How we handle personal data on this website, including bookings, the Untappd check-in display, and your rights under GDPR.
The data controller is Third Barrel Brewing / The Christchurch, 13 High Street, Merchants Quay, Dublin 8.
For privacy queries, rights requests, or complaints about how we handle your personal data:
When you submit a booking request through the form on this website, you provide your name, email address, phone number (optional), preferred date and time, party size, occasion (optional) and any notes you choose to include.
The Untappd check-in display on our On Tap page shows selected information from public check-ins made at our venue on the Untappd platform. This data is obtained from the Untappd for Business API, not directly from the individuals concerned. The information was made public by those individuals when they checked in on Untappd.
When you submit a booking, Cloudflare Turnstile processes a technical verification token and your IP address to protect the form from spam. This data is transient and is not stored by us.
| Activity | Personal Data | Purpose | Lawful Basis |
|---|---|---|---|
| Booking requests | Name, email, phone (where provided), party size, date/time, occasion, notes, status | To receive and respond to your booking request, manage event or large-table bookings, and contact you to confirm details and arrange a deposit | Article 6(1)(b) — steps taken at your request prior to entering into a contract |
| Staff notifications | The same booking details, sent to a restricted staff chat | So the team can act on new requests promptly | Article 6(1)(b) — part of the same booking process |
| Untappd check-ins | Public username, beer name, rating, comment (where provided), check-in date, profile link | To show genuine customer engagement with our beers | Article 6(1)(f) — legitimate interests |
| Anti-spam | Verification token, IP address (transient) | To protect the booking form from automated abuse | Article 6(1)(f) — legitimate interests |
We display a limited number of recent public Untappd check-ins to promote our beers and show genuine customer engagement. The data is already public on the Untappd platform and was made public by the individual. We deliberately exclude real names, email addresses, avatar images, device data, and social interactions (toasts, badges, friends). No more than 8 recent check-ins are shown. The data is not stored — it is fetched live and cached for no more than 5 minutes. We maintain a removal mechanism (see section 9 below).
The booking form includes a free-text notes field. Please do not include unnecessary medical or other sensitive personal information. If you need to tell us about dietary requirements, food allergies, or accessibility needs so we can accommodate you, we will use that information solely for your booking. We encourage you to share this by phone if you prefer.
| Recipient | What | Why | Where |
|---|---|---|---|
| Our staff | Booking details | To manage and confirm bookings | Ireland |
| Supabase | Booking records (stored); Untappd data (transient) | Database hosting | West EU (Paris) — within the EEA |
| Telegram | Booking details sent as a staff notification | Operational alerting | Global (HQ Dubai, UAE) |
| Cloudflare | Verification data (transient); website hosting | Anti-spam and hosting | Global (US-based) |
| Website visitors | Limited Untappd check-in details only | Public display on On Tap page | Global |
We do not sell, rent, or trade personal data to any third party.
Supabase — our database is hosted in West EU (Paris), within the EEA. No international transfer mechanism is required for stored data.
Cloudflare — US-based with a global CDN. Cloudflare relies on Standard Contractual Clauses and its published Data Processing Addendum.
Telegram — headquartered in Dubai, UAE. Telegram relies on Standard Contractual Clauses executed internally across its corporate network. The European Data Protection Office (EDPO) acts as Telegram's designated Article 27 representative in Brussels, Belgium.
| Data | Retention | What happens after |
|---|---|---|
| Completed bookings | 12 months after the booking date | Deleted from the database |
| Cancelled enquiries | 3 months after cancellation | Deleted from the database |
| Staff notifications | Reviewed quarterly; deleted when no longer needed | Manually deleted |
| Untappd display data | Not retained — fetched live, cached up to 5 minutes | Nothing to delete |
| Anti-spam data | Transient — not stored by us | Governed by Cloudflare's own policy |
If your public Untappd check-in appears on our website and you would like it removed, contact us using the details above. We will assess your objection under Article 21 GDPR and action it promptly.
When a check-in is suppressed, only its Untappd check-in ID is recorded so it will not appear again. The removal mechanism fails closed: if the exclusion list cannot be read for any reason, the entire check-in section is suppressed rather than risk showing a removed check-in.
This website does not use analytics cookies, advertising cookies, or tracking cookies. No audience measurement tools are installed.
No first-party cookies are set by this website. Any cookies present are strictly necessary and exempt from consent under the ePrivacy Directive. No cookie banner is required.
We do not use automated decision-making or profiling. Booking requests are reviewed and confirmed by staff. Cloudflare Turnstile determines whether a submission appears to be from a human — a failed check prevents the form submission but does not affect you in any other way.
| Right | What it means |
|---|---|
| Access (Art. 15) | Ask for a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Ask us to correct inaccurate data. |
| Erasure (Art. 17) | Ask us to delete your data where there is no compelling reason to keep it. |
| Restriction (Art. 18) | Ask us to restrict processing in certain circumstances. |
| Portability (Art. 20) | Ask for your data in a structured, commonly used format. |
| Objection (Art. 21) | Object to processing based on legitimate interests. For Untappd, see section 9. |
To exercise any right, contact us at hello@thechristchurchpub.ie. We will normally respond within one calendar month.
If you are unhappy with how we have handled your data, you have the right to complain to the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 — www.dataprotection.ie — phone +353 (0)1 765 0100 / 1800 437 737.
We would appreciate the chance to address your concerns first — please contact us using the details above.
This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data through the booking form, please contact us and we will delete it.
We may update this notice from time to time. The current version is always available on this page.
Version 2.0 · Effective 2 July 2026