Continuing our commitment to our obligations under General Data Protection Regulations 2018, ARC FRC has appointed a staff member to be responsible for Data Protection. You may contact our designated staff member if you have a query or complaint to make by writing to The Data Protection Coordinator, ARC FRC, Raheen, Clonroche, Enniscorthy, Co. Wexford Y21 N4V8 or by email to firstname.lastname@example.org. The policy covers pages on our Website only. While we try our best to only provide links to useful, high-quality websites but ARC FRC is not and shall not be responsible for the content or the privacy policies of external websites whatsoever and howsoever arising.
- The term “personal data” means any information relating to a living person who is identified or identifiable (such a person is referred to as a “data subject”) and the term “personal data” means any information from which you can be directly or indirectly personally identified which we have or obtain, or which you may provide to us. Personal data specifically includes your name, address, email address, phone number(s), and title or position, and may include information such as online identifiers, depending on your relationship with us. Some of this Personal data may be “Special Category”, such as data revealing your racial or ethnic origin or political opinions.
- The term “processing” refers to any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations.
- A “data controller” refers to a person, company, or other body which determines the purposes and means of processing of personal data.
- A “data processor” refers to a person, company, or other body which processes personal data on behalf of a data controller.
This information is only collected if you voluntarily submit it to us. You agree that by using our Website you may provide us with personal information such as your name, address, e-mail address(es) and other contact details or personal information.
Through the use of our Website and thereby your agreement to our Terms and Conditions, you agree that we shall be in a position to use this personal information to assist us in improving our services to you. Whilst we do not share this personal information with any third party or parties unless required to do so by operation of law or in accordance with the terms of Data Protection legislation, by using our Website and thereby agreeing to our Terms and Conditions, you consent to us processing this personal information for the purposes of enhancing your enjoyment of our Website.
We may retain your information for as long as necessary in light of the services that we provide, including for the purposes of satisfying any accounting or reporting requirements and, where the context or circumstance so requires it, for we assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled. To determine the appropriate retention period for your information, we consider the amount, nature and sensitivity of your information, the potential risk of harm from unauthorised use or disclosure of your Personal data and personal data, the purpose(s) for which we process your Personal data and personal data.
Collection and Processing of Personal data
ARC FRC takes privacy and the protection of personal data very seriously, we are committed to ensuring that any personal data collected:
- is processed fairly, lawfully and transparently;
- is used only in ways which are compatible for the purpose for which it was given;
- is adequate, relevant and limited to what is necessary for the purpose for which it was given;
- is only kept for specified, explicit and legitimate purpose(s);
- is retained no longer than necessary;
- is accurate and up to date; and
- is kept safely and securely.
We may process your personal data with your explicit consent; or in the performance of a contract; or where it is in our legitimate interests to do so (except where those interests are overridden by your interests or rights and freedoms), or where necessary for the performance of a task carried out in the public interest.
We may also process your personal data in compliance with a legal obligation; or where necessary to protect the vital interests of a person.
We collect your name, email address, postal address and telephone number so that we can contact you about the services that we have from time to time agreed to provide to you, and to improve those services.
We may track your use of our Website and electronic communications through cookies and other similar technologies so that we can provide important features and functionality on our Website, monitor usage, engagement, and communications, and provide you with improved service.
We require you to provide the name, address, telephone number, email of the business you represent and details of the goods and/or services your business offers, so that we can publish and advertise your business information. You may choose to provide additional information about you and/or your business which we will process for the purposes of publishing and advertising your business information, and/or for communication with you, and/or to improve our service to you.
We may require, with your consent; your name, job title, date of birth and residential address history dating back three years, so that we can obtain your credit score, in order to process credit risk assessments and establish the best possible payment terms we are able to offer to you.
We may record telephone communications to serve as proof of a contract, for training and service improvement purposes, and/or to comply with our legal or contractual obligations.
We collect additional personal data that you may provide to us from time to time if you contact us by email, letter, or telephone, through our Website or by any other means.
If you choose not to give some or all of the aforementioned information to us, this may affect our ability to provide our services to you.
