ePrivacy and GPDR Cookie Consent by Cookie Consent




COVID-19 Privacy Notice:

What does this policy cover? 

This notice describes how Goffs (also referred to as "we" or "us") will make use of data provided to it as part of its Covid-19 screening activities by and about all personnel that plan to attend a sale at Goffs, including a racecourse Breeze, if applicable. This notice is supplementary to the privacy notice concerning Goffs existing data processing activities as set out on the Goffs website https://www.goffs.com/

This policy also describes your data protection rights, including a right to object to some of the processing that Goffs carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section. 


What information do we collect? 

We collect the information included on the Covid-19 Medical Screening Questionnaire, which includes your name, contact details and information collected in order to determine whether you may be displaying symptoms of Covid-19 or may have recently been exposed to Covid19. This includes high level information about your state of health and your possible contact with Covid-19 patients. 

When you attend a sale at Goffs, our representatives will ask you to confirm the information previously collected in the Covid-19 Medical Screening Questionnaire. They will also collect additional information you provide about your state of health and will take your body temperature. We will collect this information for processing, recording your body temperature (or highest reading if the test needs to be repeated). 


How do we use this information, and what is the legal basis for this use? 

We process this personal data for the following purposes: 

  • As required by Goffs to pursue our legitimate interests, in particular we will use your information to assess your suitability for entry to Goffs in order to protect your health and safety and that of Goffs staff and other visitors and to communicate with you and your contracting/ employing organisation regarding logistics for your planned attendance at Goffs. Where this involves your sensitive data, this is also done for reasons of public health and to ensure compliance with Goffs health and safety obligations under employment law; 
  • For the purposes which are required by law in response to requests by government or law enforcement authorities conducting an investigation, or in accordance with our statutory duties.


Relying on our legitimate interests 

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. 


Who will we share this data with, where and when?  

We may share your information with your employing/contracting body or organisation so that they can make alternative staffing arrangements should your entry to Goffs be denied. 

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws. 


What rights do I have? 

You have the right to ask us for a copy of your personal data and to correct, delete or restrict (stop any active) processing of your personal data. In addition, you can object to the processing of your personal data in some circumstances where we do not have to process the data to meet a contractual or other legal requirement. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make. 


How do I get in touch with you, or your data protection officer? 

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, you can get in touch by writing to the Data Protection Officer, Goffs, Kildare Paddocks, Kildare, W91 K197. 


How long will you retain my data? 

We will retain the Medical Screening Questionnaires, temperature readings and answers to questions upon entry to the racecourse for a maximum period of one month from the date that you attended the sale at Goffs.


General Privacy Policy

This www.goffs.com website (the “Site”) is operated by Goffs. Please read this Privacy Statement carefully to understand our treatment and use of Data.

This Privacy Statement provides guidance and information to users and/or visitors of our Site regarding the processing of personal data by Goffs

We will use your personal data only for the purposes and in the manner set forth below which describes the steps we take to ensure our processing of your personal data is in compliance with the Acts.


When Does This Privacy Statement Apply

Goffs ("us", "we" or "our") is committed to protecting and respecting your privacy. This Privacy Statement together with the Terms and Conditions of use of the Site [https://www.goffs.com/terms-and-conditions],Cookie Policy [https://www.goffs.com/cookie-policy] and the documents referred to in them sets out the basis on which any personal data we collect from you or that you provide to us in connection with the Site will be processed by us. Please read this Privacy Statement carefully to understand our treatment and use of personal data.

This Privacy Statement applies to personal information that we collect, use and otherwise process about you in connection with your use of our Site. The Data we process will depend on how you use our Site. It is important that you read this privacy statement together with any other privacy statement or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. this privacy statement supplements the other notices and is not intended to override them

In this Privacy Statement, references to “you” means the person whose personal information we collect, use and process. We will use your Data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your personal data is in compliance with the Data Protection Acts 1988 and 2003 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

Identity of the Data Controller

For the purposes of Data Protection Legislation, the Data Controller is Goffs, a private company limited by shares and registered in Ireland (Registered Number 45567) and having its registered office address at Goffs Bloodstock Sales, Kildare Paddocks, Kill, Co Kildare

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Statement. If you have any questions about this Privacy Statement, please contact the DPO using the details set out below.

