How we protect and manage your data
This is your guide to how personal data is managed by Community Cancer Caregivers. Please read it carefully.
Data privacy is taken very seriously at Community Cancer Caregivers. It is important that you know exactly what we do with the personal information you and others provide to us, why we gather it and what it means to you. This document outlines our approach to Data Privacy to fulfil our obligations under the General Data Protection Regulation (2018). We also welcome it as an opportunity to reassure you of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use. We want you to be clear on:
-
Who we are
-
The information we collect about you
-
When and how we collect information about you
-
How we use your information*
-
Who we share your information with
-
How long we hold your information
-
Implications of not providing information
-
Processing your information outside the EEA
-
How to exercise your information rights (including the right to object)
-
How to contact us and/or our Data Protection Officer
*This notice applies to services we provide our clients (inclusive of their children), our volunteers, our donators. You should also read a copy of the Privacy Notice of any third party service providers you contract with, including any you ask us to share your information with or allow to access your information. For example, medical and welfare professionals. If you have any questions about how your information is gathered, stored, shared or used, please contact our Data Protection Officer. You have a number of rights in relation to your personal data, including the right to object to processing of your personal information for direct marketing or where the legal basis for our use of your data is our legitimate business interests or performance of a task in the public interest.
Security
All information you provide to us is stored on secure hardware and servers.
Your personal data is held on secure hardware and cloud storage hosted by Google Drive. The nature of the Internet is such that we cannot 100% guarantee or warrant the security of any information you transmit to us via the Internet to be secure. However, once we receive your personal data we take all reasonable technical and organisational measures to protect personal data from loss, misuse, alteration or destruction and to prevent any unauthorised or unlawful disclosure or processing.
Any online payment transactions will be encrypted using SSL technology via our third party payment processing providers.
1. Who we are
Throughout this document, “we”, “us”, “our” and “ours” refers to Directors and staff of Community Cancer Caregivers.
Community Cancer Caregivers is a Company Limited by Guarantee (CLG), registered at 107 Crodaun Forest Park, Celbridge, Co. Kildare. Company Number 665266.
2. The information we collect about you
Clients
There are a number of reasons for gathering personal data about you. For instance, we need to know how to get in touch with you, we need to be certain of your identity and we need to understand your circumstances, so we can offer you a tailored service and care plan.
The personal data we collect falls into various categories, such as:
-
Identity & contact information
Name, contact details, home status and address, email address, work and personal phone numbers, marital status, family details, emergency contacts, dependents details, GP details, Social Worker details, emergency contact details. -
Personal Situation
An outline of your condition, your circumstances and likely requirements from us, such as appointment dates, respite dates. -
Express wishes
An outline of what information you would like us to provide or not provide to any child being cared for by one of our volunteers. -
Information you provide us about others or others provide us about you
If you give us information about someone else (for example, information about a spouse or relative or child), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Data Privacy Notice. Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Privacy Notice. -
Sensitive or special categories of data
We may hold information about you which includes sensitive or special categories personal data, such as but not limited to health or children. We will only hold this data when we need to for the purposes of the service we provide to you, analysis, or where we have a legal obligation to do so. Examples of when we use this type of data include: • Medical information, for example, tailoring a package dependent on your condition and likely needs and priority. -
Information which you have consented to us using
Your contact details, express wishes, personal circumstances, third party contacts, child daily information sheets -
Other personal information
Telephone recordings, correspondence, conversations. Information in relation to data access, correction, restriction, deletion, porting requests and complaints.
Volunteers:
-
Identity & contact information Information we need to identify and vet you such as: Name, contact details, home status and address, email address, work and personal phone numbers
-
Information relating to a role Such as volunteer role application form, Garda vetting forms, interview notes, conversation and response notes, emails
Donators:
-
Information relating to a electronic transaction, Direct Debit or cash donation Bic, IBAN, donation amount, Name, address. We use third party payment processing providers “iDonate”, “Paypal” to manage our online donations. We would advise you review their Data Privacy Notices in relation to their service.
Website Use:
-
Information from online activities. We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers.
3. When and how we collect information about you
Clients:
-
When you ask us to provide you with services.
-
When you use our website and online services provided by us (application/discussion requests).
-
When you or others give us information verbally or in writing. This information may be on application forms, in records of your emails, phonecalls with us or if you make a complaint.
