Privacy Policy

1 — Who We Are

Murty Rabbitt’s (“Murty Rabbitts”, “we”, “our”, “us”) operates the website murtyrabbitts.ie and is the data controller for all personal data collected through it.

Registered address: 23 Forster Street, Galway, Ireland

Email: [email protected] | Tel: +353 (0)91 566 490

2 — Why This Notice Exists

Article 13/14 of the EU General Data Protection Regulation (GDPR) requires us to explain:

• What data we collect

• Why and under which legal basis we process it

• How long we keep it

• Who we share it with

• What rights you have and how to exercise them

3 — Personal Data We Collect

3.1 Data you provide directly

• Contact & Identity Data — name, email address, phone number

• Booking & Event Data — reservation date/time, party size, occasion, darts lane time, dietary or allergen notes

• Payment & Billing Data (coming soon) — billing name, billing address, last 4 digits of card, payment token/ID (we never store full card details)

• Marketing Preferences — your explicit opt-in or opt-out choice

• Free-text Content — any information you add in a message box

3.2 Data we collect automatically (after consent for non-essential cookies)

• Technical Data — IP address, device, browser, OS, language

• Usage Data — page views, buttons clicked, referring site

• Cookies & similar tech — see Cookie Policy

3.3 Data from third parties

• Security Data — Google reCAPTCHA scores (anti-spam)

• Social Media Data — interactions with our embedded Instagram feed

• Payment Confirmation Data — success/fail status from our payment processor

4 — Our Legal Bases for Processing

Purpose | Personal data | GDPR legal basis

Manage reservations, event & darts bookings | Contact, Booking & Event Data | Contract Art. 6 (1)(b)

Provide dining service incl. dietary needs | Booking & Event Data, Dietary Notes | Vital interests 6 (1)(d) & Legitimate interest 6 (1)(f)

Process online payments & issue receipts | Payment & Billing Data | Contract 6 (1)(b) & Legal obligation 6 (1)(c)

Send mandatory service emails (confirmation, changes) | Contact, Booking & Payment Data | Contract 6 (1)(b)

Send marketing emails & SMS (offers, events) | Contact Data & Marketing Preferences | Consent 6 (1)(a) & Irish ePrivacy S.I. 336/2011

Protect site from fraud & spam | Technical & Security Data | Legitimate interest 6 (1)(f)

Run analytics to improve site | Technical & Usage Data | Consent 6 (1)(a)

Maintain accounting/tax records | Booking & Payment Data | Legal obligation 6 (1)(c)

5 — How & With Whom We Share Your Data

We never sell your personal data. We share it only with trusted processors under written agreement:

• HighLevel LLC (CRM, hosting — US servers)

• Stripe Payments Europe Ltd. (online payments)

• Google LLC (Analytics, reCAPTCHA)

• Meta Platforms Ireland Ltd. (Instagram embedding)

• Email/SMS gateway (transactional & marketing messages)

• Public authorities or courts when required by law

Each processor is bound to process your data solely on our instructions and to implement appropriate security measures.

6 — International Transfers

HighLevel and Google servers are located in the United States. Transfers outside the European Economic Area are protected by Standard Contractual Clauses (SCCs 2021/914/EU) and supplementary safeguards. You can request a copy via [email protected].

7 — Retention Periods

Data category | Typical retention

Booking & Event records | 6 years after the visit (tax & liability)

Payment & Billing records | 6 years after transaction (Revenue compliance)

Contact-form enquiries | 12 months after last correspondence

Marketing consent logs | Until withdrawal + 2 years audit buffer

Cookie/analytics IDs | 26 months from last visit

8 — Your Rights

You can access, correct, delete, restrict, object, port or withdraw consent at any time. Email [email protected]. We may request proof of identity and will respond within one month.

If you believe your data has been mishandled, you may lodge a complaint with the Data Protection Commission (www.dataprotection.ie).

9 — Cookies

We use:

• Essential cookies — needed for the site to work (always on)

• Analytics cookies — measure performance (optional)

• Marketing cookies — help us show relevant offers (optional)

A banner on first visit lets you Accept all, Reject all (except essential) or Manage preferences. Your choice is logged for proof of consent.

10 — Security

• TLS encryption (HTTPS) on every page

• Server-level firewalls & intrusion detection (HighLevel)

• Access controls with role-based permissions

• PCI-DSS Level 1 payment processing (Stripe)

• Regular vulnerability scans & backups

11 — Children

Our website and services are not directed at children under 16, and we do not knowingly collect data from them.

12 — Changes to This Notice

We may update this notice to reflect legal or operational changes. We will post any changes here and, if material, notify you by email (if we hold your address).

13 — Contact Us

Data Protection Contact

Hiberno Creative (on behalf of Murty Rabbitt's)

Email: [email protected]

Last updated: 29 July 2025