data be collected will be adequate, relevant and limited to what is necessary for the purposes of processing.
- data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay.
- data is not kept for longer than is necessary for its given purpose.
- data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate measures.
- we will comply with the relevant GDPR procedures for transferring of personal data.
You have the following rights under GDPR:
- to be informed about the data we hold on you and what we do with it.
- to access the data we hold on you.
- for any inaccuracies in the data we hold on you to be corrected.
- to have data deleted in certain circumstances.
- to restrict the processing of the data.
- to transfer the data we hold on you to another party.
- to object to the inclusion of any information.
- to regulate any automated decision-making and profiling of personal data.
Access to Data
As stated above, all licence holders have a right to access the personal data that we hold on them. To exercise this right, licence holders should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit. No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the member making the request. In these circumstances, a reasonable charge may be applied. To submit a Subject Access Request please send a request to the licence administrator in writing either by e-mail or at our registered address.
KILTORCAN RACEWAY, may be required to disclose certain data to any person or third party. The circumstances leading to such disclosures include, but are not limited to:
- when required by or permitted by law or lawfully necessary to protect KILTORCAN RACEWAY, and its legitimate interests.
- requests from authorities, law enforcement agencies, court orders, legal procedures, obligations related to the reporting and filing of information with authorities or insurers.
- requests from motorsport authorities such as the FIA.
These kinds of disclosures will only be made when strictly necessary such as the above purposes or if we have received your explicit consent for such transfer of your personal data. KILTORCAN RACEWAY, does not transfer personal data to any recipients outside the EEA.
To exercise all relevant rights, queries or complaints please in the first instance contact reception at email@example.com You can contact the Data Protection Commission via e-mail firstname.lastname@example.org or by telephone +353 (0)57 8684800 or at Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.