Privacy Policy - Seamist Guesthouse

At Sea Mist Guesthouse, accessible from https://seamistguesthouse.ie, we value your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR).

1. Information We Collect

We may collect and process the following data:

Personal Information: Your name, email address, phone number, and other details you provide when booking accommodation, submitting a contact form, or subscribing to our newsletter.
Booking Information: Dates of stay, number of guests, preferences, and payment-related details (processed securely via third-party platforms).
Technical Data: IP address, browser type, and device information, collected through cookies and analytics tools (e.g., Google Analytics).

2. How We Use Your Information

We use your data to:

Respond to enquiries and manage bookings
Communicate important updates or confirmations
Improve our website’s functionality and user experience
Comply with legal obligations

We do not sell or rent your personal data to third parties.

3. Legal Basis for Processing

We process your personal data based on:

Consent – when you voluntarily provide information
Contract – to manage your accommodation booking
Legal obligation – where applicable for tax or regulatory purposes
Legitimate interest – to improve our services and respond to enquiries

4. Cookies and Analytics

Our website uses cookies to collect anonymous usage data and improve performance. You can manage cookie preferences through your browser settings.

5. Data Retention

We retain your personal data only as long as necessary for the purposes it was collected, or as required by law.

6. Your Rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Request deletion of your data
Object to or restrict certain types of processing
Withdraw consent at any time

To exercise any of these rights, please contact us at Seamist Guesthouse

7. Data Security

We take reasonable precautions to protect your personal data using secure servers, SSL encryption, and trusted third-party service providers.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the content or privacy practices of those websites.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Effective Date.”

10. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact:
📧 seamistguesthouse@gmail.com
📍 Sea Mist Guesthouse, 1 Merlin Gate, Dublin Rd, Galway City, Ireland

11. GDPR

Privacy Policy - SeaMist Guesthouse

Last Updated: [Insert Date, e.g., 28 June 2025]

1. Introduction

Welcome to SeaMist Guesthouse. We are committed to protecting the privacy and personal data of our guests and website visitors. This Privacy Policy outlines how SeaMist Guesthouse (referred to as "we," "us," or "our") collects, uses, stores, shares, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and relevant Irish data protection legislation.

By staying with us or using our services, you agree to the collection and use of your information in accordance with this policy.

2. Who We Are (Data Controller)

SeaMist Guesthouse is the Data Controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

Our Contact Details:

Name: SeaMist Guesthouse
Address: 1 Merlin Gate, Old Dublin Rd, Galway
Email: seamistguesthouse@gmail.com
Phone: 0857854271
Website: https://seamistguesthouse.ie/

3. What Personal Data We Collect

We collect various types of personal data to provide our services and manage our business. The data we collect depends on how you interact with us.

3.1. Data You Provide Directly To Us:

When making a booking (online, phone, email, in-person):
- Contact Information: Full name, home address, email address, phone number.
- Booking Details: Arrival and departure dates, room preferences, number of guests, names of other guests in your party.
- Payment Information: Credit/debit card details (card number, expiry date, CVC – processed securely via PCI-compliant payment gateways and not stored directly by us beyond what's legally necessary for the transaction).
- Special Requests/Requirements: Dietary needs, accessibility requirements, allergies, or any other information necessary to enhance your stay. (Note: Some of this may be considered 'sensitive personal data' under GDPR, for which we seek explicit consent or rely on necessity for contractual service provision).
During Check-in:
- Identification: For legal and security purposes, we may request a form of identification (e.g., passport, driving license) for the lead guest. This is typically for compliance with [State any specific legal obligations, e.g., 'Immigration Act requirements' if applicable, or remove if not]. We do not store copies of these documents unless legally required.
When you communicate with us:
- Records of correspondence, feedback, inquiries, and complaints.
When you sign up for our newsletter or marketing communications:
- Email address, name.

3.2. Data Collected Automatically From Our Website:

Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Usage Data: Information about how you use our website, including the pages you visit, the time spent on those pages, unique device identifiers, and referral sources.
Cookies and Tracking Technologies: Our website uses cookies and similar technologies to enhance your Browse experience, analyse website traffic, and understand user behaviour. For detailed information on the types of cookies we use, their purpose, and how you can manage your preferences, please refer to our separate Cookie Policy [Insert Link to your Cookie Policy here]. Your cookie consent is managed through our cookie consent banner.

3.3. Data From Third-Party Sources:

We may receive personal data about you from third-party booking platforms (e.g., Booking.com, Expedia, Airbnb) if you make a reservation through them. The data we receive is limited to what is necessary to fulfil your booking and manage your stay (e.g., name, contact details, booking dates, special requests). We encourage you to review the privacy policies of these third-party platforms to understand how they process your data.

