Privacy Statement

Galway Rural Development Company CLG (GRD) is fully committed to adhering to the General Data Protection Regulation and the Data Protection Act 2018 and to respecting your privacy rights. This privacy statement sets out how we process personal data and information that you give to us. We are committed to protecting your personal information. You are not required to provide us with personal data unless you wish to avail of our services, receive updates about our work or wish to support our fundraising efforts.  

This privacy statement explains:  

·         Who we are and why we collect your personal data  

·         For how long we hold your data and who receives it  

·         How you may request the personal data we store about you  

·         Who to contact about data protection issues in our organisation  

Who we are and what we do  

GRD administers a range of EU and national programmes which provide support, advice and training options for people living in rural Galway. This privacy notice is aimed at individuals who avail of our services or who volunteer with us through our different programmes in our offices, at public events and through our fundraising events.  

Data we collect  

We collect personal data that identifies you as an individual. We do this when you have provided us with information and consented for its use in your interest and for the purposes set out in this privacy statement. The personal information we collect includes your name, postal address, email address and telephone number, PPSN’s numbers (only in relation to RSS & TUS) and data that enables you to make meaningful choices about the services we offer, volunteering opportunities and fundraising activities. In collecting and processing your data we are committed to: ·        

Putting you in control of your privacy and providing you with clear choices  

·         Being transparent about how we collect and use your data ·         Securely protecting the data your entrust to us and data processors used by us, using appropriate organisational and technical measures  

·         Adhering to data protection laws  

When you subscribe to our newsletter, jobs bulletin, visit our website or fill our contact forms you consent to the use of that information as set out in this statement.  

If you wish to unsubscribe from our newsletter or jobs bulletin or wish to withdraw consent to being contacted by us, please do so by sending an email to info@grd.ie with ‘UNSUBSCRIBE’ in the message subject line or click the unsubscribe links contained in our newsletters and in our marketing and fundraising emails.  

The personal data that you provide us with will only be used for the purpose for which it has been originally obtained or to fulfil legal or regulatory requirements as appropriate.  

We will not share the personal data you provide with third parties for marketing or fundraising purposes or store any of your information outside of the European Economic Area.  

We may collect legally obtained information from third parties and add this information to our user databases. This information will be only be collected and used to help us to fulfil our services to clients. Individuals have a responsibility to ensure that any emails including attachments that they send us must be within the bounds of the law. Unsolicited content or mail of a criminal nature will be reported to the relevant authorities and blocked.  

Why we collect data  

Any personal information that you provide will only be used for the purposes for which it has been provided and reasonable incidental purposes only. It will be treated with the highest standards of confidentiality and security and in strict accordance with the General Data Protection Regulation.  GRD uses your information to provide you with the most suitable services or related services that you wish avail of or access. Your information will not be passed onto third parties for marketing purposes.  

We share your data with third parties only for the purposes set out below:  

Third Party Description                                      Purpose for Sharing Data Sub-contractors                                                    To help us to run our business in an effective manner under our terms and conditions of contract with you  

Cloud Service Providers                                    To store information legitimately held by us for business purposes  

IT Back-up Providers                                         To store information legitimately held by us for business purposes  

Statutory Agencies                                             To store information legitimately held by us for business purposes as required by funding regulations  

IT Service Providers                                          To store information legitimately held by us for business purposes and for IT security and services  

Email Service Providers                                      To help us to run our business in an effective manner for legitimate business purposes  

Internal Customer Databases                            To run internal customer  databases in an effective manner under our terms and conditions of contract with you                       

By providing your personal information and where you have agreed to receiving communications from us, we may use your personal data to:  

·         Send out information about upcoming events  

·         Improve the level of services that we provide  

·         Assist us in planning the future direction of our work programmes  

The legal bases for the processing of your data are:  

Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract.  

Processing necessary for compliance with a legal obligation(s) to which we are subject.  

Processing necessary for the purposes of the legitimate interests of Galway Rural Development and where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.  

Processing based on your consent for such processing to take place. Processing necessary to protect your “vital interests” or that of a data subject.  

