Data Protection GDPR Policy
General Data Protection Regulation (GDPR) Policy
(Reviewed May 2018)
As a professional counselling & psychotherapy service, Let’s Get Talking regards the safeguarding of the privacy of clients, employees, volunteers and donors very seriously. This policy outlines the following:
- when and why we collect personal data about people
- how we use it
- the conditions under which we disclose it to others
- how we keep people’s information secure.
- how you can access the data we hold about you
- how you can have it updated or erased.
We are committed to protecting and respecting your privacy in compliance with the Data Protection Acts 1988 and 2003 (as amended), and GDPR. We will change this policy from time-to-time and the most up-to-date version will be on our website; please check to ensure that you are aware of any changes.
Any questions regarding this Statement and our privacy practices should be sent to our Head Office:
Phone: 0818 714 001
In writing to: Let’s Get Talking Head Office, Liosban House, Tuam Road, Galway.
How do we collect data from you? We may obtain data about you, for example; when you apply for employment, or for a volunteering opportunity, when you are referred or refer yourself for counselling and psychotherapy services, when your organisation contacts us to provide mental health workshops and if you donate to us online or through a fundraising event.
What type of data do we collect from you and how is it stored? The personal data we collect might include your name, address, email address, phone number. If you make a once-off or recurring donation online using your credit / debit card your card information is not retained by us; it is processed by a third party, iDonate, who specialise in secure capture and processing of donor card transactions.
Sensitive personal data is personal information relating to your religious or ethnic origin, religious or political opinions, sexual orientation, physical or mental health, trade union membership or criminal convictions. Employment/Volunteer Applications require us to
gather some sensitive personal data relating to criminal convictions for the purpose of Garda vetting. In order to provide counselling and/or psychotherapy to clients of the service, we are required to gather sensitive personal data as per GDPR Client Statement (See Appendices). Personal Data relating to clients of the service is held and disposed of securely as per GDPR Client Statement.
What do we do with your data? We may use your data to, for example:
- Process an employment/volunteering application.
- Process a once-off or recurring donation that you have made.
- Seek your views or comments on the services we provide / activities we undertake.
- Respond to your enquiries regarding the services we provide.
- Schedule your appointments with our service.
- Send you communications that may be of interest to you. These might include information about fundraising events or volunteering with Let’s Get Talking.
- Respond to an interest you have expressed in Let’s Get Talking providing your organisation with a Mental Health Workshops.
- Compile statistical reports. These statistics will not include any data that could be used to identify you or any individual.
We will store and use the personal data you submit to us in accordance with the Data Protection Acts 1988 and 2003 (as amended) and GDPR.
How long will we keep your personal data? We retain data for periods necessary to comply with legal obligations (e.g. tax compliance, garda vetting reports), and for the duration needed to manage relationships with existing and former supporters, clients, volunteers and employees.
Who has access to your data? We do not and will not sell or rent your data to any third-party organisation for marketing, fundraising or campaigning purposes. We may disclose student counsellor data to Counselling & Psychotherapy accrediting bodies (i.e. their training colleges and/or IACP/IAHIP/APCP/ACI). They are only permitted to use the data in accordance with the Data Protection Acts 1988 and 2003 (as amended) and GDPR. We will supply the minimum data necessary for them to conduct their auditing or accreditation remit. These bodies are only permitted to use the data in accordance with the Data Protection Acts 1988 and 2003 (as amended) and GDPR.
In general, as a counselling and/or psychotherapy client, your explicit permission will be sought in the rare situation that any personal data is disclosed to a third party. However, where we are legally or ethically or professionally obliged to report data to statutory bodies (for example by a court order or under Children’s First legislation), we will do so. We always look to do this in collaboration with you as our client, so that they are kept fully informed by us. Before, counselling and/or psychotherapy commences, we will outline possible scenarios where we may be mandated to report your data to a third party so that are you are fully informed prior to disclosing such information. Please be reassured that we will not release your data to third parties beyond Let’s Get Talking for them to use for their own direct marketing purposes, unless you request for us to release your data to a third party (e.g. for a employment reference). When you submit data using our secure online once-off donation pages, or when you sign up for a recurring donation using your credit / debit card, your donation is processed by third-party payment processors i-Donate, who specialise in the secure capture and processing of credit / debit card transactions. When you submit data using our secure online recurring donation pages on our website, we process your donation using the bank details you submit.
