Skip to content

ISPCC Privacy Notice

Protecting Your Data: The ISPCC’s Data Privacy Notice

The Irish Society for the Prevention of Cruelty to Children is Ireland’s national child protection charity. Our mission is to make the protection of children everyone’s priority. We provide a range of services directly to children and young people, we communicate with a range of stakeholders and are fortunate to benefit from thousands of donations from individuals and organisations. We are committed to doing this while also keeping your data safe.

We are a registered charity, and our charity registration number is 20007225.

Our Privacy Notice explains why we collect data, what data is collected, what we do with it, what we don’t do with it, and what you can do to exercise your rights as a data subject or to seek further information. Please refer also to the ISPCC’s separate Childline Privacy Notice on the Childline.ie website for further details of data processing by the Childline service.

The controller (as defined in the GDPR) of your personal data for all purposes outlined in this policy is the ISPCC, Unit 3, Block 3, Harbour Square, Crofton Road, Dun Laoghaire, Dublin. We can be contacted by post at ISPCC, PO Box 13552, Dublin 8, or by telephone at 01 2342000 and email at [email protected]

XpertDPO are the designated Data Protection Officer for the ISPCC and can be contacted directly at [email protected].

Personal data is defined in the General Data Protection Regulation (GDPR) as:

‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’

‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

A ‘controller’ is defined as ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law’.

Why does the ISPCC collect and store data?

The ISPCC collects, processes and stores personal information in order to ensure our organisation can pursue its objectives, e.g. providing services to children and families, fundraising to invest in our charitable activities, etc. We are committed to only processing the minimum amount of data required for a specific purpose.

We have two main legal bases for processing personal data. The first legal basis is where it is necessary for the purposes of the legitimate interests pursued by ISPCC to process your information, such as:

  •  To manage and administer our volunteer programmes which help us deliver high quality services to children;
  • To create anonymised case studies reflecting children’s needs in order to improve policies and services and to raise vital funds to continue providing the ISPCC’s preventative services to children

We can do that so long as we do not interfere with your fundamental rights or freedoms.

The second legal basis is consent. We rely on your consent (i.e. agreement) to us processing your personal information. For example, we seek consent from both children and their parents in order to engage with our Childline Therapeutic Support Service. You can withdraw your consent at any time by contacting the relevant service (e.g. Childline Therapeutic Support Service) or section (e.g. Fundraising) to which you gave your consent in the first instance. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.

The other reasons we can rely upon to process your personal information under the General Data Protection Regulation (GDPR), which is the law governing this area, are:

  •  Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
  • Where we need to protect the vital interests of you or another person.

Some personal information is treated as more sensitive. The conditions for processing these special categories of personal information are more limited. To process special categories of personal data lawfully, we must identify a legal basis and meet a separate condition for the processing. The conditions we can use are these:

  • With your consent;
  • Where necessary in the field of employment law;
  • Where we need to protect the vital interests of you or another person;
  • Where you have already made your personal information public;
  • Where we or another person needs to bring or defend legal claims.

Your Data

The information we collect and how we process it, depends on the purpose of our relationship with you. Select below depending on your relationship with the ISPCC.

If you are a child or young person accessing our Childline Phone service:

We will collect and process the following data:

  • For each call we record your age, gender, the reason for the call and risk level.
  • If you are at risk and want Childline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
  • If you do tell us your name and address (or another way that we could identify you) and we think you might be at risk or are worried that you were in some kind of danger we keep a record of this and tell someone who may be able to help you (Gardaí or a social worker).
  • We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live or are located. In these cases, we may need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.
  • Although the ISPCC does not see your phone number when you call, Gardaí may on rare occasions during an investigation ask us and other organisations such as telecommunications companies for personal information, including phone numbers, that could identify you.

Your data will be used in the following way:

  • To provide a high quality listening service to all children.
  • To collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • To share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.

We hope that collecting your data in this way, will:

  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

We will collect and process the following data:

  • A nickname you would like to use when chatting, your age and gender.
  • A record of your conversations will be kept in line with our retention policy.
  • If you provide identifying information and are at risk, we may by law need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.

