To be our customer, you share information with us. We respect that information.
On this page you will find out how we do that and what your rights are. We think it’s important that you read this page. It will tell you everything you need to know.
You can read our Data Protection Notice, effective from May 28th 2018 here.
Our Data Protection Notice is changing under the General Data Protection Regulation (GDPR).
GDPR is the General Data Protection Regulation. It comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardize data protection laws for all EU citizens. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.
We have always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to:
Our Data Protection Notice and website explains how we collect personal information about you, how we use it and how you can interact with us about it.
When we talk about “Motorcycle Rental Ireland Limited” or ”Celtic Rider Ireland” or “us” or “we” on our Data Protection Notice and this website, we are talking about Motorcycle Rental Ireland t/a Celtic Rider Ireland.
When we talk about “Motorcycle Rental Ireland Limited” or ”Celtic Rider Ireland” or “Courtesy Motorbike” or “us” or “we” on our Data Protection Notice and this website, we are talking about Motorcycle Rental Ireland t/a Courtesy Motorbike.
When we talk about our “websites” we are talking about www.celticrider.com, www.celticridercartours.com and www.courtesymotorbike.com.
We share your information within Courtesy Motorbike to help us provide our services, comply with regulatory and legal requirements, and improve our products.
Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at firstname.lastname@example.org or by writing to them at Data Protection Officer, Courtesy Motorbike, Bishopscourt Upper, Kill, Co. Kildare, W91 RV08, Ireland.
We collect personal information from you, for example when you:
We never record phone conversations.
Depending on your product or service, we may collect information to identify you through asking for your full name, email address, date of birth, and/or rental agreement number.
This is some of the information we may collect and hold about you when applying for and using our products and services:
|Date of birth|
|Proof of identity and proof of address including driving license, passport and/or utility bills|
|Origin/source of hearing about us|
Under GDPR, there are special categories that require additional safeguards for processing. In some instances, we will require this information for processing or it may be volunteered by you. These data types and the reason we collect them are:
|Special categories of data||Does Celtic Rider process this information?|
|Driving licence||Yes – We may request details of your driving licence.|
|Health data||Yes – We may collect health data from you when providing our products and services.|
|Racial or ethnic origin||No – We do not request you to provide details of racial or ethnic origin to provide our products and services.|
|Political opinions||No – We do not request you to provide political opinions to provide our products and services.|
|Religious or philosophical beliefs||No – We do not request you to provide religious or philosophical beliefs to provide our products and services.|
|Trade union membership||No – We do not request you to provide trade union membership to provide our products and services.|
|Genetic data||No – We do not request you to provide genetic data to provide our products and services.|
|Sexual orientation||No – We do not request you to provide sexual orientation to provide our products and services.|
We use information about you to:
To provide our products and services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services.
We analyse the information that we collect on you through your use of our products and services and on our social media, apps and websites. This helps us understand your behaviour, how we interact with you and our position in a market place. Examples of how we use this information include offering you products and services and personalising your experience.
We never share your information with a third party.
To use your information lawfully, we rely on one or more of the following legal bases:
To help you better understand where these lawful bases may apply, these are some examples for each lawful basis. In some cases, the same information is processed under more than one lawful basis:
|Lawful basis||Examples of what we use your information for|
|Performance of a contract – Processing your information is necessary for us to provide your products and services||Providing relevant products and services
Our services include pick-up and drop-off, Safety Orientation Course, motorbike hire, tours, car tours, Garmin sat-nav hire/
We process your information to identify and authenticate you to use our products and services.
Maintaining and monitoring our products and services
We must continually monitor and update information to ensure your data is safe, accurate and up to date. This ensures we keep your personal details and financial products secure, and give you the best customer service.
|Our legitimate interests – Legitimate interest means the interests of Courtesy Motorbike in conducting and managing our business when providing products and services. The core legitimate interests of Courtesy Motorbike are to provide the best customer service, introduce innovative products and services, and to protect our customers and employees.
We will always assess whether the legitimate interest of Courtesy Motorbike will adversely impact the rights and freedoms of the data subject prior to processing. We implement safeguards to ensure that the processing remains fair and balanced.
Our risk assessments help us understand what information we need, our business requirements, the impact on our customers and employees, alternative options for processing and how long we hold the information for.
|Manage and understand risk
We must manage and understand our risk exposure to ensure our customers are protected.
