Skip to content

Your Rights Under The GDPR

ISPCC Privacy Statement:

Protecting your data: The ISPCC Data Privacy Notice

The Irish Society for the Prevention of Cruelty to Children is Ireland’s national child protection charity. Our mission is to make the protection of children everyone’s priority. We provide a range of services directly to children and young people. We communicate with a range of stakeholders and are fortunate to benefit from thousands of donations from individuals and organisations. We are committed to doing this while also keeping your data safe.

We are a registered charity, and our charity registration number is 20007225.

Our Privacy Notice explains why we collect data, what data is collected, what we do with it, what we don’t do with it, and what you can do to exercise your rights as a data subject or to seek further information. Please refer also to the ISPCC’s separate Childline Privacy Notice on the Childline.ie website for further details of data processing by the Childline service.

The controller (as defined in the GDPR) of your personal data for all purposes outlined in this policy is the ISPCC, Unit 3, Block 3, Harbour Square, Crofton Road, Dun Laoghaire, Dublin. We can be contacted by post at ISPCC, PO Box 13552, Dublin 8, or by telephone at 01 2342000 and email at [email protected]

XpertDPO are the designated Data Protection Officer for the ISPCC and can be contacted directly at [email protected].

Personal data is defined in the General Data Protection Regulation (GDPR) as:

‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’

‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

A ‘controller’ is defined as ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law’.

The ISPCC collects, processes and stores personal information in order to ensure our organisation can pursue its objectives, e.g. providing services to children and families, fundraising to invest in our charitable activities, etc. We are committed to only processing the minimum amount of data required for a specific purpose

The ISPCC relies on a number of legal bases for processing personal data. The first legal basis is Public Interest. The ISPCC provides a number of services that are offered for the public benefit and are funded in part through public expenditure.

The second legal basis is where it is necessary for the purposes of the legitimate interests pursued by ISPCC to process your information, such as:

  • To manage and administer our volunteer programmes which help us deliver high quality services to children.
  • To create anonymised case studies reflecting children’s needs in order to improve policies and services and to raise vital funds to continue providing the ISPCC’s preventative services to children.

We can process this information so long as we do not interfere with your fundamental rights or freedoms.

The third legal basis is consent. We rely on your consent to allow us to process your personal information. For example, we seek consent from both children and their parents in order to engage with our Childline Therapeutic Support Service. You can withdraw your consent at any time by contacting the relevant service (e.g. Childline Therapeutic Support Service) or section (e.g. Fundraising) to which you gave your consent in the first instance. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.

The other legal bases we can rely upon to process your personal information under the General Data Protection Regulation (GDPR), which is the law governing this area, are:

  • Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
  • Where we need to protect the vital interests of you or another person.

Some personal information is treated as more sensitive. The conditions for processing these special categories of personal information are more limited. To process special categories of personal data lawfully, we must identify a legal basis and meet a separate condition for the processing. The conditions we can use are these:

  • With your consent.
  • Where necessary in the field of employment law.
  • Where we need to protect the vital interests of you or another person.
  • Where you have already made your personal information public.
  • Where we or another person needs to bring or defend legal claims.

Your Data:

The information we collect and how we process it, depends on the purpose of our relationship with you. See below depending on your relationship with the ISPCC and the specific services we offer:

If you are a young person/parent/guardian/family engaging with ISPCC Childline Therapeutic Support service:

  • Name, address, age, gender, contact details.
  •  Information details relating to parents/guardians/family members where appropriate, including contact details.
  • Contact details of referrer.
  • Reason for referral.
  • Engagement details (if any) with other support services.
  • Any child welfare/protection referrals to Tusla, The Child and Family Agency/statutory services.
  • Relevant information from educational services where appropriate.
  • Any other details relevant and necessary for a therapeutic engagement with the child/young person and their family.
  • Individual weekly sessions recorded as part of engagement with ISPCC therapeutic services.
  • Personal views recorded in on-line standardised evaluation tools.
  • Review the appropriateness of our service. We require information detailing concerns raised to allow engagement with a young person and their family.
  • Assess any young person’s issues and develop appropriate intervention work. Contact can be made with relevant support services where appropriate.
  • Allow for receipt of consent.
  • Identify any young person’s supports in place, reviewing strengths and needs of the child and family to allow for intervention plan development.
  • Process any child welfare/protection concerns, in line with Children First legislation.
  • Allow for evaluation of the young person’s engagement with our services.
  • Determine any current supports in place and prevent over-lapping of intervention work.

