The purpose of this Privacy Statement is to outline how the Irish Skin Foundation (ISF) deals with data you provide to us while using our services. Naturally, if you are not satisfied with this Privacy Statement you should not use our services. Your privacy is very important to us. Accordingly, we have developed policies in order for you to understand how we collect, use, communicate and make use of personal information and data.
The ISF respects your right to privacy and complies with our obligations to uphold your rights under the General Data Protection Regulation (GDPR) and domestic Irish data protection legislation.
By using our website, you are accepting this Privacy Statement. From time to time we may also provide links to other helplines or websites for further information; the ISF is not responsible for the content or the privacy policies of these other resources.
2. What are cookies?
3. IP addresses
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as “traffic data” so that data (such as the Web pages you request) can be sent to you.
4. Types of information collected
In order to conduct our work we collect and retain two types of information:
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, telephone number, details of your skin health inquiry provided by e-mail or communicated to a member of staff. Such information is only collected from you if you voluntarily submit or communicate it to us. We use this information for the sole purpose of dealing with your inquiry efficiently.
We gather statistical and other analytical information collected on an aggregate basis of all users of ISF services. This non-personal data comprises information which cannot be used to identify or contact you, such as demographic information regarding, for example, user gender, type of skin condition / disease that your inquiry relates to and other anonymous statistical data.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail and telephone.
All personal data is sought on the basis of ‘consent’, i.e. that it is a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data.
5. Purposes for which we collect and retain your information
The ISF will not obtain personally-identifying information about you when you visit our site, unless you choose to provide such information to us, nor will such information be sold or otherwise transferred to unaffiliated third parties without the specific approval of the user at the time of collection. We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights.
When you choose to provide your contact details to us, we will use your contact details to communicate with you. We may use your information to send you news and latest updates about ISF events and services. We may contact you by post, email or telephone for these purposes as specified in your preferences on signing up for information. To change your contact preferences simply contact us by email at firstname.lastname@example.org.
When you choose to provide your contact details to us this information may be passed to and used by all ISF departments and may also be used anonymously for statistical purposes. If you discover that we are holding inaccurate information about you, you can request us to correct that information at any time. Simply contact us by email at email@example.com.
We will process any personal data you provide to us for the following purposes:
a) To deal with your-skin health inquiry effectively
b) To add you to our members/contacts database
c) To register you for our newsletter
d) To send you a survey seeking feedback on our services
e) To register your interest in being contacted about research opportunities
f) To send printed/hard-copy information to you on foot of a request
g) To process a donation
h) To respond to any communications you might send to us
We use the non-personal data gathered in an aggregate form to get a better understanding of where our visitors come from and to help improve our services.
Any personal data communicated via our online, email and helpline services is confidential. When you subscribe to the ISF’s mailing list by registering with us, your email address will not be shared with any third parties, and you can unsubscribe from the list at any time.
6. Retention of data
The ISF retains personal data for the purposes for which it was obtained (see (a) to (h) above. We delete and securely dispose of personal data when the purpose for which it was obtained ceases and the data is no longer required. The ISF retains personal data in line with the Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners (Section 23.2) and in accordance with the guidelines provided by the National Hospitals Office (NHO) Code of Practice for Healthcare Records Management (2007).
How to request your data
Under the GDPR and domestic legislation, you have the right to request a copy of any and all information held by us. In line with our procedure in relation to access requests, please write to us, describing your the data request needs, at the following address:
Irish Skin Foundation
Charles Institute for Dermatology
University College Dublin
Dublin D04 V1W8
Retention periods as follows:
Personal contact details provided to us in the course of making an inquiry to the ISF Helpline (your name, address, email address, telephone number) are retained for no longer than 8 years from your last contact with us
Personal contact details provided to us when you register for our regularly issued newsletters through our website, the ISF Helpline or event (your name, address, email address, telephone number); for as long as the ISF issues such newsletters or until you choose to unsubscribe
Personal health information provided in the course of making a skin health inquiry is retained for no longer than 8 years from your last contact with us
Information relating to once-only credit / debit / charge card transactions are retained for no longer than 24 months. Information relating to regular donations are retained to facilitate such donations or for as long as the donor wishes to support the ISF’s work with a regular donation. Non-active donor details are removed from records regularly.
7. Disclosure of information to third parties
We will not disclose your personal data to third parties unless you have specifically consented to this disclosure or unless the third party is required to fulfill your order (e.g. to make payment or donation, in such circumstances, the third party is bound by similar data protection requirements).
As a data controller, the ISF uses the data processor, Global Payments (the real-time payment exchange), to process our online donations and payments. Global Payments provide a secure robust payment processing solution across the internet and are fully Payment Card Industry Data Security Standards (PCI DSS) compliant.
As a data controller, the ISF uses the data processor, Salesforce (a cloud-based customer management platform), to securely manage all data collected in the course of our Helpline work. Salesforce provides a robust privacy and security programme to meet the highest standards in the industry and to prevent any inappropriate access to your data.
We will disclose your personal data if we believe, in good faith, that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
The nature of the Internet and e-mail communications is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data. We endeavour to ensure the highest level of security as regards your credit or debit card details, during your use of this site by using Secure Sockets Layer (“SSL Software,”) which encrypts information which you have inputted. You accept that any information or message you send to the site may be intercepted or read by others. You hereby acknowledge and accept that we have no responsibility and shall accept no liability whatsoever for loss, injury or damage occasioned by the interception by third parties of your transmissions, or the disclosure of information including but not limited to credit card numbers by any party with whom you transact, nor do we offer any guarantees, warranties or indemnities as to the security or otherwise of any information which you give us.
9. Updating, verifying and deleting personal data
You may inform us of any changes in your personal data, and in accordance with our obligations under the GDPR and domestic legislation we will update or delete your personal data accordingly. To find out what personal data we hold on you or to have your personal data updated, amended or removed from our database, please contact us by email at firstname.lastname@example.org. Any such data subject requests may be subject to the prescribed fee.
8. Feedback and complaints policy
We aim to provide a high-quality service to people with skin disorders their families and carers. It’s important that we know about any problems so we can deal with them quickly and effectively. We recognise, however, that there are times when our services may not meet people’s needs or expectations. When this happens it is important that we know about it so that we can deal with any problem quickly and effectively. It also helps us to continue to improve the quality of services that we offer.
If you have a complaint or would like to raise any issues informally, we ask that you to contact us. All complaints are treated confidentially.
What to do if you have a complaint
As a first step, we ask you to contact us on (01) 4866-280 or email email@example.com to see if the problem can be resolved; we will take reasonable steps to resolve the matter.
If you are not happy with the response, do not feel comfortable approaching a member of staff directly, or feels that the matter is a more serious issue, you may wish to make a formal complaint either by telephone or in writing. Their complaint will be acknowledged in writing within 72 hours. Where possible, the investigation will be completed with 14 days.
If you are unhappy with the response you receive, you have the right escalate the complaint. Details of how to do this will be included in the initial letter/e-mail we send to you on foot of a formal complaint.
Please get in touch with us to make a complaint using the details below:
Call: David McMahon, CEO on (01) 486-6280
Write to: David McMahon, Irish Skin Foundation. Charles Institute for Dermatology, University College Dublin, Dublin D04 V1W8
We also welcome all general feedback about our services, whether comments or suggestions.
9. Changes to the Privacy Statement
Any changes to this Privacy Statement will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Statement, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.
Date of review: March 2018