Privacy Policy to include GDPR

Introduction

Thank you for visiting our website (the “website” includes any mobile or other applications giving you access to websites).

This Privacy Policy relates to our privacy practices and policies for our website and digital and social media. It sets out what Personal Data we collect and process about you in connection with the services and functions of Dolores Andrew. We will inform you of the following:

  • where we obtain the data from,

  • what we do with that data,

  • how we comply with the data protection rules,

  • who we transfer data to, and

  • how we deal with individuals’ rights in relation to their Personal Data.

Any Personal Data collected and processed will be in accordance with Irish and EU data protection laws, specifically the General Data Protection Regulation (GDPR).

All our employees and contractors are required to comply with this Privacy Policy when they process Personal Data on our behalf.

Please note that we may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with Irish and EU laws on data protection.

We will not disclose personal information to any third party without your consent or on one of the grounds listed herein, except in instances where an individual is potentially at risk or where the law requires it.

We are not responsible for the content or the privacy policies of any websites to which we provide external links.

These practices may be changed, but any changes will be posted, and changes will only apply to activities and information on a going-forward, not retroactive basis. You are encouraged to review the Privacy Policy periodically to ensure that you understand how any personal information you provide will be used.

We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the data protection rules, and that we have in fact complied with the rules. We do this, among other ways, by our written policies and procedures, by building data protection compliance into our systems and business rules, by internally monitoring our data protection compliance and keeping it under review, and by taking action if our employees or contractors fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.

Identity of the Data Controller and Contact Details

The below information sets out details of the Data Controller for Dolores Andrew’s website and social media activity.

Our Data Protection Officer/Data Protection Co-Ordinator can be contacted as follows:

Email: irishhealthhour@gmail.com

Post:

Dolores Andrew 50 Knocknacarra Park
Galway, Ireland.

Data protection provides rights to individuals with regard to the use of their Personal Data by organisations, including Dolores Andrew. Irish and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure, and other uses of Personal Data.

Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.

The data protection rules that apply to us are currently contained in the Data Protection Acts 1988 and 2003. As of 25 May 2018, the applicable rules are contained in the EU General Data Protection Regulation (EU Regulation 679/2016) (GDPR) and related Irish data protection legislation which gives effect to the GDPR.

“Data controllers” are the people or organisations which determine the purposes for which, and the manner in which, any Personal Data is processed, who/which make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.

For the purposes of the GDPR, Dolores Andrew is the data controller with regard to the Personal Data described in this Privacy Policy.

What are the data protection rules?

This Policy aims to ensure compliance with the relevant data protection laws. We aim to comply with the following:

  • Lawfulness, fairness, and transparency – Personal data must be processed lawfully, fairly, and in a transparent manner.

  • Purpose Limitation – Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Data Minimisation – Personal Data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.

  • Retention – Personal data should be kept in an identifiable format for no longer than is necessary.

  • Integrity and confidentiality – Personal data should be kept secure.

  • Accountability – An important change for Data Controllers. Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.

Special Category Data

We will not collect special category data from you.

Criminal Conviction Data

We will not collect criminal conviction data from you.

Type of Information Collected

We collect two types of information:

  • “Personal Data” means any information relating to and identifying or identifiable natural persons. We will collect this from you when you:

    • ask about our activities,

    • register with us, for example, to take part in a fundraising event or a training workshop,

    • order products and services from us, and email newsletters,

    • seek assistance and support, for example, by emailing us or completing an online contact form,

    • visit our website (this will depend on cookies and tracking),

    • or otherwise give us personal information via any of our digital platforms.

  • Information about your location when you access the Site.

We hold many types of data about you, including:

  • your personal details including your name, email address, and phone numbers (only in certain circumstances if we have requested your phone number and you have given it to us),

  • gender (some of my courses are for women only).

Technical Information We Collect on Our Website

  • “Non-Personal Data” – Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-Personal Data comprises information that cannot be used to identify or contact you. We will collect this from you when you visit our website and accept cookies. This information includes standard information from you (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our website (such as the web pages viewed and links clicked). Our use of cookies to process information is explained within this policy.

  • This site uses cookies to enable us to improve our service to you and to provide certain features that you may find useful.

Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognize your browser and help us to track visitors to our site. A cookie contains your contact information and information to allow us to identify your computer when you travel around our site for the purpose of helping you accomplish your event booking or getting more information about the work I do. Most web browsers automatically accept cookies, but if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. The cookies we use do not detect any information stored on your computers.

We use cookies to monitor customer traffic patterns and site usage to help us develop the design and layout of the websites. This software does not enable us to capture any personal information.

Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting our site:

  • The logical address of the server you are using.

  • The date and time you access our site.

  • The pages you have accessed and the documents downloaded.

  • The previous Internet address from which you linked directly to our site.

  • Some of the search criteria you are using.

How We May Use This Technical Information

The technical information is used to allow us to improve the information we are supplying to our users, to find out how many people are visiting our sites, and for statistical purposes.

Some of the above information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user-friendly.

We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “Personal Data” within the meaning of the GDPR.