Sources of data:

  • Directly from the young person/service user.
  • Directly from the parent/guardian of young person referred to the service.
  • Directly from any other referrer, including statutory services.
  • From potential third party sources where there may be a child welfare or protection concern.
  • Directly from relevant stakeholders connected to the young person and where explicit consent has been received to discuss the young person.
  • To process all relevant information to allow for a thorough assessment of the young person’s strengths and needs (including family) and develop a supportive intervention plan in accordance with those identified strengths and needs.
  • To record all intervention work with the young person and evaluate the effectiveness of the service for quality purposes and review.
  • To determine any current supports in place and prevent over-lapping of intervention work.

Your data will not be shared outside the organisation without your explicit consent except where statutory obligations require us to share relevant information under the Children First Act 2015 for issues related to child welfare and protection.

  • A full, supportive intervention service is offered to best suit your needs.
  • We can show clear assessment and evaluation to measure the effectiveness of our work together.

The ISPCC legal basis for processing such information includes Public Interest, Legal Obligation, Legitimate Interest and Vital Interest.

If you are a child or young person accessing our Childline listening services:

  • For each call we record your age, gender, the reason for the call and risk level.
  • If you are at risk and want Childline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
  • If you do tell us your name and address (or another way that we could identify you) and we think you might be at risk or are worried that you were in some kind of danger we keep a record of this and tell someone who may be able to help you (Gardaí or a social worker).
  • We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live or are located. In these cases, we may need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.
  • Although the ISPCC does not see your phone number when you call, Gardaí may on rare occasions during an investigation ask us and other organisations such as telecommunications companies for personal information, including phone numbers, that could identify you.
  • To provide a high quality listening service to all children.
  • To collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • To share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.
  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

ISPCC relies on Public Interest, legitimate interest, legal obligation and vital interest for this processing.

If you are a child or young person accessing the ISPCC Childline webchat service:

  • A nickname you would like to use when chatting, your age and gender.
  • A record of your conversations will be kept in line with our retention policy.
  • If you provide identifying information and are at risk, we may by law need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.
  • To help Childline provide a better listening service to you and measure the quality of the service we offer to children and young people.
  • We also use your data to collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • Conversation transcripts may be analysed for research purposes to benefit children and young people once personal data has been removed from them.
  • We share case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.
  • In the course of a Garda investigation, Gardaí may on rare occasions ask us and other organisations such as telecommunications companies for personal information that could identify you.
  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

ISPCC relies on Public Interest for this processing.

If you are a young person accessing our Teenline service:

  • For each call we record details including your age, gender and the topic / reason for your call.
  • If you are at risk and want Teenline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
  • If you do tell us your name and address (or another way that we could identify you and we think you might be at risk or are worried that you are in some kind of danger, we keep a record of this and tell someone who may be able to help you (Gardai or a social worker).
  • We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live. In these cases, we may need to pass our concerns onto a statutory body such as the Gardai or Tusla – the Child and Family Agency.
  • To provide a high quality listening service to all young people.
  • To collect statistical information that cannot be related back to individuals to help us improve Teenline and advocate for young people all over the country.
  • To share anonymised case studies that cannot be linked back to individual young people with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them.
  • These statistics and case studies can also be shared with others to promote Teenline.
  • Offer you a friendly and non-judgmental listening ear any time you want to talk to Teenline.
  • Help you to get the support you need if you are at risk.
  • Enable the ISPCC to improve policies and services, thereby making life better and safer for you and for all young people.

ISPCC relies on Public Interest for this processing.

