This privacy statement is effective as and from May 25th, 2018
Your privacy is important to Dodder Action and maintaining your trust is paramount to us. We are fully committed to keeping your personal information safe. We will comply with the terms of the General Data Protection Regulation (GDPR) and all other relevant data-protection legislation. If we ask another organisation to provide a service for us, we will make sure they do too.
This privacy statement is intended to provide you with information about the personal information we collect and how that personal information is used and shared. It also sets forth your privacy rights. Please take a moment to familiarise yourself with our privacy practices.
By your using of our website, our mobile applications, products such as Dodder Action membership, or services such as our email newsletter (collectively our “services”), the collection, use and sharing of your personal data is subject to this privacy statement.
We will update this privacy statement from time to time. If we make changes, we will notify you prior to the changes taking effect by posting a notice on our website and, where appropriate, sending you a notification. By continuing to use our services after such revisions are in effect, you accept and agree to the revisions and to abide by them.
Should you have any questions or comments related to this privacy statement, please contact us at email@example.com
Dodder Action, 66 Whitebeam Road, Dublin 14, is the data controller of the personal data you provide to us. We can be contacted by email at firstname.lastname@example.org
Please contact us on this email address if you have any questions regarding this privacy statement, our privacy practices or if you wish to exercise your legal data rights.
Information we collect
We collect information about you, including personal information, as you use our services and interact with us.
Information you provide us and how we use it
You provide personal information to us for a variety of reasons, such as:
Providing you with an email newsletter (Consent)
We offer an email newsletter. You can voluntarily sign up for the email newsletter by providing us with at least your email address and in some cases, your first name and last name. We will use this information to send you the newsletter you have requested and in some cases to personalise the email we send. We will only send you these general newsletters with your explicit consent. You can opt out at any time by unsubscribing at the bottom of each email newsletter communication. Our email newsletter communications are sent through Mailchimp.
To receive a direct email communications (Consent)
With your permission, we may occasionally send you our marketing communication emails about Dodder Action events, campaigns, news or membership to the email address you have provided. To receive these email communications from us, you will need to provide us with at least your email address and in some cases, your first name and last name. You may at any time choose not to receive email communications from us by emailing us at email@example.com
To purchase a product or service from us (Contract)
To purchase one of our products or services (e.g. Dodder Action membership), this typically involves you providing us with your name, address, email address and payment information. We use your payment information to administer, process and pay for the services you have requested.
This includes but is not limited to your credit and debit card number, card expiry date, CSV /CV2 number. We require your address to comply with EU VAT legislation. We use this personal information to authenticate you and to provide you with the products you have requested from us.
Credit and debit card information is processed directly by Stripe, a PCI-compliant payment provider who performs payment services on our behalf.
In correspondence with us (Legitimate Interest)
If you correspond with us through emails, letters or other forms of communication, we will collect information such as your name, address, phone number and email address and any other personal information contained within the correspondence and use it to respond to your enquiry. We process this information in pursuit of our legitimate interests, which include developing and maintaining relationships with our community of members, volunteers, website visitors and social media users.
If you attend one of our events (Contract)
We host many events throughout the year. These include but are not limited to clean-up days, live events, live lectures, conferences and seminars. If you register for one of our events either prior to the event or on the day, we will collect your name and contact information and in some cases your address and payment details and use this information to register you for the event, process your payment and provide you with information and services associated with the event. In some cases, we make audio, video or photographic recordings of these events and we may record information about you as a consequence. We will always inform you in advance if the event is being recorded so that you can choose not to participate if wish. Registration for our events is voluntary. Once you register, however, we process your personal information as per the terms and conditions of that specific event.
To verify your identity (Legal)
To exercise your data rights, we may need to collect additional personal information from you to verify your identify. We will verify your identity by reference to acceptable identification documentation supplied by you, which may include copies of your current passport, driving licence or Public Services Card.
When you provide services to us (Contract)
You may provide us with your personal information if you provide professional services to us. This typically includes your contact information, address, phone number, your VAT registration number and maybe your banking information. We process this information so we can administer, manage and pay for the relevant services you provide and as per the terms and conditions of our contract. In some circumstances, your services may extend to delivering live lectures or involvement in our live events, in which case we may make audio or video recordings of you.
Information we collect and how we use it
Dodder Action collects the following information about you as you use our services and interact with us:
Use of our services
We collect information relating to your use of our services. We typically collect this data in a form that does not, on its own, permit direct association with any specific individual and therefore cannot be reasonably used to identify you. Aggregated and anonymous data is considered non-personal information for the purposes of this privacy statement. If we can link usage data with your personal information and identify you, we will treat that linked data as personal information for as long as it remains combined.
- We log certain technical information that your browser sends us including: the internet protocol (IP) address; browser type and version; time-zone setting; access time; browser plug-in types and versions; operating system; and platform and device type
- We log usage information about the use of our website and services, including: a history of the pages you view and other actions you take while visiting us, including the full Uniform Resource Locators (URL) clickstream to, through and from our site; articles, content and products you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs)
- Technical information, including: the type of mobile device you use; unique mobile identifies, such as the device’s IMEI number; mobile network information; your mobile operating system; the type of mobile browser you use; and the time-zone setting
- Details of your use of our mobile applications including but not limited to: traffic data; location data; weblogs; and other communication data and the resources that you access
Cookies and similar technologies
We use such technologies to determine whether you’ve opened an email newsletter from us or clicked on a link contained in an email newsletter. Collecting information in this manner allows us to gather statistics about the usage and effectiveness of our services and products, including our email newsletters and direct marketing communications.
