Privacy Notice

Welcome to the Website Privacy Notice for ‘The Shannon Airport Group’.

This privacy notice describes how your personal data is processed when you visit this website and when you do business with us such as:

Provide commercial services at Shannon Airport (e.g. where you work for an airline, ground handler, taxi service or provide any other commercial services).
Rent a property from us or where you are an employee of a business who rents/leases any of our properties.

We are committed to protecting and respecting your privacy in accordance with all applicable data protection laws and related aviation legislation.

The Shannon Airport Group incorporates Shannon Group PLC, Shannon Airport Authority DAC (‘Shannon Airport’) and Shannon Commercial Enterprises DAC (“SCE”).

We have a separate privacy notice for Shannon Airport. If you require specific information on how we process personal data at Shannon Airport click here.

This website may include external links to third party organisations. Where we link to a third-party website not owned and controlled by us this privacy notice no longer applies, and you are advised to read the privacy policy of the website you are visiting.

How to Contact Us

Should you have any questions about this privacy notice or would like to contact us about any other matter, please use the following contact details:

Our address is ‘The Shannon Airport Group, Shannon Airport, Shannon, Co Clare, Ireland, V14 EE06. Our company registration number is 548847.

For data protection related queries email our Data Protection Officer at dpo@snnairportgroup.ie or contact the DPO by post using the address listed above.

For queries regarding commercial property email property@snnairportgroup.ie.

For queries regarding commercial aviation development email abd@shannonairport.ie.

If you are not satisfied with how we process your personal data, you have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission, so please contact us in the first instance.

Responsibility for Data Processing

We are the data controller where we determine the purpose and means of processing personal data. The services for which we collect and process personal data (and which is covered by this Notice) includes:

Our website where we process your query/feedback/complaint when you contact us using the contact us form, aggregated data such as the pages you visit, your IP address which gives an indication of what country you are in and your communication preferences where you indicate that you would like to receive relevant business-related messages from us.
Our Airport Operations Team may process your data where you provide services to us such as commercial cargo services, transportation services or other business services related to the commercial aviation industry.
Our Aviation Development Team may collect and process personal data about you when you contact us, use our airport to base an aircraft and use aviation services to support aircraft maintenance. We may also process your data where we actively contact you in relation to a business opportunity or proposal.
Our Commercial Property Team may collect and process your data where your company rents, leases or resides at one of our buildings within our property portfolio. We may also process your data where we actively contact you in relation to a business opportunity or for networking purposes.

Relevant Legislation

We are committed to protecting and respecting your privacy and will do so in a safe and secure manner. We will process your personal data in adherence with the EU General Data Protection Regulation 2016/679, the Data Protection Acts 1988 – 2018 and related data protection legislation such as the Irish ePrivacy Regulations S.I. 336/2011.

Whose Personal Data we process

We will process your data when you:

Visit our website ‘website visitor’
Do business with us such as where you supply services ‘third party employee business data’
Apply and retain a taxi permit at Shannon Airport ‘taxi permit holder’
Use private travel services ‘client of service’
Rent or lease a property from us ‘third party employee business data’
Work for an organisation who is based in one of our properties ‘third party employee security data’
Rent a meeting room ‘third party employee booking data’

Types of Personal Data processed

Basic identifier data such as your name, business contact details and signature.

Booking data such as date and time where you book a meeting room via the Gateway Hub.

Financial data such as your credit card and/or bank details when you pay for services, pay to lease a building, apply for a taxi permit or where we carry out a credit check.

CCTV video footage such as where cameras are located in key areas of our buildings and environs.

Security data such as your PIN and card access to secure areas where you are based in any of our buildings.

Marketing & Communications data including your preference whether or not you wish to receive communications from us.

Cookies & Tracking Technologies

We use essential and basic aggregated site performance cookies to help us understand how you browse our website. This information allows us to improve and develop content that is more useful to you. We will always require your consent to use non-essential cookies and similar technologies. For more information click here for our Cookie Notice.

Social Media

We use social media (LinkedIn) to promote industry relevant networking events. Where we publish details of an individual in a Group social media post, we will always seek their consent to do so. These social media channels are governed by their own privacy policy which we advise you to read.

Photos, video/audio recordings & testimonials

If you are involved in a photoshoot, media campaign on behalf of us, have been interviewed or have given us a testimonial and we use it for marketing purposes such as where it is published on our website or other media outlets, we will always seek your consent before publication. You may withdraw your consent at any stage, and should you choose this option, we will endeavour to remove your image, interview or testimonial from the date requested.