If you are a child or adult accessing the Missing Children’s Hotline:

  • In the Missing Children’s Hotline service we keep a record of your name if provided, age, gender, the reason for your call and other relevant details.
  • If you or a child you are concerned about is at risk and you would like the Missing Children’s Hotline to help you, then we may need further personal information. It is your choice whether to give us further information or not.
  • If a child tells us they are at risk or an adult tells us a child is at risk and gives us identifying information, we need to record this.
  • We collect this data because we must do so by law if a child is at risk and we receive information that tells us who they are and where they live. We may need to pass our concerns on to a statutory body such as An Garda Síochána or Tusla, The Child and Family Agency.
  • To provide a high quality listening service to children who go missing or those who care for children who are missing.
  • We use data to collect statistical information that cannot be related back to individuals to help us improve the Missing Children’s Hotline Service and advocate for children all over the country.
  • We share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them.
  • These statistics and case studies can also be shared with others to promote the Missing Children’s Hotline service and to help raise funds for it.
  • Help you to get the support that you need if you are missing or if you care for a child who is missing.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for all children and young people.

ISPCC relies on Public Interest for this processing.

If you are a child or young person accessing our Ask the Team service:

Any personal data included in a question will be removed before it is published on the website for others to read.

Personal data will be removed so that selected questions can be answered and shared publicly on the website for all children and young people to read.

  • Give children and young people an opportunity to seek advice without speaking to someone directly if they do not wish to do so.
  • Allow Childline to publish questions and answers that may help other children and young people seeking advice on a variety of subjects.

ISPCC relies on Public Interest for this processing.

If you are a child or young person from Ukraine that requires translation for our Childline web-chat and Ask the Team services:

Childline will use Google Translate to translate from the service user’s language into English and vice versa. Because we will be sharing your questions and our conversation with Google, we cannot ensure the same level of confidentiality as when these services are provided through English language only. Google’s Terms of Service and Privacy Policy apply to text translations and personal data may be processed outside the European Economic Area.

ISPCC relies on Public interest for this processing.

If you are visiting the ISPCC website:

We will collect and process the following personal data:

  • Title, first name, surname, address, email, card details (PAN, Security Code, Expiry Date, Cardholder name).
  • Data is collected on a secure form. Card details are not seen or stored by ISPCC but are passed securely to our PCI-compliant payment processors (Global Payments or Blackbaud Merchant Services) so that your donation can be taken from your debit / credit card securely and passed to the ISPCC’s bank.
  • Title, first name, surname, address, email, tax status, bank details (name of account holder, BIC IBAN, bank address).
  • Data is collected on a secure form. Bank details are required to setup the SEPA direct debit with your bank so that your monthly donations can be received by the ISPCC.
  • If you donate more than €250 in one calendar year, the ISPCC can reclaim the tax in your donation from Revenue. We can only do so if you indicate your tax status, and consent to allow us to contact you according to your contact preferences to organise this payment from Revenue.
  • First name, surname, address, phone number. A date of birth is required if the event involves collecting on the street as a Garda permit can only be granted to people over the age of 14. In some cases, we ask for confirmation of travel insurance or other details, these may be specific to an individual event.
  • Data is collected on a secure form. Details given are required for us to contact you regarding the event you have registered an interest in getting involved with.
  • First name, surname, address, phone number, email address, job role, profession. If you are seeking an information pack from the ISPCC e.g. a Headbomz pack or other programme we may run from time to time, we ask for this information so that we can measure the demand for our services.
  • First name, surname, email address and other participant details specific to the nature of the event, training or webinar taking place.
  • Data is collected on a secure form.

The ISPCC Website uses first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Third parties serve cookies through our Websites for analytics and other purposes. This is described in more detail in our Cookie Policy.

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

ISPCC relies on Public Interest and Legitimate interest for this processing.

If you are an individual making a financial donation to the ISPCC:

  • Title,
  • first name,
  • surname,
  • gender,
  • year of birth,
  • address,
  • email,
  • phone numbers,
  • communication preferences,
  • PPS Number
  • bank details
  • Transfer donations received to the ISPCC bank account.
  • The contact details are used to communicate with the donor based on their communication preferences.
  • We collect the PPS number if we receive a Tax Relief Form from the donor to claim from Revenue.
  • Phone
  • Post
  • ISPCC website
  • In person

Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to be GDPR compliant and only uses the information for the purpose it is intended.

ISPCC relies on Public Interest and Legitimate interest for this processing.

If you are applying for a job with the ISPCC:

We will collect and process the following data:

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will also ask additional information such as confirmation of driving licence etc.

Our recruitment team, including the hiring manager will have access to all of this information.

If you use our online application system, you will provide the requested information directly to the ISPCC.

