Privacy Policy
This Privacy Policy explains what personal data The Mount Kennedy Inn (the "pub", "we", "us") collects when you visit this website or book a table, why we collect it, how long we keep it, and what your rights are under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
1. Who is the data controller
The data controller is The Mount Kennedy Inn, Main Street, Newtownmountkennedy, Co. Wicklow, Ireland. For any privacy-related question or request you can reach us at:
- Email: mountkennedyinn@gmail.com
- Phone: (01) 201 1703
- Post: Main Street, Newtownmountkennedy, Co. Wicklow, Ireland
2. What we collect and why
2.1 Table-booking requests
When you submit the booking form we collect the information you give us: your name, your phone number and/or email address (at least one of the two), your party size, your preferred date and time, and any special requests you choose to write in (for example dietary needs or the occasion).
We use this information solely to receive your request, confirm it back to you, and prepare the table on the night. Our lawful basis for processing is performance of a contract at your request (Article 6(1)(b) GDPR). Without these details we cannot hold a table for you.
If you mention an allergy or dietary requirement, that may amount to data concerning health (a "special category" under Article 9 GDPR). We process it only because you have voluntarily provided it for the explicit purpose of being served safely (Article 9(2)(a), explicit consent).
2.2 Anti-bot protection
To stop automated spam through the booking form we use Cloudflare Turnstile, which inspects browser characteristics in the background. Turnstile does not use tracking cookies and does not build a profile about you. Our lawful basis is legitimate interest (Article 6(1)(f)) in protecting the form from abuse.
2.3 Server and security logs
Our hosting provider (Vercel) automatically logs basic technical information about every request: IP address, browser/user-agent, the page you requested, and a timestamp. These logs are used to keep the site running, diagnose errors, and detect abuse. Lawful basis: legitimate interest. Logs are retained for a short rolling window (typically 30 days) and are not used to track you across sites.
2.4 Cookies and similar technologies
We do not use advertising or analytics cookies. The only cookies set by this website are strictly necessary ones (for example to remember your cookie-banner choice). Third-party content that may set cookies (currently only the Google Maps embed on the "Find Us" section) is blocked by default until you opt in. See our Cookie Policy for the full list.
3. Who we share your data with
We do not sell your data. We share it only with the service providers ("processors") we need to run the booking flow, and only to the extent strictly necessary. Each provider acts on our written instructions under a Data Processing Agreement.
- Vercel Inc.:website hosting and serverless functions. Runs in EU regions; transfers to the US are covered by Standard Contractual Clauses and the EU-US Data Privacy Framework.
- Upstash, Inc.:encrypted Redis storage where pending and confirmed bookings are kept. Data is held in an EU region.
- Resend (Resend Inc.):sending the confirmation email to you and the notification email to the pub. Transfers to the US are covered by Standard Contractual Clauses.
- Cloudflare, Inc.:provides the Turnstile anti-bot challenge. Transfers covered by Standard Contractual Clauses and the EU-US Data Privacy Framework.
- Behold:fetches and proxies our public Instagram feed so the page can show recent posts without loading Instagram trackers in your browser.
We do not transfer your data outside the EEA except as described above.
4. How long we keep it
- Booking requests:kept for up to 12 months after the booking date, then deleted. We keep them this long in case of a dispute (for example a chargeback or complaint) and to recognise regulars who book again.
- Email correspondence:kept for as long as needed to deal with the matter, then archived for up to 24 months.
- Server logs:typically 30 days, then automatically rotated.
- Cookie-consent record:your choice is stored on your own device for 6 months, then we ask again.
5. Your rights under the GDPR
You have the right to:
- Access:ask for a copy of the personal data we hold about you;
- Rectification:ask us to correct anything that's wrong;
- Erasure ("right to be forgotten"): ask us to delete your data where there's no overriding reason to keep it;
- Restriction:ask us to stop processing your data while a question is sorted out;
- Portability:get your data in a portable format;
- Object:object to processing based on legitimate interests;
- Withdraw consent:where we relied on consent, you can withdraw it at any time without affecting earlier processing.
To exercise any of these rights, email mountkennedyinn@gmail.com. We will respond within one month. There is no fee, and we will only ask for ID if we have a real reason to doubt who you are.
If you are not satisfied with how we have handled your data, you can complain to the Irish Data Protection Commission: www.dataprotection.ie, 21 Fitzwilliam Square South, Dublin 2, D02 RD28. You also have the right to complain to the supervisory authority in your own EU country.
6. How we keep your data safe
Bookings are transmitted over HTTPS, stored in an encrypted database, and only accessible through a password-protected admin area limited to staff. We do not store payment details on this site. We do not take payment for bookings.
7. Children
This website is not directed at children under 16, and we do not knowingly collect personal data from children. If a parent or guardian books a table that includes children, only the booker's own details are collected.
8. Changes to this policy
If we change this policy in a way that materially affects you we'll update the date at the top and, where appropriate, ask you to review the change next time you visit. Older versions are available on request.