Your data will be used in the following way:

  • To help Childline provide a better listening service to you and measure the quality of the service we offer to children and young people.
  • We also use your data to collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • Conversation transcripts may be analysed for research purposes to benefit children and young people once personal data has been removed from them.
  • We share case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.
  • In the course of a Garda investigation, Gardaí may on rare occasions ask us and other organisations such as telecommunications companies for personal information that could identify you.

We hope that collecting your data in this way, will:

  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

We will collect and process the following data:

  • For each call we record details including your age, gender and the topic / reason for your call.
  • If you are at risk and want Teenline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
  • If you do tell us your name and address (or another way that we could identify you and we think you might be at risk or are worried that you are in some kind of danger, we keep a record of this and tell someone who may be able to help you (Gardai or a social worker).
  • We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live. In these cases, we may need to pass our concerns onto a statutory body such as the Gardai or Tusla – the Child and Family Agency.

Your data will be used in the following way:

  • To provide a high quality listening service to all young people.
  • To collect statistical information that cannot be related back to individuals to help us improve Teenline and advocate for young people all over the country.
  • To share anonymised case studies that cannot be linked back to individual young people with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them.
  • These statistics and case studies can also be shared with others to promote Teenline.

We hope that collecting your data in this way will:

  • Offer you a friendly and non-judgmental listening ear any time you want to talk to Teenline.
  • Help you to get the support you need if you are at risk.
  • Enable the ISPCC to improve policies and services, thereby making life better and safer for you and for all young people.

We will collect and process the following data:

  • In the Missing Children’s Hotline service we keep a record of your name if provided, age, gender, the reason for your call and other relevant details.
  • If you or a child you are concerned about is at risk and you would like the Missing Children’s Hotline to help you, then we may need further personal information. It is your choice whether to give us further information or not.
  • If a child tells us they are at risk or an adult tells us a child is at risk and gives us identifying information, we need to record this.
  • We collect this data because we must do so by law if a child is at risk and we receive information that tells us who they are and where they live. We may need to pass our concerns on to a statutory body such as An Garda Síochána or Tusla, The Child and Family Agency.

Your data will be used in the following way:

  • To provide a high quality listening service to children who go missing or those who care for children who are missing.
  • We use data to collect statistical information that cannot be related back to individuals to help us improve the Missing Children’s Hotline Service and advocate for children all over the country.
  • We share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them.
  • These statistics and case studies can also be shared with others to promote the Missing Children’s Hotline service and to help raise funds for it.

We hope that collecting your data in this way, will:

  • Help you to get the support that you need if you are missing or if you care for a child who is missing.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for all children and young people.

We will collect and process the following data:

Any personal data included in a question will be removed before it is published on the website for others to read.

Your data will be used in the following way:

Personal data will be removed so that selected questions can be answered and shared publicly on the website for all children and young people to read.

We hope that collecting your data in this way, will:

  • Give children and young people an opportunity to seek advice without speaking to someone directly if they do not wish to do so.
  • Allow Childline to publish questions and answers that may help other children and young people seeking advice on a variety of subjects.

Childline will use Google Translate to translate from the service user’s language into English and vice versa. Because we will be sharing your questions and our conversation with Google, we cannot ensure the same level of confidentiality as when these services are provided through English language only. Google’s Terms of Service and Privacy Policy apply to text translations and personal data may be processed outside the European Economic Area.

With your consent, we will collect and process the following data:

  • Name, address, age, gender, contact details.
  •  Information details relating to parents/guardians/family members where appropriate, including contact details.
  • Contact details of referrer.
  • Reason for referral.
  • Engagement details (if any) with other support services.
  • Any child welfare/protection referrals to Tusla, The Child and Family Agency/statutory services.
  • Relevant information from educational services where appropriate.
  • Any other details relevant and necessary for a therapeutic engagement with the child/young person and their family.
  • Individual weekly sessions recorded as part of engagement with ISPCC therapeutic services.
  • Personal views recorded in on-line standardised evaluation tools.

We collect this data to:

  • Review the appropriateness of our service. We require information detailing concerns raised to allow engagement with a young person and their family.
  • Assess any young person’s issues and develop appropriate intervention work. Contact can be made with relevant support services where appropriate.
  • Allow for receipt of consent.
  • Identify any young person’s supports in place, reviewing strengths and needs of the child and family to allow for intervention plan development.
  • Process any child welfare/protection concerns, in line with Children First legislation.
  • Allow for evaluation of the young person’s engagement with our services.
  • Determine any current supports in place and prevent over-lapping of intervention work.