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff and seek assurance as to their experiences, trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity e.g. Drivers Licence, passport – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • Garda Vetting ID as per the 100 point check:
    – Irish Public Services Card
    – Passport
    – Birth Cert
    – Irish Certificate of Naturalisation
    – Garda National Immigration Bureau (GNIB) card
    – National Identity Card for EU/EEA/Swiss citizens
    – Irish driving license or learner permit (old paper format)
    – Employment ID
    – Letter from employer (within last two years)
    – P60, P45 or Payslip (with home address)
    – Utility bills
    – Public services card/social services card/medical card
    – Bank/Building Society/Credit Union statement
    – Credit/debit cards/passbooks (only one per institution)
    – National age card (issued by An Garda Síochána)
    – Membership card
    – Correspondence from – an educational institution/SUSI/CAO, an insurance company regarding an active policy,a bank/credit union or government body or state agency
  • You will be required to complete a Garda Vetting Invitation form, this will include name, date of birth, email address, phone number and current address. On completion a full electronic Garda Vetting Application form will be generated from the National Vetting Bureau and sent directly to the candidate. All other addresses from birth will then be entered and this will be returned to the National Vetting Bureau for completion of the Garda Vetting process.
  • The Documents from the 100 point check and the Garda Vetting Application form will be kept on file for one year past the end of service, in compliance with the National Vetting Bureau.
  • We will contact your referees, using the details you provide in your application, directly to obtain references
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.
  • Utility bill, name and address – This is to provide proof of address and further support proof of identity and residency.

If we make a final offer, we will also ask you for the following:

  • Bank details, PPSN, name, – to process salary payments
  • Emergency contact details, yours and next of kin – so we know who to contact in case you have an emergency at work
  • Membership of Pension scheme details– so we can send you a questionnaire to determine whether you are eligible to re-join your previous scheme.
  • Birth Cert/age – for the purposes of pensions.

ISPCC relies on Legitimate interest and compliance with a contract for this processing.

For senior vacancies or specific roles, we sometimes advertise through a recruitment agency. The recruitment agency will collect the application information and might ask you to complete a work preference questionnaire which is used to assess your suitability for the role you have applied for, the results of which are assessed by recruiters. Information collected by the recruitment agency will be retained in line with our 3rd party agreement.

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus at least one year following the end of your employment. This includes fitness to work, records of Garda vetting and references. Information such as birth/marriage certs, name, age, salary and employment details will be retained for the pension purposes for the lifetime of your pension. For successful candidates recruitment information such as interview scores will be retained for the duration of your employment plus one year after.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign, for unsuccessful candidates.

ISPCC relies on Legitimate interest and compliance with a contract for this processing.

If you are a volunteer with the ISPCC:

  • Name, address, contact number, details held on Complyfile including photo ID and proof of address.
  • Indemnity insurance details.
  • Garda vetting (personal addresses during life time, PPS number, any potential convictions)
  • Reference checks.
  • Bank details for volunteer expenses.
  • Next of kin details where appropriate.
  • Health and psychological well-being reports where relevant to engagement with ISPCC volunteer services.
  • Supervision notes, appraisals, notes from meetings, notes from quality checks.
  • Permit volunteer recruitment and service administration
  • Evaluate services through performance and quality checks
  • Process Garda vetting – a statutory requirement under Children First
  • Permit payment of volunteer expenditure during engagement
  • Permit any necessary contact with next of kin in event of unforeseen circumstances
  • Ensure the welfare and safety of volunteers and young people. The ISPCC has a duty of care to both and therefore needs to be informed of any relevant well-being concerns.

Sources of data

  • Directly from individual volunteers (e.g. contact details, Garda vetting forms and ID, and through monthly supervisions).
  • Directly from referees (reference information both verbal and written)
  • Directly from individual’s insurance firms (proof of indemnity).
  • The ISPCC will offer fully supportive and evaluated services to suit both the identified needs of our service users and the training and supervisory needs of our volunteers, thereby ensuring the safest and quality assured services available.

ISPCC relies on Legitimate interest for this processing.

If you are someone who makes a complaint to the ISPCC:

The ISPCC aims at all times to deliver services and operate to the highest standards possible. To help us achieve this, we encourage anyone who is not completely happy with our services and operations to contact us at:

ISPCC, Unit 3, Block 3, Harbour Square, Crofton Road, Dun Laoghaire, Co Dublin, or PO Box 13552, Dublin 8.

