Privacy Policy Introduction Saint John of God Foundation is committed to protecting all personal data which we collect from our donors as part of our work of fundraising and promoting the work of the Foundation and the Order. This document sets out how we intend to capture, use and protect all personal data which SJOG collects and stores during the course of the relationship we established with you. We also want you to be clear as to what rights you can invoke in respect to the information we hold about you. In this regard, it is important that you read this Privacy Notice and understand our use of your personal data. This policy may be updated from time-to-time to reflect a changing environment, as required. The most recent version of this document can be found on our website: www.sjogfoundation.ie Company Information References to the “Foundation”, “us”, “our” and “we” refer to Saint John of God Foundation. More information about SJOG can be found at www.sjogfoundation.ie Legislation All personal data we gather will be “processed” in accordance with all applicable data protection laws and principles, including the EU General Data Protection Regulation 2018 and the Data Protection Acts 1988 and 2003. Queries and Complaints If you require further information about the way your personal data will be used, or if you are unhappy with the way we have handled your personal data and wish to contact us please submit your concerns to: [email protected] The [email protected] mailbox is managed by the Foundation’s DPO function and all correspondence received will be addressed accordingly, including oversight from the designated Foundation’s Data Protection Officer. You have the right to lodge a complaint with the Office of the Data Protection Commissioner. To contact the Office of the Data Protection Commissioner, please use the following details: Data Protection Commissioner Canal House - Station Road Portarlington County Laois Telephone: +353 (0)761 104 8000 Telephone: +353 (0)57 868 4800 Email: [email protected] Lo-Call Number: 1890 252 231 Fax: +353 57 868 4757 Please note that we will take all appropriate steps to keep your personal data safe. In the unlikely event that we have a security breach, we will notify you without undue delay regarding the circumstances of the incident in accordance with our legal obligations How do we collect information? We collect personal data to provide our services to you and to remain in contact with your, where you have provided your permission for us to do it. Most of the personal information we process is provided to us directly by you, either in person to our representatives or via our website, for one of the following reasons: You have made a donation in the past. You are an active donor. You have fundraised for the Foundation You have made an enquiry or raise a complaint with us. You have made an information request to us. You subscribe to our e-newsletter. You are a visitor to our premises. What do we use information for? We use your personal information in order to provide the different services our organisation delivers through its many entities. The following table is a non-exhaustive list which describes how we may use the personal data we gather for any or all the following purposes: Process Description Lawful Basis for Processing Handling Enquiries General enquiries are received from donors, past or current, as well as general public. Donor’s data will only be disclosed on completion of identity verification. The use of the data is in our legitimate interests and is necessary to ensure standards of quality. The use of the data is necessary for the appropriate management of our services. Investigate Complaints Where complaints are received from donors or other members of the public we will process the necessary data in order to investigate the complaint. The use of the data is in our legitimate interests and is necessary to ensure standards of quality. The use of the data is necessary for the appropriate management of our services. System Maintenance Sometimes user/staff data may be accessed during system repairs and updates, as required. Donor data will also be used in order for the organisation to maintain system back-ups in the event of an IT system failure. The use of the data is necessary for the appropriate management of our services. Donations & Fundraising We process your contact and payment details when you make the decision of supporting our work with your donation or by organising a fundraising event on our behalf. These payments will be processed directly by your bank or by stripe (when donating online) The use of the data is necessary in the context of a contractual relationship and to comply with regulatory requirements. Who do we share information with? There are circumstances where we share personal data with third parties. Generally, this includes a representative for you and our representatives, and some pre-advised third parties. We may disclose your information to the following categories of recipients: Any party which you have given us permission to speak with (family, friends or otherwise) Our Payment Service Providers, to the extent required for the purpose of processing your payment for a donation, or to address any queries/complaints that may arise from this process. Legal representatives, if necessary Statutory bodies and regulators as required by EU and Irish law (such as revenue or enforcement agencies) We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non-specific data sets where possible. On occasion we may transmit your data outside of the European Economic Area e.g. when and if using a cloud-based service provider. In such circumstances, we will ensure that