Introduction
The purpose of this policy is to ensure that all Personal Data under the control of DESSA is stored, processed and used in compliance with the Irish Data Protection Act 2018 (the “DPA”) and the EU General Data Protection Regulation (GDPR).
This is an active document which is open to revision and adjustment on an ongoing basis.
Under the General Data Protection Regulation, we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.
DESSA are firmly committed to complying with our data protection obligations. This policy sets out the basis on which any Personal Data we collect, or that is provided to us, will be stored, processed and used by us. This policy applies to all staff and directors in DESSA.
Our Data Protection Administrator is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws. We are both the Data Controller and the Data Processor as defined under the Regulation.
Our Data Protection Administrator is Linda Howe.
This policy applies to the personal data we process in relation to those on the mailing list/database of DESSA.
It is our policy to only record and keep information which is deemed essential and we have a strict code which covers what kind of information we record and how it is recorded.
Who we are
DESSA is a company limited by guarantee and a registered charity. The purpose of DESSA is to create a society where everyone with lived experience of disability and their families can participate equally as full citizens.
DESSA’s core remit entails the delivery of direct training, advocacy and information support services to individuals and families with lived experience of disability and to organisations supporting them. DESSA also works to develop the capacity of organisations in the Community & Voluntary sector to enable disabled people to actively engage in community life.
What information do we collect from you?
You may give us information by:
- corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary for the purpose of your interaction with us or when submitting a question/ suggestion/ comment in relation to our services.
- attending meetings and/or training events with us.
The legal bases for the processing of your data are:
1. that you have provided consent for the processing for one or more specific purposes. For example, when you subscribe to our online newsletter which you submit to us.
2. processing necessary information for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
3. processing necessary for compliance with a legal obligation to which we are subject.The lawful basis for using your information is that of consent.
Why do we collect this information?
We will use your personal data solely for the purpose of sharing information, issuing of policy updates, provision of advocacy support and notification of training and other events.
Specifically, we will use this information:
- to liaise with you about initiatives that we are undertaking with you;
- to communicate any upcoming DESSA events and activities;
- to carry out our obligations arising from any contracts entered into between you and us;
- to administer and improve our website and for internal operations.
DESSA training participants will be asked to sign a consent form at training registration allowing for the sharing of e mail contacts.
We will not share your information with anybody outside of the company.
We will not share your information with anybody outside of the company.
How long do we keep hold of your personal data?
Your Personal information will always be kept private and confidential. The time periods for which we retain information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
- Where we have provided you with information and advice or once-off advocacy we will retain your information for two years.
- Where we have completed an advocacy case for you, we will retain your information for six years. This is recommended by Citizens Information Board and in accordance with Irish Law where upon individuals have six years to take a claim against the service under contract or tort law.
- All paper and electronic records will be destroyed after six years.
- Should the service cease to exist all records will be stored securely within the DESSA Registered office and destroyed at the appropriate times.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Privacy Policy and the relevant law. If you think there has been any loss or unauthorised access to personal data please let us know immediately.
Storing your personal data
The information recorded on our computer, is covered by the Data Protection Act. The computer is password protected and only accessible by DESSA staff. Written copies of all records will be kept in a locked filing cabinet in the office.
What are your rights with respect to your personal data?
You have a number of rights relating to how your personal data is used; specifically you have the right;
- to request access to the data we hold on you
- to change inaccurate information
- to delete your information
- to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people
- to request that we limit how we use your personal data
- to make a complaint
Where our processing of your personal data is based on your consent to that processing, you have a right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by: writing to the DESSA Manager Alice Griffin at dessaoffice@gmail.com or by post to DESSA, Thomas Court Centre, Thomas Court Centre, Hanover Lane, Dublin 8.
You may lodge a complaint with your local supervisory authority with respect to our processing of your information.
In Ireland, the local Supervisory Authority is the Office of the Data Protection Commissioner with an address at Canal House, Station Road, Portarlington, Co. Laois. The website is www.dataprotection.
What will happen if we change our privacy policy?
This policy may change from time to time, and any changes will be made public on our website.
How can you contact us?
Our Data Protection Administrator can be contacted:
Phone: 086 601 1613
Email: dessaoffice@gmail.com or
Post to: DESSA, Thomas Court Centre, Hanover Lane, Dublin 8