Email: [email protected] or [email protected]

Tel: 01 234 2000

We request that you provide your name (and if relevant, the name of a child accessing our services), your contact details so that we may get in touch and a full outline of your complaint in order to try to resolve it quickly. We aim to do this within 14 days and if this is likely to take longer for some reason, we will let you know. All complaints will be investigated fully and we will inform you of the outcome.

You can read our full complaints procedure here.

ISPCC relies on Legal obligation for this processing.

For how long will we keep your personal information:

Your personal information will not be retained by the ISPCC for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned below.

We will retain personal data in accordance with our data retention schedule. We review our data retention periods for personal information on a regular basis. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

We are legally required to hold some personal information to fulfil statutory obligations, for example, our obligations as an employer, or our obligations to report child protection concerns under Children First legislation.

We will also hold information about your details so that we can respect your preferences for being contacted by us.

Commercial disposal to third parties:

The ISPCC will not sell or rent user data to any third party without your prior permission. Where it is using Google Translate to translate conversation transcripts, user data may be made commercially available to Google without your prior permission.

How will we contact you:

It’s only with your involvement, that we can make the protection of children everyone’s priority.  For that reason, we’d like to keep you up to date on our organisation and how you can support the ISPCC.

However, we will not contact you again if you ask us not to. This can relate to all communications with you from the ISPCC or to certain types of communication. You can contact us to change your contact preferences by responding to the specific consent and opt out sections of our communications with you or by letting us know using the Data Protection contact details below.

We will never contact you to send you information about how you can support the ISPCC by email or text unless you have given us your prior permission.

Sharing your information with third parties:

Where we use an external service provider to act on our behalf (such as Global Payments to process credit card payments, Viewpoint to evaluate service interventions, etc,) we will disclose only the personal information necessary to deliver the service. We select these services based on their guarantees in relation to the security measures they have in place, their compliance with data protection legislation and with appropriate contractual arrangements in place. Some services may be based outside the European Economic Area (EEA). By submitting your personal data for such purposes, you agree to this transfer, storing or processing.

Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.

We may disclose your personal information to third parties if we are legally obliged to and for the purposes of good governance; in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of the ISPCC, our donors or others. This includes exchanging information with other companies and organisations for auditing and insurance purposes, with An Garda Síochána in order to vet our staff and volunteers and with Tusla, The Child and Family Agency, for the purposes of meeting our statutory child safeguarding obligations under Children First legislation.

Data security:

The ISPCC has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information.

We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.

Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.

Your rights under GDPR:

Under certain circumstances, and dependent on the legal basis under which your personal data is processed, by law you have the following rights:

We will provide you with a privacy notice to tell you how we are using your personal data.

You have the right to obtain access to your own personal data at any time. Information will be supplied within one month of receipt of the request. This can be extended by a further two months where requests are complex or numerous. This will be provided free of charge unless you ask for multiple copies or the request is manifestly unfounded or excessive. We can also refuse your request if it adversely affect the rights and freedoms of others or is manifestly unfounded or excessive.

You have the right to have your personal data rectified if it is inaccurate or incomplete.

You have the right to request the deletion of personal data where there is no compelling reason for its continued processing or if we are processing it in an unlawful manner – for example, if we are using it for a different purpose than originally stated.

Under certain circumstances, you have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it.

You can obtain and reuse your personal data in a structured, commonly used and machine-readable format for your own purposes across different services. This right applies where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.

You have the right to object on grounds relating to your particular situation to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • Direct marketing (including profiling); and
  • Processing for purposes of scientific/historical research and statistics.
  • We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • The processing is for the establishment, exercise or defence of legal claims.

Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Data protection rights:

Please contact us at [email protected] if you wish to exercise any of your data protection rights.

We will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.

Upon successful verification of your identity you are entitled to obtain the following information about your own personal data:

  • The purposes of the processing:
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom your personal data has been or may be disclosed, along with the location of those recipients;
  • The envisaged period of storage for your personal data or the criteria for determining the storage period;
  • The sources of the personal information, if it was not obtained from you;
  • The use of any automated decision-making and/or profiling

Suppliers

Personal data, including name, email address, telephone number and other business contact information is collected.

