Barretstown (“we”, “us”, “our”) is a “Controller” under the General Data Protection Regulation ((EU) 2016/679) (“GDPR“) in respect of certain Personal Data you furnish to us. Barretstown has its registered office at Barretstown Castle, Ballymore Eustace, Co Kildare.
This Privacy Notice is intended to help you understand what Personal Data Barretstown collects about you, why we collect it, and what we do with it.
1. What is Personal Data?
“Personal Data” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Categories of Personal Data;
“Special Categories of Personal Data” is any Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; genetic data or biometric data and data concerning health or sex life and sexual orientation.
2. Personal Data Collected and Processed
We collect and process Personal Data relating to you in connection with our relationship with you. This Personal Data includes:
- your name and contact details, including your address, phone number and email address if you have provided them to us;
- your bank details if you have a direct debit in support of our work
- your donation history, and any communications you have had with us via email or post
- any other Personal Data relating to you that you provide to us or that we generate about you in connection with our relationship with you, including records of any consent you have given and your use of the Barretstown website.
We also collect Special Categories of Personal Data in relation to children and families availing of our services. Information regarding children’s health and treatment is collected in order to assist Barretstown to meet the needs of those children and families.
Barretstown does not carry out automated decision making. We analyse the outcomes of our fundraising campaigns, appeals and engagement with you. This allows us to understand how our campaigns work, enables us to make appropriate requests from you and ensure that communications with you are relevant. We also carry out research on publicly available data to understand our different types of donors to support our fundraising strategy.
3. Technical Data Collected
When you visit the Barretstown website, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.
4. Purposes for which we hold your Personal Data
The Personal Data that is referred to above will be processed for the purposes of:
- to process your donation;
- to provide you with information about other opportunities to support Barretstown where you do not object to receiving such information;
- to carry out our obligations arising from any contract entered into between you and us and to provide you with the information and services that you request from us;
- complying with our legal obligations;
- to further our charitable aims, including for fundraising activities, where you agree to receive such information;
- providing customer service to you and contacting you if required to respond to any communications you might send to us;
Our legal basis for collecting and using this information in accordance with the provisions of this Data Privacy Notice is:
- that it is necessary for the performance of a contract with you;
- that it is in our legitimate interest to do so; or
- that you have provided consent to us for the use of your Personal Data.
Where you have provided consent for the use of your Personal Data, you can withdraw it at any time by informing firstname.lastname@example.org, however, this will not affect the lawfulness of processing which was carried out based on your consent prior to its withdrawal.
5. Disclosure of your Personal Data to third parties
We will not trade your personal details with third parties.
We may disclose your Personal Data to various recipients in connection with the above purposes, including:
- to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers, professional advisers and auditors;
- to other public authorities and bodies where required or permitted by law, such as An Garda Síochána or other law enforcement authorities for the purposes of prevention, investigation or detection of crime; and
- to comply with any applicable law or regulation, a summons, search warrant, court or regulatory order, or other statutory requirement.
6. Transfers of your Personal Data outside of the European Union
In order for the purposes outlined above and particularly for technical support, from time to time, we might have to transfer your Personal Data outside the European Economic Area (EEA) to a country that has not been confirmed by the European Commission to provide an adequate level of protection for Personal Data.
If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a data processing agreement in respect of the transfer which contains the ‘standard contractual clauses’ approved by the European Commission, or in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework (or any replacement framework). Further details of the measures that we have taken in this regard are available on request from email@example.com
What this means is that, where we do not have the assurance of the destination for your data having been subject to a review by the European Commission, we will use other approved controls to ensure we can protect your data adequately and to ensure that those third parties who may process your personal data on our behalf meet the highest standards of privacy practices and comply with applicable data protection law.
7. How we secure your Personal Data
Where you communicate with us via the Barretstown website, the nature of the internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
As you use this website technical details in connection with visits to this website are logged by our internet service provider for statistical purposes. No information is collected that could be used by us to identify website visitors. The technical details logged are confined to the following items:
- The IP address of the users webserver
- The top level domain name used (for example .ie, .com, .net, .biz)
- The previous website address from which the user reached us, including any search criteria used.
- Click screen data which shows the traffic of users around this website (for example pages accessed and documents downloaded).
- The type of web browser used by the website user.
8. Your Rights
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your Personal Data:
Right of access
- The right to access your Personal Data;
Right to rectification
- The right to request the rectification and/or erasure of your Personal Data in certain circumstances;
Right to erasure (‘right to be forgotten’)
- The right to be forgotten in certain circumstances;
Right to restriction of processing
- The right to restrict the use of your Personal Data in certain circumstances;
Right to object
- The right to object to the processing of your Personal Data;
Right to data portability
- The right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller, in certain circumstances.
In addition to these rights, you also have the right to lodge a complaint with the Irish Data Protection Commissioner (https://www.dataprotection.ie/docs/Contact-us/11.htm), and the right to pursue a remedy through the Courts if we fail to meet the required standards of data protection.
9. How you can exercise your rights
In order to execute any of the rights set out above, please contact us at firstname.lastname@example.org
10. How long we retain your Personal Data
We will not hold your Personal Data for longer than is necessary. We retain your Personal Data for as long as we need it for the purposes described in this Privacy Notice (including but not limited to section 5 (Disclosure of your Personal Data to third parties)), or to comply with any applicable statutory requirement.
11. Changes to this Privacy Notice and our Policies
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on the Barretstown website so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.
12. Questions and Complaints
If you have any questions regarding this Privacy Notice, you can contact us using the information below:
Data Protection Officer