We may from time to time take a photo or recording at a public or sporting event, in such cases we will use our legitimate interest to do so taking into account and considering privacy from the outset.

How we collect Personal Data

Mostly, personal data will be collected directly from you when you;

Visit our website
Contact us directly via email, telephone, post or social media
Are introduced to us by a third party
Provide a service in any of our locations or properties
Lease or rent a property
Book a meeting room, and where;
We actively contact you regarding a business opportunity

How we use Personal Data

Data Type	Reason(s) for processing
Basic identifier data	Allows us to respond to your query, act on feedback you give us and take corrective action on a complaint or sign a contract.
Booking data	Allows us to process a booking as requested by you.
Financial data	This data allows us to process your booking of whatever service you have requested, apply for a taxi permit or pay rent. We may share relevant data with our appointed credit check agency. Credit checks help us prevent problems with payment transactions.
CCTV footage	Allows us to support the maintenance of health & safety standards in our buildings, assist with incident investigations, aid in the prevention and detection of theft and other crimes.
Security data	Airport laws require certain security standards are in place so as to prevent terrorism and similar crimes We are required by law to verify your ID and boarding card details for security reasons for commercial flights. We are required by law to ensure appropriate security checks are completed on employees of third-party organisations who either work or have access to the airport. You will also be required to go through a security check area where both you and any commercial cargo will be screened. We will process your data when we issue you with a swipe card or PIN where your employer rents/leases any of our offices and/or buildings.
Marketing data	We may require your consent to communicate with you, or we may use our legitimate interest to introduce ourselves to you. Where you post a comment or react in any way to a post on our social media channels, we use this information to assess the success or appropriateness of the content and send you a response if you request us to do so.
Cookies & tracking data	We may use your data such as ‘the website pages you visit and what you interact with’ to improve our website. We require your consent to process non-essential cookies and tracking technologies. Where you consent, we will only process aggregated statistics from your use of our website. Such processing will never be used to directly identify you.

Lawful Bases for Processing Personal Data

We will only process personal data where we have identified an appropriate lawful basis. Examples include but are not limited to:

We will communicate with you where you permit us to do so ‘consent’. You are able to withdraw your consent at any time.
We will process financial data under ‘contract’ such as where you pay us by credit card, sign a rental or service provision agreement with us.
We use ‘legal obligation’ to process personal data where it is necessary for us to comply with the law such as required by ‘health & safety legislation’, or where we are required to report a crime to ‘An Garda Siochana’.
We will only process personal data about you such as in an emergency situation where you need medical assistance. In this case we will use ‘vital interest’ to process your data.
Where you are travelling as a private jet or cargo passenger, we will process your security data such as ID and boarding pass details as required under EU Civil Aviation Laws and Airport Bye Laws. In this case we use ‘public interest’ to process your data.
We use our ‘legitimate interest’ to process CCTV images. We use CCTV systems to monitor the security of our buildings and premises and safety within these areas. We may also use legitimate interest to contact you where you are a potential business client. Where we use ‘legitimate interest’ as a lawful basis for processing, we will have carried out the relevant assessment that confirms that the processing is necessary and that a balancing test has been conducted to confirm that our business interests in processing your data does not override your interests or fundamental rights and freedoms.

In addition to this where we use ‘legitimate interest’ as a lawful basis you will have the opportunity to ‘object’ to the processing. An example includes where you request your details to be removed from our marketing database, and you will no longer receive marketing emails from us.

A comprehensive list of processing activities and the associated lawful basis is detailed in our Record of Processing Activities (ROPA).

Other Data Controllers located at Shannon Airport

If you travel from Shannon Airport to the US, you will be subject to pre-clearance under the US Customs and Border Protection (CBP) facility. Personal data processed by the CBP facility is not covered in this notice as CBP (operated by the US Department of Homeland Security) is a separate Data Controller. CBP follows the privacy policy of the US Department of Homeland Security. For more information logon to https://www.cbp.gov/site-policy-notices/privacy-policy.

Your data may also be processed by other third parties such as the Irish Tax and Customs Service (Revenue) where you have something to declare and the Irish Naturalisation and Immigration Service (INIS) of the Department of Justice and Equality where you are travelling from a non-EU country. Such processing is not controlled by us, and you are advised to check the Privacy Policies of these organisations to find out how they process your data.

Other organisations considered to be independent data controllers include commercial airlines you travel with, ground handling and other commercial aviation services based at the airport. They may process your data for their own purposes which will be covered under their own privacy policies.