What are your Rights under GDPR? You have a right to choose whether or not you wish to receive information from us. If you do not want to receive communication from us about the work we do, then you simply need to inform us on firstname.lastname@example.org
We will not contact you by email, phone, text message or post if you have indicated that you do not wish to be contacted. You can inform us of your latest preferences at any time by contacting us by email: email@example.com
How can you access and update the data we hold about you? You have the right under the Data Protection Acts 1988 and 2003 (as amended) and GDPR to know what data we hold about you and to ask, in writing, to see your records, to amend your records or to have your records erased. In certain circumstances we will be legally unable to delete data entirely for statutory purposes such as tax and accounting legislation, but in such cases we will remove your data from any other processing activities. The accuracy of your data is important to us. If you change email address, or any of the other data we hold is inaccurate or out of date, please email on firstname.lastname@example.org
You have the right to ask for a copy of the data Let’s Get Talking holds about you. We will comply with your request within 30 calendar days of receipt. To receive a copy of the data Let’s Get Talking holds about you, please email on email@example.com or you can write Let’s Get Talking, Liosban House, Tuam Road, Galway.
You have the right to have the data Let’s Get Talking holds about you erased. We will comply with your request within 30 calendar days of receipt, in accordance with legislation. If you wish to have the data Let’s Get Talking holds about you erased, please contact us using the contact details above.
Let’s Get Talking is entitled to contract with you privately so that you waive these rights in the interest of the proper provision of services to you.
What security precautions are in place to protect the loss, misuse or alteration of your data? When you give us personal data, we take steps to ensure that it is secure. Any sensitive data received through our website (such as credit or debit card details or other banking data) is encrypted and protected with the following software: 128 Bit encryption on SSL. Non-sensitive details (your email address, etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your
personal data, we cannot guarantee the security of any data you transmit to us, and you do so at your own risk. Once we receive your data, we use technical and organisational precautions to prevent the loss, misuse or alteration of your personal data. The data which you provide to us will not be transferred to countries outside the European Union (EU).
How do we use data we gather for applications for employment/volunteering opportunities at Let’s Get Talking? When you apply for an employment or volunteering opportunity with Let’s Get Talking, we will collate your personal data to monitor the progression of your application and monitor the effectiveness of the recruitment process through the statistics collected. Where we need to share your information – such as gathering references, garda vetting and / or police clearance, you will be informed beforehand, unless the disclosure is required by law. These checks are only completed after a position has been offered to the successful candidate and with his/her permission. Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that particular vacancy. Applicants can ask us to remove their data before this time if they do not want us to hold it. Once a successful applicant has taken up an employment / volunteering position with Let’s Get Talking, we will compile a file relating to their tenure of employment / volunteering. The data contained in this will be kept secure and will only be used for purposes directly relevant to the position. Once you have left Let’s Get Talking, we will retain the file in accordance with the requirements of the law and our retention schedule and then delete it from our files.
Do we use ‘Cookies’? Like many other websites, Let’s Get Talking’s website uses ‘Cookies’, which are small pieces of data many websites send to your computer and stored on your hard drive to allow those websites to recognise you when you visit. They collect statistical data about your browsing actions and patterns. For example, they may store details that you submit on the site, such as your personal settings, your location, etc. Using cookies does not allow us to identify users personally; we will only store data that you have specifically given us permission for. Our website uses a small number of cookies to give us a better overall picture of how people interact with our website, and how we can improve our services to you. The data we gather through this process is completely anonymous, and visitors to the site cannot be identified. We use some tools on our pages from social networks, such as Twitter, Instagram and Facebook. Any data used via these tools is not shown to us, and we don’t store any data from them. Please refer to each site’s own privacy policies for more data. All browsers allow you to manage which cookies you accept, reject and delete. You can usually find these controls under the ‘Preferences’ or ‘Tools’ menu. You can find more detail about individual browser settings at http://www.aboutcookies.org. If you choose not to accept cookies from our website, some sections of the website may not work properly.
Does this privacy statement cover links to or from other websites? Our website may contain links to other websites run by other organisations. This privacy statement applies only to our website‚ so we encourage you to read the privacy statements on other websites you may visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. If you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the privacy statement of that third-party site.
What if I am 18 years of age or under? If you are aged 18 years or under‚ please get your parent / guardian’s permission beforehand whenever you provide us with personal data.
This document will be reviewed/updated on at least a 3 yearly basis or when amendments to GDPR legislation require us to do so.
Review of Policy
The board of charity trustees will review this policy at 3-year intervals or as appropriate. The CEO is responsible for ensuring that this policy is implemented effectively. All other staff and volunteers, including charity trustees, are expected to facilitate this process.
Ask a question or book an appointment below.
*Please do not include any sensitive information in your message.
0818 714 001