Cork Airport

Privacy Policy

Please click on the relevant sections below to get the Privacy Policy information you require.

At Cork Airport, daa plc, in keeping with our commitment to be open with all passengers, customers, partners and employees, we have developed this Privacy Statement Overview, a quick and simple summary explaining how we manage, share and look after your information.

Further details regarding specific areas such as Car Parks and Lounge Services can be accessed via the links below.

We are determined to deliver a great welcome and a great service to all passengers, customers, and partners. To enable this, we need to collect a range of information about you, if you are a passenger - your name and flight details, or if you are a car park customer - your name, car registration and email address. This Privacy Statement covers people who may interact with us in the following ways:

  • People that use products or services offered via daa and Cork Airport websites, including The Loop Click and Collect, and Cork Airport Car Parking
  • People that sign up to receive information from daa, Cork Airport, Dublin Airport and The Loop (e.g. newsletters)
  • People that send us feedback via our websites or social media channels
  • Visitors to our websites
  • User of our Cork Airport app
  • Passengers and other visitors to daa-owned properties, Cork Airport and Dublin Airport.

We fully respect your right to privacy and undertake to only collect data as required to deliver the services you need, or with your clear permission and consent. In addition, we are required to implement statutory regulations in civil aviation as part of our role as an airport operator. The reasons for processing your data may include the following:

1.    Delivering the passenger experience – our job is to get you through your airport journey as smoothly and comfortably as possible. Due to the highly regulated nature of air travel, we are required to process data for safety and security reasons as described in detail below.

2.    Providing additional services at the airport – we provide additional services which you may choose to use to enhance your journey. In providing these services to you, we may need to gather some data. For example, these services may require that we process payments, and keep your name and other details, such as car registration and email address; we may gather details of your travelling companions or special dietary needs to enable us to plan and deliver the relevant travel services. Additional services we deliver directly include:

2.1. Car parking services to provide you with access to the most convenient parking locationsclick here for further details and our Car Parking Privacy Statement.

2.2. Lounge services to help you relax or do some work before you fly click here for further details and our Lounge Privacy Statement.

2.3. The Loop Retail Services – Duty Free – for in-store purchases, we do not collect personal data (we do not retain payment data in our shops). However, in order to provide duty free prices, we collect flight details as provided on your boarding card. The information collected is limited to the item purchased and flight information such as the airline and destination details. See here for the loop.ie and see here for Privacy Statement details.

2.4. The Loop Retail Services – ‘Click & Collect’ – we offer a ‘Click & Collect’ service that requires us to collect information to enable us to identify you at the point of collection and to communicate with you if you ask us to – see here for the loop.ie and see here for Privacy Statement details.

3.    Providing free wi-fi while you use our airports – under Irish law, all ‘Internet Service Providers’ or ISPs are obliged to maintain records of internet access for a period of 12 months. As we do not collect your name as part of the wi-fi sign-up, we store the IP address assigned to you and the MAC address of the device you used to access to wi-fi service. We keep these records as required by law.

4.    Protecting the welfare of passengers, visitors and staff at Cork Airport – we may need to record personal details relating to any individuals involved in incidents or accidents in the airport or its environs.

5.    We may also perform statistical analysis on passenger and customer flows to improve our services and plan for future enhancements to our airport facilities – in this situation, we will anonymise your data before any analysis is performed so we cannot identify you.

6.    Ensuring the safety and security of civil aviation – this includes CCTV and Queue Measurement:

6.1.    Safety and Security – Closed Circuit Television (CCTV) – as the operator of Cork Airport, we are obliged to keep the airports and their environs safe and secure. To assist us in this, we operate CCTV security systems both landside and airside and our Airport Police manage these important security controls. CCTV images of you are considered to be personal data and we carefully safeguard access to these images. We retain all CCTV footage for 30 days.

6.2.    Safety and Security – Queue Measurement – we are also obliged by statutory regulations in civil aviation to measure how long it takes to get you safely through the security screening process. We do this by monitoring passengers’ mobile devices while they move through the screening area. We only access the MAC address of your wi-fi or Bluetooth interface, and purge this data after six (6) years. You are free to switch off your wi-fi or Bluetooth as you go through security or the airport generally if you wish.

Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Statement. Where you provide your data directly to a third party, we have no involvement in that transaction or access to the data and the processing is the responsibility of the third party. An example of this would be going online to rent a car for collection at the airport.

We may also need to share your data with partners such as your airline or their ground handler, to help get you to your destination.

Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Statement. Where you provide your data directly to a third party, we have no involvement in that transaction or access to the data and the processing is the responsibility of the third party. An example of this would be going online to rent a car for collection at the airport.