Use of Information Collected

We collect and use your information for the following purposes:

  • To perform the services requested, for example, if you fill out the “Contact Us” web form, we will use the information provided to contact you about your request. This data processing is necessary to provide or fulfill a service requested by or for you.

  • To perform marketing purposes, for example, we may use information you provide to contact you to further discuss your interest in the service and to send you information regarding the organisation such as our products, services, or events. This data processing for marketing purposes

  • To operate and improve our Website, we analyze and process information such as browser type, language, city, region, country, interaction with the Website (pages visited, time spent, number of clicks), and domain names. This processing is based on our legitimate interests to enhance the Website and improve your customer experience. We use cookies and similar tools, and may employ third-party analytics providers to assist.

Payment Processing

We collect and process payment information to fulfill service requests. This processing is necessary for the performance of a contract with you.

Marketing

We aim to provide you with choices regarding the use of your Personal Data, especially for marketing and advertising. At the point of data collection, you will be asked if you wish to receive marketing communications.

We may use your Personal Data to tailor marketing messages to your preferences. We do not share your Personal Data with third parties for marketing purposes without your explicit consent. You can opt-out of direct marketing at any time by contacting us.

Third-Party Data Processors

We use trusted third parties as data processors and require them to implement appropriate technical and organizational measures to protect your Personal Data in line with GDPR. We have written agreements with our data processors, which include clauses addressing data protection.

Current data processors include:

  • PayPal

  • Active Campaign

  • OneDrive

  • Lets Host

  • Calendly

These categories of data processors may be updated. For the most current list, please review this Privacy Policy regularly.

Legal Disclosures

We may disclose Personal Data if required to comply with legal obligations, enforce contracts, protect rights or safety, or respond to law enforcement requests.

International Transfers

When transferring Personal Data outside the European Economic Area (EEA), we ensure adequate protection by:

  • Transferring to countries deemed adequate by the European Commission.

  • Using specific contracts approved by the European Commission.

  • Ensuring compliance with the Privacy Shield Framework if transferring to the US.

For more details on international transfers, please contact us.

Data Retention

We retain Personal Data only as long as necessary for the purposes for which it was collected and up to seven years thereafter or as required by law. This includes fulfilling legal, accounting, and reporting requirements.

Your Data Protection Rights

Under GDPR, you have the following rights:

  • Access: Request information about your Personal Data and how we use it.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of Personal Data when it's no longer necessary.

  • Restriction: Request limitation of processing in certain circumstances.

  • Objection: Object to processing based on legitimate interests or for direct marketing.

  • Data Portability: Request transfer of your data in a structured format.

To exercise these rights, contact our Data Protection Officer (DPO) at the details provided below. We will respond within 30 days, subject to any legal exceptions.

Data Protection Officer

For queries or concerns regarding data protection or to exercise your rights, contact our DPO:

Email: irishhealthhour@gmail.com
Post: Dolores Andrew, 50 Knocknacarra Park, Galway.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. In Ireland, you can contact the Data Protection Commissioner:

Website: www.dataprotection.ie
Phone: +353 57 8684800 or +353 (0)761 104 800
Email: info@dataprotection.ie
Address: Data Protection Office – Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland; or 21 Fitzwilliam Square, Dublin 2, D02 RD28, Ireland.

Consent

Where consent is the basis for processing, you may withdraw it at any time by contacting our DPO. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Security of Your Personal Data

We implement appropriate security measures to protect your Personal Data against unauthorized processing, accidental loss, or damage. This includes encryption, access controls, and secure data handling practices.

Sale of Business

In the event of a sale, merger, or transfer of our business, we may transfer your Personal Data to the acquiring entity, provided they adhere to this Privacy Policy and use your data only for the purposes for which it was collected. You will be notified and given an opportunity to opt-out if necessary.

Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects you.

Children’s Personal Data

Our services may be used by individuals under the age of 18, and we are committed to protecting their privacy. We will only collect, process, and use Personal Data from children with appropriate parental or guardian consent.

If we need to collect Personal Data from a child, we will seek consent from a parent or guardian prior to processing the data. We will obtain this consent in a manner that is clear and transparent to both the child and their parent or guardian.

In cases where consent is required, we will ensure that:

  • The consent is provided by a parent or guardian who has the authority to do so.

  • The parent or guardian is informed of the types of data collected and the purposes for which it will be used.

  • We only collect data that is necessary for the intended purpose.

If we learn that we have collected Personal Data from a child without the necessary parental or guardian consent, we will take steps to delete the data promptly.

For more information on how we handle children's Personal Data or to provide consent, please contact us using the details provided below.

Changes to the Privacy Policy

Any changes to this Privacy Policy will be posted on our Website or provided at booking. We will notify you of significant changes and give you the option to opt-out of new processing practices.

Policy Approval

This Policy has been approved and authorized by:

Name: Dolores Andrew
Position: Data Protection Officer
Date: Updated 27th August 2024

Signature: ______________________

Policy Implementation Date: 25th May 2018

Updated 27th August 2024