Information we get from other sources and how we use it
Not all of the personal information we hold about you will come directly from you. We collect information from third parties such as our service providers and publically available sources such as social media platforms.
The purpose and legal basis for processing your information
We collect your information for a number of purposes and rely on a number of different legal bases to use your personal information.
To enter into and perform a contract with you
We use your personal information to carry out our obligations arising from any contracts entered into between you and us or to take the necessary steps at your request prior to entering into a contract with us including:
· To provide you with the email newsletter subscription, services or products you have requested
· To process your payment information
· To authenticate and verify your purchases
· To provide customer support
· To administer, process and pay for the services you may deliver to us
· To send important notices such as communications relating to payment, services, changes to our terms, conditions, and policies and to notify you about changes to our service. We may do this by phone, post, email, SMS text or through other digital media
With your consent
We will, in certain circumstances, rely on your explicit consent to process your personal data. Where we do, you have the right to withdraw your consent at any time. In most circumstances, your consent can be withdrawn by following the unsubscribe instructions included at the end of each email communication from us. You can also contact us at firstname.lastname@example.org and we will be happy to facilitate your request.
To comply with our legal obligations
We may be required to process your personal information to comply with certain legal obligations to which we are subject, including:
· Proving information to an Garda Síochána, the Revenue Commissioners or other Government bodies or agencies when required to do so by law
· In order to enforce or apply our Terms of Service
· Where necessary for the establishment, exercise or defence of legal claims
· If you have exercised one of your data rights, we will retain a copy of all correspondence to demonstrate our compliance with data-protection legislation
· If you have exercised one of your data rights and ask us not to contact you by email at a particular email address, we will need to retain a copy of that email address in order to comply with your no-contact request
Processing based on our legitimate interests
We process your personal information for carefully considered and specific purposes which are in our legitimate interests and enable us to enhance the services we provide, but which we also believe benefit our customers. Our legitimate business interests do not automatically override your interests. You have the right, free of charge, to object to our use of your personal information for our legitimate interests. Please bear in mind that if you do object, this may affect our ability to carry out certain tasks for your benefit.
Where you object to our use of your personal information for our legitimate interests, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so. We will always ensure there is a fair balance between our legitimate interests and your fundamental right and freedoms.
We process personal information for the following legitimate business purposes:
· To manage our everyday business needs and for internal purposes such as auditing, data analysis, troubleshooting, accounting, providing customer service, technical support and fraud prevention
- To ensure content from our site and mobile applications is presented in the most effective manner for you and for your device
· To better understand and improve the usability, performance and effectiveness of our services
· We may process your information to protect you against fraud when transacting on our services and to detect, prevent, investigate security or technical issues to ensure our services are secure
· To protect the rights, property and safety of Dodder Action Committee members and/or the rights, property or safety of others
· To understand the demographics of our customers
You have the right to object to this processing, and if you wish to do so contact us at email@example.com
When and how your information is shared
Within the Dodder Action Committee
We may share your personal information with members of the Dodder Action Committee and use it in a manner that is consistent with this privacy statement.
With third parties
We may share your personal information with third parties for a number of reasons as outlined below. We do not sell your personal information to anyone and only share it with third parties who are facilitating the delivery or fulfilment of our services and or are working on our behalf. We contractually require that our suppliers protect such information from unauthorised access, use, and disclosure.
Third-party service providers
We may share your personal information with third-party service providers which perform services and functions at our direction and on our behalf such as our accountants, IT service providers, payment providers, lawyers, providers of security and administration services and other business advisers.
Social networking sites
Data storage and retention
Dodder Action will retain your personal information as needed to fulfil the purposes for which it was collected. We will retain and use your personal information no longer than is necessary to comply with our business and legal obligations. Where we enter into a legal contract with you, we will hold your personal information for a period of seven years from the date of completion of this contract by reference to the statute of limitation for a legal claim under contract. For more information on our data-retention policies, please contact us at firstname.lastname@example.org
Personal information we collect from you may be processed outside the European Economic Area (EEA). We safeguard the transfer of personal data outside of the EEA by partnering with data processors that adhere to data-protection frameworks that the European Commission has decided provide an equivalent level of privacy protection. All personal data that is transferred outside the EEA is transferred on the basis of an adequacy decision from the EU Commission as set forth in Article 45 of the GDPR.
Your data rights
You have several rights under data-protection law in relation to how we use your personal information. You have the right, free of charge, to:
· Request a copy of the personal information we hold about you in a structured, commonly used and machine readable format
· Rectify any inaccurate personal information we hold about you
· Withdraw your consent where we have relied upon your consent to process your information
· Erase the personal information we hold about you subject to certain exceptions
· If technically feasible, have your personal information transmitted to another data controller at your request
· Restrict processing of your personal information in certain circumstances
· Object to our use of your personal information for our legitimate interests, for profiling and for direct marketing purposes
· Not be subject to a decision which is based solely on automated processing where that decision produces a legal effect on you or otherwise significantly affects you. We do not knowingly make automated decisions of this nature
· Lodge a complaint with the appropriate data-protection authority if you have concerns about how we process your personal data
These rights are in some circumstances limited by data-protection legislation. If you wish to exercise any of these rights please contact us at email@example.com
We will take measures to verify your identity which we will do by reference to acceptable identification documentation supplied by you. These include but are not limited to copies of your current passport, current driving licence or current Public Services Card.
We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will contact you and explain why.
Please do not hesitate to contact us at firstname.lastname@example.org should you have any queries.