The Shannon Airport Group incorporates Shannon Group plc, Shannon Airport Authority DAC (‘Shannon Airport’) and Shannon Commercial Enterprises DAC (“SCE”).
This Privacy Notice applies to all domains and websites owned by The Shannon Airport Group. Any external links to other websites are clearly identifiable as such, and we will not be responsible for the content or the privacy policies of these third party websites.
The purpose of this Privacy Notice is to outline how we collect, process and share personal data. This Privacy Notice will outline the types of personal data we process about you and the legal basis we rely on to do so.
The Shannon Airport Group is committed to protecting and respecting your privacy. We wish to be transparent on how we collect, store and share your personal data and to ensure that you understand your rights under the GDPR.
In this notice, we outline:
All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the EU General Data Protection Regulation 2016/679, Data Protection Acts 1988 – 2018 and the ePrivacy Regulations S.I. 336/2011.
The Shannon Airport Group is the data controller for personal data processed where we decide the purpose and means of processing this data.
If you require further information about the way your personal data will be used, or if you are unhappy with the way we have handled your personal data, and wish to contact us, please submit your concerns by email to ‘The Shannon Airport Group’ Data Protection Officer at dpo@snnairportgroup.ie.
We can also be contacted by post at:
Data Protection Officer,
The Shannon Airport Group,
Shannon Airport,
Co. Clare,
V14 EE06,
Ireland.
If you are not satisfied with how we process your personal data, you have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission, so please contact us in the first instance.
The table below outlines the categories and types of data we collect along with the source of data. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect.
|
Data Category |
Data Type |
Source of Data |
|
Recruitment Data |
Curriculum Vitae, Identification, Garda Vetting. |
Potential Employees, Employees, Recruiters. |
|
Employment Data |
Leave Entitlements, Pay Details, Sick Notes, Payroll, Training Certificates, Trade Union Membership, |
Employees |
|
Vehicle Data |
Car Registration. |
Car Park Users |
|
Financial Data |
Bank Account Numbers, Card Details, Tax Details |
Data Subject |
|
Contact Details |
Name, Number, Email Address |
Data Subject |
|
Accident Data |
Details of Injuries. |
Data Subject |
|
CCTV Data |
Imagery, Sound, Video. |
Data Subject |
|
Identification Data |
Passport, ID Cards. |
Data Subject |
|
Website Data |
Name, email, IP address, aggregated location and pages visited. |
Data Subject |
|
Marketing Data |
Communication preferences. |
Data Subject |
The following section provides more details on the purposes for which we process your personal data and the legal basis by which we do this.
|
Data Category |
Reason for processing |
Legal basis for processing |
|
Recruitment Data |
Used by The Shannon Airport Group to assess your suitability for the role being applied throughout the recruitment process. |
Processing is necessary for the performance of a contract or as a precondition for entering a contract |
|
Employment Data |
To ensure employees receive their statutory leave entitlements. To ensure employees are paid for work done. To ensure Airport-based staff have completed their National Civil Aviation Security mandated safety training. |
To comply with employment legislation Processing is necessary for the performance of a contract To comply with a legal obligation under the National Civil Aviation Security Programme. |
|
Vehicle Data |
To allow customers to pre-book parking spaces at Shannon Airport. |
Processing is necessary for the performance of a contract. |
|
Financial Data |
To allow customers to purchase goods from our shopping facilities. To process payments for property letting agreements. |
Processing is necessary for the performance of a contract. |
|
Contact Details |
To share marketing and promotional emails with you.
|
Consent of the data subject. Where processing is based on consent, the data subject has the right to withdraw their consent. |
|
Accident Data |
To maintain a record of all incidents involving equipment or facilities across the Airport Campus. |
To comply with a legal obligation under the National Civil Aviation Security Programme. |
|
CCTV Data |
To ensure the safety and security of staff, customers and property on a Shannon Airport Group campus including incident investigations. |
Legitimate Interests |
|
Identification Data |
To verify the identity of boarding pass holders. To provide employees working on the Airport Campus with access cards and ID. |
To comply with a legal obligation under the National Civil Aviation Security Programme. |
|
Website Data |
To respond to a query/complaint as requested by the data subject. |
Consent of the data subject. Where processing is based on consent, the data subject has the right to withdraw their consent. |
There are various circumstances where we may be required to share personal data with third parties. We will only share your personal data with third parties where we have obtained your consent, where it is necessary to comply with a legal obligation or to provide services to you.
In these circumstances, we take steps to ensure that any third parties who handle your personal data comply with data protection legislation and protect your information to the same extent that we do. We will only disclose the personal data which is necessary for them to provide the service they are undertaking on our behalf.
In general, we do not transfer personal data outside of the European Economic Area however in the event that we do we will ensure that the transfer complies with our data protection obligations, and that any such transfers are based on an approved transfer mechanism, such as the EU Standard Contractual Clauses (SCC) or a relevant adequacy agreement.
For marketing purposes, we may contact you in relation to special offers, competitions, products and services from The Shannon Airport Group via email, post, SMS or phone.
Where we rely on consent for marketing purposes, consent will always be provided in the form of a clear opt-in. You have the right to withdraw your consent at any time using the unsubscribe link on emails/ text messages, alternatively you can contact us using the contact details listed in this Privacy Notice to opt-out of future marketing communications from The Shannon Airport Group.
Where we rely on Legitimate Interest (to develop and grow our business) to communicate with you for marketing purposes we will always provide you with an option to opt-out at the point of data collection and within each communication thereafter. Additionally, you can use the contact details listed in this Privacy Notice to opt-out of receiving future marketing communications.
We operate social media pages on LinkedIn, Twitter, Meta (Facebook and Instagram), Tic Tok and You Tube. This notice includes how The Shannon Airport Group uses personal data collected from those pages. However, it does not cover how the providers of social media websites will use your information. You are advised to check the privacy policies/notices of these social media sites to find out how they process your personal data.
As a data subject, you have the following rights in relation to the processing of your personal data. However, these rights are not absolute, and restrictions may apply in certain situations.
The right to be informed about the processing of your personal data.
The right to access your personal data.
The right to rectification of your personal data.
The right to erasure of your personal data.
The right to data portability.
The right to object to processing of your personal data.
The right to restrict processing of your personal data.
Rights in relation to automated decision making, including profiling.
Restriction of data subject rights in certain circumstances:
There are some restrictions to these rights, details of which are included in our Data Protection Policy and Subject Access Request Policy. Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances.
Please send any requests to dpo@snnairportgroup.ie with as much detail as possible regarding your requirements to allow us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes.
Upon receipt of a request, we have 30 days to provide an answer with an extension of a further two months if required. If we require more time to deal with your request, we will notify you of the delay and the reasons for it within 30 days of the receipt of your request. If we refuse your request, we will also notify you within 30 days of the receipt of the request accompanied by the reasons for the refusal.
You are entitled to contact the Data Protection Commission if we refuse your request.
We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also for multiple copies) or refuse the request.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
This notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.
We review this Privacy Notice regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process personal data. This Privacy Notice was last updated in May 2024.