the data is transferred in a secure manner, in accordance with data protection legislation. If you would like more information about the relevant safeguards in place for the transfer of personal data to countries or companies outside the European Economic Area, please contact us using the details outlined in Section 1 above. What type of information is collected? While the type of personal data may change occasionally, we believe it is important you are aware of the types of personal data we gather and use. In providing some services or overseeing the services provided by our entities, we may collect many categories of personal data about service users, which may include sensitive data. The following table is a non-exhaustive list and provides an indication of the categories and types of personal data we use to perform our duties. Please note that information listed under one category may be used for the performance of a task or in relation to activities under another heading or as outlined under Section 3. Reason Type of Data Collected Fundraising Contact details, banking/payment details. Service Quality Improvement Donors and general public feedback, enquiries received, log of calls received, log of complaints received, adverse occurrence forms submitted. How long do we retain information? We have a comprehensive record retention schedule and policy. When we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws or the period required to defend ourselves against legal action. The only exceptions to this are where: the law requires us to hold your personal information for a longer period, or delete it sooner; you exercise your right to have the information erased (where applicable as per section 6.d) and we do not need to hold it in connection with any of the reasons permitted or required under the law. Our website – Use of cookies We use cookies to enhance the performance of our website and personalise your online experience. What are Cookies? A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to work more efficiently, by remembering your actions and preferences (such as login, language, font size and other display preferences) if you've been to the website before, so you don’t have to keep re-entering them whenever you come back to the site. They are also useful to provide information to the owners of websites. Cookies are used to measure which parts of the website people visit and to customise your experience, as well as to provide information that helps us monitor and improve the website's performance. Description of Cookies Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. First Party Cookies The function of this type of cookie is to retain your preferences for our website. They are stored and sent between our servers and your computer’s hard drive. We collect this information anonymously, so it doesn't identify anyone as an individual and no personal information is stored in our cookies. We always use cookie data in a responsible way. These cookies may be either Session or Persistent cookies. Third Party Cookies Some of the services and products within the pages of our website are provided by third parties who, in time, may set their own cookies to enable such services. These cookies are stored and sent between the third-party’s server and your computer’s hard drive. These cookies are usually persistent cookies. Because we don’t control the settings of these third-party cookies, we recommend that you visit the third-party website that has generated them for more information about how to manage them. Third Party Cookies We use cookies for the following purposes: (a) authentication - we use cookies to identify you when you visit our website and as you navigate our website. (b) status - we use cookies to help us to determine if you are logged into our website. (c) personalisation - we use cookies to store information about your preferences and to personalise the website for you. (d) security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally. (e) advertising - we use cookies to help us to display advertisements that will be relevant to you. (f) analysis - we use cookies to help us to analyse the use and performance of our website and services. (g) cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally. Please refer to the tables below for more detail on cookies used within our website. Necessary cookies Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Cookie Name Used by Description Expiration _cfduid Cloudflare Used by the content network, Cloudflare, to identify trusted web traffic. It does not contain any personal information. 1 year ASP.NET_SessionId Website Used for authenticating a user's session after logging in. Closes when the user exits the browser. It does not contain any personal information. End of session ARRAffinity Website Tells our infrastructure which server to handle the request. It does not contain any personal information and is used only for analytical purposes. End of session MemberLoggedIn Website A binary flag which stores whether a user is logged in or not. It does not contain any personal information. End of session _stripe_sid Stripe Used by our payment provider, Stripe, in order to process payments on checkout. End of session _stripe_mid Stripe Used by our payment provider, Stripe, in order to process payments on checkout. 1 year nsr Stripe Used by our payment provider, Stripe, in order to process payments on checkout. End of session Statistic cookies Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. Cookie Name Used by Description Expiration @@History/@@scroll|# Website Used by AppInsights to allow for monitoring of the platform database. It does not contain any personal information and is used only for analytical purposes. End of session _ga and _gid Google Analytics Used to distinguish between website users in Google Analytics. 