Clink Hostels Privacy Notice

Welcome to Clink! 
We are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This notice explains how we collect, use, and protect your information in accordance with applicable data protection legislation and how you can access or erase your data anytime. 

1. Who we are and how to contact us

For the purposes of the General Data Protection Regulation (GDPR), the data controller is Clink Hostels. For the processing activities described in this Privacy Notice, we act as the data controller, unless stated otherwise.

  • Our Contact Details
    Postal Address: Clink Hostels, Merchant’s House, 27 Merchant’s Quay, Dublin D08 H5Y3, Ireland.  
    Website: www.clinkhostels.com

  • Data Protection Officer (DPO): 
    Postal Address: DPO, Clink Hostels, Merchant’s House, 27 Merchant’s Quay, Dublin D08 H5Y3, Ireland. 
    Email: [email protected]

2. The personal data we collect about you

We collect and process various types of personal information to manage our services: 

  • Contact and Identification Data: Name, email address, postal address, phone number, nationality, date of birth, gender, and government-issued ID details for example passport/driving license) as required by local law. Some of this information, such a passport or ID, may be required under local laws, while others may be optional and provided at your discretion. 

  • Reservation and Stay Data: Dates of arrival and departure, booking specifics, special requests (e.g., dietary needs, accessibility), service preferences, and feedback from your stay including your handle used when posting reviews.

  • Data of Companions
    Information relating to other guests included in your reservation, such as names and, where relevant, the age of children.

  • Children’s Data
    Our services are not intended for children under the age of 16 without parental consent. Where we collect personal data about children (e.g. name or age during family bookings) we do so only with appropriate safeguards and for specified purposes (e.g. room allocation). 

  • Communications Data
    Correspondence with us can be recorded, including emails, messages sent via messaging applications (such as WhatsApp), and communications via third-party chat or guest service platforms. Some enquiries may initially be handled using automated tools (e.g.: chatbots) to provide standard information or route messages to the appropriate team.

  • Financial Data
    Credit card details and other payment information necessary to process transactions and payments. Payment information is processed through secure payment service providers. Where special category data is collected (e.g. health or dietary requirements), we process such data only with your explicit consent, in line with Article 9 GDPR. 

  • Technical and Usage Data
    Information collected when you use our website (IP address, browser type, usage patterns, cookies) in accordance with our Cookies Policy.

  • CCTV Footage
     Images captured by CCTV cameras installed in public areas of our properties for security

3. How we collect your personal data?

We collect data from you in the following ways: 

  • Directly From You: We collect personal data directly when you make a reservation or stay at our hotel, register on our website, subscribe to our communications, complete surveys, or contact or communicate with us in person or through our various channels (such as email or telephone).

  • Via our Website: When you visit our website, we may collect technical information such as IP address, browser type, and information about your interaction with the website through cookies and similar technologies. For more information, please see our Cookie Policy.

  • Via Third Parties: We receive personal data from / Information is shared with us by/ online travel agents (OTAs), such as Booking.com or Hostelworld, or corporate bookers when they make a reservation on your behalf and by websites where you leave a post-stay review. Further third-party review platforms such as TripAdvisor are also utilised to retrieve data.

4. How and Why we can use your data (Legal basis)

We will only use your personal data where we have a lawful basis to do so. 

  • Performance of a Contract: To process your reservation, manage your booking, and provide the hotel services you requested (e.g., accommodation, late check-out).

  • Legal Obligations: To comply with mandatory requirements, such as maintaining mandatory guest records, a hostel register for public security or adhering to tax laws. 

  • Legitimate Interests: To improve our services, ensure safety and security, manage complaints, and send you relevant offers or newsletters if you have not opted out (e.g., website analytics and security measures like CCTV). Our legitimate interest include ensuring guests safety through CCTV, enhancing customer service, conducting internal analytics to improve our services, and protecting our business against fraud or misuse. 

