Due to measures taken in response to COVID-19 (coronavirus) and limited capabilities in the continued provision of health and social care services, unavoidable delays may arise responding to requests from individuals exercising their Data Subject Rights or responding to Freedom of Information requests. We will endeavour to respond to a request in full and keep the lines of communication open with individuals concerned during these extraordinary circumstances.
Your privacy is important to us. In the Central Remedial Clinic (CRC), we respect your right to privacy, and we comply with our obligations under the relevant data protection legislation. The aim of this Privacy Notice is to explain how the CRC collects and uses personal data for the provision of our services and to outline individual’s rights as data subjects.
Everyone working within health and social care has a legal duty to keep service user information confidential. All medical information under Irish Data Protection Acts 2018 and GDPR (EU) 2016/679 is deemed a special category of personal data and as such we will endeavour to ensure your information is treated with the utmost respect and confidentiality.
We use your information to manage and deliver the services you require and to keep records about your health and any treatment or support you may receive from us. It is important for us to have a complete picture as this information enables us to provide the right care to meet your individual needs.
WHO WE ARE?
We are the Central Remedial Clinic (“the CRC”) a company limited by guarantee at registered company address Penny Ansley Memorial Building, Vernon Avenue, Clontarf, Dublin 3 under company number 14880. We are a registered charity under number 4998 and a Section 38 Agency under the Health Act 2004. We operate a number of centres in Ireland including in Waterford, Limerick and in areas around Dublin as well as outreach clinics throughout the country.
We are a representative organisation and service provider for people with disabilities. This privacy notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Our Data Protection Officer (“DPO”) may be contacted by email email@example.com or at the following address: Data Protection Officer, Central Remedial Clinic, Penny Ansley Building, Vernon Avenue, Clontarf, Dublin 3, D03 R973.
WHAT PERSONAL INFORMATION DO WE COLLECT?
For the purpose of the Data Protection Acts 2018 (the DPA) and General Data Protection Regulation (EU) 2016/679 (the GDPR): Central Remedial Clinic is a Data Controller as an employer, as a service provider, as a fundraiser and where dealing with suppliers.
We collect the following types of personal data from you:
- Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our website or our services;
- Filling in forms on www.crc.ie (our website) such as the contact us form;
- Donating to our organisation by phone, email or via our online donations page;
- Correspondence in relation to fundraising activities and events;
- Using our facilities. CCTVs are used in our facilities to ensure the security of our assets, service users, staff and volunteers;
- Applying to work with us. The type of information you may provide in your CV, a cover letter, your name and contact details. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose sensitive personal data (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application.
Special Category Personal Data (Sensitive personal data)
- Engaging the CRC’s services. Service Users supply us with information which may include their name, date of birth, contact details; next of kin or relatives or carers contact information; and health related data. In some circumstances, Service Users may disclose health data relating to their relatives.
When you use our services, we may obtain the following categories of personal data from others:
- We receive client data including clinical information as referrals from Health Care Practitioners (HCP);
- The HSE;
- Data such as pre-employment checks and health and character information may be sought from previous employers, clinicians.
WHY DO WE COLLECT THIS INFORMATION?
We collect the information in order to provide you with our services, to market our services including training courses and conferences, to communicate with you about fundraising, to improve our website and to recruit staff. We will use this information:
- To set you up as a Service User on our systems;
- To provide you with our services and communicate with you about appointments.
- To conduct quality assurance processes
- For risk and claims management processes
- To identify service user’s experience and satisfaction with our services to allow us to improve and develop those services
- For staff education and training
- To carry out internal clinical audits
- To deliver information to you about our services and events, where you have subscribed to receive same; your preferences can be updated at any stage.
- To process your donation
- To comply with statutory obligations
- To create a candidate profile for you if you are a prospective employee or volunteer;
- To process employment applications, including by assessing qualifications, verifying information, conducting reference or other employment-related checks, and notifying you of future opportunities that might be of interest to you.
- To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep our website safe and secure;
- To make suggestions and recommendations to you and other users of our website about services that may interest you or them.
WHAT IS THE LAWFUL BASIS FOR PROCESSING YOUR DATA?
- Processing necessary to provide you with health and social care services;
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
- That you have provided consent for the processing for one of more specified purposes such as marketing for example when you fill out consent to receiving marketing material;
- Processing necessary for compliance with a legal obligation to which we are subject.
Examples of processing sensitive data such as health related data:
- Processing necessary for reasons of public interest in the area of public health;
- Processing necessary to protect your vital interests;
- You have given CRC explicit consent to do so;
- Processing necessary for archiving purposes in the public interest or statistical purposes;
- Processing necessary for the purposes of carrying out the obligations and exercising specific rights of the CRC or of the data subject in the field of employment;
- Processing necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee;
- Processing necessary for the establishment, exercise or defence of legal claims.
WHERE DO WE STORE THIS INFORMATION?
Your data may be stored within electronic or paper records, or a combination of both. All our records have restricted access controls, so that only those individuals who have a need to know the information can get access. Your personal data is processed in our centres in Dublin, Waterford and Limerick. Hosting and storage of your data takes place in CRC Clontarf located in Dublin, Ireland.
WHO DO WE SHARE THIS INFORMATION WITH?
We may share your personal data with our selected business partners, government bodies, suppliers and sub-contractors for the performance of any contract we enter with them to provide you with our services. For example, these partners may include our web hosting provider and our IT service providers. Attached Schedule 1 is a list of all entities with whom your personal data is shared.
When using the services of any third party the CRC will ensure that the third party will provide suitable technical and organisational measures to protect the personal data as required by the applicable law.
In addition, we may disclose your personal information to third parties:
- If we, or substantially all of our assets are acquired by a third party, in which case information held by us about our customers will be one of the transferred assets;
Do we transfer your information outside the EU or EEA?
HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
We will retain your information for as long as necessary to provide you with services, and to comply with our legal and regulatory obligations as per CRC personal data retention schedule. After this period, your personal data will be irreversibly destroyed.
WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
Should you believe that any personal data we hold on you is incorrect or incomplete, you can request to see this information, rectify it or have it deleted. Please contact us and complete a request through CRC’s Data Subject Access Request form.
You have the following rights:
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
- The right to object to us processing personal data about you such as processing for profiling or direct marketing.
- The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
- The right to request a restriction of the processing of your personal data.
- Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
In the event that you wish to complain about how we have handled your personal data, see the contact information for CRC’s Data Protection Officer (DPO) below. CRC’s DPO will investigate your complaint and work with you to resolve the matter.
Address: Data Protection Officer, Central Remedial Clinic, Penny Ansley Building, Vernon Avenue, Clontarf, Dublin 3, D03 R973
You also have the right to make a complaint to the Data Protection Commission (DPC) by emailing firstname.lastname@example.org
WHAT WILL HAPPEN IF WE CHANGE OUR PRIVACY NOTICE?
This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 5th May 2020.