2 years _gat Google Analytics Used to moderate calls to the Google Analytics service. It does not contain any personal information and is used only for analytical purposes. End of session ai_session and ai_user Website Tracks users as they navigate the website predominately for infrastructure performance insights. It does not contain any personal information. End of session p.gif Typekit Used by the font provider, Typekit, if you are using one of their fonts. Used for compliance and billing purposes only. It does not contain any personal information. End of session __utma Google Analytics Stores the amount of visits of a user, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes. 2 years __utmz Google Analytics This performance cookie stores where a user came from (eg. search engine, search keyword, link). It does not contain any personal information and is used only for analytical purposes. 6 months __unam ShareThis Set as part of the ShareThis service and monitors "click-stream" activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. The ShareThis service only identifies a user if they have separately signed up with ShareThis for a ShareThis account and given them consent. Checks how long a user stays on a site: when a visit starts, and ends. It does not contain any personal information and is used only for analytical purposes. 14 months cc_cookie_accept Website Stores whether the user has accepted the cookie message or not. It does not contain any personal information and is used only for analytical purposes. 365 days Marketing cookies Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers. Cookie Name Used by Description Expiration NID Google Registers a unique ID that identifies a returning user's device. Can be used for targeted ads. It does not contain any personal information. 6 months collect Google Analytics Used to send data to Google Analytics a user's device and behaviour. It does not contain any personal information. End of session r/collect Doubeclick.net These cookies are managed by DoubleClick, an advertising platform we use to display adverts. End of session IDE, DSID, _ct_rmm Doubleclick.net These cookies are managed by DoubleClick, an advertising platform we use to display adverts. 2 years DisplayName Website Keeps track of a donors preference to show their name during a Direct Debit. End of session VISITOR_INFO1_LIVE Youtube Used by Youtube if you've embedded a Youtube video in your posts. Tries to estimate a user's bandwidth on pages with integrated Youtube videos. It does not contain any personal information. 179 days YSC Youtube Used by Youtube if you've embedded a Youtube video in your posts. Registers a unique ID to keep statistics of what videos from Youtube a user has seen. It does not contain any personal information End of session How to control cookies You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org and www.allaboutcookies.org. What are your rights? You have rights when it comes to your personal data. On receipt of a valid request to invoke your rights, we will do our best to adhere to your request as promptly as reasonably possible, however, please be aware that restrictions may apply in certain situations. Right of Access You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. Right to Rectification You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Right to be Erasure You have the right to ask us to erase your personal information in certain circumstances. Right to Restriction You have the right to ask us to restrict the processing of your information in certain circumstances. Right to Data Portability You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. Right to Object You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. Right not to be subject to Automated Decision Making, including Profiling You have a right not to be subject to a decision based solely on automated processing or profiling, where such decisions would have a legal effect or significant impact on you. As a responsible organisation, we do not use automatic decision-making or profiling. Where do I send requests? When submitting your request, please provide us with information to help us verify your identity and as much detail as possible to help us identify the information you wish to access (i.e. date range, subject of the request). Please send all your requests to [email protected] How long will a request take to complete? Upon receipt of a request, we will have 30 days to provide a response, with an extension of two further months if required. If we require more time to deal with your request, we will notify you of the delay, and the factors responsible for the delay, within 30 days of the receipt of your request. If we refuse your request, we will notify you within 30 days of the receipt of your request accompanied by the reason for refusal. You are entitled to contact the Office of the Data Protection Commissioner if we refuse your request. How much does it cost to submit a request? We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also applicable for multiple copies) or refuse the request. Additional Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply: Your data will be made available to our website provider The data that may be available to them include any of the data we collect as described in this privacy policy. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA. They will store your data for a maximum of 7 years. This processing does not affect your rights as detailed in this privacy policy. Manage Cookie Preferences