Privacy Policy | Enable Ireland

Privacy Policy

Overview
Enable Ireland is committed to protecting your privacy and the personal information you and others provide to us.  This statement outlines what we do with the personal information you provide to us, why we gather it and what it means to you. If you are under 16 years of age, please read this statement with a parent or guardian and ensure you understand it. This statement outlines our approach to Data Protection to fulfil our obligations under the General Data Protection Regulation (GDPR).
Who we are

We are Enable Ireland Disability Services, a Company Limited by Guarantee registered under company number 13909 with a registered address at 32F Rosemount Park Drive, Rosemount Business Park, Ballycoolin Road, Dublin 11, Ireland.

We are a partly state funded charitable organisation which provides services to children and adults with physical, sensory and intellectual disabilities in 14 counties across Ireland. We process personal data and special category personal data about people to carry out this core work. We are also engaged in training, research, fundraising, direct marketing, office administration, finance and HR administration including payroll and recruitment. We manage relationships with volunteers, contractors and authorities such as the HSE.

For the purpose of the GDPR the data controller is Enable Ireland Disability Services Company Limited by Guarantee (“Enable Ireland”).

What Personal Information do we collect from you

Enable Ireland processes personal data about service users and their carers/family members/representatives, perspective volunteers, donors, advocates, supporters, contractors, suppliers and individuals in sponsor companies or partner organisations job applicants or former employees. Enable Ireland does not engage in profiling or automated decision making. Enable Ireland processes different types of personal data and special category personal data depending on how and why you are interacting with us.

Purpose Categories of data processed
Health & Social care services when attending our services centres located across Ireland Health data (referral letter from a third party, medical records and assessments, diagnosis, medical/physical history and medication details, hospital details, physician/healthcare professionals details), contact names and initials, addresses, telephone numbers, email, date of birth, country of birth, gender, next of kin contact details and relationship to service user, photographs, videos, attendance records, healthcare professional reports and update reports for carers/guardians, medical card numbers, social preferences, dietary, social, sleep and spiritual needs, assistive technology needs and personal care needs, funding applications.
Communications Contact names, addresses, telephone numbers, email, social media identifiers, photographs, videos, stories and health data, completing forms on www.enableireland.ie (our site) such as the contact us form or when subscribing to receive our Newsletter
Training & research Contact names, addresses, telephone numbers, email, assignments, training records, health data.
Office Administration & Finance Management Contact names, contact details, tax identifiers (e.g. VAT number for service providers), bank details, legal claims, timesheets and payment data, data associated with accounts receivable or accounts payable.
Direct Marketing & Fundraising Contact names, contact details, PPSN for donors, bank details, health data, photographs, stories, video or audio footage, service region and additional contact names and addresses.
Donations Contact name and address; email address; credit/debit card details; PayPal details; bank account details/direct debit mandate form; age group; tax payer status and PPSN number (where you wish to avail of tax relief in respect of your donation)
Human Resources Management Application form, references, CVs (employment history and education), Garda/Police vetting declarations, professional qualifications.
Wellbeing, Safety & Security Occupational health data, accident & incident reports, safeguarding/ risk assessment information, location data and CCTV recordings.
Website management Google Analytics data including IP addresses (see cookie policy).
Where do we get this information from

We obtain personal data about you when:

  • you apply for a work position in Enable Ireland;
  • you or your parent/guardian/ carer contact us to request you become a service user. If someone gives us information about you, we may add it to any personal information we already hold and use it in the ways described in this Notice. Before you disclose information to us about another person, you should be sure that you have their consent to do so. You should also show them this Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Protection Notice;
  • a health or social care professional shares data with us by way of a referral;
  • you contact us to become a volunteer, donor, course participant or advocate;
  • we complete a business transaction with you as a supplier of products / services, or as a customer of our shops.

We may have your personal data because your company or organisation has entered into a partnership with Enable Ireland. In limited circumstances data is publicly available and there would be a reasonable expectation that an organisation such as Enable Ireland would process it, for example, you are a journalist, medical expert, academic, politician, business leader or celebrity.

Why do we collect this information

We collect the information in order to provide you with our services, to market our services, to fundraise, to improve our organisation and to recruit staff and volunteers. We will use this information:

  • To carry out our obligations arising from any agreements entered into between you and us e.g. to provide you with our disability services where you are a service user;
  • To communicate with you as part of our relationship with you or as per our agreement with you;
  • To carry out fundraising and marketing activity which is vital to the survival of our organisation;
  • To set you or your company up as a supplier on our systems and to pay you for products/services provided to us;
  • To liaise with you about projects that we are undertaking with you;
  • To create a candidate profile for you if you are a job applicant;
  • To administer and improve our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • As part of our efforts to keep our site safe and secure;
  • To deliver information about our services and our organisation, where you have subscribed to receive same;

The legal bases for the processing of your data are:

  • Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  • Processing necessary for compliance with a legal obligation to which we are subject, for example, providing information to HIQA or HSE;
  • Processing necessary in order to protect the vital interests of you or of another natural person;
  • That you have provided consent for the processing for one or more specified purposes such as marketing, for example, when you subscribe to our newsletter or opt to receive information from us in respect of our organisation;
  • Processing necessary for the purposes of the legitimate interests which we pursue for example by providing you with quotes and proposals about our services prior to contract.

The legal basis for the processing of your Special Category Personal Data (i.e. your medical/health data) are:

  • The processing is necessary for the provision of health care, treatment or social care and for the purposes of medical diagnosis;
  • The processing is necessary in order to protect your vital interests or that of another person where you are physically or legally incapable of giving consent
Who do we share this information with

We may share your personal data and where necessary, Special Categories of Personal Data, with selected third parties as listed below* including suppliers and contractors in order to provide you with our services. For example, these suppliers may include our web hosting provider and our IT service providers.

