ISPCC Privacy Notice

We will collect and process the following data:

• A nickname you would like to use when chatting, your age and gender.
• A record of your conversations will be kept in line with our retention policy.
• If you provide identifying information and are at risk, we may by law need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.

Your data will be used in the following way:

• To help Childline provide a better listening service to you and measure the quality of the service we offer to children and young people.
• We also use your data to collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
• Conversation transcripts may be analysed for research purposes to benefit children and young people once personal data has been removed from them.
• We share case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.
• In the course of a Garda investigation, Gardaí may on rare occasions ask us and other organisations such as telecommunications companies for personal information that could identify you.

We hope that collecting your data in this way, will:

• Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
• Help you to get the support that you need if you are at risk.
• Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
• Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

We will collect and process the following data:

• For each call we record details including your age, gender and the topic / reason for your call.
• If you are at risk and want Teenline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
• If you do tell us your name and address (or another way that we could identify you and we think you might be at risk or are worried that you are in some kind of danger, we keep a record of this and tell someone who may be able to help you (Gardai or a social worker).
• We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live. In these cases, we may need to pass our concerns onto a statutory body such as the Gardai or Tusla – the Child and Family Agency.

Your data will be used in the following way:

• To provide a high quality listening service to all young people.
• To collect statistical information that cannot be related back to individuals to help us improve Teenline and advocate for young people all over the country.
• To share anonymised case studies that cannot be linked back to individual young people with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them.
• These statistics and case studies can also be shared with others to promote Teenline.

We hope that collecting your data in this way will:

• Offer you a friendly and non-judgmental listening ear any time you want to talk to Teenline.
• Help you to get the support you need if you are at risk.
• Enable the ISPCC to improve policies and services, thereby making life better and safer for you and for all young people.

We will collect and process the following data:

• In the Missing Children’s Hotline service we keep a record of your name if provided, age, gender, the reason for your call and other relevant details.
• If you or a child you are concerned about is at risk and you would like the Missing Children’s Hotline to help you, then we may need further personal information. It is your choice whether to give us further information or not.
• If a child tells us they are at risk or an adult tells us a child is at risk and gives us identifying information, we need to record this.
• We collect this data because we must do so by law if a child is at risk and we receive information that tells us who they are and where they live. We may need to pass our concerns on to a statutory body such as An Garda Síochána or Tusla, The Child and Family Agency.

Your data will be used in the following way:

• To provide a high quality listening service to children who go missing or those who care for children who are missing.
• We use data to collect statistical information that cannot be related back to individuals to help us improve the Missing Children’s Hotline Service and advocate for children all over the country.
• We share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them.
• These statistics and case studies can also be shared with others to promote the Missing Children’s Hotline service and to help raise funds for it.

We hope that collecting your data in this way, will:

• Help you to get the support that you need if you are missing or if you care for a child who is missing.
• Enable ISPCC to improve policies and services, thereby making life better and safer for all children and young people.

We will collect and process the following data:

Any personal data included in a question will be removed before it is published on the website for others to read.

Your data will be used in the following way:

Personal data will be removed so that selected questions can be answered and shared publicly on the website for all children and young people to read.

We hope that collecting your data in this way, will:

• Give children and young people an opportunity to seek advice without speaking to someone directly if they do not wish to do so.
• Allow Childline to publish questions and answers that may help other children and young people seeking advice on a variety of subjects.

Childline will use Google Translate to translate from the service user’s language into English and vice versa. Because we will be sharing your questions and our conversation with Google, we cannot ensure the same level of confidentiality as when these services are provided through English language only. Google’s Terms of Service and Privacy Policy apply to text translations and personal data may be processed outside the European Economic Area.

With your consent, we will collect and process the following data:

• Name, address, age, gender, contact details.
•  Information details relating to parents/guardians/family members where appropriate, including contact details.
• Contact details of referrer.
• Reason for referral.
• Engagement details (if any) with other support services.
• Any child welfare/protection referrals to Tusla, The Child and Family Agency/statutory services.
• Relevant information from educational services where appropriate.
• Any other details relevant and necessary for a therapeutic engagement with the child/young person and their family.
• Individual weekly sessions recorded as part of engagement with ISPCC therapeutic services.
• Personal views recorded in on-line standardised evaluation tools.

We collect this data to:

• Review the appropriateness of our service. We require information detailing concerns raised to allow engagement with a young person and their family.
• Assess any young person’s issues and develop appropriate intervention work. Contact can be made with relevant support services where appropriate.
• Allow for receipt of consent.
• Identify any young person’s supports in place, reviewing strengths and needs of the child and family to allow for intervention plan development.
• Process any child welfare/protection concerns, in line with Children First legislation.
• Allow for evaluation of the young person’s engagement with our services.
• Determine any current supports in place and prevent over-lapping of intervention work.

Sources of data

We will collect information:

• Directly from the young person/service user.
• Directly from the parent/guardian of young person referred to the service.
• Directly from any other referrer, including statutory services.
• From potential third party sources where there may be a child welfare or protection concern.
• Directly from relevant stakeholders connected to the young person and where explicit consent has been received to discuss the young person.