Where data is provided by us to a regulatory body or law enforcement agency to meet statutory or regulatory obligations, activities undertaken by those parties is outside our control and hence fall outside of the scope of this Privacy Statement.

Agencies that we may be obliged to share information with include:

  • An Garda Síochana (National Police Service)
  • Garda National Immigration Bureau (GNIB)
  • Irish Naturalisation and Immigration Service (INIS)
  • Revenue – Irish Tax and Customs Service.

The purpose of this statement is to let you know what to expect when daa plc (daa) collects personal information via Closed Circuit Television (CCTV) cameras located through the Cork Airport campus. With this Privacy Statement, we want to provide transparency on how we treat personal data and the purposes for which we collect data.

This Privacy Statement applies to people that visit the Cork Airport campus. This Privacy Statement does not apply to CCTV data processing by third parties, such as airlines, handling agents, or retail tenants. daa has no access to data processing by third parties or to the data involved, unless otherwise stated, and cannot be held responsible for it.

We operate CCTV cameras located through the Cork Airport campus, including in terminal buildings and surrounding environs. Your personal data may be collected through the operation of these CCTV cameras.

The purpose for collecting the personal information that you provide is to allow us to:

  • Protect the safety of passengers and staff at Cork Airport
  • Prevent, detect, and respond to criminal activity
  • Comply with our legal and regulatory obligations to safeguard and protect civil aviation
  • Investigate safety and security incidents in response to reported incidents, complaints, claims, or regulatory / compliance audits or other issues.

CCTV data may also be used to monitor passenger or vehicle flows or to conduct statistical analysis of those flows. This processing is carried out in daa’s legitimate interests and allows us to ensure we can continue to invest in the infrastructure to meet passengers’ future needs at Cork Airport. This does not affect your rights as a data subject. See your rights in relation to your information below.

We may be required to share your information to Comply with our legal and regulatory obligations Investigate safety incidents, security incidents or criminal activity.

We may share personal data relating to you recorded on CCTV with:

  • Competent authorities such as An Garda Síochana or the Irish Aviation Authority
  • Third parties who operate retail outlets, or who provide services to passengers such as airlines or handling agents where we have a statutory obligation to do so.

All personal data collected for the purposes specified in this statement is processed inside the European Union (EU) or the European Economic Area (EEA) and will never be transferred to countries located outside the EU or the EEA.

We retain CCTV footage for thirty (30) days. Any CCTV footage identified as relevant to a formally reported incident is retained for six (6) years from the date of the reported incident. Where an investigation or claim arising from a reported incident take longer than 6 years to be processed, the CCTV footage identified as relevant to that incident may be retained for longer than 6 years.

Your rights as a data subject are as follows:

  1. Right of access – you have the right to find out if we hold any personal data relating to you. You also have the right to obtain a copy of any such personal data we hold on you. The request, referred to as a ‘Data Access Request’. Link to Data Access Request section of Summary page
  2. Right to rectification – you have the right to request we rectify any information we hold about you that is inaccurate.
  3. Right to erasure – you have the right to request we erase any information we hold on you, provided there is valid grounds for doing so.
  4. Right to restriction of processing – you have the right to request we temporarily restrict the processing of your personal data, provided there are valid grounds for doing so.
  5. Right to object – you have the right to object to the processing of your personal data, namely in the case processing is carried out in the legitimate interests of daa.
  6. Right to lodge a complaint – if you are unhappy with how we have acted in handling your personal data, you have the right to lodge a complaint with the supervisory authority in your EEA country of residence, place of work, or with the Office of the Data Protection Commissioner in Ireland.

Any personal information that you provide to daa or its subsidiaries will be treated with the highest standards of security and confidentiality and handled in accordance with Data Protection laws and the General Data Protection Regulation.

Security of your personal data is very important to us. We take all reasonable technical and organisational measures to prevent the loss, misuse, unauthorised access, disclosure, or alteration of your personal data. These measures include:

  • We apply various levels of access control to restrict access to your personal information to daa employees and contractors who require a level of access as part of their role
  • We work with experienced, specialised vendors to develop and maintain our platforms
  • We regularly review and audit our security and data protection policies and procedures to ensure a high level of operational security is maintained.

You have a right to obtain a copy of any information relating to you kept on computer or in a structured manual filing system by daa. All you need to do is write to us and ask for it under the Data Protection Acts. We refer to these requests as Data Access Requests.

Please download the PDF here for Data Access Request guidance.

If we wish to gather information to contact you, e.g. for marketing purposes, we will ask for your consent to do so in advance. If you have purchased products or services from us, we may offer you reminders or information to assist us in delivering those services unless you have asked us not to contact you in relation to products or services purchased. If you have provided consent, you can unsubscribe at any time to remove that consent.

This Privacy Statement applies to individuals that have given their consent to avail of direct marketing communications from daa plc regarding promotions, products or services electronically via email, SMS and / or push notifications.

