Tallaght University Hospital Foundation (“TUHF”) Website Privacy Policy
Scope
If you are a Tallaght University Hospital Foundation donor, a Tallaght University Hospital Foundation beneficiary or you are just browsing our website, this Privacy Policy applies to you.
Our Responsibilities
Tallaght University Hospital Foundation (“TUHF”) respects your right to privacy and complies with its obligations under the General Data Protection Regulation (GDPR). The goal of this website privacy policy is to help you understand how TUHF deals with any personal data you provide when you visit its website or interact with TUHF online.
TUHF fully respects your right to privacy and we are committed to ensuring that your Personal Data is:
By visiting the tallaghtuniversityhospitalfoundation.ie website, you are accepting the terms of this website privacy policy.
This website contains external links to other websites and TUHF assumes no liability, and is not responsible, for the content of those other websites.
Your Responsibilities
Information we collect
From the moment you interact with Tallaght University Hospital Foundation, we are collecting data. Sometimes you provide us with data, sometimes the data about you is collected automatically. You may browse our website anonymously, but certain functions and pages may be unavailable to you.
When you visit our website, make a donation, subscribe to our newsletter, register for a campaign or event or fill out the online contact form, we will process some or all of the following types of personal information relating to you:
When you sign up to TUHF Lottery (Lotto) we will process some or all of the following types of personal information relating to you:
If we collect any special categories of personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning health or data concerning a person’s sex life or sexual orientation, we will ensure:
In relation to Special Category Data TUHF process the data according to the exemption in Art. 9 (2) (d) “processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;”
What we use your information for
Any of the information we collect from you may be used in the following ways:
withdraw this consent at any time by contacting our Data Protection Officer at the address below or emailingdataprotection@tuhf.ie.
oWe will use your information to complete your entry into the monthly lotto draw and to follow up, where relevant or requested, by email, phone or post on queries or instructions received from you.
oWhen online purchases are fulfilled by a supplier will only share your necessary information to complete your purchase.
oWe want your visit to our website to be a useful one, making sure you are able to find the information you are looking for.
oYou can choose at any time to block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use our website and browse its pages but some
functionality / services may not function
Lawful Bases for this data usage: Legitimate Interests, Contract, Consent
oFrom time to time we will use your postal address to send you updates on the impacts of your donations, and let you know how you can get involved in our fundraising and campaigns. We will always respect your privacy and you can opt-out of this postal communication at any time by emailingdataprotection@tuhf.ieor by writing to us at the address below.
oWe may also contact you by phone and email if you have given us consent to do so. You can withdraw this consent at any time by
emailingdataprotection@tuhf.ie.
Lawful Bases for this data usage: Consent & Legitimate Interests (For postal communications)
oWe are very grateful to our sponsors and donors. To acknowledge this, we like to send a Thank You letter by post or email to remind sponsors and donors of how much we value their contribution.
Lawful Bases for this data usage: Consent
Personal information we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages, what websites or search terms referred you to the Site, and information about how you interact with the Site.
How we collect personal information
We collect personal information using the following technologies; •Cookies-data files that are placed on your device or computer and often include an anonymous unique identifier.
Additionally when you make a donation or purchase through the Site, we collect certain information from you, including your name, address, payment information (including credit card numbers, payment provider information, email address, and phone number.
How do we use this information
We use the information that we collect generally to fulfil any donations or purchases through the Site. Additionally, we use this information to:
We use this information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site.
Do we disclose any information to outside parties?
Modern organisations often use third parties to help them host their applications, communicate with customers, power their emails etc. We partner with third parties to provide these services.For example, we use:
When we do use these services, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary
Tallaght University Hospital Foundation may transfer your personal data outside the EEA. If it does so, this may occur under the protections of binding corporate rules (BCR's) that have been approved by a supervisory authority but will otherwise only take place where appropriate standards and safeguards are in place.
Finally, we may also share your information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
How we protect your information
We use a variety of security measures to securely process and keep your personal information safe when you interact with our website.