Your data will be used in the following way:

• To process all relevant information to allow for a thorough assessment of the young person’s strengths and needs (including family) and develop a supportive intervention plan in accordance with those identified strengths and needs.
• To record all intervention work with the young person and evaluate the effectiveness of the service for quality purposes and review.
• To determine any current supports in place and prevent over-lapping of intervention work.

Your data will not be shared outside the organisation without your explicit consent except where statutory obligations require us to share relevant information under the Children First Act 2015 for issues related to child welfare and protection.

We hope that collecting your data in this way, ensures that:

• A full, supportive intervention service is offered to best suit your needs.
• We can show clear assessment and evaluation to measure the effectiveness of our work together.

We will collect and process the following personal data:

Donation by debit / credit card

• Title, first name, surname, address, email, card details (PAN, Security Code, Expiry Date, Cardholder name).
• Data is collected on a secure form. Card details are not seen or stored by ISPCC but are passed securely to our PCI-compliant payment processors (Global Payments or Blackbaud Merchant Services) so that your donation can be taken from your debit / credit card securely and passed to the ISPCC’s bank.

Donation by SEPA direct debit

• Title, first name, surname, address, email, tax status, bank details (name of account holder, BIC IBAN, bank address).
• Data is collected on a secure form. Bank details are required to setup the SEPA direct debit with your bank so that your monthly donations can be received by the ISPCC.
• If you donate more than €250 in one calendar year, the ISPCC can reclaim the tax in your donation from Revenue. We can only do so if you indicate your tax status, and consent to allow us to contact you according to your contact preferences to organise this payment from Revenue.

Registration for a fundraising event

• First name, surname, address, phone number. A date of birth is required if the event involves collecting on the street as a Garda permit can only be granted to people over the age of 14. In some cases, we ask for confirmation of travel insurance or other details, these may be specific to an individual event.
• Data is collected on a secure form. Details given are required for us to contact you regarding the event you have registered an interest in getting involved with.

Request for certain information to be sent to you

• First name, surname, address, phone number, email address, job role, profession. If you are seeking an information pack from the ISPCC e.g. a Headbomz pack or other programme we may run from time to time, we ask for this information so that we can measure the demand for our services.

Registration for an information event, training or webinar

• First name, surname, email address and other participant details specific to the nature of the event, training or webinar taking place.
• Data is collected on a secure form.

How do we use Cookies?

The ISPCC Website uses first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Third parties serve cookies through our Websites for analytics and other purposes. This is described in more detail in our Cookie Policy.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

We will collect and process the following data:

• Title,
• first name,
• surname,
• gender,
• year of birth,
• address,
• email,
• phone numbers,
• communication preferences,
• PPS Number
• bank details

We collect this data to:

• Transfer donations received to the ISPCC bank account.
• The contact details are used to communicate with the donor based on their communication preferences.
• We collect the PPS number if we receive a Tax Relief Form from the donor to claim from Revenue.

The data is collected by the ISPCC in the following ways:

• Phone
• Post
• ISPCC website
• In person

Your data will be used to process the donation and the personal information outlined above is stored on the ISPCC’s fundraising database.

Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to be GDPR compliant and only uses the information for the purpose it is intended.

We will collect and process the following data:

At recruitment stage:

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

Application/Shortlisting stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will also ask additional information such as confirmation of driving licence etc.

Our recruitment team, including the hiring manager will have access to all of this information.

If you use our online application system, you will provide the requested information directly to the ISPCC.

Conditional Offer Stage

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff and seek assurance as to their experiences, trustworthiness, integrity and reliability.

You will therefore be required to provide:

• Proof of your identity e.g. Drivers Licence, passport – you will be asked to attend our office with original documents, we will take copies.
• Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
• Garda Vetting ID as per the 100 point check:
  – Irish Public Services Card
  – Passport
  – Birth Cert
  – Irish Certificate of Naturalisation
  – Garda National Immigration Bureau (GNIB) card
  – National Identity Card for EU/EEA/Swiss citizens
  – Irish driving license or learner permit (old paper format)
  – Employment ID
  – Letter from employer (within last two years)
  – P60, P45 or Payslip (with home address)
  – Utility bills
  – Public services card/social services card/medical card
  – Bank/Building Society/Credit Union statement
  – Credit/debit cards/passbooks (only one per institution)
  – National age card (issued by An Garda Síochána)
  – Membership card
  – Correspondence from – an educational institution/SUSI/CAO, an insurance company regarding an active policy,a bank/credit union or government body or state agency
• You will be required to complete a Garda Vetting Invitation form, this will include name, date of birth, email address, phone number and current address. On completion a full electronic Garda Vetting Application form will be generated from the National Vetting Bureau and sent directly to the candidate. All other addresses from birth will then be entered and this will be returned to the National Vetting Bureau for completion of the Garda Vetting process.
• The Documents from the 100 point check and the Garda Vetting Application form will be kept on file for one year past the end of service, in compliance with the National Vetting Bureau.
• We will contact your referees, using the details you provide in your application, directly to obtain references
• We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.
• Utility bill, name and address – This is to provide proof of address and further support proof of identity and residency.