Data Processors working on our behalf

We engage third party data processors to process personal data on our behalf. They support the efficient running of our business. Some examples include:

Web developers which help to develop and manage our website.
Databases which we use to manage communication preferences so as to send you communications where we have a lawful basis to do so.
CCTV systems used for aiding with safety, security, incident investigations and the prevention of crime.
Security systems such as cargo / baggage scanners which assist us with ensuring security and safety are in place when you travel through our airport and PIN/access cards which allow you to access secure areas of buildings.

Sharing information with Third Party Organisations

There are various circumstances where we may be required to share personal data with third parties. We will only share your personal data with third parties where we have identified a lawful basis to do so. In these circumstances, we take steps to ensure that any third parties who handle your personal data comply with data protection legislation and protect your information to the same extent that we do. For example, we may be required by law to share data with ‘An Garda Siochana’ where they are investigating criminal activity.

Where we share your data with our service providers, we will only disclose the personal data which is necessary for them to provide the service they are undertaking on our behalf. In the event that data needs to be shared we will ensure we have the necessary agreements in place to do so.

Where required by law we may be required to share personal data with industry regulators and/or auditors. Where relevant and/or necessary we may share your data with our appointed legal representatives to enforce or apply any contract with you.

We may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not allow them to directly identify you

If our business is ever sold or merged with another, we may need to share your personal information with the new owner. Should this occur they’ll only be allowed to use your information for the same reasons you originally shared it with us.

International Data Transfers

We will endeavour to process your data within the European Economic Area (EEA). However there may be circumstances where we are required to transfer or process personal data outside of the EEA and where we do, we will ensure there is a suitable transfer mechanism in place such as an adequacy agreement (e.g., EU – UK Adequacy Agreement, EU – US Data Privacy Framework) or Standard Contractual Clause (SCC), as approved by the EU Commission. Where we use an SCC, we will ensure that the appropriate Transfer Impact Assessment (TIA) is completed.

Data Subject Rights

As a data subject, you have the following rights in relation to the processing of your personal data. However, these rights are not absolute, and restrictions may apply in certain situations.

You have the:

Right to access your personal data, and the right to request a copy of such data.
Right to information about how we process your personal data.
Right to erasure or to be forgotten where you can ask us to delete your personal data from our systems provided no restriction applies.
Right to rectification where you can ask us to correct your personal data if any of it is incorrect.
Right to restriction where you can ask us to restrict the processing of your personal data such as where you have a query or complaint. The processing will be stopped until the query and/or complaint is resolved.
Right to portability where you can ask us to transfer your personal data to another “Group” platform or another platform.
Right to withdraw your consent where the lawful basis for processing is consent (e.g., you can unsubscribe to our newsletter).
Right to object to the processing where the lawful basis is legitimate interest (e.g., a business customer can object to their contact being added to a business mailing list).
Right to complain to the Data Protection Commission (www.dataprotection.ie) about how we process your personal data. However, we would welcome the opportunity to deal with your complaint before you contact them.

There are some restrictions to these rights, details of which are included in our Data Protection Policy, Subject Access Request and Data Subject Rights Request Policies. Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances.

Where do I send a data subject rights request to?

Please send your request to our Data Protection Officer at dpo@snnairportgroup.ie. Include as much detail as possible to allow us to deal with your request in an efficient manner. To answer your request, we may ask you to provide identification for verification purposes.

How long will a request take to complete?

Upon receipt of a verified request, we have 30 days to complete your request. In exceptional circumstances we may be able to avail of an additional two months. If we require additional time to deal with your request, we will notify you of the delay and the reasons for it within 30 days of the receipt of your request. If we refuse your request, we will also notify you within 30 days of the receipt of the request accompanied by the reasons for the refusal.

You are entitled to complain to the Data Protection Commission if you are unhappy with our response to your request.

How much does it cost to submit a request?

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also for multiple copies) or refuse the request.

How long do we retain your data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. How long, may also vary depending on our relationship with you. Data retention timelines are regularly reviewed and are documented in our Data Deletion and Retention Policy. If you would like more information about this, please let us know.

Data Security & Confidentiality

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where we engage another organisation to carry out work on our behalf, we will ensure the appropriate agreements are in place, having carried out vendor due diligence and monitor their performance on a regular basis.

We have physical access control measures in place in our buildings with controlled access to various areas in our buildings. We also conduct security vetting (standard Garda vetting and enhanced Garda vetting) for all employees, contractors and employees of third parties working in Shannon Airport.

Governing Law & Jurisdiction

This notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

Changes to our Privacy Notice

We review this Privacy Notice regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process personal data. This Privacy Notice was last updated in January 2026.