Name: Hayley O'Connor

Email Address: dpo@goffs.ie

Telephone Number: +353 (0)45 886600

Address: Goffs Bloodstock Sales, Kildare Paddocks, Kill, County Kildare




When you visit or use the Site in any way, we may collect and process different types of information about you.

The personal information we process about you broadly falls into four main categories:

  1. Contact Information;
  2. Information provided voluntarily by filling in forms on our Site, by registering an account and by contacting us through contact us section on our Site, which may from time to time include requesting information from us or submitting comments; and
  3. Information provided voluntarily when you contact us or meet with us.


We collect your Data from a number of sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

Please note that if you do not provide us with your Contact Information we will not be able to provide you with any information you request, and if you do not provide us with your Contact Information we will not be able to interact or contract with you.

The personal data we collect from you or through our systems helps us manage our relationship with you, but also to comply with our legal obligations or for the conduct of our business (sale/ purchase of a horse). The personal data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).

For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstance


Type of Data

Purpose of processing


Basis of processing


Contact information

Name, date of birth, gender, postal address, e-mail address and telephone number, the time, date and details of your visit to our Site.

This information is processed to enable Goffs to deal with and respond to your request, query or complaint and to ensure compliance with the Goff’s legal obligations and corporate governance requirements



Consent, where the personal data relates to the person supplying it to Goffs and has been supplied to Goffs voluntarily.

In relation to other personal data processing is necessary to comply with legal obligations, our contract with you, or to take steps for entering into our contract with you.

Information provided voluntarily by filling in forms on our Site, by registering an account, by contacting us through contact us section on our Site (which may from time to time include requesting information from us or submitting comments) and/or when you meet with us.


Name, postal address, email, telephone number, date and details of your visit to our site

Responding to your enquiries.


Please note that if you subscribe to the Goffs newsletter, your email address will be automatically added to the subscriber database. If you unsubscribe from our newsletter, your email address will be retained by Goffs for 1 year to ensure you are not contacted again and will be permanently removed from our database after this period.

Please also note that if you sign up to receive email alerts about Goffs, your email address is automatically added to the subscriber database on Mailchimp, an online email marketing company based in the USA which provided services to clients regarding the email alerts. If you unsubscribe from our news or merger alerts, your email address is deleted from the Mailchimp database immediately.


What will Goffs use my data for?

We collect and process information about you for the purposes of complying with our legal duties and for other legitimate purposes. We may use your Data, collected from direct interaction, automated forms and third parties to:

  • Send our customer newsletter (if you have subscribed to receive the newsletter)
  • Send our sales catalogues (if you have subscribed)
  • Targeted letters to vendors for boutique sales
  • Issue email alerts about sales news and the latest information about sales (if you have signed up to receive these alerts
  • Ensure that content from our Site is presented in the most effective, responsive and compatible manner for you and for your computer or device
  • Respond to your requests for information and other communication or correspondence you may submit to us
  • Provide you with general information on our Site and to provide you with personalised services
  • Provide marketing information with your consent
  • Provide you with general sales paperwork (vet certs, pedigree proofs, health certs, passports, blood results etc)
  • In the event a horse is entered/sold/not sold/purchased we will use your data to fulfil the conditions of sale, including listing the information on website
  • Provide debit/credit notes, payment demands, buyer invoices
  • Provide sales race information (dates, prize money, conditions)
  • Provide you with information regarding our events, contests, competitions, promotions, sponsored race days or newsletters chosen
  • Enable you to login to the site, using your email address, username and the password that you have chosen
  • Provide you with information about your registration or accounts
  • Provide you with the information or services that you request from us
  • Carry out statistical analysis and market research
  • Allow you to participate in interactive features of our Site, when you choose to do so
  • Carry out activities necessary to the running of Goffs, including systems testing, network monitoring, staff training and quality control
  • Notify you about changes to our Site, services or policies


Sharing of Personal Data

We consider your Data to be private and confidential.

We may access and/or disclose your Data if required to do so by law or in good faith and belief that such action is necessary to: (a) conform with the law or comply with legal process served on us; (b) protect and defend our rights or property including, without limitation the security and integrity of our network and systems; or (c) act under exigent circumstances to protect the personal safety of users of our services or members of the public.


Goffs Group

We share information between Goffs Group for any purposes set out in this privacy statement


Service Providers

We use third party service providers who work for us in the provision of our services. In providing the services, your Data will, where applicable, be processed by the service provider on our behalf.