If we make a final offer, we will also ask you for the following:

• Bank details, PPSN, name, – to process salary payments
• Emergency contact details, yours and next of kin – so we know who to contact in case you have an emergency at work
• Membership of Pension scheme details– so we can send you a questionnaire to determine whether you are eligible to re-join your previous scheme.
• Birth Cert/age – for the purposes of pensions.

Recruitment Agencies

For senior vacancies or specific roles, we sometimes advertise through a recruitment agency. The recruitment agency will collect the application information and might ask you to complete a work preference questionnaire which is used to assess your suitability for the role you have applied for, the results of which are assessed by recruiters. Information collected by the recruitment agency will be retained in line with our 3rd party agreement.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus at least one year following the end of your employment. This includes fitness to work, records of Garda vetting and references. Information such as birth/marriage certs, name, age, salary and employment details will be retained for the pension purposes for the lifetime of your pension. For successful candidates recruitment information such as interview scores will be retained for the duration of your employment plus one year after.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign, for unsuccessful candidates.

We will collect and process the following data:

• Name, address, contact number, details held on Complyfile including photo ID and proof of address.
• Indemnity insurance details.
• Garda vetting (personal addresses during life time, PPS number, any potential convictions)
• Reference checks.
• Bank details for volunteer expenses.
• Next of kin details where appropriate.
• Health and psychological well-being reports where relevant to engagement with ISPCC volunteer services.
• Supervision notes, appraisals, notes from meetings, notes from quality checks.

We collect this data to:

• Permit volunteer recruitment and service administration
• Evaluate services through performance and quality checks
• Process Garda vetting – a statutory requirement under Children First
• Permit payment of volunteer expenditure during engagement
• Permit any necessary contact with next of kin in event of unforeseen circumstances
• Ensure the welfare and safety of volunteers and young people. The ISPCC has a duty of care to both and therefore needs to be informed of any relevant well-being concerns.

Sources of data

We will collect information:

• Directly from individual volunteers (e.g. contact details, Garda vetting forms and ID, and through monthly supervisions).
• Directly from referees (reference information both verbal and written)
• Directly from individual’s insurance firms (proof of indemnity).

We hope that by collecting your data in this way:

• The ISPCC will offer fully supportive and evaluated services to suit both the identified needs of our service users and the training and supervisory needs of our volunteers, thereby ensuring the safest and quality assured services available.

We will collect and process the following data:

The ISPCC aims at all times to deliver services and operate to the highest standards possible. To help us achieve this, we encourage anyone who is not completely happy with our services and operations to contact us at:

ISPCC, PO Box 13552, Dublin 8.

Email: [email protected]

Tel: 01 234 2000

We request that you provide your name (and if relevant, the name of a child accessing our services), your contact details so that we may get in touch and a full outline of your complaint in order to try to resolve it quickly. We aim to do this within 14 days and if this is likely to take longer for some reason, we will let you know. All complaints will be investigated fully and we will inform you of the outcome.

You can read our full complaints procedure here.

Your personal information will not be retained by the ISPCC for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned below.

We will retain personal data in accordance with our data retention schedule. We review our data retention periods for personal information on a regular basis. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

We are legally required to hold some personal information to fulfil statutory obligations, for example, our obligations as an employer, or our obligations to report child protection concerns under Children First legislation.

We will also hold information about your details so that we can respect your preferences for being contacted by us.

The ISPCC will not sell or rent user data to any third party without your prior permission. Where it is using Google Translate to translate conversation transcripts, user data may be made commercially available to Google without your prior permission.

It’s only with your involvement, that we can make the protection of children everyone’s priority.  For that reason, we’d like to keep you up to date on our organisation and how you can support the ISPCC.

However, we will not contact you again if you ask us not to. This can relate to all communications with you from the ISPCC or to certain types of communication. You can contact us to change your contact preferences by responding to the specific consent and opt out sections of our communications with you or by letting us know using the Data Protection contact details below.

We will never contact you to send you information about how you can support the ISPCC by email or text unless you have given us your prior permission.

Where we use an external service provider to act on our behalf (such as Global Payments to process credit card payments, Viewpoint to evaluate service interventions, etc,) we will disclose only the personal information necessary to deliver the service. We select these services based on their guarantees in relation to the security measures they have in place, their compliance with data protection legislation and with appropriate contractual arrangements in place. Some services may be based outside the European Economic Area (EEA). By submitting your personal data for such purposes, you agree to this transfer, storing or processing.

Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:

• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.

We may disclose your personal information to third parties if we are legally obliged to and for the purposes of good governance; in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of the ISPCC, our donors or others. This includes exchanging information with other companies and organisations for auditing and insurance purposes, with An Garda Síochána in order to vet our staff and volunteers and with Tusla, The Child and Family Agency, for the purposes of meeting our statutory child safeguarding obligations under Children First legislation.

The ISPCC has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information.

We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.

Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.