At Arthritis Ireland we are committed to protecting your privacy, and to compliance with best practice in data protection.

 

Your personal data is very important to us and must be treated with respect and properly protected. We will continually monitor and update this policy, and our data protection measures to ensure we remain compliant – and that your data is as protected as it should be.

 

What personal data does Arthritis Ireland collect?

The data we routinely collect includes names, addresses, phone numbers and email addresses. We collect this data directly from our friends and members, donors, service users and other supporters when they join or engage with Arthritis Ireland.

For some people we may collect additional information including data related to medical conditions, or financial details connected to donations to Arthritis Ireland, or fees for services or products provided.

We also collect data arising from accessing our courses or events, or usage of our online resources.

 

What is this personal data used for?

We use data collected for the fulfilment of our mission; administration of the organisation; organisation and delivery of services and events; communication of information, and the general provision of support to people living with arthritis.

 

Who is your data shared with?

In general, we do not share your data with anyone, with the following exceptions:

  • We may contract and use external GDPR (General Data Protection Regulation) compliant data processors to help fulfil our services, and to distribute and manage mailings and campaigns
  • We also share your information with financial institutions (e.g. banks, payment processors) to the extent necessary to facilitate payments to (and in certain instances from) Arthritis Ireland.
  • We may share data with public bodies to the extent that we are obliged to under law.
  • Personal data concerning our staff is shared with the Revenue Commissioners under legal obligation.

 

Where does personal data come from?

Most data are collected when individuals first – and freely - engage with Arthritis Ireland, or when they update their information with us, or our supervised data processors.

All data collection is in accordance with GDPR and respectful of your rights as individuals.

 

How is data stored?

Information is mainly stored in digital form on our secure and encrypted server and in the form of written documents stored at our offices at 1 Clanwilliam Square, Grand Canal Quay, Dublin 2, D02 DH77.

Our data processors securely store information, on our instructions, in compliance with the GDPR.

 

Who is responsible for ensuring compliance with the relevant laws and regulations?

Under GDPR we do not have a statutory requirement to have a Data Protection Officer.

To contact the person who is responsible for ensuring Arthritis Ireland discharges its obligations under GDPR, email [email protected].

 

Who has access to the data?

Staff and volunteers of Arthritis Ireland have appropriate access to data in order for them to carry out their legitimate tasks for the organisation. Appropriate access is dependent on their role with the organisation.

 

What is the legal basis for collecting data?

Arthritis Ireland collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and a health and research charity.

The storage and use of certain elements of data and related to certain data subjects (individuals) is subject to the positive and clear consent of the individuals concerned. Consent is collected through the following channels:

  • Membership/friend of Arthritis Ireland application forms
  • Payment instruction forms
  • Request for information/enrolment on communication circular forms
  • Through direct, phone and email-based communication

For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations. For other purposes, collection and retention may be to comply with contracts entered into.

 

How you can check what data we have about you?

Personal data held is available to view and update by contacting the Arthritis Ireland office.

For electronic and periodic communications opportunities are provided to unsubscribe (by email) or opt-out (appeals and campaigns).

Individuals can contact us with a “Subject Access Request” to ask us to provide any other information we hold about them. If interested in any particular aspects, specifying them will help us to provide requested information quickly and efficiently.

We are required to provide this within one month.

 

Does Arthritis Ireland collect any “special” data?

The GDPR refers to sensitive personal data as “special categories of personal data”. Of these categories, and as a health charity, we record some health data of members/supporters where it is volunteered.

In addition, we conduct research and may run campaigns to promote the collection of health-related data. All such data is treated in full compliance with GDPR, and in most cases we anonymise any data made available for further analysis or research.

If an individual wishes to change data held, they can do this at any time by contacting the Arthritis Ireland office.

The only other data which falls into this category concerns garda vetting reports in relation to certain (staff or volunteer) roles within the organisation, concerning the supervision of minors and/or vulnerable adults. Such data is attained in accordance with our legal responsibilities or legitimate interests.

 

How can you ask for data to be removed, limited or corrected?

Individuals can limit how their data is used by Arthritis Ireland.

  • They can choose not to receive information emails, texts, calls, or post from Arthritis Ireland.
  • They can also request to have all their data removed from our records.

Either of these options can be implemented by contacting the AI office.

 

How long we keep your data for, and why?

We normally keep friends/members’ data after they resign their membership, or membership lapses, in case they later wish to re-join. However, we will delete any individual’s contact details entirely on request.

Since underlying statistical data, and in particular demographic and health data (e.g. gender, age, condition, location, occupation), informs and is valuable in respect of the purpose for which it was originally collected and processed, such data is not deleted by Arthritis Ireland.

However, all such data is never processed or shared externally, without first being anonymised.

Other data, such as that relating to accounting or personnel matters, is kept for the legally required period.

 

What additional data protection involves the Arthritis Ireland website?

Our website uses cookies. A cookie is a little piece of text stored by the browser on your computer, at the request of our server. We may use cookies to deliver content specific to your interests and to save your personal preferences so you do not have to re-enter them each time you connect to our website. Our cookies are not available to other websites.

You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent. You can also delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of this website.

General details with regard to traffic to this website are logged by Google for our analytical purposes. No information is collected that could be used by us to identify website visitors.

The data collected is used to better understand the needs and information requirements of our visitors and community, and informs the development of our site and services.

The site will record any data you supply to us for the following purposes:

  • to send you alerts via email which you have requested
  • to allow you to access your sponsorship pages
  • to record donations or sponsorship payments you have made

 

Arthritis Ireland will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. It is the policy of Arthritis Ireland never to disclose such technical information in respect of individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by a rule of law. The technical information will be used only by Arthritis Ireland, and only for statistical and other administrative purposes.