The Sophie Barat Residence endeavours to comply with the General Data Protection Regulation, Data Protection Act 2018 and data protection best practices.
We process personal data provided to us by individuals, whether it be provided in person, through our website (www.sophiebaratresidence.ie), any mobile/app service or any form, correspondence, telephone, email, or by any other means, in the manner set out in this policy.
Information collected by us
The information about you that we may collect, use and store (process) includes:
- Information necessary for the provision of services to you of which such data may include name, address, email address, contact details, etc.
- Information necessary in order to facilitate, process, invoice or collect monies related to any agreed business transaction with the The Sophie Barat Residence (of which such data may include name, address, contact details, billing details, etc.).
- Information you provide to us by filling out any forms on the website or by way of emailing us or by any other form of written communication.
- Records of correspondences whether by email, telephone, through any form on our website or by any other means,
- Information you provide to us in person,
- Details of any enquiry, request for service or residency, business, commercial or trade transactions you carry out with us, whether through email, the website, telephone, or by any other means.
- If requested by you, details of any ‘reasonable accommodation’ required and or data relating to health and or mobility issues that you volunteer so we can provide ‘reasonable accommodation’ to you under the Equality Acts and or Employment Equality Acts.
We do not process any special categories of personal data except for when we have to comply with ‘reasonable accommodation’ under equality legislation or in the case of an emergency (e.g. in the event of an medical emergency).
We do we process any children’s personal data.
How we use your personal information
We only use your personal information in furtherance of our business relationship but, in accordance with good data protection practices, we identify that we process personal for the following specific purposes:
- Processing any enquiry requested by you;
- Entering into and or completing any residency, sales, commercial or business-related requests or transactions requested by you;
- Complying with any contractual obligations that we may enter with you;
- Setting up, operating and managing any account or line of credit, if applicable;
- Setting up, operating and managing any fundraising, marketing and or advertising services subject to your explicit consent (please see Fundraising, Marketing & Advertising below);
- Complying with our legal duties and responsibilities;
- Debt collection and the collection of outstanding monies;
- Protecting our vital interests under the circumstances.
- Protecting our legitimate interests under the circumstances.
All data processed will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once is it no longer necessary in accordance with our data retention policy. Our standard data retention period is seven years.
We have a reduced data retention period for specified documents that is internal to our organisation, e.g. the CVs of unsuccessful job applicants are held by the company for six months and are then deleted or destroyed in a secure manner.
Automated Decision Making
The Sophie Barat Residence does not engage in any automated decision-making processes nor do we use any personal data as a basis for any such automated decisions.
Data Sharing & Transfers of Data
The Sophie Barat Residence may outsource certain business activities (e.g. book-keeping, legal advice, IT support, etc.) to third parties.
If we share personal data in our capacity as a data controller then we will have in place a proper data processing agreement with the data processor (e.g. lawyers, accountants, etc.) to ensure ongoing compliance with GDPR and the Data Protection Act 2018.
We may also have to disclose certain personal data to the data controller in order to ensure the data controller complies with a legal obligation (e.g. court order, vulnerable adult or child protection concerns, etc.).
We may also have to disclose certain personal data in accordance with any legal obligation imposed on us. Any such disclosure would be in accordance with the law, e.g. disclosed on foot of a court order, vulnerable adult or child protection concerns, etc.
The Sophie Barat Residence may transfer personal data to the following locations:
- Within the EU
We engage with EU based third-party contractors for the provision of some of our services or business activities (e.g. book-keeping, legal advice, etc.). These third-party contractors are primarily based in Ireland but we may use other EU based service providers.
In the event that we use any EU based service providers then we use the Data Protection Commission’s One Stop Shop Mechanism that permits inter-EU data transfers and have identified the Irish Data Protection Commission as the proper supervisory authority for all data protection matters.
2 Outside of the EU
In our capacity as data controller, we may outsource certain business activities to businesses outside the EU and in particular to the United States. In such cases we ensure that GDPR protections still apply to all data by various mechanisms as identified under Chapter 5 of GDPR, including but not limited to, EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions. As such, your rights under GDPR are maintained and your personal data remains secure.
