The Asthma Society of Ireland is committed to protecting the privacy of users of http://www.asthmasociety.ie (the “Website”) and complying with our obligations under the Data Protection Acts 1988 and 2003 (the “Acts”) and the General Data Protection Regulation (GDPR) which comes into force on the 25th May 2018. We are aware that as a user of this Website you care about the security and privacy of your information. The purpose of this Privacy Statement (the “Statement”) is to outline how we deal with any personal data you provide to us while visiting this Website. You should not use this Website if you are not happy with this Statement.
By visiting this Website, you are accepting the terms of this Statement. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of those other websites.
For general information relating to Data Protection in Ireland the Data Protection Commissioner can be contacted at firstname.lastname@example.org.
2. What information does the Asthma Society of Ireland collect?
2.1 We retain two types of information:
(a) “Non-Personal Data”
You can browse the Website without telling us who you are or revealing any personal information about yourself. Like most websites, we gather statistical and other analytical information collected on an aggregate and anonymous basis from all visitors to our Website. This “Non-Personal Data” comprises information that cannot be used to identify or contact you, such as your IP (Internet Protocol) address, domain name, browser type, operating system, and information such as the website that referred you to us, the files you downloaded, the pages you visit, and the dates/times of those visits, and other anonymous statistical data involving the use of our Website.
(b) “Personal Data”
“Personal Data” is data that identifies you or can be used to identify or contact you. Personal Data is collected only with your full knowledge and permission when you voluntarily and actively provide it to us and is retained by the Asthma Society in a secure manner.
2.2 If you choose not to provide Personal Data, you can still browse and use the Website, but certain functions/services will not be available without providing the necessary Personal Data. This is detailed below in Section 3.
3. Purposes for which we hold your Information.
3.1 Non-Personal Data:
This information is used in an aggregate form to analyse trends and usage of the Website and to improve the usefulness of the Website.
3.2 Personal Data:
(a) If you register for a fundraising event, request information, or provide feedback, you will be asked to provide Personal Data such as your name, postal address, e-mail address and occasionally your date-of-birth (some fundraising events may be age dependent).
(b) If you wish to make an online donation, you can opt-in to give us your name, postal address, email-address, and the amount of your donation. If you choose to provide this Personal Data, we will use this to issue you with a receipt. We may also use the information to contact you about future events, unless you indicate you do not wish to receive such communications. If you choose not to opt-in, your donation will be considered an anonymous donation, and we will not retain any Personal Data relating to the donor.
3.3 When making a donation or purchasing merchandise, you will be transferred to a secure encrypted Asthma Society webpage hosted by our credit card processor, Realex-Payments, who will perform the transaction on our behalf from your credit card or laser card. Your card details will not be divulged to the Asthma Society.
3.4 A second opt-in clause is located on all online forms. By ticking this box you are giving permission to the Asthma Society to use the Personal Data you provide to contact you regarding upcoming fundraising and general Asthma Society events, and to use the information for donor care management and donor[ASO1] profiling[ASO2] .
4. Disclosure of Information to Third Parties
4.1 We will not sell any Personal Data volunteered on the Website to any third party. We will not disclose your Personal Data to third parties unless you have consented to this disclosure or unless disclosure is required by agents or contractors of the Asthma Society in the course of providing services (in such circumstances, the third party is bound by similar data protection requirements).
4.2 We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
The Asthma Society takes its security responsibilities very seriously, including by employing appropriate physical and technical security measures, conducting staff training and generating awareness, and regular reviews of these responsibilities. We will take all reasonable precautions to prevent the loss, misuse or alteration of Personal Data you volunteer. You should note however, that Internet transmissions are never completely private or secure.
You accept that any information or message you send to the Website may be intercepted or read by others. You hereby acknowledge and accept that we have no responsibility and shall accept no liability whatsoever for loss, injury or damage occasioned by the interception by third parties of your transmissions, or the disclosure of information, including but not limited to credit card numbers, by any party with whom you transact, nor do we offer any guarantees, warranties or indemnities as to the security or otherwise of any information which you volunteer.
6. Rights of Access
6.1 If you have provided Personal Data to us and you:
(a) would like copies of that information;
(b) would like us to correct any factual inaccuracies in that information; or
(c) would like that, or part of that information deleted from our records,
then please contact us at email@example.com
6.2 We will use every effort to supply, correct or delete information about you on our files. We will respond promptly and efficiently to any data request and supply any requested data in a commonly-used and easy-to-read format.
Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly.
8. Changes to the Website Statement
This Privacy Statement will be the subject of change and the use of information that we gather shall be subject to the privacy notice in effect. It shall be your responsibility to check our Website frequently to see recent changes.
ASI Confidentiality Statement
In light of the recent data protection legislation, the ASI takes the integrity of your data very seriously. If you ever wish to view, edit or delete your data from our records please contact us on 01 817 88 86 or email firstname.lastname@example.org.
Any GDPR enquiry should be directed to the ASI’s Data Protection Officer (DPO) Stephen Patten, who can be reached at email@example.com or 015549211
Any data protection complaint/issue relating to the ASI should be addressed to the Data Protection Commissioner’s Office. They can be contacted at firstname.lastname@example.org
i. Adviceline Callers
Any person who books an appointment with one of the ASI’s Adviceline nurses has personal information entered onto our system. They are also given the option of becoming a member of the ASI and asked if they would like to receive regular updates of the society’s work as well as asthma-related information. Following a phone-call appointment, the ASI nurse will enter a synopsis of the call onto our system. This synopsis will invariably contain medical information. Medical information is only made viewable to certain ASI employees and sub-contractors (Health Promotion officers, CEO, Adviceline nurses, Office manager).
All information on salesforce is encrypted and Adviceline nurses have been informed not to print anything from salesforce.
Calls are recorded for training and monitoring purposes, this is highlighted in the text reminder 24 hours before the appointment and again 1 hour before the appointment.
ii. Medical Information
ASI collects and stores medical information from certain data subjects, usually callers to the Adviceline service. This information is entered onto the system by an ASI asthma nurse after an Adviceline call. It is then used as a referral tool by the nurse(s) on any subsequent Adviceline call.
This medical information is not visible to all ASI employees, only the CEO, office manager and Health Promotion officers.
The ASI’s retention period of medical data is 8 years, as per HSE policy. This retention period, like all our retention periods, can be made known to any member of the public who enquires about it, verbally or in writing via the laminated sheet at reception.
Where consent hasn’t been given, adviceline staff can use and share information for the following reasons:
- To prevent injury or other damage to the health of the data subject;
- To protect the vital interests of the data subject where the seeking of consent from the data subject is likely to result in those interests being damaged
Our Adviceline policy allows for disclosure without consent where the adviceline worker has reasonable grounds to believe that the person has immediate plans to harm others.
Additionally, disclosure of personal data may be required in order to comply with any applicable law – summons, search warrant, court / regulatory order, statutory requirement