Like most websites, we gather general, non-personal information on our visitors for statistical purposes. This cannot be used to identify or contact you. This might include your IP address, the browser you use, the pages of our Website that you visit and similar anonymous data. IP numbers are not stored, but are temporarily used to determine domain type and in some cases, geographic region.
If users wish to utilise certain services located on specific sections of the website, they are requested to sign up/register. Services that currently require some form of sign up/registration include but not limited to:
- To apply for a volunteer role and register interest in volunteering opportunities;
- To participate in training;
- To register as a user of such services we need to collect information such as, at a minimum, an email address and phone number.
We may also ask some further questions so we can gain a clearer understanding of what you are interested in, in order to personalise the information we give you.
You can update your personal information held and change your stated interests and whether or not you wish to receive correspondence from us.
You may unsubscribe at any time. All outgoing emails will allow for you to unsubscribe. We may ask different questions for different services. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Information We Collect and How We Use It
In the course of providing our services, we collect or receive information in different ways and relating to various groups of individuals. We use this information for a number of purposes, including those described further below.
Providing our services: If you engage our services, we will collect and use information relating to you. This information will predominantly relate specifically to the type of services we provide to you but we will also use this information as part of our administrative, financial and operational processes. This information may include your contact details, payment and financial information and may be utilised for client relationship management and feedback purposes. In addition to the information you give we, we may also be required to collect and process Anti-Money Laundering information (more particularly described below).
Website: If you visit our Website, we will collect certain information (which may include your Personal data) relating to you. Generally, unless you submit information to us, we only collect technical and device-related information from your use of our Website. We do so to secure our Website, understand how you use them and determine whether or not we may improve our Website.
Sensitive Information: In the course of providing services to you, we may process certain information (which may include your Personal data) that attracts special protection under EU law. For example, in the context of litigation or disputes, we might process information relating to health (e.g. your medical condition), genetics, race, religious beliefs, sexual orientation or trade union membership. In the context of our AML obligations, we might process information relating to political opinions or criminal convictions. We rely on exceptions contained in Article 9 of General Data Protection Regulations 2018 to process this information.
Information You Give Us About Other People: If you provide information to us about any person other than yourself, you should ensure that you have a legal basis for doing so and that you have complied with your obligations under data protection law. For instance, General Data Protection Regulations 2018 contemplates that the processing of special categories of personal data shall be lawful where the processing:
- is necessary for the purposes of our providing our services to you or for the purposes of, or in connection with, claims, prospective claims, legal proceedings or prospective legal proceedings; or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
You should also try to limit the Personal data you give us to what you think is necessary for us to provide you with legal advice and assistance.
Anti-Money Laundering Compliance: We may collect and use your information in the context of compliance with Anti-Money Laundering (“AML”) laws and our regulatory obligations. This includes your ID and proof-of-address information. AML information may be sent to our advisors that rely on our AML collection practices. In carrying out this processing we rely on the following legal bases: compliance with our legal obligations.
Our Legal Bases: In order to collect, use, share, and otherwise process your information for the purposes described in our Terms and Conditions, we rely on a number of legal bases, some of which are mentioned above, including where:
- necessary to perform a contract we have with you and to provide our services to you and to others;
- you have consented to the processing (in which case you may revoke your consent at any time);
- necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
- necessary to protect your vital interests or those of others;
- necessary in the public interest; and
- necessary for the purposes of our or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
General Data Protection Regulations 2018 contemplates that the processing of special categories of personal data and Article 10 data (broadly speaking, data relating to criminal convictions) shall be lawful where the processing:
- is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings; or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
We will rely on these exceptions in General Data Protection Regulations 2018 and other exceptions in Article 9 of General Data Protection Regulations 2018 when processing special categories of personal data.
Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests, which is a non-exhaustive list and used for example purposes:
- Providing our services: we use your information to pursue our clients and other impacted individuals’ legitimate interests in obtaining and/or benefitting from advice and assistance.
- Keeping our services secure: we use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our services, such as our domain, our Website and office safe and secure. For example, we collect many IP addresses and process log files to ensure our Website and apps are not subject to fraudulent access.
- Improving our services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our services.
