Due to measures taken in response to COVID-19 (coronavirus) and limited capabilities in the continued provision of health and social care services, unavoidable delays may arise responding to requests from individuals exercising their Data Subject Rights or responding to Freedom of Information requests. We will endeavour to respond to a request in full and keep the lines of communication open with individuals concerned during these extraordinary circumstances.
WHO ARE WE?
We are the Central Remedial Clinic (“the CRC”) a company limited by guarantee at registered company address Penny Ansley Memorial Building, Vernon Avenue, Clontarf, Dublin 3 under company number 14880. We are a registered charity under number 4998 and a Section 38 Agency under the Health Act 2004. We operate a number of centres in Ireland including in Waterford, Limerick and in areas around Dublin as well as outreach clinics throughout the country.
We are a representative organisation and service provider for people with disabilities.
This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Acts 1988 and 2018 (the DPA) and General Data Protection Regulation (the GDPR):
- the data controller is the CRC as an employer, as a service provider, as a fundraiser and where dealing with suppliers.
Our Data Protection Officer (“DPO”) may be contacted at the below address:
Data Protection Officer, CRC, Penny Ansley Building, Vernon Avenue, Clontarf, D03 R973
WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU?
You may give us personal data or special category data by:
- Engaging the CRC’s services. Services Users supply us with information which may include their contact details; next of kin or relatives or carers contact information; email; business address; telephone number and health related data. In some circumstances, Service Users may disclose health data relating to their relatives.
- Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our website or our services.
- Filling in forms on www.crc.ie (our website) such as the contact us form.
- Donating to our organisation by phone, email or via our online donations page.
- Correspondence in relation to fundraising activities and events.
- Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application.
- Using our facilities. CCTVs are used in our facilities to ensure the security of our assets, service users, staff and volunteers.
WHAT INFORMATION ABOUT YOU DO WE OBTAIN FROM OTHERS?
When you use our services, we may obtain the following categories of personal data from others in order to ensure we have all of the necessary information to be enable us to provide you with the highest standard of care and support that you require:
- We receive client data including clinical information as referrals from Health Care Practitioners (HCP);
- The HSE;
- Data such as pre-employment checks and health and character information may be sought from previous employers, clinicians
WHY DO WE COLLECT THIS INFORMATION?
We collect the information in order to provide you with our services, to market our services including training courses and conferences, to communicate with you about fundraising, to improve our website and to recruit staff.
We will use this information:
- To set you up as a Service User on our systems;
- To provide you with our services and communicate with you about appointments.
- To conduct quality assurance processes
- For risk and claims management processes
- To identify service user’s experience and satisfaction with our services to allow us to improve and develop those services
- For staff education and training
- To carry out internal clinical auditsDonors:
- To deliver information to you about our services and events, where you have subscribed to receive same; your preferences can be updated at any stage.
- To process your donation
- To comply with statutory obligationsCandidates:
- To create a candidate profile for you if you are a prospective employee or volunteer;
- To process employment applications, including by assessing qualifications, verifying information, conducting reference or other employment-related checks, and notifying you of future opportunities that might be of interest to you.
- Website users:
- To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep our website safe and secure;
- To make suggestions and recommendations to you and other users of our website about services that may interest you or them.
- The legal bases for the processing of your data are:
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
- That you have provided consent for the processing for one of more specified purposes such as marketing for example when you fill out consent to receiving marketing material;
- Processing necessary for compliance with a legal obligation to which we are subject
- The legal bases for the processing of your special category data or sensitive data (for example medical data) are:
- Processing necessary to provide you with health and social care services;
- Processing necessary to protect your vital interests;
- Processing necessary for the establishment, exercise or defence of legal claims;
- Processing necessary for compliance with a legal obligation to which we are subject;
- Processing necessary for reasons of public interest in the area of public health;
- Processing necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
WHO DO WE SHARE THIS INFORMATION WITH?
We may share your personal data with our selected business associates, government bodies, suppliers and contractors to provide you with our services. For example, these partners may include our web hosting provider and our IT service providers.
In addition, we may disclose your personal information to third parties:
- If we, or substantially all of our assets are acquired by a third party, in which case information held by us about our customers will be one of the transferred assets;
DISCLOSURE OF YOUR INFORMATION
We may also share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- We attach at Schedule 1 a list of all entities with whom your personal data is shared.
HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
DO WE TRANSFER YOUR INFORMATION OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA?
WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have the following rights:
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
- The right to object to us processing personal data about you such as processing for profiling or direct marketing.
- The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
- The right to request a restriction of the processing of your personal data.
- Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.You may exercise any of the above rights by contacting our DPO at the below address.You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie.
WHAT WILL HAPPEN IF WE CHANGE OUR PRIVACY NOTICE?
This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 2nd July 2018.
HOW CAN YOU CONTACT US?
Our Data Protection Officer can be contacted by
Address: Data Protection Officer, CRC, Penny Ansley Building, Vernon Avenue, Clontarf, D03 R973