Frequently Asked GDPR Questions

1.     What is personal data?

Personal data is any information that can identify a living individual person, directly or indirectly. It can be anything from a name, a photo, a registration number, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

2.     What is “sensitive data”?

Sensitive personal data consists of information on an individual which is of private nature and may lead to discrimination. GDPR provides stringent protections for sensitive data compared to other types of personal data. Sensitive data includes health and conviction, genetic and biometric data.

3.     What is GDPR and when does it come into effect?

The GDPR stands for General Data Protection Regulation and is the new European Union Regulation that applies across the EU. It comes into effect on the 25th May 2018 and will bring in significant changes to current data protection laws in the European Union.

4.     Who does the GDPR affect?

It applies to all companies processing and controlling the personal data of data subjects residing in the European Union, regardless of the company’s location.

5.     Why is GDPR important?

GDPR will replace the existing data protection act, as data is now used very differently, for examples the use of the internet and social media has transformed how we interact with data. GDPR seeks to improve trust in this emerging digital age by giving people greater control and rights over their personal data.

6.     What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

7.     What is the difference between a data processor and a data controller?

A “Data Controller” is the individual or the legal person who controls and is responsible for the keeping and use of personal data on computer or on structure manual files. If you hold or process personal data, but do not exercise responsibility for or control over the personal data then you are a “Data Processor”.

8.     What is consent for data processing?

While collecting data, the company has to make it clear the purpose it is doing so. Any activities performed with that data has to be described on the terms of the consent, which has to be accepted by the data subject will be the legal basis for any processing.

The consent must be explicit for data collected and the purposes data is used for (Article 7; defined in Article 4). Consent for children must be given by the child’s parent or custodian, and verifiable.

9.     What rights will individuals have under GDPR?

The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by Dalata.

Right Further Information
Right to be Informed You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.
Right of Access You have the right to request a copy of the Personal Data held by us about you.
We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to Rectification You have the right to request that we amend any inaccurate Personal Data that we have about you.
Right to Erasure You have the right to ask us to erase your Personal Data where:

  • it is no longer necessary to perform your contract with us;
  • you object to the processing and we have no overriding legitimate grounds;
  • your Personal Data have been unlawfully processed; or
  • it must be erased to comply with a legal obligation.
Right to Restriction of Processing You have the right to ask us to restrict processing your Personal Data in the following situations:

  • where you contest the accuracy of your Personal Data;
  • where the processing is unlawful and you do not want us to delete your Personal Data; or
  • Where we no longer need your Personal Data for the purposes of processing but you require the data in relation to a legal claim.
  • When you exercise this right, we may only store your Personal Data.
  • We may not further process the data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest.
  • We will inform you before the processing restriction is lifted.
Right to Data Portability You may request us to provide you with your Personal Data which you have given us, in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible. This right only arises where:

  • we process your Personal Data on the legal basis that it is necessary to perform our contract with you; and
  • the processing is carried out by automated means.
Right to Object to Processing In certain circumstances, you have a right to object to our processing of your Personal Data where we process it for our legitimate interests, including any automated decision making, such as profiling.
We may not be able to comply with such a request where there are grounds that do not undermine your interests, rights and freedoms or where the processing of your Personal Data is required for compliance with a legal obligation or in connection with the defence, establishment or exercise of legal claims.

10. Does Dalata share my personal information?

Dalata uses a range of third parties to provide services – either directly or indirectly. Where relevant these companies are required to comply with our data privacy and information security standards when handling personal data and we aim that they do not compromise your personal data information.

11. How secure and confidential is my personal data?

Dalata takes security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness and we review these measures regularly.

12. What is the right to be forgotten?

Simply put, the right to be forgotten means that individuals will have a right to have their personal data erased, if there are no legitimate reason for you to keep it. For instance, if you process data regarding your customers based on their consent, you will have to erase the data if they withdraw such consent.


Dalata Hotel Group Facebook

Dalata Hotel Group LinkedIn

Dalata Hotel Group Twitter

Maldron YouTube

Clayton YouTube

We use cookies to improve your browsing experience and to provide advertising which we believe may be of interest to you. By continuing to use the site, you agree to the use of cookies. To find out how to manage and disable cookies please read our cookie policy.

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.