You will find some materials relating to GDPR at the bottom of this page under the heading ‘Data Protection Resources’.
The Alzheimer Society of Ireland (ASI) is a company limited by guarantee and a registered charity in the Republic of Ireland (CHY 7868).
ASI works within communities across the country providing dementia related services such as day care, home care, respite, social clubs, dementia advisers and a national helpline. The ASI also advocates for the rights and needs of all people living with dementia and their carers or families. We process personal data (identifying information) and special category personal data (more sensitive data such as health information) to carry out this work. We are also engaged in training, research, fundraising, direct marketing, office administration, finance, HR administration including payroll and recruitment. We manage relationships with corporate partners, contractors, a spectrum of volunteers involved with ASI to differing degrees, and liaise closely with the HSE as the main statutory funding authority.
ASI processes personal data about employees, service users and their carers/family members/representatives, volunteers, donors, advocates, supporters, contractors, suppliers and employees in sponsor companies or partner organisations. ASI does not engage in profiling or automated decision making.
ASI processes different types of personal data and special category personal data depending on how and why you are interacting with us.
Categories of data processed
|Health & Social care provision||Health data, contact names, addresses, telephone numbers, email, photographs, attendance records, and regular update reports for carers.|
|Advocacy & Communications||Contact names, addresses, telephone numbers, email, social media identifiers, photographs, videos and health data.|
|Training||Contact names, addresses, email, assignments, training records, health data.|
|Research||Contact names, addresses, telephone numbers, email, health data.|
|Office Administration & Finance||Contact names, contact details, tax identifiers (e.g. PPSN for employees / VAT number for service providers), bank details, legal claims, timesheets, data associated with accounts receivable or accounts payable.|
|Direct Marketing & Fundraising||Contact names, contact details, PPSN for donors, bank details, health data.|
|Human Resources||Contact names, contact details, PPSN for employees, CE scheme data, attendance/leave records, staff ID numbers, bank details, training records, references, CVs, Garda vetting information, medical certificates and occupational health data.|
|Safety & Security||Occupational health data, accident & incident reports, safeguarding information, location data and CCTV recordings.|
We receive data about you when: you apply for a position or come to work for ASI; you or your carer contact us to request you become a service user; a health or social care professional shares data with us by way of a referral; when you contact us to become a volunteer, donor, training course participant or advocate; when we complete a business transaction with you as a supplier of products/services; or as a customer of our online shop. We may have your personal data because your company or organisation has entered into a partnership with ASI. In limited circumstances data is publicly available and there would be a reasonable expectation that an organisation such as ASI would process it, for example, if you are a journalist, medical expert, academic, politician, business leader or celebrity.
In each instance that ASI processes your personal data and/or special category personal data it is reliant on one of the following legal grounds depending upon how or why you are interacting with us.
|Health & Social care provision||Legitimate interests
|Advocacy & Communications||Legitimate interests
Consent (can be withdrawn at any time)
Necessary for execution of a contract
|Research||Consent (can be withdrawn at any time)
Association / Not-for-profit organisation
|Office Administration & Finance||Legitimate interests
|Direct Marketing & Fundraising||Consent (can be withdrawn at any time)
|Human Resources||Necessary for execution of a contract
Field of employment law and social security legislation
|Safety & Security||Legitimate Interests
|Website management||Consent (can be withdrawn at any time)
Necessary for execution of a contract
ASI keeps personal data and special category personal data for a range of periods. Our retention schedule, which is reviewed annually, details our current policies which are based on:
- Statutory obligations;
- Contractual obligations;
- Quality assurance / best practice obligations set by state entities or regulatory bodies;
- Our view that retention is necessary for the original purpose or a compatible purpose;
- For reasonable periods after the conclusion of engagements for quality assurance and risk management purposes.
On a case by case basis, records may be retained for longer where they are required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of review the ongoing retention will be assessed annually.
Service providers contracted by ASI generally hold personal data in digital form in secure data centres inside the EU/EEA. The ASI IT Security and Usage policy also details the internal security provisions in place. We also utilise a number of third party services which necessitate the transfer of personal data to, for example; the U.S. by relying on Standard Contractual Clauses / Privacy Shield or Canada by relying on the country’s adequacy status. We continuingly monitor the legality of such cross border transfers. Hard copy data is stored in locked cabinets and secure rooms.
In the context of service provision, we may share your data with external health or social care professionals or a relevant medical facility in order for you to receive the best standard of care. We may be legally obliged to share your data with state entities, e.g. for employment or financial compliance. Relevant categories of recipients include the tax authorities, government departments, law enforcement and regulatory bodies. ASI receives HSE funding under Section 39 of the Health Act 2004 and as a result may be contractually obliged to share certain data. In relation to the above entities we will always prioritise your privacy by offering pseudonymised or anonymised data if we believe this should be sufficient. We also interface with third party service providers that can access your personal data. These situations are managed by data processor agreements which contain clear contractual safeguards. Finally, it should be noted that our staff are trained to respond in an emergency, or if they believe you could be in danger, and they will share your personal data in order to ensure your safety.
Individuals have rights over their personal data under EU and Irish Data Protection law. These rights are not absolute and qualifications or restrictions can apply. In summary your rights are: Right to be informed; Right of access; Right to rectification; Right to be forgotten / erasure; Right to restrict processing; Right to object; Right not to be subject to automated decision making and/or profiling; Right to portability. If you believe your data privacy rights have been infringed you have the right to make a complaint to the Data Protection Commission firstname.lastname@example.org or to seek compensation through the courts. ASI is committed to helping individuals exercise their rights.