Privacy Policy
Rockhill House Estate · Letterkenny, Co. Donegal
Privacy Policy
This Privacy Policy explains how Rockhill House Estate (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit www.rockhillhouse.ie, make a reservation, submit an enquiry, or otherwise interact with us.
We are committed to protecting your privacy and handling your data in a transparent and lawful manner. This policy should be read alongside our Cookie Policy.
Last updated: March 2026
GDPR · Article 13
Who We Are & Who is Responsible for Your Data
For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, the data controller is:
Data Controller
Bonamy Ltd
trading as Rockhill House Estate
Rockhill, Letterkenny
Co. Donegal, F92 R523
Ireland
This policy applies to all personal data collected through our website, our booking system, our enquiry forms, email correspondence, and in the course of providing our hotel, events, spa, and wedding services.
Section 1
What Personal Data We Collect
We collect personal data only where necessary and relevant to providing our services. Below is a summary of what we may collect and when.
Reservations & Bookings
Booking & Reservation Data
When you make a reservation through our website or booking engine, we collect your name, email address, telephone number, address, arrival and departure dates, room preferences, and payment card details. Payment data is processed securely through our booking platform and is not stored on our systems beyond what is required to complete the transaction.
Enquiries & Events
Enquiry & Contact Form Data
When you submit an enquiry via our website — including general contact forms, wedding enquiry forms, events enquiries, and trade enquiries — we collect your name, email address, telephone number, and the content of your message. For wedding enquiries, we may also collect your proposed date, guest numbers, and other relevant event details you choose to provide.
Marketing
Email Marketing & Newsletter Sign-Ups
If you subscribe to our email newsletter or opt in to marketing communications, we collect your name and email address. You can unsubscribe at any time using the link included in every marketing email. Opting out of marketing will not affect any other communications relating to a booking or enquiry you have made.
Website
Technical & Analytics Data
When you visit our website, we automatically collect certain technical data including your IP address, browser type and version, device type, pages visited, time spent on the site, and referring URLs. This data is collected using Google Analytics and similar tools. It is used only in aggregated and anonymised form to improve the website and is not used to identify individual visitors. Please see our Cookie Policy for full details.
On the Estate
CCTV
CCTV cameras operate in certain areas of the estate for security and safety purposes. CCTV footage is retained for a maximum of 30 days and is accessible only to authorised members of staff. Footage may be shared with An Garda Síochána or other authorities where required by law. Signage is displayed in areas covered by CCTV.
Section 2
How We Use Your Personal Data
Under GDPR, we are required to have a lawful basis for processing your personal data. The table below sets out how we use your data and the legal basis we rely on for each purpose.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Processing and managing your reservation | Name, contact details, payment data, stay dates | Contract — necessary to fulfil your booking |
| Responding to enquiries and event requests | Name, contact details, enquiry content | Legitimate interests — to respond to requests made to us |
| Sending marketing emails and newsletters | Name, email address | Consent — you may withdraw at any time |
| Improving the website via analytics | Anonymised usage data | Legitimate interests — to maintain and improve our website |
| Estate security via CCTV | CCTV footage | Legitimate interests — to protect guests, staff, and property |
| Compliance with legal obligations | As required by law | Legal obligation — e.g. financial records, Revenue requirements |
Section 3
Who We Share Your Data With
We do not sell your personal data. We share it only with trusted third parties who help us deliver our services, and only to the extent necessary for those purposes.
Netaffinity — Booking Engine
Our online booking system is provided by Netaffinity, an Irish hospitality technology company. Reservation data entered through our website is processed by Netaffinity on our behalf as a data processor. Netaffinity’s privacy policy is available at netaffinity.com.
Stripe — Payment Processing
Payment card transactions are processed securely by Stripe, a PCI DSS-compliant payment platform. We do not store full payment card details on our own systems. Stripe’s privacy policy is available at stripe.com/ie/privacy. Stripe Inc. is headquartered in the United States; where data is transferred outside the EEA, Stripe relies on Standard Contractual Clauses approved by the European Commission.
Mailchimp — Email Marketing
If you have subscribed to our newsletter or marketing communications, your name and email address are held in Mailchimp, an email marketing platform operated by The Rocket Science Group LLC. Mailchimp is based in the United States; data transfers outside the EEA are covered by Standard Contractual Clauses. You can unsubscribe at any time using the link in any marketing email. We do not share marketing lists with any third party. Mailchimp’s privacy policy is available at mailchimp.com/legal/privacy.
Google Analytics
We use Google Analytics to collect anonymised website usage statistics. Google may transfer this data outside the European Economic Area. We have configured Google Analytics to anonymise IP addresses. Google’s privacy policy is available at policies.google.com/privacy.
Legal & Regulatory Disclosure
We may disclose personal data to An Garda Síochána, the Revenue Commissioners, or other competent authorities where required to do so by law or in connection with legal proceedings. We will only do so to the extent required and will notify you where legally permitted.
Section 4
How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. Our standard retention periods are:
Booking Records
7 years
In line with Irish Revenue requirements for financial records.
Enquiry Data
2 years
Or until the enquiry is resolved. Deleted sooner on request.
Marketing Lists
Until unsubscribed
Removed promptly on receipt of an unsubscribe request.
CCTV Footage
30 days
Unless retained for security incident or legal purposes.
Section 5
Your Rights Under GDPR
Under Irish and EU data protection law, you have a number of rights in relation to the personal data we hold about you. You can exercise any of these rights by contacting us using the details below. We will respond within one calendar month.
Right of Access
You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
You have the right to ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
You have the right to request that we delete your personal data, subject to our legal obligations to retain certain records.
Right to Restrict Processing
You have the right to ask us to restrict how we process your data in certain circumstances, for example while a complaint is being investigated.
Right to Data Portability
Where we process your data on the basis of consent or contract, you have the right to receive it in a structured, machine-readable format.
Right to Object
You have the right to object to our processing of your data where we rely on legitimate interests, including the right to opt out of direct marketing at any time.
Right to Withdraw Consent
Where we rely on consent as our lawful basis, you may withdraw it at any time. This will not affect processing carried out before withdrawal.
Section 6
How to Contact Us & How to Complain
To exercise any of your rights, raise a concern, or ask a question about how we handle your personal data, please contact us:
Telephone
Post
Rockhill House
Rockhill, Letterkenny
Co. Donegal, F92 R523
Ireland
We will acknowledge your request within five working days and respond in full within one calendar month. If your request is complex, we may extend this by a further two months and will inform you of the extension.
Supervisory Authority
Data Protection Commission
If you are not satisfied with our response to your data protection concern, you have the right to lodge a complaint with the Data Protection Commission of Ireland (DPC), which is the supervisory authority for data protection matters in Ireland.
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
dataprotection.ie
info@dataprotection.ie
+353 (0)1 765 0100
Section 7
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. The date at the top of this page shows when it was last updated. Where changes are material, we will take reasonable steps to notify you — for example by placing a notice on our website.
We encourage you to review this policy periodically. Continued use of our website following any update constitutes your acknowledgement of the revised policy.