Processing necessary for the performance of tasks carried out on behalf of a public authority or in the public interest.     

How long we hold data  

The length of time we hold your data will depend on the purposes for which we obtained it. We will only hold this data for as long as we deem necessary.  

Services users:  We hold information for up to 7 years depending on the requirements of the particular programme:  

·         SICAP - Information retained until 6 years after the end of the national programme.  

·         LEADER – Information retained until 7 years after the end of the national programme.  

·         RSS/TUS – Information retained until 5 years after the end of the national programme. For information on people under 25 years of age information is retained for 7 years  

·         Community Employment Scheme – Information retained until 6 years after the end of each rolling programme.  

Volunteers: We hold information for as long as a person is willing to volunteer for our organisation.  

Donors: In line with tax relief guidelines for charities, we would like to hold your personal information for a period of five years.  

Protecting data  

We will take appropriate legal, organisational and technical measures to protect your personal information and use a variety of security measures and procedures to safeguard your data against unauthorised access, disclosure or use. We cannot guarantee the security of the data you transmit to our website. Transmission is at your own risk. Once we have received your data, we will employ appropriate technical measures to protect your personal data.  

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on other websites you visit.  

Cookies  

Our website may use technology called “cookies”. This is a small text file that is placed on your device by a server and allows websites or mobile applications to respond to you as an individual. You can choose to accept or decline cookies. Please refer to your internet browser instructions to specify your cookie preferences. If you decline cookie features, you may not be able to fully experience the interactive features on our website.  

Website Usage  

We automatically collect information about browser type and operating system, pages you visit and your Internet Protocol addresses through Google Analytics. We do so, to help us to better understand how website visitors use our web site so that we can improve the user experience. This information is aggregated, providing us with data about the total number of visitors to our website and the total number of visitors to each page. Individual users are not typically identified through these analytics.  

Children’s Privacy Protection  

We understand the importance of protecting children’s privacy online. 

This website is not designed for or intentionally targeted at children aged 16 years or younger. It is not our policy to intentionally collect or maintain  information about anyone under the age of 16 years.  See our Safeguarding Statement.  

Respecting your rights  

We are committed to upholding your rights as an individual. These rights include:  

·         Right of access – the right to request a copy of the information we hold about you in accordance with the Data Protection Act 2018. ·         Right of rectification – the right to correct data we hold about you that is inaccurate or incomplete in accordance with the Data Protection Act 2018.  

·         Right to erasure – in certain circumstances, you can request information we hold about you to be erased from our records. This will be done in accordance with the Data Protection Act 2018.  

·         Right to restriction of data processing – in certain circumstances, you have a right to restrict the processing of data. This will be done in accordance with the Data Protection Act 2018.  

·         Right of portability – The right of data portability applies to data that we process automatically provided to us by you and that we are processing based on your consent or to fulfil a contract.  

·         Right to object – You have a right to object to certain types of data processing such as direct marketing.  

To make a personal data request, please use the contact point for us listed in this privacy statement.  

Who to contact about data protection issues  

If you wish to contact us regarding data protection issues or to make a personal data request, you may do so via the following options: Post your enquiry to:Delia Colahan, CEO, Galway Rural Development, 

Mellows Campus, Athenry, Co.Galway H65 KR02  

Email your enquiry to: info@grd.ie          Telephone your enquiry to: 091 844335  

Complaints  

If you wish to make a complaint about how your personal data is processed by us or how your data processing complaint has been handled by us, you have a right to lodge a complaint with the Supervisory Authority. The contact details for the Data Protection Commission’s office is as follows:  

Post: Office of the Data Protection Commission. Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.  

Telephone: +353 (0761) 104 800; LoCall 1890 25 22 31 Email:

info@dataprotection.ie  

This privacy statement was last updated on 28/08/2018.  

This is a live document and is subject to regular review. We reserve the right to modify this privacy statement at any time. We encourage you to review this privacy statement each time you visit our website.  

If third parties request information pursuant to the Freedom of Information Act regarding SICAP, this request must be channelled through the LCDC.