Sharing Your Information: In the course of our providing our services, we may be required to share information with various third parties, including service providers, mediators, arbitrators, translators, couriers, barristers, solicitors, law firms, regulators and statutory and public bodies.
Use of Personal data and Basis of Processing
We will use the Personal data where necessary, which shall include, inter alia, the following:
Where we have a legitimate purpose in using it, including:
- for the purposes of managing our contracts and relationships with our customers;
- suppliers, service providers, vendors and other commercial partners;
- for day to day operational and business purposes;
- board reporting and management purposes;
- in the event of a merger, reorganisation or disposal of, or a proposed merger, reorganisation of disposal of all or any part of our business; and/or
- to take advice from our external legal and other advisors.
For compliance with our legal obligations, including:
- tax and regulatory reporting obligations;
- where we are ordered to disclose information by a court with appropriate jurisdiction; and/or
- recording of telephone calls and electronic communications in order to comply with applicable law and regulatory obligations.
Where use or sharing is for a legitimate purpose of a third party to which we provide the Personal data, including, but not limited to:
- for day-to-day operational and business purposes;
- reporting and management purposes, including board and group reporting and management purposes;
- taking advice from external legal and other advisors;
- where necessary to establish, exercise or defend legal rights or for the purpose of legal proceedings; and/or
- for work related to any potential sale of a business or undertaking and in circumstances whereby the raising of funds may be required; and/or
- if we need and you have given your consent to use of your Personal data for a particular purpose.
We will not disclose any Personal data to any third party, except as outlined above and/or as follows:
- to enable us to carry out the obligations under and enforce our contracts with our customers, suppliers, service providers, vendors and other commercial partners;
- to anyone providing a service to us or acting as our agent, as data processors, for the purposes of providing services to us and on the understanding that they will keep the Personal data confidential;
- where we need to share Personal data with our auditors, and legal and other advisors;
- in the event of a merger or proposed merger, any (or any proposed) transferee of, or successor in title to, the whole or any part of our business, and their respective officers, employees, agents and advisers, to the extent necessary to give effect to such merger; and/or
- if the disclosure is required by law or regulation, or court or administrative order having force of law, or is required to be made to any of our regulators.
Personal data may be transferred outside Ireland in connection with the uses described above and/or as otherwise required or permitted by law.
Many of the countries will be within the European Economic Area (the “EEA”), or will be ones which the European Commission has approved, and will have data protection laws which are the same as or broadly equivalent to those in the European Union. However, some transfers may be to countries which do not have equivalent protections, and in that case we shall use reasonable efforts to implement contractual protections for the Personal data. While this may not always be possible, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws.
For the avoidance of doubt, safeguards in the form of EU Commission approved standard contractual clauses will be implemented for transfers which we make for processing the EU-US Privacy Shield for transfers to the United States. Further information in relation to international data transfers can be obtained by contacting us at the address specified below.
Third Party Providers of Information: We may obtain Personal data relating to you indirectly, such as where you provide your contact details to us in connection with our business and the services. The person providing the information will be asked to warrant that he/she or it will only do so in accordance with applicable data protection laws, and that he/she or it will ensure that before doing so, any individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in Terms and Conditions, and where necessary that it will obtain consent to our use of the information.
Recipients of the Personal data: In any case where we share Personal data with a third party data controller (including, as appropriate, our group companies), the use by that third party of the Personal data will be subject to the third party’s own privacy policies.
Updates to Personal data: We will use reasonable efforts to keep Personal data up to date. However, you will need to notify us without delay in the event of any change in your personal or business circumstances, so that we can keep the Personal data up to date.
Retention of Personal data: We are obliged to retain certain information (which may include your Personal data) to ensure accuracy, to help maintain quality of service and for legal and regulatory purposes, as well as for legitimate business purposes.
Information will be retained for no longer than is necessary for the purpose for which it was obtained by us or as required or permitted for legal and regulatory purposes, and for legitimate business purposes. In general, we (or our service providers on our behalf) will hold this information for a period of seven years after you cease to interact with us, unless we are obliged to hold it for a longer period under law or applicable regulations.
