Fair Processing Notice for Operations (National Helpline)
Data Protection – Fair Processing Notice – Operations (National Helpline)
Who are we? The Alzheimer Society of Ireland is a company limited by guarantee and a registered charity in the Republic of Ireland (CHY 7868).
What do we do? The Alzheimer Society of Ireland (ASI) works within communities across the country, providing dementia-related services such as daycare, home care, respite, dementia advisors, support groups, social clubs and a national helpline. We process personal data (identifying information) and special category personal data (more sensitive data such as health information) to carry out this work.
Who do we process data about? ASI processes data about service users, their carers/family members/representatives or members of the public in order to provide information on health and social care services.
What kind of data is processed by us? ASI processes personal data and special category personal data for the purpose of providing information on health and social care services. We will process all or some of the following data to cater for your needs: Contact name, address, telephone number, email, health data, details
of carer/family member/representative, life stories. The ASI national helpline does not record calls. Recorded messages requesting a call back are deleted on receipt and not stored further.
Where did we get your data from? We collect data when you or your carer, family member, or representative contact the ASI national helpline via phone, email, or live chat to request information on services available or to ask for advice. The helpline and live chat can be used anonymously, in so far as the helpline
staff will not collect or store your name or other details if you prefer not to provide them. However, the live chat system may automatically record your IP address.
How do we process your data legally? In order to provide health and social care services:
- ASI processes personal data on the legal basis of legitimate interests. (Article 6.1.f GDPR) It is within the legitimate interests pursued by ASI to efficiently and effectively manage our provision of health and social care for service users and their carers/family members/representatives while ensuring compliance with duties of care and other obligations.
- ASI processes personal data on the legal basis of a statutory obligation to which the data controller is subject. (Article 6.1.c GDPR)
- ASI processes personal data or special category personal data on the legal basis of protecting the vital interests of the data subject or another natural person when that person is physically or legally incapable of giving consent. (Articles 6.1.d & 9.2.c GDPR) This occurs when personal data and special category personal data relates to a service user or any other relevant individual.
- ASI processes special category personal data on the legal basis of the provision of health and social care. (Article 9.2.h GDPR) This occurs when the special category personal data relates to a service user or a potential service user.
- ASI processes special category personal data on the legal basis of association / not-for-profit organisation. (Article 9.2.d GDPR) This occurs when the special category personal data relates to someone other than the service user, e.g. a carer, family member or representative who has regular contact with ASI. This data is not shared outside the charity without the individual’s consent.
How long do we retain your data? ASI, as a wider organisation, retains personal data and special category personal data for a range of periods in accordance with the ASI retention schedule before being securely destroyed. On a case by case basis, records may be retained for longer where they are required for legal reasons or for the management or mitigation of operational or strategic risks to the organisation. In rare instances, where records are subject to this kind of review, the ongoing retention will be assessed bi-annually.
Where do we keep your data? Service providers contracted by ASI hold personal data in digital form in secure data centres inside the EU/EEA. The ASI IT Security and Usage policy details the internal security provisions in place. Hard copy data is stored in locked cabinets and secure rooms.
Do we share your data? The ASI national helpline does not share your data with any other department of the charity. Neither do we share your data with any external health or social care professionals unless you specifically request it. However, legal obligations may dictate that in certain situations, ASI must share your data with state entities e.g. law enforcement or regulatory bodies. We will always prioritise your privacy by offering pseudonymised or anonymised data if we believe this should be sufficient. ASI interface with
third party service providers that can access your personal data. These situations are managed by data processor agreements which contain clear contractual safeguards for individuals and their data. Finally, it should be noted that our staff and helpline volunteers are trained to respond in an emergency. Therefore, ethical reasons may dictate that your personal data will be shared if there is a reasonable assessment that you are in
danger, and to ensure your safety.
What are your rights? Individuals have rights over their personal data under EU and Irish Data Protection law. These rights are not absolute and qualifications or restrictions can apply. In summary your rights are: Right to be informed; Right of access; Right to rectification; Right to be forgotten/erasure; Right to restrict processing; Right to object; Right not to be subject to automated decision making and/or profiling; Right to portability. You also have the right to make a complaint to Data Protection Commission: +353 1 765 0100 / 1800 437 737; [email protected] or you have the right to seek compensation through the courts.
How can you contact the ASI Data Protection Officer? Address: DPO, The Alzheimer Society of Ireland, National Office, Temple Road, Blackrock, Co. Dublin. Email: [email protected]