Sources of data

We will collect information:

  • Directly from the young person/service user.
  • Directly from the parent/guardian of young person referred to the service.
  • Directly from any other referrer, including statutory services.
  • From potential third party sources where there may be a child welfare or protection concern.
  • Directly from relevant stakeholders connected to the young person and where explicit consent has been received to discuss the young person.

Your data will be used in the following way:

  • To process all relevant information to allow for a thorough assessment of the young person’s strengths and needs (including family) and develop a supportive intervention plan in accordance with those identified strengths and needs.
  • To record all intervention work with the young person and evaluate the effectiveness of the service for quality purposes and review.
  • To determine any current supports in place and prevent over-lapping of intervention work.

Your data will not be shared outside the organisation without your explicit consent except where statutory obligations require us to share relevant information under the Children First Act 2015 for issues related to child welfare and protection.

We hope that collecting your data in this way, ensures that:

  • A full, supportive intervention service is offered to best suit your needs.
  • We can show clear assessment and evaluation to measure the effectiveness of our work together.

We will collect and process the following personal data:

Donation by debit / credit card

  • Title, first name, surname, address, email, card details (PAN, Security Code, Expiry Date, Cardholder name).
  • Data is collected on a secure form. Card details are not seen or stored by ISPCC but are passed securely to our PCI-compliant payment processors (Global Payments or Blackbaud Merchant Services) so that your donation can be taken from your debit / credit card securely and passed to the ISPCC’s bank.

Donation by SEPA direct debit

  • Title, first name, surname, address, email, tax status, bank details (name of account holder, BIC IBAN, bank address).
  • Data is collected on a secure form. Bank details are required to setup the SEPA direct debit with your bank so that your monthly donations can be received by the ISPCC.
  • If you donate more than €250 in one calendar year, the ISPCC can reclaim the tax in your donation from Revenue. We can only do so if you indicate your tax status, and consent to allow us to contact you according to your contact preferences to organise this payment from Revenue.

Registration for a fundraising event

  • First name, surname, address, phone number. A date of birth is required if the event involves collecting on the street as a Garda permit can only be granted to people over the age of 14. In some cases, we ask for confirmation of travel insurance or other details, these may be specific to an individual event.
  • Data is collected on a secure form. Details given are required for us to contact you regarding the event you have registered an interest in getting involved with.

Request for certain information to be sent to you

  • First name, surname, address, phone number, email address, job role, profession. If you are seeking an information pack from the ISPCC e.g. a Headbomz pack or other programme we may run from time to time, we ask for this information so that we can measure the demand for our services.

Registration for an information event, training or webinar

  • First name, surname, email address and other participant details specific to the nature of the event, training or webinar taking place.
  • Data is collected on a secure form.

How do we use Cookies?

The ISPCC Website uses first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Third parties serve cookies through our Websites for analytics and other purposes. This is described in more detail in our Cookie Policy.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

We will collect and process the following data:

  • Title,
  • first name,
  • surname,
  • gender,
  • year of birth,
  • address,
  • email,
  • phone numbers,
  • communication preferences,
  • PPS Number
  • bank details

We collect this data to:

  • Transfer donations received to the ISPCC bank account.
  • The contact details are used to communicate with the donor based on their communication preferences.
  • We collect the PPS number if we receive a Tax Relief Form from the donor to claim from Revenue.

The data is collected by the ISPCC in the following ways:

  • Phone
  • Post
  • ISPCC website
  • In person

Your data will be used to process the donation and the personal information outlined above is stored on the ISPCC’s fundraising database.

Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to be GDPR compliant and only uses the information for the purpose it is intended.

We will collect and process the following data:

At recruitment stage:

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

 

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

 

Application/Shortlisting stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will also ask additional information such as confirmation of driving licence etc.

Our recruitment team, including the hiring manager will have access to all of this information.

If you use our online application system, you will provide the requested information directly to the ISPCC.

