Access munster PRIVACY POLICY

MUNSTER BRANCH OF THE IRFU

(Munster Rugby, Musgrave Park, Tramore Road, Ballyphehane, Cork, Ireland)

Introduction

We at the Munster Branch of the Irish Rugby Football Union (“Munster Rugby”, “we”, “our” and “us”) will often have reason to process information (“Personal Data”) of those who interact with us directly and others who are involved in the game at various levels in Ireland (“you” or “your”). We respect and value your privacy.

Access Munster is a standalone website (http://www.accessmunster.ie) operated by Munster Rugby.

Munster Rugby, and any subsidiaries and affiliates it may have, is strongly committed to protecting your Personal Data (as defined below). This Privacy Policy sets out how we collect, use and protect your Personal Data. Please read the following carefully to understand our practices regarding your Personal Data and how we treat and safeguard it.

This policy relates to Access Munster only and should be read in conjunction with our Access Munster Cookie Policy, which explains how we use cookies as part of the Access Munster website.

If you wish to understand how Munster Rugby uses cookies for our main website, munsterrugby.ie and how we use personal information for all other uses outside of Access Munster (e.g. your involvement with us, purchases from our online store, general club subscriptions and when you visit munsterrugby.ie), those policies can be found here and here.

This Privacy Policy (“Policy”) has been developed to ensure Access Munster users (“Users”), and all others whose Personal Data is processed under the control of Munster Rugby via Access Munster feel confident about the privacy and security of their Personal Data, and to meet our obligations under EU Regulation 679/2016 General Data Protection Regulation (“GDPR”) and the Data Protection Acts of Ireland 1988-2018 (together “Data Protection Law”).

For the purposes of this Policy, Personal Data is information that identifies you as an individual or is capable of doing so (“Personal Data”).

We must comply with the data protection principles set down in Data Protection Law and this Policy applies to all Personal Data collected, processed and stored by us that is subject to the laws described above. By providing us with information, you accept and agree to the practices described in this Policy.

For the purposes of Data Protection Law, Munster Rugby is the Data Controller of your Personal Data. You will find our contact details in the “Contact us” section below.

The terms “Data Subjects”, “Data Controller”, “Data Processor” and “process”, when used in this Policy, have the meanings given to them in Data Protection Law, unless otherwise indicated.

What kinds of Personal Data do we collect?

We may collect the following types of Personal Data:

Access Munster Subscribers:

Name and title,

Username,

Password,

Contact details (phone number and email address),

Financial information to pay for any Access Munster services you have requested from us (such as name, billing address, debit/credit card details, authentication data),

Personal data which is provided by you in comments on Access Munster, and

Personal data which is provided by you in correspondence with us.

browsers of the Access Munster website:

name, title, phone number, email address, etc.

information collected automatically from you when browsing the Access Munster website and its subdomains via cookies or other device identifiers, such as IP addresses or other identifiers constituting Personal Data (see further at sections 2.2 to 2.4 below);

Even if you do not explicitly provide us with data when you interact with Access Munster, we may collect certain data. For example, Access Munster may use cookies and our servers may keep an activity log that tracks all visitors to the website. The information collected will often be anonymous and may not identity you individually, however such information, or such information in conjunction with other information that we hold, may be capable of identifying you and so may constitute Personal Data (“Website Data”). Website Data may include among, other data:

the country in which you reside;

referring/exit URLS and other information that does not identify you directly or indirectly but may correspond with you or a particular device; and

information about your browser type, device type and unique device information as well as your operating system, websites you visited before and after visiting the website(s), standard server log information and IP address.

We collect this Website Data passively using technologies such as cookies (see Munster Rugby’s Access Munster cookie policy [here]). We use Website Data to administer, operate, and improve the Access Munster website.

If any Website Data constitutes Personal Data (whether directly or through linking or associating any Website Data with any other information), the terms of this Policy will apply. Otherwise, we use and disclose Website Data in a non-personally identifiable form.

Legal basis for processing

We rely on the following legal bases under GDPR in processing Personal Data:

performance of a contract with you (in the case of subscribers to Access Munster),

consent (as indicated at the time of obtaining such consent, for example, if you sign up to our email mailing list. In circumstances where we rely on your consent, you are free to withdraw this consent at any stage and you can do so by contacting us at dataprivacy@munsterrugby.ie.),

legitimate interests (for example, to send users information about special offers and discounts on our products and services, to analyse how our services are used so we can improve them to engage and retain users, to support our marketing activities, to diagnose problems and/or prevent fraudulent activities and to understand how our users use our products and services so we can improve user experience), and

compliance with a statutory or legal obligation: (for example to maintain records to comply with our legal obligations including the sharing of your personal data with third parties where we are required to do so by law).

How we Collect data and Personal Data

We collect Personal Data from your interaction with us, for example:

when transacting with Users;

when you post a comment to Access Munster;

when browsing the Access Munster website, via cookies, device identifiers or other technologies; or

when you otherwise contact us through, for example through Access Munster or via email.

How we may use your Personal Data

Except as set out in this Policy, we will not disclose Personal Data that we collect to any parties other than those with whom we partner or are affiliated with, without your consent. Except as set out below, we will not sell, share, trade, rent, or give away your Personal Data.

Information you directly provide

We may use your Personal Data in the conduct of our business with you, for example:

in order to fulfil our contract with you,

to provide, improve, and administer our services,

to facilitate account creation and authentication and otherwise manage user accounts,

to communicate with you,

to tailor content to you,

for security and fraud prevention,

to comply with law, and

upon your consent for the purposes of contacting you regarding our services.

Information you do not directly provide

As noted at section 2.3 above, we use Website Data to administer, operate, and improve the Access Munster website.

Do we disclose Personal Data to anyone else?

