PURPOSE AND SCOPE OF STATEMENT
This Statement explains how personal data relating to you will be handled by Acquire Brain Injury Ireland (ABI Ireland) (“we” or “us“) and sets out how and why your personal data will be collected and processed by ABI Ireland and/or on its behalf by its third party service providers.
For the purpose of this Statement, the controller of your personal data is ABI Ireland.
APPLICATION OF THIS STATEMENT
This Statement applies to the way we collect and process your personal data. Personal data will be collected and processed by ABI Ireland when you or a company with which you are connected engage with us and/or avail of our services through www.abiireland.ie (our “Website“) or otherwise.
We will collect personal data when you:
- Are part of our referral or assessment process or if you wish to avail of our services
- Volunteer with us, participate in an event or visit ABI Ireland
- Make a donation to us, buy something from us or participate in one of our fundraising events
- Subscribe to our e-newsletters, request information from us or join a campaign
- When you visit one of our websites or social media pages via tools such as cookies and online identifiers, including if you make comments on our message boards or discussion forums
- Include when you work for us, when you provide services/ goods to us, when we provide services to you
- Apply for a job with us
- Contact us or become involved with us in any other way than as stated above
THE PERSONAL DATA WE PROCESS
The information we may collect from the above interactions may include, but is not limited to the following:
- Your name, address, telephone number, mobile number, and email address, along with your preferences as to how we should contact you in the future
- We may collect your year of birth or date of birth to verify you are an adult as it is our policy not to market to children and there are some services we are not able to provide to under 18’s
- Your health information, medical information or criminal history to enable us to provide the most appropriate services to you
- Images, photographs or video if you volunteer or take part in an event with us
- Financial information which you give to us, including your CHY forms for the tax back revenue scheme (note that we do not store credit card information or PPS numbers)
- Records of your donation history, correspondence and campaign actions taken with us
- Information you enter onto our website, including information to take part in events or to volunteer with us (such as your date of birth and contact information)
- Details of your visit to our websites, including technical information such as the IP address you use to access the website, your device, browser type and version
- We might also obtain personal data about individuals who may be interested in giving major gifts to organisations like ours. In these limited cases only, in addition to information you give us directly, we may also collect information about you from publicly available sources such as your work or interests
- Any other details in which you give us including your reasons for supporting us
- The only other instance in which we might collect sensitive categories of information is if you apply for a job with us. We may collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. You will be provided with a separate data protection policy when the information is requested so you are aware of how your data will be collected, used and stored
HOW AND WHY WE PROCESS YOUR PERSONAL DATA
We use personal data for several different processing activities which includes:
- To assess our ability to provide a neuro-rehabilitation service to you
- Understanding how we can improve our services, events, or information
- Tailoring our services to your specific needs and requirements
- Providing you with the information or products you have requested e.g. registration forms for events or branded merchandise
- Keeping a record of your relationship with us
- Keeping you up to date with the work you are supporting
- Administering your donation, including processing Charitable Tax Claims
- Asking for financial and non-financial support
- Managing your communication preferences, including marketing preferences
- Inviting you to events
- Analysing our database for statistical purposes to better communicate with you about things we think will be of interest. Note that this is on a generic rather than an individual level to ensure that our communications are cost effective
- In limited circumstances, analysing the personal information we collect about you and using publicly available information to better understand your interests, preferences and level of potential donations so that we can contact you more effectively and be better prepared in special circumstances when we may meet with you
The following table details the legal bases (“Legal Basis“) according to which and the reasons why (“Purposes“) we collect, obtain and process your personal data.
Your personal data is processed on the basis of consent for the provision of our services.You have the right to withdraw consent at any time. For more on this and other rights please see section below on your rights and how to exercise them.
|We obtain, collect and process your personal data:|
It is necessary to process your personal data to enter into and perform our contracts with you or your organisation for the provision of our services.If you do not wish to provide us with your personal data for these purposes, we will not be able to enter into or perform our contract(s) with you or your organisation.
|We obtain, collect and process your personal data:|
|We process certain of your personal data on the basis of our legitimate interests, such as in pursuit of our business or security interests.|
Where we process your personal data in pursuit of our legitimate interests we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. We will not process your personal data where our legitimate interests are outweighed by the impact on your rights and freedoms (unless otherwise required or permitted by law).