 

Conditional Offer Stage

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff and seek assurance as to their experiences, trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity e.g. Drivers Licence, passport – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • Garda Vetting ID as per the 100 point check:
    – Irish Public Services Card
    – Passport
    – Birth Cert
    – Irish Certificate of Naturalisation
    – Garda National Immigration Bureau (GNIB) card
    – National Identity Card for EU/EEA/Swiss citizens
    – Irish driving license or learner permit (old paper format)
    – Employment ID
    – Letter from employer (within last two years)
    – P60, P45 or Payslip (with home address)
    – Utility bills
    – Public services card/social services card/medical card
    – Bank/Building Society/Credit Union statement
    – Credit/debit cards/passbooks (only one per institution)
    – National age card (issued by An Garda Síochána)
    – Membership card
    – Correspondence from – an educational institution/SUSI/CAO, an insurance company regarding an active policy,a bank/credit union or government body or state agency
  • You will be required to complete a Garda Vetting Invitation form, this will include name, date of birth, email address, phone number and current address. On completion a full electronic Garda Vetting Application form will be generated from the National Vetting Bureau and sent directly to the candidate. All other addresses from birth will then be entered and this will be returned to the National Vetting Bureau for completion of the Garda Vetting process.
  • The Documents from the 100 point check and the Garda Vetting Application form will be kept on file for one year past the end of service, in compliance with the National Vetting Bureau.
  • We will contact your referees, using the details you provide in your application, directly to obtain references
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.
  • Utility bill, name and address – This is to provide proof of address and further support proof of identity and residency.

If we make a final offer, we will also ask you for the following:

  • Bank details, PPSN, name, – to process salary payments
  • Emergency contact details, yours and next of kin – so we know who to contact in case you have an emergency at work
  • Membership of Pension scheme details– so we can send you a questionnaire to determine whether you are eligible to re-join your previous scheme.
  • Birth Cert/age – for the purposes of pensions.


Recruitment Agencies

For senior vacancies or specific roles, we sometimes advertise through a recruitment agency. The recruitment agency will collect the application information and might ask you to complete a work preference questionnaire which is used to assess your suitability for the role you have applied for, the results of which are assessed by recruiters. Information collected by the recruitment agency will be retained in line with our 3rd party agreement.


How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus at least one year following the end of your employment. This includes fitness to work, records of Garda vetting and references. Information such as birth/marriage certs, name, age, salary and employment details will be retained for the pension purposes for the lifetime of your pension. For successful candidates recruitment information such as interview scores will be retained for the duration of your employment plus one year after.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign, for unsuccessful candidates.

We will collect and process the following data:

  • Name, address, contact number, details held on Complyfile including photo ID and proof of address.
  • Indemnity insurance details.
  • Garda vetting (personal addresses during life time, PPS number, any potential convictions)
  • Reference checks.
  • Bank details for volunteer expenses.
  • Next of kin details where appropriate.
  • Health and psychological well-being reports where relevant to engagement with ISPCC volunteer services.
  • Supervision notes, appraisals, notes from meetings, notes from quality checks.

We collect this data to:

  • Permit volunteer recruitment and service administration
  • Evaluate services through performance and quality checks
  • Process Garda vetting – a statutory requirement under Children First
  • Permit payment of volunteer expenditure during engagement
  • Permit any necessary contact with next of kin in event of unforeseen circumstances
  • Ensure the welfare and safety of volunteers and young people. The ISPCC has a duty of care to both and therefore needs to be informed of any relevant well-being concerns.

Sources of data

We will collect information:

  • Directly from individual volunteers (e.g. contact details, Garda vetting forms and ID, and through monthly supervisions).
  • Directly from referees (reference information both verbal and written)
  • Directly from individual’s insurance firms (proof of indemnity).

We hope that by collecting your data in this way:

  • The ISPCC will offer fully supportive and evaluated services to suit both the identified needs of our service users and the training and supervisory needs of our volunteers, thereby ensuring the safest and quality assured services available.

We will collect and process the following data:

The ISPCC aims at all times to deliver services and operate to the highest standards possible. To help us achieve this, we encourage anyone who is not completely happy with our services and operations to contact us at:

ISPCC, PO Box 13552, Dublin 8.

Email: [email protected]

Tel: 01 234 2000

We request that you provide your name (and if relevant, the name of a child accessing our services), your contact details so that we may get in touch and a full outline of your complaint in order to try to resolve it quickly. We aim to do this within 14 days and if this is likely to take longer for some reason, we will let you know. All complaints will be investigated fully and we will inform you of the outcome.

You can read our full complaints procedure here.