Purposes for processing personal data
We may process your personal data for the following purposes:
- to track your usage of our Website, communications, services, using cookies and/or similar technologies so that we can provide important features and functionality on our Website and through our communications, to monitor usage, engagement, and communications, and to provide you with improved service.
- Where we have obtained your consent.
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our and your legitimate interests (or those of a third party) and where your interests and fundamental rights do not override those interests.
- Where we need to protect your interests or someone else’s interests.
- Where it is needed in the public interest or for official purposes.
- to confirm your identity and verify the information you provide.
- to process payments for any paid-for products and services you have requested and collect amounts for those products and services.
- to send you direct marketing and to keep you informed of promotional offers by email, chat, SMS, post or telephone relating to our products and services.
- to provide and improve the customer support we provide to you, and for internal training purposes to ensure we provide you with the best possible customer experience.
- to maintain our records and improve data accuracy.
- to respond to enquiries, complaints and disputes.
- to investigate, detect and prevent fraud and comply with our legal and contractual obligations.
- We will use the information we hold about you primarily to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. This is our lawful basis for processing under GDPR. Specifically, we may use your data for the following purposes:
- Providing and managing your access to our site.
- Personalising and tailoring your experience on our site.
- Supplying our services to you.
- Personalising and tailoring our services for you.
- Replying to emails from you.
- Supplying you with information that you have opted into (you may unsubscribe or opt-out at any time).
- Research purposes.
We may from time to time share your personal data with our suppliers and services providers, including other companies in our group, who perform certain business services for us and act as “processors” or of your personal data.
Rights regarding personal data
You have the right to know if and what type of personal data we hold about you and to a copy of this personal data. Where personal data has been collected and processed you have the right to know the purpose of that processing and the categories of personal data processed.
You may at any time request a copy of your Personal data from us. This right can be exercised by writing to us at the address specified herein.
Where the processing of your personal data was based on your explicit consent, you maintain the right to withdraw that consent at any time, without affecting the lawfulness of the processing of your personal data based on consent before its withdrawal.
You have the right to have any inaccurate personal data which we hold about you updated or corrected.
In certain circumstances, you may request that we delete the personal data that we hold on you.
You have the right to request that we stop using your personal data in certain circumstances.
You may request us to provide you with certain personal data in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another data controller where this is technically feasible.
Where we rely on our legitimate interests to process your personal data, you have a right to object to this use.
You can exercise your rights in relation to your personal data by contacting us at email@example.com. We may request that you provide proof of your identity for security reasons. Where the request for personal data is unreasonable, unfounded or excessive, we may charge you a fee. If, after contacting us, you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission, please see www.dataprotection.ie for further information.
Personal data submitted to ARC FRC and/or www.(fill in blanks.ie is held on our secure servers. While no data transmission over the internet can ever be guaranteed to be 100% secure, we will take all reasonable steps (technically and organisationally) to protect your information. We will also work only with third parties who have clear and suitable privacy and data protection policies of their own.
Our Website has security measures in place to protect the loss, misuse and alteration of the information under its control. Information held by our Website is stored on password-protected machines, behind a firewall and not accessible to the general public via the Web.
In order to register as an ARC volunteer, you will be asked for some personal information when you register with us.
This may include: Your name, email address, postal code age range and country of residence.
The information received from you will only be disclosed to such third parties as may be necessary in order to process your application or donation. We will take all reasonable precautions to prevent the loss, misuse or alteration of information you give us. Agents or contractors of ARC FRC who have access to your information are required to keep that information confidential and are not permitted to use it for any purpose other than to carry out the services which they are performing for us. Additionally, sensitive data such as credit card numbers are encrypted using SSL and immediately transferred to the PSII1 compliant financial processor so that they are not saved on our servers
Our Website may provide links to other websites. Privacy policies on these websites may differ from that on our Website and we advise that you review the other websites’ policies (including their privacy policies and terms and conditions) before providing personal information. While every care has been taken to ensure the high quality and standard of the websites that we link, ARC FRC takes no responsibility for the content of these websites and ARC FRC shall under no circumstances be responsible for your use or other website.