Purpose: The Irish Heart Foundation (IHF) (Charities Regulator Registered Number: 20008376 | Charity No: 5507) with registered Head Office at 17-19 Lower Rathmines Road, Dublin, D06 C780 is committed to compliance with the GDPR, effective May 25th 2018 in order to protect the rights of the Data Subject.
This policy explains our data processing practices in line with GDPR compliance and explains the rights of the web user regarding the ways in which their personal data is used.
Scope: Under REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) you have the right to:
• information about the processing of your personal data;
• obtain access to the personal data held about you;
• ask for incorrect, inaccurate or incomplete personal data to be corrected;
• request that personal data be erased when it’s no longer needed or if processing it is unlawful;
• object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
• request the restriction of the processing of your personal data in specific cases;
• receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
You can exercise these rights at any time by contacting us via email at firstname.lastname@example.org, in writing at: Annette Ryan, Data Protection Officer, Irish Heart Foundation, 17-19 Lower Rathmines Road, Dublin, D06 C780 or by phoning us on +353 1 668 5001. There is no fee for this service and in line with the GDPR we will respond to you within one calendar month of receipt of the request. You will be asked to verify your identity by reasonable and proportionate means.
You have the right to object to the processing of your data and the Irish Heart Foundation will respect that right but may need to continue to process your data where processing is necessary for the performance of a contract or for compliance with a legal obligation to which the IHF, as data controller, is subject.
Application of Policy:
Information we collect:
The Irish Heart Foundation collects details provided by you for the purposes of Fundraising, Health Promotion and awareness campaigns, information and training purposes, CPR training & accreditation, patient support service provision and to assist our public health lobbying initiatives.
Use of your information and your preferences:
We will use your contact details to communicate with you. We may use your information to send you news and latest updates about Irish Heart Foundation products, events and services in line with your contact preferences. We may contact you by post, email, telephone and SMS for these purposes as specified in your preferences on sign up.
Your information may be passed to and used by all Irish Heart Foundation departments in line with the purpose for which you agreed to receive information and may also be anonymised and used for statistical reporting purposes. If you discover that we hold inaccurate information about you, you have the right to ask for incorrect, inaccurate or incomplete personal data to be corrected.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
The information you provide to us is stored on secure servers.
We use Stripe, Braintree (PayPal) and Realex to process the payment of donations. These payment gateways are PCI compliant.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Subject Access Requests:
You have the right to obtain access to the personal data held about you. You may make this request by phone, by post or electronically and we will respond using the same channel by which you have made the request. We will respond to you within one calendar month. If this is your first request, no fee is required. You will be asked to provide proof of your identify so that we can ensure we are providing data to the natural person making the request.
If you have any requests concerning your personal information or any queries with regard to our processing, please contact our DPO, Annette Ryan, at email@example.com.
Review Date: 17 November 2021