You have the right to object to us processing your personal data on the basis of our legitimate interests. For more on this and other rights please see section below on your rights and how to exercise them.
|We obtain, collect and process your personal data:|
|COMPLIANCE WITH A LEGAL OBLIGATION||PURPOSE(S)|
|We process your personal data where it is necessary to comply with legal obligations to which we are subject.||Where necessary and/or applicable, we obtain, collect and process your personal data in order to comply with our legal and regulatory obligations, including under anti-money laundering and terrorist financing legislation, processing and retaining CHY Tax forms, comply with tax returns and Garda vetting|
DISCLOSURE OF PERSONAL DATA
We may disclose your personal information to other third parties including:
- The HSE;
- Non-HSE service providers such as neuro-rehab services, disability services and mainstream services;
- The Department of Social Protection;
- The Department of Housing;
- Regulatory authorities;
- Our trusted third party service providers including Netspeed, (which provides us with IT infrastructure and related services), AIB and the Garda Vetting Bureau;
- Other people in your company or organisation;
- Third parties involved in hosting or organising events or courses;
- Professional advisors such as tax or legal advisors, consultants and accountants, and
- Third parties under necessary circumstances in line with legal obligations
TRANSFERS OF YOUR PERSONAL DATA
We store and process your personal data on servers located within the European Economic Area (the “EEA“). We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your personal data. We currently transfer data to the US under the Privacy Shield Framework, for example when using services such as Facebook.
If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your personal data, you can contact us at gdpr@ABIIreland.ie.
Although we will always do our best to protect your personal data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
RETENTION OF YOUR PERSONAL DATA
Generally, we shall retain your personal data for a period of seven years after the later of: (i) the conclusion of your relationship with ABI Ireland; or (ii) the conclusion of the relationship between ABI Ireland and the company with which you are connected.
YOUR RIGHTS AND HOW TO EXERCISE THEM
Where we rely on consent to process your information, you have the right to withdraw that consent at any time by contacting us (see contact section below). The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. The table below sets out the rights which you have, to address any concerns or queries with us about our processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.
|RIGHT TO BE INFORMED||You have the right to know your personal data is being processed by us, how we use your personal data and your rights in relation to your personal data.|
|RIGHT OF ACCESS||You have the right to ascertain what type of personal data ABI Ireland holds about you and to a copy of this personal data.|
|RIGHT TO RECTIFICATION||You have the right to have any inaccurate personal data which we hold about you updated or corrected.|
|RIGHT TO ERASURE||In certain circumstances you may request that we delete the personal data that we hold on you.|
|RIGHT TO RESTRICTION OF PROCESSING||You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.|
|RIGHT TO OBJECT||Where we rely on our legitimate interests to process your personal data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.|
|RIGHT TO DATA PORTABILITY||You may request us to provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.|
You can exercise any of these rights by submitting a request to us at gdpr@ABIIreland.ie.
We may request that you provide proof of your identity for security reasons and to prevent the unauthorised disclosure or misuse of personal data. We will only charge you for requests to access your personal data where they are unreasonable, unfounded or excessive. If, after contacting us, you are still not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission. Please see www.dataprotection.ie for further information.
CHANGES TO THIS STATEMENT
We may occasionally update this Statement to reflect changes in our business or to comply with applicable law and regulations. If there are material changes to this Statement concerning how we use your personal data, we will notify you by either prominently posting a statement of such changes on the relevant Website before they take effect.
If you have any concerns about the way your personal data are being used or processed by ABI Ireland, please contact us at gdpr@ABIIreland.ie or using the information below:
2nd Floor Block A, Century House, 100 George’s Street Upper, Dun Laoghaire, Co Dublin, Eircode: A96 R2V3
Telephone: + 353 1 280 4164