We would like to provide you with information about new products, promotions, special offers, services and other information that we feel you may be interested in. As part of a purchase on our digital channels, we offer you the opportunity to opt in to our marketing communications.

You will always be given the opportunity to withdraw that consent on every electronic communication you receive from daa plc by unsubscribing at any time.

When you sign up to marketing communications, we’ll normally contact you by email, but we may also send you marketing texts if you have given us your mobile number for this purpose.

This Privacy Statement applies to all personal information collected by daa plc for the purposes specified below. The purpose of this statement is to let you know what to expect when daa collects personal information about you via our websites, telephone, email, mobile devices, manual forms, or in person.

With this Privacy Statement, we want to provide transparency on how we treat personal data and the purposes for which we collect data.

This Privacy Statement applies to individuals that:

  • Avail of any of the following daa products / services;
    • Car Parks
    • Executive Lounges
  • Sign up to receive information such as newsletters and offers
  • Visit our website or use one of our apps
  • Visit one of our airports.

We may collect information about you via this website, telephone, email, mobile device, form, or in person. We may collect the following personal information from you;

  • Name
  • Email address
  • Contact number
  • Vehicle registration
  • Credit card information
  • Audio recordings from barriers/pay machines.

We collect this information about you to enable us to provide the product / service you have requested. Your personal data is processed for the performance of the contract between daa, as data controller, and you, the data subject.

Where we give you the option of providing additional personal details, we ask for your consent. If you do not wish us to process this information any further, you can withdraw consent at any time by contacting the relevant customer service team.

Information you provide may also be used to conduct statistical analysis of our products / services, analyse future trends and build customer profiles. This processing is carried out in daa’s legitimate interests and allows us to ensure customers continue to find our products valuable and so that we can continue to invest in the infrastructure to meet customers’ future needs at Cork Airport. This does not affect your rights as a data subject. See your rights in relation to your information for more.

At times, we engage third parties to assist us in providing our products / services. Your personal data may occasionally be shared with these organisations to allow us to provide you with the product / service you have requested. daa will never share your information with these organisations for marketing purposes.

In this respect, we may share your data with the following types of organisations:

  • Software providers
  • Vehicle breakdown assistance providers
  • Coach service providers
  • Car valet providers
  • Lounge operators
  • Payment processors.

We engage a specialised software provider (Advam) located in Australia to develop, host, and maintain our booking engine. As a result, when you make a Car Park or Executive Lounge booking online, your personal data will be transferred outside the European Union (EU) or the European Economic Area (EEA).

We work hard to ensure your personal data is always kept secure and safeguards are in place to secure your personal data when transferred outside the EU or the EEA. daa have contractual agreements in place with our software provider to ensure a high standard of security is maintained when processing your personal data.

When you provide us with personal information, we delete this information in line with our data retention policy. We will retain the following personal data you have provided for the following time periods;

  • Booking information – we retain your name, email address, contact number, and vehicle registration for six (6) years post the last booking
  • Credit card information – we only store a hash of your card number for identification purposes. A ‘hash’ is a secure representation of your card number that can be used to identify your card but cannot be used to recreate your card number. We retain the card number hash for six (6) years post the last transaction.
  • We do not retain full card details unless you have consented to us doing so
  • Audio recordings – we keep audio recordings of conversations at the car park barrier for a period of 30 days.

We will not collect any sensitive information / special categories of personal data relating to you for the purposes outlined in this statement.

Your rights as a data subject are as follows:

1.    Right of access – you have the right to find out if we hold any personal data relating to you. You also have the right to obtain a copy of any such personal data we hold on you. The request is referred to as a Data Access Request.

2.    Right to rectification – you have the right to request we rectify any information we hold about you that is inaccurate.

3.    Right to erasure – you have the right to request we erase any information we hold on you, provided there are valid grounds for doing so.

4.    Right to restriction of processing – you have the right to request we temporarily restrict the processing of your personal data, provided there are valid grounds for doing so.

5.    Right to data portability – you have the right to obtain a machine-readable copy of the information we hold on you, and have it transferred to another controller if required.

6.    Right to object – you have the right to object to the processing of your personal data, namely in the case processing is carried out in the legitimate interests of daa.

7.    Right to lodge a complaint – if you are unhappy with how we have acted in handling your personal data, you have the right to lodge a complaint with the supervisory authority in your EEA country of residence, place of work, or with the Office of the Data Protection Commissioner in Ireland.

Contact us

If you wish to get more information on this Privacy Policy, please contact:

Cork Airport
Kinsale Road
Cork
T12P5NF
Ireland

This Privacy Statement applies to all personal information collected by daa plc for the purposes specified below. The purpose of this statement is to let you know what to expect when daa collects personal information about you via our websites, telephone, email, mobile devices, manual forms, or in person.

