**1. General Provisions**
This personal data processing policy is prepared in accordance with Irish data protection legislation and outlines the procedures for handling personal data, as well as the measures taken to ensure the security of personal data by Athboy Karting Centre Ltd. (hereinafter referred to as the "Operator").
1.1. The Operator considers protecting the rights and freedoms of individuals with regard to the processing of their personal data, including safeguarding the right to privacy, personal, and family secrets, to be of utmost importance in carrying out its activities.
1.2. This Policy of the Operator regarding personal data processing (hereinafter referred to as the "Policy") applies to all information that the Operator may obtain about visitors to the website [https://athboykartingcentre.ie](https://athboykartingcentre.ie).
**2. Key Terms Used in the Policy**
2.1. **Automated Processing of Personal Data** – processing of personal data using computing technologies.
2.2. **Blocking of Personal Data** – temporary cessation of processing personal data (except in cases where processing is required to clarify the personal data).
2.3. **Website** – the combination of graphic and informational materials, as well as software and databases that ensure their accessibility on the internet at [https://athboykartingcentre.ie](https://athboykartingcentre.ie).
2.4. **Personal Data Information System** – a collection of personal data contained in databases and ensuring their processing using information technologies and technical means.
2.5. **Anonymisation of Personal Data** – actions that make it impossible to determine the identity of personal data without using additional information.
2.6. **Processing of Personal Data** – any action (operation) or a set of actions (operations) performed with or without the use of automation, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymisation, blocking, deletion, and destruction of personal data.
2.7. **Operator** – any legal or physical person, who organises and/or processes personal data independently or jointly with others, and defines the purposes and actions (operations) involved in the processing of personal data.
2.8. **Personal Data** – any information relating directly or indirectly to an identified or identifiable User of the website [https://athboykartingcentre.ie](https://athboykartingcentre.ie).
2.9. **Personal Data Allowed for Distribution** – personal data to which unlimited access has been granted by the data subject via consent in accordance with data protection law.
2.10. **User** – any visitor to the website [https://athboykartingcentre.ie](https://athboykartingcentre.ie).
2.11. **Provision of Personal Data** – actions directed at disclosing personal data to a specific person or a specific group of persons.
2.12. **Distribution of Personal Data** – any actions aimed at disclosing personal data to an indefinite group of persons (transferring personal data) or at making personal data publicly available, including in the media, on the internet, or otherwise providing access.
2.13. **Cross-Border Transfer of Personal Data** – transfer of personal data to a foreign state authority, foreign individual, or foreign legal entity.
2.14. **Destruction of Personal Data** – any actions resulting in irreversible destruction of personal data, making further restoration impossible, or the destruction of the physical carriers of personal data.
**3. Main Rights and Duties of the Operator**
3.1. The Operator is entitled to:
- Obtain accurate information and/or documents containing personal data from the data subject;
- Continue processing personal data without the consent of the data subject if there are grounds as specified by Irish data protection laws;
- Independently determine the composition and list of measures necessary and sufficient to fulfil obligations under Irish data protection legislation.
3.2. The Operator is obliged to:
- Provide the data subject with information about the processing of their personal data upon request;
- Organise personal data processing in accordance with Irish data protection legislation;
- Respond to inquiries and requests from data subjects and their legal representatives;
- Implement legal, organisational, and technical measures to protect personal data from unauthorised access, destruction, alteration, blocking, copying, provision, dissemination, as well as from any other unlawful actions.
**4. Rights and Duties of Data Subjects**
4.1. Data subjects have the right to:
- Obtain information regarding the processing of their personal data (excluding cases provided by law);
- Request clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, or unlawfully obtained;
- Withdraw consent to process their personal data at any time;
- Lodge complaints to the Data Protection Commission or pursue legal action for unlawful actions or inaction by the Operator in processing personal data.
4.2. Data subjects must:
- Provide accurate personal data to the Operator;
- Notify the Operator of any changes or updates to their personal data.
**5. Principles of Personal Data Processing**
5.1. Processing of personal data is carried out lawfully and fairly.
5.2. Processing is limited to achieving specific, pre-defined, and lawful purposes.
5.3. Only personal data that meet the intended processing purposes are subject to processing.
5.4. Accuracy, sufficiency, and relevance of personal data are ensured in relation to the processing purposes.
**6. Purpose of Processing Personal Data**
- Clarifying booking details or track usage via phone or email
**Types of Personal Data:**
- Name, surname
- Email address
- Phone numbers
- Date of birth
**7. Terms of Personal Data Processing**
7.1. Processing of personal data is carried out with the consent of the data subject.
7.2. The processing may be necessary for the execution of a contract to which the data subject is a party.
**8. Collection, Storage, and Transfer of Personal Data**
8.1. The Operator ensures the security of personal data and takes all necessary measures to prevent unauthorised access.
8.2. Personal data will not be transferred to third parties without consent, except when required by law.
8.3. Users may update their personal data by contacting the Operator at athboykarting@gmail.com.
8.4. Users can withdraw their consent at any time by sending an email with the subject "Withdrawal of Consent for Personal Data Processing."
**9. Cross-Border Transfer of Personal Data**
The Operator is obliged to ensure that foreign entities receiving personal data provide adequate protection before any transfer takes place.
**10. Confidentiality and Final Provisions**
10.1. The Operator and others with access to personal data are required to maintain confidentiality unless otherwise stated by law.
10.2. This policy is available on the website [https://athboykartingcentre.ie/privacy](https://athboykartingcentre.ie/privacy) and is subject to change to reflect updates in legislation.