We shall disclose your Personal Data to third parties only when it is necessary as part of our contract with you, for the conduct of business or when there is a legal or statutory obligation to do so. Whenever we disclose your Personal Data to third parties, we will only disclose that amount of your Personal Data necessary to meet such business need or legal requirement. Third parties that receive your Personal Data from us must satisfy us as to the measures taken to protect the Personal Data such parties receive, in accordance with Data Protection Law and as stated in this Policy. Appropriate measures will be taken to ensure that all such disclosures or transfers of your Personal Data to third parties will be completed in a secure manner and pursuant to contractual safeguards.

We may employ other companies and individuals to perform functions on our behalf, including professional advisors, outsourced services providers and contractors in order to fulfil our contract with you. These third-party service providers are authorised to use Personal Data only as needed to perform their functions on our behalf and are required to maintain the security of your Personal Data.

We have engaged the following trusted third-party service providers:

Auth0 which is our access and authentication services provider. Their privacy Policy may be viewed at https://auth0.com/privacy.

Stripe which is our payment services provider. Their privacy Policy may be viewed at https://stripe.com/ie/privacy.

Chargebee which is our subscription management provider. Their privacy Policy may be viewed at https://www.chargebee.com/privacy/.

Fast comments which is our comments platform. Their privacy policy can be viewed here: https://fastcomments.com/privacy-policy

Munster Rugby’s various entities may also share Personal Data internally (i.e. within the Munster Rugby group, including to Munster Rugby’s holding company) where necessary as part of business and in order to fulfil our contract with you.

We may transfer your Personal Data to another company with which we have merged, or which has acquired all or some of our assets. We will advise you if such a change of ownership or change of corporate structure takes place and we will update this Policy accordingly.

We may provide your Personal Data when obliged to do so under relevant Data Protection Law and in response to properly made requests, for example, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide your Personal Data for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with the relevant Data Protection Law.

We may also provide your Personal Data when required to do so by law, for example under a court order, and may transfer data to legal counsel where same is necessary for the defence of legal claims.

Transfers outside of the EEA

Your Personal Data may be processed by Munster Rugby or its trusted third-party partners outside of the European Economic Area (“EEA”). Data privacy laws in the countries to which your personal data is transferred may not be equivalent to, or as protective as, the laws in the EEA. 

We will implement appropriate measures to ensure that your Personal Data remains protected and secure when it is transferred outside of the EEA, in accordance with applicable Data Protection Law.

How long do we keep Personal Data?

The period for which we retain Personal Data varies according to the use of that information. In some cases, there are legal requirements to keep Personal Data for a minimum period of time. Unless specific legal requirements dictate otherwise, we will retain Personal Data no longer than is necessary for the purposes for which the Personal Data were collected and processed (as described above).

Personal Data of Users will be retained for no longer than is necessary for the purposes for which it was collected. We will retain your Personal Data for as long as we continue to provide our services to you. Following termination of the provision of the services to you, your Personal Data shall be securely deleted, unless there are specific legal, regulatory or financial reporting requirements to retain the data, in which case the data will only be retained for as long as is necessary and permissible in accordance with those requirements.

How you can exercise your rights in respect of Personal Data we hold about you?

Your rights

We shall vindicate all rights under European Data Protection Law. You have the right to request that we:

provide you with information as to whether we process your data and details relating to our processing, and that we provide you with a copy of your data (‘access right’);

rectify and/or update any inaccurate data we might have about you without undue delay (‘right to rectification’);

the right to object to processing of data relating to you (‘right to object’);

under certain circumstances, be restricted from processing your data (‘right to restriction’);

under certain circumstances, erase your personal data without undue delay (i.e. the “right to erasure”); and

under certain circumstances, furnish you with the personal data which you provided us with in a structured, commonly used and machine-readable format (‘right to data portability’).

Vindication of these rights shall not affect any rights which we may have under European Data Protection Law.

Exercising your rights and managing Personal Data

You can exercise any of your rights by making a request to us at the contact information provided below. If, for some reason, these rights are denied, we will provide an explanation of why this is the case.

We will process your request within 30 days of receipt.

security of your Personal Data

We are committed to ensuring that all of your information, including Personal Data, is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure your Personal Data.

Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorized access.

Unfortunately, the transmission of information through Access Munster cannot ever be completely secure. Although we will do our best to protect your Personal Data and apply appropriate safeguards, we cannot guarantee the security of your data transmitted through the website and any transmission is at your own risk.

How can you make a complaint about the Use of Personal Data?

Complaints on the use, retention and disposal of Personal Data can submitted via email to dataprivacy@munsterrugby.ie.

Under European Data Protection Law, you also have the right to lodge a complaint with the relevant supervisory authority of your country.

DISCLAIMER

Munster Rugby recognise that we have legal obligations in terms of the collection and use of personal data made available to us.

Access Munster is provided on an “AS IS” basis and Munster Rugby excludes all warranties or representations of any kind with respect to this website or its contents.

The contents of this website are designed to comply with Irish law. You may be viewing the website in a market in which we do not commonly sell our goods. Munster Rugby cannot be held responsible for non-compliance with any local advertising or other laws in relation to this website or its contents.

Review

This Policy will be reviewed and updated from time to time to consider changes in the law and the experience of the Policy and Munster Rugby’s processing of Personal Data in practice via Access Munster. Any and all changes will be published on our website. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose Personal Data.

Contact information

If you have questions about this Policy or our treatment of the Personal Data provided to us, please contact us contact our Data Protection Executive at dataprivacy@munsterrugby.ie or by writing to us at Munster Rugby, Musgrave Park, Tramore Road, Ballyphehane, Cork, Ireland.

Last updated: [ 13-09-2022 ].