Cairde Le Cheile CLG

Donate

Data Protection Policy (GDPR) 2025 

                                                                   

Data Protection Policy

The General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

Cairde Le Cheile

Last updated July 2019                                                                 

Charity: Limited by GuaranteeCairde le Cheile is a Social Enterprise situated in the old church within the grounds of St Conal’s Hospital and the Letterkenny Town Park.   Mission Statement   Friends together supporting people with disability. Our remit is to provide sporting, social and employment opportunities, for people with disabilities, as well as young people and senior citizens in County Donegal.   The Social Enterprise Services Currently Available The facilities at that Cairde Le Cheile includes:   • Sports Hall • Meeting Room/Boardroom • Function/General Purpose Room • Social Areas including small staff kitchen, office and bathrooms. • Fern Coffee Shop The Vestry Complex includes Tea room, Multi-purpose area, Public toilets, Multi- Purpose Disability changing room, Sensory Room & garden • Outreach Shop  
Data Privacy Responsible PersonRosaleen Gallagher

1.     Data Protection Principles

Cairde Le Cheile is committed to processing data in accordance with its responsibilities under the GDPR.

Cairde Le Cheile will process lawfully, fairly and in a transparent manner in relation to the data of individuals collected for specified, explicit and legitimate purposes and regarding purpose limitation, will not further process such data in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes, adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed is accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay, kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed, which is in accordance with the organisation’s data retention policy.

In relation to storage limitation, personal data will be stored for longer periods in so far as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals. If the personal data is no longer required for the above-mentioned processing activities, it will be securely deleted.

Data will be processed in a manner that ensures appropriate information security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

2. General Provisions

  1. This policy applies to all personal data processed by Cairde Le Cheile.

Taragh Quinlivan, Manager of Cairde Le Cheile, will take responsibility for ongoing compliance with this policy, as the designated individual for data privacy. Cairde Le Cheile as an organisation does not require a Data Protection Officer. The data processing function of the organisation is not a core activity which means a Data Protection Officer is not required because any personal data Cairde le Cheile process is an ancillary activity, which is in accordance with Recital 97 of the GDPR.

  • This policy shall be reviewed at least annually.
  • Cairde Le Cheile shall comply with the Irish Data Protection Commission as an organisation that processes personal data.

3. Lawful, Fair and Transparent Processing

  1. To ensure processing of data is lawful, fair and transparent, Cairde Le Cheile shall maintain a Register of Systems for such purposes.
  • The Register of Systems shall be reviewed at annually, at a minimum.
  • Individuals have the right to access their personal data and any such requests made to Cairde Le Cheile shall be dealt with in a timely manner.

4. Lawful Purposes

All data processed by Cairde Le Cheile will be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.

Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data. Additionally, where necessary, to allow for the lawful processing of the personal data relating to a minor and/or a vulnerable person, parental/guardian consent is necessary for such purposes. Where communications are sent to individuals/parents/guardians based on their consent, the option for the individuals/parents/guardians to revoke their consent will be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Cairde Le Cheile systems. 

5. Data Minimisation

Cairde Le Cheile shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. The organisation requires the collection of personal to carry out its function and where necessary also share such data with relevant third parties.

The data collected is as follows:

Staff *Name, address, telephone number, mobile number, email address, PPS number, date of birth, bank account details and National Vetting Bureau details of all staff members.
Clients and SuppliersName, address, telephone number, mobile number, email address, bank account details from clients who avail of the facilities and our suppliers.
Summer Camp for Young People with Intellectual DisabilitiesNames of participants, parents or guardians’ names, address, contact details, participant’s date of birth, medical background, medication, allergies and supports required.
Benefactors and SponsorsName, address and contact details.

This information is needed for the following reasons:

  • Data subject’s name, address, telephone and mobile number for contact purposes.
  • Staff member’s name, address PPS number and date of birth and bank details which is shared with our internal Payroll Department.

* In addition to this the Payroll Department uses this information on the Welfare Partners system. They are the controllers of this information.

Cairde le Cheile, as a Social Enterprise, also provide facilities to people with intellectual disabilities & community groups, recording bookings, footfall include Name, Address, Email address, Telephone and Mobile Number.

To successfully carry out and plan the summer camp around the needs and capabilities of each participant and to contact the parent/carer about the camp and for in case of emergencies.

6. Data Accuracy and Data Retention

Cairde Le Cheile shall take reasonable steps to ensure personal data is accurate.

Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

To ensure that personal data is kept for no longer than necessary, Cairde Le Cheile shall ensure storage limitation utilizing the archiving policy for each area in which personal data is processed and review this process annually. The archiving policy shall specify data retention limits and what data should/must be retained, for how long, and why.

7. Information Security

Cairde Le Cheile will ensure that personal data is stored securely using modern software that is kept-up-to-date. The organisation’s information security structure will enshrine the principles of confidentiality, integrity and availability. Hard copies will be stored in a locked cabinet in an area not accessible to the public.

Access to personal data shall be limited to personnel who need access and appropriate security will be in place to avoid unauthorised sharing of information. Staff members, who process personal data, will receive necessary training and have appropriate knowledge of data privacy to adequately carry out their role. In the event of the deletion of personal data, such a process will be carried out in a manner that will ensure such data is irrecoverable. Additionally, appropriate contingency and continuity plans, procedures and actions will be in place.

8. Breach / Incident Management

In the event of a privacy breach/incident of the organisation’s information security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Cairde Le Cheile will promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Irish Data Protection Commission.

9. Data Subject Access Request

In the event, a data subject requests access to the personal data the organisation holds about them and, more specifically, why and how it does so. A data subject is entitled to the following:

  1. A copy of their personal data.
  2. Purposes of processing and categories of personal data concerned.
  3. Recipients or categories of recipients to whom personal data is disclosed to.
  4. Data Retention Period.
  5. Data Subject Rights which include rectification, erasure, restriction or objection to processing respectively.
  6. Right to complain to supervisory authority.
  7. Source of information if not directly collected.

Once a data subject submits an access request with Cairde Le Cheile, the organisation has a period of one month to provide the above-mentioned to them. This time period may be extended by two further months if the access request is complex and numerous. Such an extension must be communicated to the data subject within one month of Cairde Le Cheile receiving the access request and the reasons why.

A data subject has the right to raise queries and complaints with the individual responsible for data privacy within Cairde le Cheile. Any such queries and complaints will be dealt in a prompt and comprehensive manner. However, if necessary, as noted above, the data subject can file a complaint with the Irish Data Protection Commission if they are of the opinion their data protection rights have been violated?

Signed by:  _________________                                       Date: _____________

Manager, Cairde le Cheile

Signed by:  _________________                                       Date: _____________

Chair person, Cairde le Cheile

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by