We use Shopify Inc. as our third-party payment provider for product sales. It performs annual audits to ensure its handling of your credit card information aligns with industry guidelines. Shopify Inc. is certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and its platform is audited annually by a third-party qualified security assessor.
We use Donorbox as a third party payment provider for donations. Donorbox uses Stripe’s secure token mechanism, therefore Donorbox does not hold any records of the donor’s card number in their database. Donorbox is PCI compliant under “PCI validation: SAQ A”.
We use CHAMP CRM (by CHAMP CLOUD Ltd.) as our cloud-based donor management platform to manage donor and contact information as well as events, campaigns and online donations. We use CHAMP Lottery software, by CHAMP CLOUD, to manage our in-house lotto (lottery). CHAMP CLOUD implements appropriate technical and organizational measures to secure customer data, such as technologies including but not limited to Encryption, Malware Scanning, Vulnerability Scanning, Firewalls, SSL certificates, Access Control and appropriate Code Repository and Change Control systems. CHAMP CLOUD use AWS- EC2 for hosting. Customer data is stored securely in an ISO 270001, ISO 270017, ISO 270018, ISO 9001 compliant data centre.
Mailchimp is our third-party provider for email marketing and outreach. Theytake appropriate and reasonable technical and organisational measures to protect Personal Information from loss, misuse, unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
Typeform is our third party provider for visitor and patron engagement.Once your information is entered in Typeform’s systems, it’s secured with multiple levels of encryption and access controls. Typeform encrypt your data in-transit using secure TLS cryptographic protocols (currently TLS 1.0, 1.1 and 1.2 supported).
TUHF use Stripe (Stripe.com) for donation payments. All credit card information is processed securely by Stripe. Stripe is certified to PCI Service Provider Level 1.
TUHF takes and will continue to take all reasonable steps (which includes relevant technical and organisational measures) to guarantee the safety of the data you provide to us and we will only use the data for the purpose intended.
However, the nature of the internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet will be 100% secure.
Cookies
We use cookies. Unless you adjust your browser settings to refuse cookies, we (and these third parties) will issue cookies when you interact with us. These may be ‘session’ cookies, meaning they delete themselves when you leave our website, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.
How can I block Cookies?
You can block cookies by activating a setting on your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website will not function fully. In some cases, our website may not be accessible at all. Please note that where third parties use cookies we have no control over how those third parties use those cookies
If we transfer personal data to a third party or outside of the EU we as the data controllers will ensure the recipient (processor or other controller) has provided the appropriate safeguards based on an equivalent level of security as adopted for transfers of data within the EU and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
TUHF will only share your data with third parties where there is a compelling reason to do so and only shares personal data with third parties on rare occasions. In the unlikely event that we will share your data with a third party we will always inform you at the beginning of the engagement except where TUHF are duty bound to disclose or share your personal data in order to comply with statutory and / or legal obligations.
Anonymised visitor information may be provided to other parties for marketing, advertising, or other uses. For example, we may disclose the total number of visits to our website.
You control your information
You have the right to obtain a copy of your personal data in an easily accessible format. In certain circumstances, you also have the right to object to the processing of your personal data, to request the amendment or deletion of your personal data and to withdraw your consent to the processing of your personal data (where we are relying on consent as the legal basis for processing your personal data).
Without prejudice to any other rights you may have, you may file a complaint with the Data Protection Commission.
If you would like to exercise any of your rights or you have any questions about your rights please email us atdataprotection@tuhf.ie. Alternatively, you can contact us by telephone or post using the contact details available below.
If you would like to obtain a copy of your personal data, you can do this by submitting a subject access request (SAR) for the personal information that TUHF holds about you, which we are required to provide under the General Data Protection Regulation (GDPR) unless an exemption applies.
You can make this request using our request form. See Appendix 1 or TUHF Subject Access Request document.
We will provide the following information:
Your request will usually be completed within one month of receipt.Online Privacy Policy only
This online Privacy Policy applies only to information collected through our website and not to information collected by TUHF by other means.