We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your Data. We will have written contracts with them which provide assurances regarding the protections that they will give to your Data and their compliance with our data security standards and international transfer restrictions.


Disclosures to Third Parties

In certain circumstances, we share and/or are obliged to share your personal data with third parties, for the purposes described above and in accordance with Data Protection Legislation.

These third parties include:

  • regulatory authorities;
  • financial institutions;
  • revenue and tax authorities of other countries police, public prosecutors;
  • auditors;
  • relevant industry bodies;
  • external professional advisors; and
  • others, where it is permitted by law, or where we have your consent.

These organisations will also use your personal data as a “Data Controller” – they will have their own privacy statements which you should read, and they have their own responsibilities to comply with applicable Data Protection Legislation.


Transfers Outside the European Economic Area

Your Data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), for example, when one of our service providers use employees or equipment based outside the EEA. For transfers of your personal data to third parties outside of the EEA, we take additional steps in line with Data Protection Legislation. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses.

If you would like to see a copy of any relevant provisions, please contact the data protection officer (see “Contact Us” section below).


How Long Will We Use Your Data For?

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above, including for the purposes of satisfying any legal, accounting, or reporting requirements. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:

  • Retention in case of queries; we will retain it for a reasonable period after the query has been resolved for a reasonable period after the conclusion of related legal proceedings;
  • Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 7 years in some instances); and
  • Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after the period described in 9.1.2 because of a legal or regulatory requirement.

If you would like further information about our data retention practices, please contact us (see the “Contact Us” section below).


Links To Other Websites

Our Site may, from time to time, contain links to and from other websites and web platforms. In addition, third parties’ websites may also provide links to our Site. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Data to those websites.

We do not accept, and we disclaim, any responsibility for the privacy statements and information protection practices of any third party website (whether or not such website is linked on or to our Site). These links are provided to you for convenience purposes only, and you access them at your own risk. It is your responsibility to check the third party website’s privacy statement before you submit any Data to their website.



We will use appropriate technical and physical security measures to protect your personal data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access.

Access is only granted to Data on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.

As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to our Site. Any transmission of Data is at your own risk. Once we receive your Data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available.


Your Rights

You may have various rights under data protection legislation in your country (where applicable). However, in certain circumstances, these rights may be restricted. In particular, your rights may be restricted where this is necessary: (i) for the prevention, detection, investigation and prosecution of criminal offences, and/or (ii) in contemplation of or for the establishment, exercise or defence of a legal claim or legal proceedings (whether before a court, tribunal, statutory body or an administrative or out-of-court procedure).

Subject to the above, your rights under Data Protection Legislation may include (as relevant):

Your right

What does it mean?

How do I execute this right?

Conditions to exercise?

Right of access

Subject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”).

Requests for such information should be made in writing to dpo@goffs.ie .If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.

We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other individuals and/or businesses.

Right of data portability

Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format.

Requests should be made in writing to dpo@goffs.ie.  If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations.

The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Therefore, it does not, as a rule, apply to personal data that was created by Goffs or supplied to Goffs by any other individual and/or business.

Rights in relation to inaccurate personal or incomplete data

You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.

We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number.

If no such tools are available, requests should be made in writing to dpo@goffs.ie.

This right only applies to your own personal data. When exercising this right, please be as specific as possible.

Right to object to or restrict our data processing

Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

Requests should be made in writing to dpo@goffs.ie

This right applies only if the processing of your personal data is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.

Right to have personal data erased

Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.

Requests should be made in writing to dpo@goffs.ie

There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes or under the Goff’s internal data retention policies.

Right to withdrawal

You have the right to withdraw your consent to any processing for which you have previously given that consent.

Requests should be made in writing to dpo@goffs.ie.

If you withdraw your consent, this will only take effect for the future.


If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. 

You also have a right to complain to the Office of the Data Protection Commissioner at Canal House, Station Road, Portarlington, Co. Laois by telephone at 1890 25 2231 and/or by email to info@dataprotection.ie.


Changes To Our Policy Statement

We reserve the right to change this Privacy Statement at any time at our sole discretion. If we make changes, they will be posted on our Site so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our Site after we post any such changes, you accept and agree to this Privacy Statement as modified.


Contact Us

Questions, comments and requests regarding this Privacy Statement and the information we hold are welcome and should be addressed to dpo@goffs.ie or alternatively you can write to us at Data Protection Officer, Goffs Bloodstock Sales at Kildare Paddocks, Kill, County Kildare.