With this Privacy Statement, we want to provide transparency on how we treat personal data and the purposes for which we collect data.

This Privacy Statement applies to individuals that:

  • Purchase goods at one of our stores or websites
  • Sign up to receive information such as newsletters and offers
  • Submit a query via email, phone, online form or postal correspondence
  • Visit our website or use one of our apps.

We may collect information about you via this website, telephone, email, mobile devices, forms, or in person. We may collect the following personal information from you:

  • Shop and Collect – for purchases made in store for collection at a later date from a collection point – we may collect your name, contact number, flight information and credit card details
  • Click and Collect – for purchases made online for collection from a collection point – we may collect your name, email address, contact number, and credit card details.

For in-store purchases we do not collect personal data (we do not retain payment data in our shops). However, in order to provide duty free prices, we collect flight details as provided on your boarding card. The information collected is limited to the item purchased and flight information such as the airline and destination details.

We collect this information about you to enable us to complete the transaction for the product you have purchased. Your personal data is processed in this respect for the performance of the contract between daa, as data controller, and you, the data subject.

Boarding Card information may be collected in order to provide duty free prices. We collect this information to comply with legal and regulatory obligations.

Competitions – we may collect information when you enter competitions we run in-store or via our social media channels. We process this information to select competition winners and fulfil delivery of any such prizes, in line with our competition terms and conditions. We will ask for your consent to collect this information.

Staff purchases – if you are a member of staff at Cork Airport or its associated affiliates, we may also collect information such as your Airport ID number. This information is required to enable us to complete the transaction for the product you have purchased. We collect this data as part of the fulfilment of a sales contract with you as a person eligible for a discounted price.

Newsletter or direct marketing communications – where you have provided personal data not necessary for completing a transaction, such as signing up for a newsletter, we will ask for your consent as the legal basis for collecting this information. You can withdraw consent at any time by visiting our Marketing Communications Privacy Policy.

Information you provide may also be used to conduct statistical analysis of our products / services, analyse future trends and build customer profiles. This processing is carried out in daa’s legitimate interests and allows us to ensure customers continue to find our products valuable and so that we can continue to invest in the infrastructure to meet customers’ future needs at Cork Airport. This does not affect your rights as a data subject. See your rights in relation to your information for more.

At times, we engage third parties to assist us in providing our products / services. Your personal data may be shared with these organisations to allow us to provide you with the product / service you have requested.

We may share your data with the following types of organisations:

  • Software providers
  • Web designers
  • Payment processors.

We will never share your information with these organisations for marketing purposes.

All personal data collected for the purposes specified in this statement is processed inside the European Union (EU) or the European Economic Area (EEA) and will never be transferred to countries located outside the EU or the EEA.

When you provide us with personal information, we delete this information in line with our data retention policy. We will retain the following personal data you have provided for the following time periods

  • Transactional information on the websites or at the tills – six (6) years after transaction
  • We do not retain full card details unless you have consented to us doing so.

We will not collect any sensitive information / special categories of personal data relating to you for the purposes outlined in this statement.

Your rights as a data subject are as follows:

1.    Right of access – you have the right to find out if we hold any personal data relating to you. You also have the right to obtain a copy of any such personal data we hold on you. The request is referred to as a Data Access Request.

2.    Right to rectification – you have the right to request we rectify any information we hold about you that is inaccurate.

3.    Right to erasure – you have the right to request we erase any information we hold on you, provided there are valid grounds for doing so.

4.    Right to restriction of processing – you have the right to request we temporarily restrict the processing of your personal data, provided there are valid grounds for doing so.

5.    Right to data portability – you have the right to obtain a machine-readable copy of the information we hold on you, and have it transferred to another controller if required.

6.    Right to object – you have the right to object to the processing of your personal data, namely in the case processing is carried out in the legitimate interests of daa.

7.    Right to lodge a complaint – if you are unhappy with how we have acted in handling your personal data, you have the right to lodge a complaint with the supervisory authority in your EEA country of residence, place of work, or with the Office of the Data Protection Commissioner in Ireland.

If you wish to get more information on The Loop Privacy Statement, please contact us by email: customerservice@theloop.ie

We review our Privacy Statements on a regular basis, and any updates will be highlighted in the version date below.

This Privacy Statement was last updated on: September 30, 2020 and is effective from September 30, 2020.

If you have any general queries about your experience in dealing with us, please contact

customerexperience@daa.ie

If you have any questions or comments about this Privacy Statement, please contact our Data Protection Officer by email at dataprotection@daa.ie or in writing at:

Daa
Data Protection Officer,
Cargo Building 6,
Corballis Park,
Dublin Airport.