Changes to our Privacy Policy
We reserve the right to make changes to our Privacy Policy at any time without prior consultation; these changes will be posted on this page together with the Privacy Policy revision date.
Contacting us
If you have any questions regarding this Privacy Policy, you may contact us using the information below.
Siobhán Cosgrove
Operations & Compliance Manager,
Tallaght University Hospital Foundation,
Tallaght Hospital,
Tallaght,
Dublin 24.
Website: tallaghtuniversityhospitalfoundation.ie
Email:dataprotection@tuhf.ie
Telephone: 01 6950197
You have the right to lodge a complaint regarding our use of your data
Please tell us first, so that we have a chance to address your concerns. If we fail in this, you can address any concern or complaint to the Office of the Data Protection Commissioner,
Office of the Data Protection Commission,
Canal House,
Station Road,
Portarlington,
Co Laois
R32 AP23
Telephone: +353 57 8684800/+353 761 104800
Lo Call Number: 1890 252 231
Fax: +353 57 8684757
Email:info@dataprotection.ie
Appendix 1
Tallaght University Hospital Foundation (“TUHF”)
Data Subject Access Request
TUHF is committed to upholding the rights of individuals and has processes in place for providing individuals’ access to their personal information. A subject access request (SAR) is a request for access to the personal information that TUHF holds about you, which we are required to provide under the General Data Protection Regulations (GDPR) unless an exemption applies.
You have the right to ask us supplementary information about:
TUHF endeavour to fulfil all Subject Access Requests within the one month time frame as set out in the GDPRunless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). Should there be a compelling reason to extend this period TUHF will communicate this extension, with detailed reasoning for the extension, to the Data Subject.
What’s involved?
Please note that we require you to provide at least one form of identification in order to verify the identity of the data subject making the request. Once received, we will verify the identity of the person making the request and acknowledge receipt of the request by email or by post.
If you have provided enough information in your request in order to enable us to identify information relating to you, we will gather and review all information held by TUHF relating to you. If we do not have enough information to locate your records, we may contact you for further details.
Once we have collated all the personal information held about you, we will send a hardcopy of this or in an electronic format by email to you.
We aim to complete all access requests without undue delay and, in any event, within one month of receipt of the request.
Please note:TUHF stores the personal data processed by it only for as long as necessary for the purposes for which it was collected or as long as required by law.
Completed forms can be sent to:
Data Protection Officer,
Tallaght University Hospital Foundation,
Tallaght University Hospital,
Tallaght,
Dublin 24
If you are dissatisfied with our response, you have the right to lodge a complaint with the Data Protection Commission.
The Office of the Data Protection Commission can be contacted at:
Office of the Data Protection Commission,
Canal House,
Station Road,
Portarlington,
Co Laois
R32 AP23
Telephone: +353 57 8684800/+353 761 104800
Lo Call Number: 1890 252 231
Fax: +353 57 8684757
Email:info@dataprotection.ie
Tallaght University Hospital Foundation (“TUHF”)
Data Subject Access Request
Personal Details |
|
Title |
|
First name |
|
Last name |
|
Email address |
|
Phone |
|
Address |
|
Town/city |
|
County |
|
Country |
|
In order to verify your identity and locate any personal data related to you, please tell us how you have interacted with TUHF: |
|
I used the following TUHF services (check all that apply): |
|
•Donation |
•I have taken part in fundraising |
•Online Donation |
•I have been an employee of TUHF |
•Other (Please specify below) |
|
What was the approximate date of your interaction? |
|
How we use your information The information you have provided on this form will be kept securely and used by TUHF to complete your data subject access request. Your information will only be shared with selected third party service providers, contracted by TUHF to assist with our operations. Your information will not be shared with any other organisation, other than with your permission, or where required by law. |
|
Signature and identity confirmation Please note that in order to verify the identity of the data subject making the request, we require a copy of photo ID confirming your identity Please include this document with this form. |
|
Data Subject’s Name: |
|
Signature: |
|
Date: |