We produce internal management information and models to understand risks across the business, ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards.
Manage our relationship with you
We keep our records up to date and contact you when required and provide the best customer service.
Analyse information and research your experiences dealing with us
We want to continually improve and better understand our customers. By collecting and analysing data from multiple sources, we can better understand the requirements of our customers and how we can improve products and service offerings.
This analysis also helps us run our business more efficiently and effectively.
We may create report trends with third parties. These trend reports may include information about activity on devices, for example locations of mobile phones, laptops, and computers, activity at motorcycle shows, in particular regions or locations. When we prepare these reports, we group customers’ information and cannot access any names. We cannot share information in these reports that can identify you as a customer, such as your name, or account details.
Identify ways we can improve our products and services
We are always working to develop new products and innovative ways of bringing these to you.
We analyse the market and our customer base to better understand what people like and what people want from their bank. We do this by collecting data on your purchases, data from our newsletters, interactions with our website, and using occasional customer surveys. We use this information to provide a more personalised service to our customers and improve their experience using our products.
Prevent financial crime and cyber attacks
We continually monitor and analyse devices to detect and prevent fraud and cyber-attacks. This enables us to protect and secure our customers information, our networks and our financial interests.
We may share information with third parties to prevent financial crime, report fraud, manage our risks and protect both our interests.
Internal management information
We produce internal management information to run our business and better understand customer needs. This information enables us to make informed decisions and develop our strategy.
|Your consent – We require your consent for processing certain information such as special category data.
We ensure your consent is obtained under the following principles:
Special Categories of Personal Data is information relating to:
a) Racial or ethical origin, political opinions or religious or philosophical beliefs
b) Physical health
c) Commission or alleged commission of any offence by the data subject or
d) Any proceedings for any offence committed or alleged
|Directly contact you about new products and services
With your consent, we will let you know what products or services you might like. You can select how you prefer to be contacted on our application forms or by contacting us.
Processing special category data
In some instances, customers may provide health data. Given that this is a special category of data, we may have to obtain your consent before accepting this information for processing.
|Protecting the vital interests of you or others||Sharing information to protect you
In some instances where we are concerned about your health and safety, we may share information to protect you and others. This may include where we suspect that you, or others, may become a victim of crime. In these cases, we may share information with third parties to help ensure your safety and the safety of others.
|Public interest||Prevention of fraud
We may share personal data under the public interest basis in relation to prevention of fraud. We may share information with third parties to reduce fraud risk and protect you from financial loss.
To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations, this is in the case of a third party booking. In order to process your application we will add your personal information into our booking database. We do this to manage your account and create your booking.
If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our products and services.
Sometimes we need your consent to use your personal information. For example, when we use sensitive personal information (known as special category information under GDPR) about you, such as medical or personal data, we ask for your explicit consent.
We have controls to ensure that you are informed when making your decision and that you are aware that you can remove your consent at any time by contacting us. Our consent requests are built on the following principles:
For direct marketing, we need your consent to make you aware of products and services which may be of interest to you. We may do this by newsletter, post, email, text or through other digital media.
You can decide how much direct marketing you want to accept when you apply for new products and services.
As part of our direct marketing, we analyse the information that we collect on you through your use of our products and services and on our social media and websites. This helps us understand your interests in our products and services, how we interact with you and our position in a market place. This enables us to personalise your experience and provide you with the most suitable products and services
If we ever contact you to get your feedback on ways to improve our products and services, you have the choice to opt out.
We protect your information with security measures under the laws that apply and we meet international standards. We keep our computers, files and buildings secure.
In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implemented processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meetings our obligation.
When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information.
To meet our legal and regulatory obligations, we hold your information while you are a customer and for a period of time after that. We hold all data while you are an active customer with us.
Please note that these retention periods are our policy but are also subject to legal, regulatory and business requirements, which may require us to hold the information for a longer period.
We assess and delete data to ensure it not held for longer than necessary.
|Document Type||Example Document||Retention Period|
|Account and service information||
||3 years after your contract is complete|
|Transactional information – Once off||
||Zero. Details are typed into the terminal as we receive the details.|
|Transactional information – Recurring||
||Zero. Details are typed into the terminal as we receive the details.|
||5 years after the date of the document|
|Reportable Accidents and Health and Safety reports||
||3 years after your contract is complete|
We never share your information with third parties.