  • Consent: For specific activities such as sending direct marketing communications where you have explicitly opted in or processing sensitive data like health/allergy information for special requests. We rely on your consent for certain processing activities where required by law. This includes sending you direct marketing communications where you have chosen to receive them, as well as the use of cookies and similar technologies on our website. You may withdraw your consent at any time, either by using the unsubscribe options included in all our communications or by managing your cookie preferences through our cookie consent management platform on our website. Further information is available in our Cookie Policy.

5. Who we share your data with

We may share your personal data with third parties to operate our business effectively. We do not sell your personal information. 

  • Service Providers: Third parties who provide services on our behalf, such as payment processors, IT support, and marketing platforms.
    We share personal data with trusted third-party service providers that support our operations and the delivery of our services. This includes providers of property management and booking systems (including tools used to manage reservations from online travel agencies), payment and payment processing services, customer relationship management and email communication tools, as well as IT support and website hosting services. These service providers process personal data only on our behalf. They are required by contract to keep personal data secure and to use it only for the purposes we specify. 

  • Legal and Regulatory Authorities: If required by law, court order, or governmental inquiry. 

6. International data transfers

In some instances, it is necessary to transfer your personal data to countries outside the European Economic Area (EEA), for example, to centralised IT systems. Where we do this, we ensure a similar degree of protection is afforded by implementing appropriate safeguards, such as using standard contractual clauses approved by the European Commission. 

7. Data retention period

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to meet our legal or accounting needs. We determine the appropriate retention period based on: 

  • The length of your relationship with us.
  • Any statutory or legal obligations (e.g., financial records are typically kept for seven years).
  • The nature and sensitivity of the data. 

Once no longer required, we will securely delete or anonymise your data. 

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to provide our services, comply with legal and accounting obligations, respond to enquiries or complaints or defend legal claims. The legal bases for retention are Article 6(1)(b), 6(1)(c), or 6(1)(f) of the GDPR, depending on the purpose.

Our retention of personal data is based on Article 6(1)(b) (contract), Article 6(1)(c) (legal obligation), or Article 6(1)(f) (legitimate interests) of the GDPR, depending on the nature and purpose of the processing. 

Retention periods depend on the type of personal data and the purpose for which it is processed. In general:

  • Reservation and stay-related data are retained to manage our contractual relationship and comply with applicable legal requirements. Reservation and stay-related data: retained for up to 6 years from the date of your last stay. 
  • Financial and accounting records are retained in accordance to comply with tax, accounting and audit obligations. Financial and accounting records: retained for 6–7 years in line with tax and audit obligations. 
  • Communications with guests are retained for as long as necessary to respond to enquiries and manage our relationship with you. Communications with guests: retained for up to 2 years after the last correspondence unless required longer for dispute resolution. 
  • Marketing data: retained until you withdraw consent or object (usually within 30 days of such request).  
  • CCTV footage is retained for a limited period unless it is required for the investigation of an incident. CCTV footage: typically retained for up to 30 days unless required for investigations. 

Where personal data is no longer actively required for these purposes, its use and access are restricted. Personal data may be deleted or anonymised where appropriate, for example where required by law or in response to a valid data subject request.

8. Your data protection rights

Under GDPR, you have rights concerning your personal data, including access, rectification, erasure (the right to be forgotten), restriction of processing, objection to processing (especially for direct marketing), and data portability. You also have the right to withdraw consent at any time. There is generally no fee to exercise these rights, and we will respond to legitimate requests within one month. 

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie. 

9. How to complain

If you believe there has been a data protection breach, please contact us first using the details in Section 1. You can also file a complaint with your local data protection supervisory authority. 

You may lodge a complaint with the Irish Data Protection Commission at www.dataprotection.ie or by contacting: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.

10. Changes to our privacy notice

This notice may be updated periodically. Material changes will be posted on our website. Where changes materially affect your rights or how we process your data, we will actively notify you through email or on your next interaction with our services.