Privacy Policy
Who are we?
The Alzheimer Society of Ireland is a company limited by guarantee and a registered charity in the Republic of Ireland (CHY 7868).
What do we do?
The Alzheimer Society of Ireland (ASI) works within communities across the country providing dementia specific supports such as day care, home care, respite, social clubs, dementia advisors and a national helpline. The ASI also advocates for the rights and needs of all people living with dementia and their carers or families. We process personal data and special category personal data about people to carry out this core work. We are also engaged in training, research, fundraising, direct marketing, office administration, finance, HR administration including payroll and recruitment. We manage relationships with volunteers, contractors and authorities such as the HSE.
Who do we process data about?
ASI processes personal data about employees, service users and their carers/family members/representatives, volunteers, donors, advocates, supporters, contractors, suppliers and employees in sponsor companies or partner organisations. ASI does not engage in profiling or automated decision making.
What kind of data is processed by us?
Health & Social care provision
Health data, contact names, addresses, telephone numbers, email, photographs, attendance records, CE scheme data and update reports for carers.
Advocacy & Communications
Contact names, addresses, telephone numbers, email, social media identifiers, photographs, videos and health data.
Training
Contact names, addresses, email, assignments, training records, health data.
Research
Contact names, addresses, telephone numbers, email, health data.
Office Administration & Finance
Contact names, contact details, tax identifiers (e.g. PPSN for employees / VAT number for service providers), bank details, legal claims, timesheets, data associated with accounts receivable or accounts payable.
Direct Marketing & Fundraising
Contact names, contact details, PPSN for donors, bank details, health data.
Human Resources
Contact names, contact details, PPSN for employees, attendance/leave records, staff ID numbers, bank details, training records, references, CVs, Garda vetting declarations, sick certificates and occupational health data.
Safety & Security
Occupational health data, accident & incident reports, safeguarding information, location data and CCTV recordings.
Website management
Google Analytics data including IP addresses (see cookie policy), contact names, contact details and bank details if purchase made through online shop.
Where did we get your data from?
We get data about you when: you apply for a position or come to work for ASI; you or your carer contact us to request you become a service user; a health or social care professional shares data with us by way of a referral; when you contact us to become a volunteer, donor, course participant or advocate; when we complete a business transaction with you as a supplier of products / services, or as a customer of our online shop. We may have your personal data because your company or organisation has entered into a partnership with ASI. In limited circumstances data is publicly available and there would be a reasonable expectation that an organisation such as ASI would process it, for example, you are a journalist, medical expert, academic, politician, business leader or celebrity.
What are our grounds for processing?
In each instance that ASI processes your personal data and/or special category personal data it is reliant on one of the following legal grounds depending upon how or why you are interacting with us.
Health & Social care provision
Legitimate interests
It is in the interests of ASI to efficiently and effectively manage our day-care, home-care, respite, dementia advisors, social clubs and helpline services for service users or carers and ensure compliance with duties of care and other obligations.
Provision of health and social care
Association / Not-for-profit organisation
Advocacy & Communications
Legitimate interests
It is in the interests of ASI to promote the human rights and philosophical message of the charity across various media, through lobbying to secure change or developing partnership relationships.
Consent (can be withdrawn at any time) Association / Not-for-profit organisation Data made public by the individual
Training
Legitimate interests
It is in the interests of ASI to efficiently and effectively provide suitable training courses for our staff and for carers and family members of people with dementia.
Necessary for execution of a contract
Association / Not-for-profit organisation
Research
Consent (can be withdrawn at any time)
Legitimate interests
It is in the interests of ASI to conduct research among our own service users in order to formulate evidence based policies. It is in the interests of ASI to collaborate with select external academic researchers, although participant data is not shared with ASI.
Association / Not-for-profit organisation
Office Administration & Finance
Legitimate interests
It is in the interests of the ASI to process information for general administration and compliance with accounting or revenue requirements.
Statutory obligation
Necessary for execution of a contract
Field of employment law and social security legislation
Defence of legal claims
Human Resources
Necessary for execution of a contract
Statutory obligation
Defence of legal claims
Website management
Consent (can be withdrawn at any time)
Statutory obligation
Necessary for execution of a contract
How long do we retain your data?
ASI keeps personal data and special category personal data for a range of periods. Our current retention periods are based on:
- Statutory obligations;
- Contractual obligations;
- Quality assurance / best practice obligations set by state entities or regulatory bodies;
- Our view that retention is necessary for the original purpose or a compatible purpose
- For reasonable periods after the conclusion of engagements for quality assurance and risk management purposes.
On a case by case basis, records may be retained for longer where they are required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of review the ongoing retention will be assessed annually.
Where do we keep your data?
Service providers contracted by ASI hold personal data in digital form in secure data centres inside the EU/EEA. We also utilise third party services which necessitate the transfer of personal data to, for example; the U.S. relying on Standard Contractual Clauses when we use social media platforms such as facebook.com; the U.S. relying on the Privacy Shield agreement when utilising portals such as everydayhero.com; or Canada relying on the country’s adequacy status with respect to benevity.com. We continue to monitor the legality of such transfers. Hard copy data is stored in locked cabinets and secure rooms.
Do we share your data?
In the context of service provision, we may share your data with a health or social care professional or a relevant facility in order for you to receive the best standard of care. We may be legally obliged to share your data with state entities, e.g. for employment or financial compliance. Relevant categories of recipients include the tax authorities, health authorities, law enforcement and regulatory bodies. We also interface with third party service providers that can access your personal data. These situations are managed by data processor agreements containing contractual safeguards for individuals.
What are your rights?
Individuals have rights over their personal data under EU and Irish Data Protection law. These rights are not absolute and qualifications or restrictions can apply. In summary your rights are: Right to be informed; Right of access; Right to rectification; Right to be forgotten / erasure; Right to restrict processing; Right to object; Right not to be subject to automated decision making and/or profiling; Right to portability. If you believe your data privacy rights have been infringed you have the right to make a complaint to the Office of the Data Protection Commissioner info@dataprotection.ie or to seek compensation through the courts.
How can you contact our Data Protection Officer?
Address: DPO, The Alzheimer Society of Ireland, National Office, Temple Road, Blackrock, Co. Dublin.
Email: dataprotection@alzheimer.ie