-
Child daily information sheets
Volunteers:
-
When you submit an application for a volunteer role to include Garda vetting.
-
During the day to day administration for example rosters, calendars, texts, emails etc
Donators:
-
When you make a donation via our website or to our bank account, we gather details and record the details of your donation. Source, reference, how much the payments are for and when the payments are made.
-
If you make a donation via our website you will be asked to provide your credit/debit card number, or your “PayPal” address we do not receive these details, they are encrypted using Secure Sockets Layer (“SSL Software”) and are transmitted directly to our payment providers “iDonate” and “PayPal”. If you set up a direct debit donation we will require your BIC and IBAN numbers.
Website Use:
-
As you use our website technical details in connection with visits to this website are logged by our internet service provider for statistical purposes. No information is collected that could be used by us to identify website visitors. The technical details logged are confined to the following items:
- The IP address of the users webserver
- The top-level domain name used (for example .ie, .com, .net, .biz)
- The previous website address from which the user reached us, including any search criteria used.
- Click screen data which shows the traffic of users around this website (for example pages accessed and documents downloaded).
- The type of web browser used by the website user.
We will make no attempt to identify individual visitors to our website, or to associate any technical details listed above with any individual please see our Cookie Policy for further information.
4. How we use your information
To provide our services to you and perform our contract with you, we use your information to:
Clients:
-
Establish your eligibility for our services.
-
Manage and administer your client account, policies, benefits or other and services that we or our partners may provide you with. For example, other third party organisations we choose to partner with.
-
Process your application for services.
-
Contact you by post, phone, text message, email, social media, or other means, but not in a way contrary to your instructions to us.
-
Monitor and record our conversations when we speak on the telephone (for example, to check your instructions to us, to analyse, to assess and improve our service; for training and quality purposes).
-
Manage and respond to a complaint or appeal.
To process, maintain and manage our Volunteers:
Volunteers:
-
Contact you as per you contracted contact details.
-
Garda Vetting /training records
-
Manage and respond to a complaint, grievance or appeal.
-
Process your volunteer application
Donators:
-
Process payments that are paid by you. For example, we will share transaction details with our providers of payment processing services.
-
Contact you by post, phone, text message, email, social media or other means, but not in a way contrary to your instructions to us or contrary to law.
-
Manage and respond to a complaint or appeal.
To manage our business for our legitimate interests (which you can object to)
Clients/Volunteers:
-
To manage our business we may use your information to: Provide service information, to improve our service quality and for training purposes we may gather information about your circumstances and interactions with us – for example, compiling anonymised case studies, preferred contact methods, times, requirements etc
Conduct marketing activities
Clients/Volunteers/Donators/Website:
-
For example, to conduct market research, including customer surveys, analytics and related activities.
-
to register your subscription to a mailing list(s) and eNewsletter(s); You can unsubscribe from our mailing lists and eNewsletter at any time, by clicking on the ‘update preferences or unsubscribe’ link at the foot of the email, this link appears on every eNewsletter we send out.
To run our business on a day to day basis including to:
Clients/Volunteers/Donators:
-
Carry out strategic planning and account management.
-
Compile and process your information for audit, statistical or research purposes (including, in some instances, making your data anonymous) in order to help us understand trends/ needs and to understand our risks better, including for providing management information, operational and data risk management.
-
Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect dishonesty and other crimes (for example, child protection, theft), including using call recordings.
-
Enable our volunteers and administrators to share or access your information for internal administrative purposes, audit, statistical or research purposes.
-
Analyse the outcomes of our fundraising campaigns, appeals and engagement with you. This allows us to understand the effectiveness of our services, and enables us to make appropriate requests from you and ensure that communications with you are relevant.
To comply with our legal and regulatory obligations
Clients/Volunteers/Donators:
We need to use your information to comply with legal and regulatory obligations including:
-
Complying with your information rights.
-
Preparing returns to regulators and relevant authorities including preparing Annual Statements and reports, tax, and other returns.
-
Complying with binding requests from regulatory bodies, including the Charities Regulator, Tusla, Data Protection Commissioner.
-
For other reasons where a statutory reason exists
-
Complying with court orders arising in civil or criminal proceedings.