4. How We Use Your Personal Data (Purposes and Legal Basis)

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and based on the following legal grounds under GDPR:

Purpose of Processing	Types of Data Used	Legal Basis for Processing
To manage and process your booking and stay:	Contact, Booking, Payment, Special Requests	Performance of a contract: Necessary to fulfil our obligations to you (e.g., confirm booking, provide room, process payment).
To communicate with you about your booking:	Contact, Booking	Performance of a contract: For essential service communications.
To provide requested services during your stay:	Contact, Booking, Special Requests	Performance of a contract: To accommodate specific needs (e.g., dietary requirements, accessibility).
For internal record keeping and accounting:	Contact, Booking, Payment	Legal Obligation: To comply with tax, financial, and other legal requirements.
To improve our services and guesthouse operations:	Usage Data, Feedback, Booking (anonymised where possible)	Legitimate Interests: To understand guest preferences and enhance our offerings (without overriding your rights).
To respond to your enquiries and feedback:	Contact, Correspondence	Legitimate Interests: To provide customer service.
To send you marketing communications (if opted-in):	Email, Name	Consent: We will only send marketing if you have explicitly given us your consent. You can withdraw consent at any time.
For security and fraud prevention:	Contact, Booking, IP Address, Identification (if legally required), CCTV (if applicable)	Legitimate Interests: To protect our property, guests, and staff, and prevent fraudulent activity.
To comply with legal or regulatory obligations:	Any relevant data	Legal Obligation: As required by law (e.g., police requests, immigration authorities).

5. How We Store and Protect Your Personal Data

We are committed to ensuring that your data is secure. We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption: Using SSL/TLS encryption for our website and booking engine to secure data transmission.
Access Controls: Restricting access to personal data to only those staff members who need it to perform their duties.
Secure Systems: Using reputable and secure booking software, payment gateways (PCI DSS compliant), and IT infrastructure.
Data Minimisation: Only collecting data that is necessary for the stated purposes.
Staff Training: Regularly training our staff on data protection and privacy best practices.
Physical Security: Securing physical records in locked cabinets within restricted areas.

While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

6. Who We Share Your Personal Data With

We may share your personal data with the following categories of third parties only where necessary for the purposes outlined in this policy and always in compliance with GDPR:

Booking Engine Providers: Companies that provide our online booking system.
Payment Processors: Secure third-party services that handle credit/debit card transactions (e.g., Stripe, PayPal). We do not store full credit card details on our own systems.
IT Support and System Providers: Companies that provide IT maintenance and support for our internal systems.
Accountants/Auditors: For financial reporting and compliance.
Professional Advisors: Lawyers or consultants for legal and business advice.
Legal and Regulatory Authorities: If required by law (e.g., in response to a court order, police investigation, or for immigration purposes if applicable).
Other Service Providers: E.g., for email marketing services (if you have consented to marketing).

Where we share your data with third parties, we ensure that they are also committed to data protection and have appropriate security measures in place. We enter into Data Processing Agreements (DPAs) where required by GDPR to ensure they process your data only according to our instructions and protect it adequately.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International Transfers

In limited circumstances, your personal data may be transferred to, and stored at, a destination outside the European Economic Area (EEA) if any of our service providers operate outside the EEA. Where this occurs, we will ensure appropriate safeguards are in place to protect your data, such as using Standard Contractual Clauses approved by the European Commission, or ensuring the recipient country has been deemed to provide an adequate level of protection by the European Commission.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Booking and Transaction Data: Typically retained for [e.g., 7 years] to comply with tax and financial regulations.
Marketing Consent: Retained until you withdraw your consent or if you have not interacted with our marketing for a prolonged period (e.g., 2 years).
Correspondence: Retained for a reasonable period necessary to address inquiries or resolve disputes.
CCTV Footage (if applicable): Retained for a limited period (e.g., [e.g., 30 days]) unless required for investigations.

Once the retention period expires, your personal data will be securely deleted or anonymised.

9. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right to be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfil this right.
Right of Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing (e.g., if it's no longer necessary for the purpose for which it was collected, or if you withdraw consent and there's no other legal basis). This right is not absolute and may be subject to legal obligations.
Right to Restrict Processing: You have the right to request the restriction or suppression of your personal data's processing in certain circumstances (e.g., if you contest the accuracy of the data, or if you object to its processing).
Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services, in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes or where the processing is based on our legitimate interests.
Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (Note: This is unlikely to be relevant for a guesthouse of this size, but is included for completeness).
Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

10. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the details provided in Section 2:

Email: [Your Guesthouse Email Address, e.g., info@seamistguesthouse.ie]
Phone: [Your Guesthouse Phone Number, e.g., +353 (0)91 1234567]

We may ask you to verify your identity before responding to your request to ensure your personal data is protected. We will respond to all legitimate requests within one month. This period may be extended by two further months if the request is particularly complex or you have made a number of requests.

11. Complaints

If you have a concern about how we handle your personal data, please contact us in the first instance, and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection in Ireland, if you believe your rights have been infringed.

The Data Protection Commission (DPC) Contact Details:

Website: www.dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 T22X.
Phone: +353 1 7650100

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this policy and will be posted on our website. We encourage you to review this policy periodically.

Disclaimer: This is a comprehensive template for a GDPR Privacy Policy and is intended as a guide. It does not constitute legal advice. You must consult with a legal professional specializing in data protection in Ireland to ensure your policy is fully compliant with all applicable laws and regulations and tailored to your specific business operations at SeaMist Guesthouse.