For more information about international transfers of data, the One Stop Shop Mechanism, EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses and Adequacy Decisions, please visit the Irish Data Protection Commission’s website at www.dataprotection.ie.
Data Processing Agreements
We have appropriate data processing agreements and or terms of business in place where we engage with a data processor in our capacity as a data controller.
For more information on appropriate data processing agreements, please visit the Data Protection Commission’s website at www.dataprotection.ie.
Fundraising, Marketing & Advertising
We may, from time-to-time, engage in fundraising, marketing and or advertising campaigns, and we may use promotional emails, text messages and or phone calls to people who have consented to being contacted for fundraising, marketing and advertising purposes.
In terms of data processing, subject to your explicit consent, we may use your personal information for the purpose of:
- Fundraising, marketing and advertising promotions;
- Providing you with information about our facilities and services;
- Carrying out any resident, potential resident, service user, membership or volunteer research, survey and analysis;
- Commercial activities, including brand or event awareness, participation and product or service launches (e.g. a book launch, etc.);
At times, we may host or organise events in which data subjects may interact with us face-to-face, e.g. at trade shows, talks, presentations, etc. In such cases, we may verbally ask if you consent to your data being processed for marking and advertising purposes subject to this policy. We may also announce that photographs may be taken for social medical purposes but please refer to the social media section below.
We may use Mailchimp for our email marketing who are GDPR compliant by way of an EU-US Privacy Shield and Standard Contractual Clauses.
Please note if you do not consent to your email being used for fundraising or marketing purposes then we do not contact you by email for marketing or advertising purposes and the privacy shield stated here is not applicable. For more information on the Privacy Shield and Standard Contractual Clauses please see the Data Protection Commission’s website www.dataprotection.ie and Mailchimp at https://mailchimp.com/help/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr/
We are committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing processes; you will only ever have the option of ‘opting in’ if you’d like to be included. We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed. You are free to withdraw consent for any marketing matters at any time you want.
The Sophie Barat Residence engages in a number of social media services and we strive to uphold privacy rights online.
Whilst engaging with social media, sometimes members of the public or service users may post something objectionable and beyond our control to our social media pages/forums. In such cases, we will act to rectify any difficulties as soon as we are notified or become aware of the problem. We do not provide a continuous monitoring of social media sites/forums so there may be a delay from the initial post to when become aware of a problem.
We may hold fundraising, marketing and fundraising events in which residents, potential residents, service users, clients, visitors, third-party contractors, employees or members of the public may be present. Sometimes we may wish to take a photograph at such events to promote our brand or event on social media. In such cases, it is our policy for our photographer/social media handler to announce their presence and provide additional instructions and assistance. However, we do not have any control over private individuals or their personal social media accounts, as such we cannot stop or prevent private individuals from posting materials to their own personal social media accounts that others may find objectionable.
We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, where applicable, to include two-step authentication, and, where applicable, any physical data records will be kept in an appropriately secure environment with physical locks and restricted access.
We have a general data retention policy that relates to the retention of relevant data for seven years but we identify specific categories of personal data that are retained for lesser periods. Personal data that is no longer required will be destroyed and or deleted in secure manner.
We do not record or process personal data that is not required or not necessary for any of our stated purposes.
Requesting your data
Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.
If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:
Sophie Barat Residence
The Old Farm
Lower Kilmacud Road
Or by email to firstname.lastname@example.org
In order to process your request, we may request that you send us a copy of your identification (passport, driver’s licence, etc.). The reason we ask for personal identification is to ensure that you are the correct person making the request for your personal data.
Unfortunately, verbal access requests cannot be entertained.
In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you notify us first of any issue so that we may help resolve it as quickly as possible.
You have the right to rectify any incorrect or inaccurate personal data at no cost to you.
If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above address or email email@example.com.
Queries or complaints
Individuals have the right to refer any matter to the Data Protection Commission by contacting them at www.dataprotection.ie or by writing to:
Data Protection Commission
Office of the Data Protection Commission
21 Fitzwilliam Square South
If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.
Copyright retained by Argent Business Consultants and used with licence by Sophie Barat Residence