Your personal information will not be retained by the ISPCC for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned below.

We will retain personal data in accordance with our data retention schedule. We review our data retention periods for personal information on a regular basis. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

We are legally required to hold some personal information to fulfil statutory obligations, for example, our obligations as an employer, or our obligations to report child protection concerns under Children First legislation.

We will also hold information about your details so that we can respect your preferences for being contacted by us.

The ISPCC will not sell or rent user data to any third party without your prior permission. Where it is using Google Translate to translate conversation transcripts, user data may be made commercially available to Google without your prior permission.

It’s only with your involvement, that we can make the protection of children everyone’s priority.  For that reason, we’d like to keep you up to date on our organisation and how you can support the ISPCC.

However, we will not contact you again if you ask us not to. This can relate to all communications with you from the ISPCC or to certain types of communication. You can contact us to change your contact preferences by responding to the specific consent and opt out sections of our communications with you or by letting us know using the Data Protection contact details below.

We will never contact you to send you information about how you can support the ISPCC by email or text unless you have given us your prior permission.

Where we use an external service provider to act on our behalf (such as Global Payments to process credit card payments, Viewpoint to evaluate service interventions, etc,) we will disclose only the personal information necessary to deliver the service. We select these services based on their guarantees in relation to the security measures they have in place, their compliance with data protection legislation and with appropriate contractual arrangements in place. Some services may be based outside the European Economic Area (EEA). By submitting your personal data for such purposes, you agree to this transfer, storing or processing.

Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.

We may disclose your personal information to third parties if we are legally obliged to and for the purposes of good governance; in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of the ISPCC, our donors or others. This includes exchanging information with other companies and organisations for auditing and insurance purposes, with An Garda Síochána in order to vet our staff and volunteers and with Tusla, The Child and Family Agency, for the purposes of meeting our statutory child safeguarding obligations under Children First legislation.

The ISPCC has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information.

We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.

Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.

Your Rights Under The GDPR

Under certain circumstances, and dependent on the legal basis under which your personal data is processed, by law you have the following rights:

Right to be informed

We will provide you with a privacy notice to tell you how we are using your personal data.

You have the right to obtain access to your own personal data at any time. Information will be supplied within one month of receipt of the request. This can be extended by a further two months where requests are complex or numerous. This will be provided free of charge unless you ask for multiple copies or the request is manifestly unfounded or excessive. We can also refuse your request if it adversely affect the rights and freedoms of others or is manifestly unfounded or excessive.

You have the right to have your personal data rectified if it is inaccurate or incomplete.

You have the right to request the deletion of personal data where there is no compelling reason for its continued processing or if we are processing it in an unlawful manner – for example, if we are using it for a different purpose than originally stated.

Under certain circumstances, you have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it.

You can obtain and reuse your personal data in a structured, commonly used and machine-readable format for your own purposes across different services. This right applies where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.

 

You have the right to object on grounds relating to your particular situation to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • Direct marketing (including profiling); and
  • Processing for purposes of scientific/historical research and statistics.

We must stop processing the personal data unless:

  • We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • The processing is for the establishment, exercise or defence of legal claims.

Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Please contact us at [email protected] if you wish to exercise any of your data protection rights.

We will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.

Upon successful verification of your identity you are entitled to obtain the following information about your own personal data:

  • The purposes of the processing:
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom your personal data has been or may be disclosed, along with the location of those recipients;
  • The envisaged period of storage for your personal data or the criteria for determining the storage period;
  • The sources of the personal information, if it was not obtained from you;
  • The use of any automated decision-making and/or profiling

Changes To This Privacy Notice

We will keep this Privacy Notice under review. Please check our website for the most recent version of our Privacy Notice. The notice was last updated in May 2023.

Queries And Complaints

If you require further information about the way your personal data will be used or if you are unhappy with the way we have handled your personal data and wish to contact us, please submit your concerns to [email protected].

The [email protected] mailbox is managed by the ISPCC DPO function and all correspondence received will be addressed accordingly, including support from the designated ISPCC Data Protection Officer.

You have the right to lodge a complaint with the Data Protection Commission. To contact the Data Protection Commission, you may use the webform link on their website or the following details:

Data Protection Commission

21 Fitzwilliam Square South, Dublin 2, D02 RD28 

Helpdesk Telephone:  01 7650100 or 1800 437737