You can exercise your rights by writing to us at Data Protection Office, Courtesy Motorbike, Bishopscourt Upper, Kill, Co. Kildare, W91 RV08, Ireland, using our social media channels or calling into our office.
Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.
Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people without consent.
We generally do not charge you when you contact us to ask about your information. Per regulation, if request are deemed excessive or manifestly unfounded, we may charge a reasonable fee to cover the additional administrative costs or choose to refuse the request.
The following section details your information rights and how we can help ensure that you are aware of these rights, how you can exercise these rights and how we intend to deliver on your requests.
You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information. You can request the following information:
If you want to update or correct any of your personal details, please write to us at Data Protection Office, Courtesy Motorbike, Bishopscourt Upper, Kill, Co. Kildare, W91 RV08, Ireland, using our social media channels or calling into our office.
You can change your mind wherever you have given us your consent, such as for direct marketing or processing your sensitive information, such as medical or personal data. By writing to us at Data Protection Office, Courtesy Motorbike, Bishopscourt Upper, Kill, Co. Kildare, W91 RV08, Ireland, using our social media channels or calling into our office.
You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where;
You may ask us to delete your personal information or we may delete your personal information under the following conditions:
Where possible we can share a digital copy of your information directly with you. We will provide this information in a structured, commonly used and easily read format. Note, we can only share this information where it has been processed manually (hard copy documents are excluded for portability) and was processed under your consent or performance of a contract (further details on this are available in our lawful basis section below).
We do not share information processed under legal obligation or our legitimate interest for portability, in line with GDPR guidance.
If you have a complaint about the use of your personal information, please let a member of staff know, giving them the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so in person, by phone, in writing and/or by email. We will fully investigate all the complaints we receive. You may complain through our website, by phone, by email or in person. We ask that you supply as much information as possible to help us resolve your complaint quickly.
You can also contact the Office of the Data Protection Commissioner in Ireland on the below details:
We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of this notice on this website at http://www.courtesymotorbike.com/data-protection-notice/.
Please see explanations below of some of the data protection terms used on this website.
Consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data Controller – is a natural or legal person, public authority, agency or other body who determine the purpose and means of the processing – of personal data, where the purposes and means of such processing are determined by Union or Member State law. Courtesy Motorbike are considered a data controller, as they process personal data on behalf of both their customers and their employees.
Data Processor – in relation to personal data, means any natural or legal person (other than an employee of the data controller), public authority, agency or another body who processes personal data under the direction of, and on behalf of a data controller. Courtesy Motorbike is considered a data processor. Additionally, Third Parties engaged by Courtesy Motorbike to process personal data are considered data processors.
Data Protection Officer – The Data Protection Officer oversees how we collect, use, share and protect information.
Data Protection Law and Regulation – means all legislation, regulation and applicable codes of practice relating to the processing, protection and privacy of personal data.
General Data Protection Regulation (‘GDPR’) – is a regulation intended to strengthen and unify data protection for all individuals within the European Union (‘EU’). Non-compliance of GDPR can result in fines. The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data. It applies to all data controllers and processors established in the EU, as well as those established outside the EU that process the data of EU citizens.
Lawful Basis – Processing of data is lawful only if and to the extent that at least one of the following applies:
Location Data – means any data processed indicating the geographical position, including data relating to:
Personal Data – is any data relating to an identified or identifiable natural person (‘data subject’), who may be identified from the data either on its own (directly) or in conjunction with other data (indirectly), in particular by reference to an identifier such location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person.
Processing – means obtaining, recording or holding the information or data, whether or not by automated means, or carrying out any operation or set of operations on the information including:
Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s health, personal preferences, interests, reliability, behaviour, location or movements.
Recipient – means a natural or legal person, public authority (such as the Office of the Data Protection Commissioner (‘ODPC’)), agency or another body, to which the personal data are disclosed, whether a Third Party or not. The processing of those data shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Special Categories of Personal Data – is data which relates to:
Supervisory Authority – means an independent public authority which is established by a Member State. In the Republic of Ireland the Office of the Data Protection Commissioner (‘ODPC’) are the public authorities established to monitor the application of Data Protection Law.