In this statement we use the terms “OCF”, “we”, “our” and “us” to refer to the Oesophageal Cancer Fund, which is a registered charity (registration number 14542) and our registered office is at 2 Granville Road, Blackrock, Co Dublin, Ireland. Our principal place of business is also at 2 Granville Road, Blackrock, Co Dublin, Ireland.
OCF is the controller responsible for the personal information it collects, uses and stores about you
What is personal information?
Personal information is any information that allows us to identify you. This could include information such as your name, postal address, telephone number, email address or date of birth.
When do we collect your personal information?
We may collect your personal information when you make an enquiry, volunteer for an event or campaign, place an order, make a donation, access our services or subscribe to our newsletter.
The purpose and legal basis for processing your information
Under data protection law we are only permitted to use your personal information if we have a legal basis for doing so. We rely on the following legal bases to use your information:
a) To enter into and perform a contract with you
We may use your information in order to enter into a contract with you or to provide you with a service that you have requested from us.
b) To comply with a legal obligation
We are required to use your personal information to comply with certain legal and regulatory obligations to which we are subject.
c) For our legitimate interests
We may use your personal information for the purposes of carrying out activities that are in our legitimate interests (or those of a third party). When we use your personal information in this way, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms.
In more limited circumstances we may also rely on the following legal bases:
Where we need to protect your vital interests (or someone else’s vital interests); and/or
Where your personal information is needed in the public interest or for official purposes.
d) With your consent
We may send you details about our upcoming fundraisers, events and campaigns by post, text, email and/or phone from time to time where you have consented to us contacting you in this way. You can withdraw this consent at any time by contacting us using the details in section 9 below.
Categories of personal information we collect and how we use it
Set out below are some of the types of personal information that we may collect, use and store about you and the reasons for doing so.
To provide you with products, services and information you have requested from us in order to carry out your fundraising activities. We process this information in our legitimate interest for the purpose of pursuing our charitable objectives.
To communicate with you to keep you informed about our activities and upcoming events that you may be interested in. We will only use your information in this way where you have consented to us doing so. You have the right, free of charge and at any time, to withdraw such consent by contacting us using the details set out in each communication or as set out at section 9 below.
To confirm transactions such as donations or registration for events. We will use this information to complete your order and to follow up with you where necessary or where you have requested us to do so. We process this information in our legitimate interest for the purpose of pursing our charitable objectives. When you contribute to our fundraising efforts, we may receive the last four digits of your credit or debit card number. We will only use this information for the purpose of confirming your transaction and for our internal records.
Information relating to your online activities including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access any website operated by us.
We will use this information to monitor and train our staff in our legitimate interest for the purpose of improving our services.
We will use this information for a number of reasons in our legitimate interest, including:
To monitor and improve the effectiveness of our website
To ensure the security of our website and services and maintain back-ups of our databases
To improve your experience when using our website
Special categories of personal information include details about your and health, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation and political opinions.
We may collect special categories of personal information about you, likely to be information about your health, when you access our support services such as when you attend our patient support meetings.
We will use this information to provide the services you have requested from us, to train our staff and to monitor and improve the quality of our service.
We will only collect and handle your personal information in this way and for these purposes with your explicit consent and we will explain the purposes for which the information will be used at the point when we ask for your consent.
Your information and Other Parties
Third Party Service Providers
We may share your personal information with third party service providers that perform services and functions at our direction and on our behalf. Such third party services providers include accountants, legal advisers, insurers, IT service providers, payment service providers, security services providers, administrative services providers and marketing agencies engaged by OCF.
An Garda Síochána, government or quasi-government bodies, courts and tribunals
We may share your personal information with these organisations and bodies where required to do so by law.
6. Storage Periods
We will retain your personal information for no longer than is necessary for the purposes for which it is processed. The retention period may be determined by factors including whether we have a legitimate interest in retaining such information that is not outweighed by your fundamental rights and freedoms, whether we have statutory or regulatory obligations to retain personal information for a longer period and whether we may need to retain the information in the event of a legal claim.
7. Transfers outside the European Economic Area
While we do not transfer your personal information to countries outside the European Economic Area, third parties who we have engaged may do so in the course of providing services to us. Where the laws of such countries do not afford an equivalent level of protection of personal information as the laws of Ireland, these third parties are contractually obliged to take specific steps in accordance with data protection law to protect your personal information.
One of the following safeguards will be used:
The personal information will be transferred to a non-EEA country with privacy laws that give the same protection as the EEA.
A contract with the recipient of the personal information will be put in place that means they must protect it to the same standards as the EEA.
The personal information will be transferred to organisations in compliance with the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
8. Your Rights
You have a number of rights under data protection law in relation to how we use your personal information. These include the right, free of charge, to:
Be informed about the personal information we hold about you and how we use that information.
Obtain access to your personal information we hold.
Have any personal information that we hold about you that you believe is incorrect, incomplete or inaccurate updated or corrected.
Have your personal information erased in the following circumstances:
If OCF is continuing to process personal information beyond the period when it is necessary to do so for the purpose for which it was originally collected.
If OCF is relying on consent as the legal basis for processing and you withdraw consent.
If OCF is relying on legitimate interests as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us continue with the processing.
If the personal information has been processed unlawfully.
If it is necessary to delete the personal information to comply with a legal obligation.
Have our processing of your personal data restricted where you consider that:
The personal information is inaccurate.
The processing is unlawful and you oppose erasure and request restriction instead.
Where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a claim.
Where you have raised an objection to our use of your personal information.
Object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information.
Not be subject to wholly automated decisions, including profiling, which produce legal effects or which could have a similarly significant effect on you.
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights, you can contact us using the details below. We will endeavour to respond to your request within one month. If we are unable to deal with your request within one month we may extend this period by a further two months and we will explain why.
9. Complaints and contact details Complaints
If you have any complaints about the way we use your personal information please contact us using the details below and we will try to resolve the issue. You also have the right to complain to the Data Protection Commission. You can find further information about the Data Protection Commission at www.dataprotection.ie.
By emailing us at firstname.lastname@example.org
By writing to us at 2 Granville Road, Blackrock, Co Dublin, Ireland; or
By telephone, on (01) 289 745