In addition, we may disclose your personal information (including Special Categories of Personal Data) to third parties:

  • Which are part of the Progressing Disability Services (‘PDS’) framework. As part of this arrangement Enable Ireland has formed partnerships with a number of other service providers with the aim of improving access to disability services across Ireland;
  • If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our clients/customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • As part of a project with other companies in the Enable Ireland group of companies.
  • Where solicitors or your elected power of attorney have your written authorisation to be provided with the personal data we hold about you
*we reserve the right to update the list as the need arises.

 

 

Third party name Description of services provided
Other companies in the Enable Ireland Group i.e. Enable Ireland Retail and Fundraising CLG In order to operate our organisation effectively.
PDS Partner Organisations;
  • Health Service Executive;
  • St. Michael’s House;
  • St. John of God;
  • Stewarts;
  • Central Remedial Clinic;
  • NCBI;
  • KARE;
  • Muiriosa Foundation;
  • St. Catherine’s;
  • St. Paul’s;
  • St. Joseph’s for visually impaired;
  • Daughters of Charity;
  • DeafHear;
  • St. Joseph’s foundation Charleville;
  • COPE;
  • Brothers of Charity;
  • Coaction;
  • CAMHS
  • St. Gabriel’s;
  • Western Care;
  • Ability West;
  • Cheshire St. Lawrence.
Provision of health care and services to service users under the PDS Partnership arrangement.
HIQA Legal obligation to disclose certain information
TUSLA/HSE safeguarding Legal obligation to disclose certain information
Irish Wheelchair association Provision of health care and services to service users
Nursing agencies Provision of health care and services to service users
IT/software Providers  
Microsoft office 365 Cloud service providers
InterXion IT data centre provider
Evros Technology IT service provider
Monread CRM Goldmine CRM Software Provider
Private Health Insurers Payment for service user claims
Progress CRM Fundraising management software provider
Poppulo Email marketing service provider
C3 Marketing Marketing services
DEFT Payment Systems Software for processing donation payments
Realex Payments Software for processing online credit/debit card donation payments
Other  
CCTV providers Provision of CCTV equipment and services
Aviva Pension scheme providers
Law firms Legal services
AIB Banking services
Independent Financial Advisory Trust Pension Administrator
Independent Trustee Company Limited Pension trustee service
Friends First Income continuance and insurance services
RSM Ireland Audit and accounting services
Revenue Commissioners Legal obligation to disclose certain information
Cognate Healthcare Pre-employment medicals/ occupational health assessments
An Gardaí Siochána Law enforcement
Miscellaneous photographers, venues corporate partners, trade unions, professional bodies For operational purposes in connection with fundraising events, payment of subscription fees,
How long do we keep your Information

Enable Ireland keeps personal data and special category personal data for a range of periods. Our current retention periods are based on:

  • Statutory obligations;
  • Contractual obligations;
  • Quality assurance / best practice obligations set by state entities or regulatory bodies in particular the HSE Policy 2013 on Retention of Records available at: https://www.hse.ie/eng/services/list/3/acutehospitals/hospitals/ulh/staff/resources/pppgs/rm/recret2013.pdf
  • Our view that retention is necessary for the original purpose or a compatible purpose
  • On a case by case basis, records may be retained for longer where they are required for actual or potential legal actions or the management or mitigation of operational or strategic risks to Enable Ireland. Where records are subject to this kind of review the ongoing retention will be assessed annually.
Do we Transfer your information outside the European Union or European Economic Area

Your information is stored on secure systems within Enable Ireland premises and with providers of secure information storage. We may transfer or allow the transfer of information about you and your services with us to our service providers located outside the European Economic Area (EEA), but only if they agree to act solely on our instructions and protect your information to the same standard that applies in the EEA.

What are your Rights

You have the following rights:

  • The right to access the personal data we hold about you. Under the GDPR, we are obliged to respond to your access request without undue delay. In most instances, we will respond within 30 Days. If we are unable to deal with your request fully within 30 Days (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise. Please complete the access request form available at: INSERT URL or by requesting it from the Data Protection Officer. We reserve the right not to have to respond to access requests that are excessive or manifestly unfound.
  • The right to require us to rectify any inaccurate personal data about you without undue delay.
  • The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
  • The right to object to us processing personal data about you such as processing for profiling or direct marketing.
  • The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
  • The right to request a restriction of the processing of your personal data.
  • Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
  • You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commissioner. The website is www.dataprotection.ie. A form called “raise a concern” is available on their website in this regard.

You may exercise any of the above rights by contacting the DPO of Enable Ireland at dpo@enableireland.ie or writing to Data Protection Officer, Enable Ireland, Quinn’s Cross, Limerick V94DF89

Implications of not providing personal data

Sharing personal Information with us is in both your interest and ours. We need your information in order to:

  • Provide our services to you and fulfil our contract with you.
  • Manage our business for our legitimate interests.
  • Comply with our legal obligations.

Of course, you can choose not to share information, but doing so may limit the services we are able to provide to you:

  • We may not be able to provide you with certain services that you request.
  • We may not be able to continue to provide you with or renew existing services.
  • We may not be able to assess your suitability for a service, or, where relevant, give you a recommendation to provide you with a service.
  • When we request information, we will tell you if providing it is a contractual requirement or not, and whether or not we need it to comply with our legal obligations.
How to contact our DPO

If you have any questions about how your personal data is gathered, stored, shared or used, or if you wish to exercise any of your data rights, please contact our Data Protection Officer at:

By Email: dpo@enableireland.ie

By phone:061-301830

By postal Address: Data Protection Officer, Enable Ireland, Quinn’s Cross, Limerick V94DF89