Where you have given us permission (which you may withdraw at any time)
Clients/Volunteers/Donators:
Where you have given us permission (which you can withdraw at any time) we may:
-
Send electronic messages to you about our newsletters
-
Use special categories of data, or sensitive data.
-
When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent, including in relation to third parties we would like your consent to share your data with.
Website Use:
Use cookies in accordance with our Cookie Policy.
5. Who we share your information with
Clients/Volunteers/Donators/Website:
We may share your information with:
-
our staff or anyone that you have provided consent for such as your emergency contact, welfare officer
-
statutory and regulatory bodies and law enforcement authorities
-
third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information
6. How long we hold your information
Clients/Volunteers/Donators/Website:
-
We hold personal data for a range of time periods, these are guided by our statutory requirements for certain data normally between 2 and 6 years (e.g. financial records, employment records, Childcare records or health and safety records), our contractual obligations and our business and risk management requirements.
-
If you are offered a volunteer role by us this information will be added to your volunteer employee file, otherwise it will be retained for 2 years from close of the application process.
7. Implications of not providing information
If you do not provide information we may not able to:
-
provide a services to you;
-
Offer you a role position
-
Accept certain donations such as direct debits
8. Processing your information outside the EEA
In some cases, we may transfer information about your transactions with us to our payment processing providers and other organisations outside the EEA. We will always take steps to ensure that any transfer of information outside of the EEA is carefully managed to protect your privacy rights.
9. How to exercise your information rights including the right to object
You have several rights in relation to how we use your information. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise: You have the right to:
-
Find out if we use your information, to access your information and to receive copies of the information we have about you.
-
Request that inaccurate information is corrected and incomplete information updated.
-
Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interests
-
Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
-
Have your data deleted or its use restricted – you have a right to this under certain circumstances. For example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or where you object to our use of your personal information for particular legitimate business interests.
-
Obtain a transferable copy of certain data. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access.
-
Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal. we will respond within one calendar month.
-
If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
-
If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests) we may extend this period by a further two calendar months and shall explain the reason why.
-
You have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:
https://www.dataprotection.ie/docs/Contact-us/b/11.html
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Fax: +353 57 868 4757
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
10. How to contact us and/or our Data Protection Officer
If you wish to exercise any of your data rights, you can contact us at:
Online: www.communitycancercaregivers.com/privacy
E-mail: info@communitycancercaregivers.com
Postal Address: 107 Crodaun Forest Park, Celbridge, Co Kildare.
11. Updates
We will update our Data Privacy Notice from time to time. Any updates will be made available on our website at www.communitycancercaregivers.com/privacy and, where appropriate, notified to you by e-mail or other communication channel we deem appropriate.
Dated: May 2020
Click the PDF to download our Data Privacy Notice.
Website Privacy
This Site uses data voluntarily given by our users to enhance their experience whether to provide interactive or personalized elements on the sites or to better prepare future content based on the interests of our users.
Where consent has been obtained, we may use data in order to send out electronic newsletters and to enable users to participate in polls, surveys, message boards, and forums. We may send out newsletters to subscribers on a regular schedule (depending on the newsletter), and occasionally send out special editions when we think subscribers might be particularly interested in something we are doing. This Site will not share newsletter mailing lists with any third parties, including advertisers, sponsors or partners without explicit consent.
When we use tracking information to determine which areas of our sites users like and don’t like based on traffic to those areas. We cannot track individual users details, but rather how well each page performs overall. This helps us continue to build a better service for you. We track search terms entered in Search function as one of many measures of what interests our users.
This website creates aggregate reports on user demographics and traffic patterns for advertisers, sponsors and partners. This allows our advertisers to advertise more effectively, and allows our users to receive advertisements that are pertinent to their needs. Because we don’t track the usage patterns of individual users, an advertiser or sponsor will never know that a specific user clicked their ad.
We will not disclose any data about any individual user except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.
Sharing of Data
This website uses the above-described information to tailor our content to suit your needs and help our advertisers better understand our audience’s demographics. This is essential to keeping our service free. We will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.
Security
This Site operates secure data networks protected by industry standard firewall and password protection systems. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by our customers.
Your Consent
By using this Site, you consent to the collection and use of this information by this website. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.
Data Privacy Notice
How we use, process, store personal data provided by you can be read in full in our Data Privacy Notice.