  • To receive services from our suppliers – we will use and disclose personal data in such manner as we believe is reasonably necessary to receive and to review the provision of those services from suppliers.
  • To provide services to clients – if a supplier is assisting us in delivering services to our clients we will process personal data to manage that relationship.
  • To agree payment arrangements with our suppliers, and to make payments to them.

 Our legal basis for such processing is the performance of the supplier contract.

A general retention period of seven years (after the supplier relationship ends) will be applied unless there are any legal and or regulatory exceptions which require documentation to be held for longer periods.  If you require further information please contact us. – Not sure this is necessary. But we are required to keep financial records for 7 years for appropriate financial audit trails and revenue obligations.

Website

Personal data will be collected from visitors to our website such as the time and date of your visit, the pages you visit and your physical location when visiting them, (and other more specific details like your IP address – not sure if this is true for ISPCC), the links you click and the route you take through the website, and your information if you report a problem with our website.  This is in our legitimate interest to improve our website offerings and enhance your online visit to us.

Personal data will also be collected if you sign up to attend any of our events/webinars and / or make a donation via our website.  You can specify your contact preferences when registering online to receive communications from us or by advising us of your contact preferences using options provided on all of our marketing/fundraising emails.  We always include an unsubscribe button in our communications, so you can opt out of receiving such information at any time.

We use cookies on our website.  Cookies are small files which are stored on a computer.  They are designed to hold a small amount of data specific to a user and website and they help to deliver feedback on website usage and hits to pages.

Statutory Funders

We correspond with statutory funders in relation to client (referral) matters and where required or legally appropriate to share client data including but not limited to a legal obligation to report any child welfare or protection concerns.  We may also send emails through our email service provider and retain contact information in our contact databases.  The retention periods for client files are set out in our retention schedules.

Recruitment

Personal data is collected to ascertain a candidate’s suitability for a specific role. ISPCC has a legitimate interest in recruitment of new personnel.

Further information as to how we process applicant data is included in the privacy notice for each post advertised. We use third party software to provide a platform where applications are submitted and then processed by the Firm. We may also send a candidate emails about their application through our email service provider.

General Recruitment – We will retain unsuccessful applications for a period of 18 months. Successful applications are retained with the individual’s HR file.

Trainee Recruitment – Applications screened out at application stage are retained for 14 months from the date of initial submission, applications that are screened out at interview stage are retained for two years after the date of the initial submission so to allow for development and re-application.

Employees

Personal data in relation to employees will be held on various internal systems and applications.  A privacy notice which sets out the purposes for which personal data will be processed and contains information on data subject rights is provided to employees.  Our legal basis for such processing concerns the performance of the employer / employee contractual relationship.  If further information is required please contact the Human Resources Department.

Links to Third Party Websites

Our website may contain links to other websites. Matheson is not responsible for the privacy practices or the content of such other websites.  If you link to or visit another website, please review the privacy statement for that website.

Security of your Data

We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control.  All Matheson personnel are subject to strict confidentiality obligations.  However, as effective as modern security practices are, no security system is entirely secure and we cannot guarantee the security of your information.  If you would like to raise a security issue with our team, please email.

Transfers of personal data to non-EEA countries

We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.  This may be because you have instructed us or where we enter into standard European Commission approved data protection contracts.  Remote access to our systems is on authorised devices only and appropriate technical safeguards are applied to protect personal data.

Your rights in relation to your personal data

Under certain circumstances you may:

  • Request access to copies of the personal data we hold about you and further information in relation to its processing, or else request that such information be supplemented, updated or rectified.
  • Request erasure, anonymisation or blocking of your personal data that is processed in breach of the law.
  • Object on legitimate grounds to the processing of your personal data. In certain circumstances we may not be able to stop using your personal data; if that is the case, we’ll let you know why.
  • Withdraw your consent – when personal data is processed on the basis of consent you may withdraw consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal. In the event that you no longer want to receive any  marketing material from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact us.

To exercise such rights (other than withdrawing from marketing emails) please contact [email protected] You may lodge a complaint with the Irish Data Protection Commission.

Changes to our Privacy Statement

We may change this Privacy Statement from time to time.  If we make changes, they will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.

Each time you use this website the then current Privacy Statement will apply and you should review it each time you use the website to satisfy yourself that you are happy with it.