The ISF respects your right to privacy and complies with our obligations to uphold your rights under the General Data Protection Regulation (GDPR) and domestic legislation.
2. Types of information collected
In order to conduct our work, we collect and retain two types of information:
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, telephone number, details of your skin health enquiry provided by e-mail or communicated to an ISF nurse by phone. Such information is only collected from you if you voluntarily submit or communicate it to us. We use this information for the sole purpose of dealing with your skin-health enquiry efficiently.
Like most helplines, we gather statistical and other analytical information collected on an aggregate basis of all users to the ISF Helpline. This non-personal data comprises information which cannot be used to identify or contact you, such as demographic information regarding, for example, user gender, type of skin condition / disease that your enquiry relates to and other anonymous statistical data.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail and telephone.
All personal data is sought on the basis of ‘consent’, i.e. that it is a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data.
3. Purposes for which we collect and retain your information
The ISF will not obtain personally-identifying information about you when you visit our site, unless you choose to provide such information to us, nor will such information be sold or otherwise transferred to unaffiliated third parties without the specific approval of the user at the time of collection. We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights.
When you choose to provide your contact details to us, we will use your contact details to communicate with you. We may use your information to send you news and latest updates about ISF events and services. We may contact you by post, email or telephone for these purposes as specified in your preferences on signing up for information. To change your contact preferences simply contact us by email at email@example.com.
When you choose to provide your contact details to us this information may be passed to and used by all ISF departments and may also be used anonymously for statistical purposes. If you discover that we are holding inaccurate information about you, you can request us to correct that information at any time. Simply contact us by email at firstname.lastname@example.org.
We will process any personal data you provide to us for the following purposes:
a) To deal with your skin health enquiry effectively
b) To add you to our members/contacts database
c) To register you for our newsletter
d) To send you a survey seeking feedback on our services
e) To register your interest in being contacted about research opportunities
f) To send printed/hard-copy information to you on foot of a request
g) To process a donation
h) To respond to any communications you might send to us
We use the non-personal data gathered from our Helpline in an aggregate form to get a better understanding of where our visitors come from and to help improve our Helpline service.
Any personal data communicated via our online, email and helpline services is confidential. When you subscribe to the ISF’s mailing list by registering with us, your email address will not be shared with any third parties, and you can unsubscribe from the list at any time.
4. Retention of data
The ISF Helpline retains personal data for the purposes for which it was obtained (see (a) to (h) above. We delete and securely dispose of personal data when the purpose for which it was obtained ceases and the data is no longer required. The ISF retains personal data in line with the Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners (Section 23.2) and in accordance with the guidelines provided by the National Hospitals Office (NHO) Code of Practice for Healthcare Records Management (2007).
How to request your data
Under the GDPR and domestic legislation, you have the right to request a copy of any and all information held by us. In line with our procedure in relation to access requests, please write to us, describing your data request needs, at the following address:
Irish Skin Foundation
Charles Institute for Dermatology
University College Dublin
Dublin D04 V1W8
Retention periods as follows:
Personal contact details provided to us in the course of making an enquiry to the ISF Helpline (your name, address, email address, telephone number) are retained for no longer than 8 years from your last contact with us.
Personal contact details provided to us when you register for our regularly issued newsletters through our website, the ISF Helpline or event (your name, address, email address, telephone number); for as long as the ISF issues such newsletters or until you choose to unsubscribe
Personal health information provided in the course of making a skin health enquiry is retained for no longer than 8 years from your last contact with us.
Information relating to once-only credit / debit / charge card transactions are retained for no longer than 24 months. Information relating to regular donations are retained to facilitate such donations or for as long as the donor wishes to support the ISF’s work with a regular donation. Non-active donor details are removed from records regularly.
5. Disclosure of information to third parties
We will not disclose your personal data to third parties unless you have specifically consented to this disclosure or unless the third party is required to fulfill your order (e.g. to make payment or donation, in such circumstances, the third party is bound by similar data protection requirements).
As a data controller, the ISF uses the data processor, Global Payments (the real-time payment exchange), to process our online donations and payments. Global Payments provide a secure robust payment processing solution across the internet and are fully Payment Card Industry Data Security Standards (PCI DSS) compliant.
As a data controller, the ISF uses the data processor, Salesforce (a cloud-based customer management platform), to securely manage all data collected in the course of our Helpline work. Salesforce provides a robust privacy and security programme to meet the highest standards in the industry and to prevent any inappropriate access to your data.
We will disclose your personal data if we believe, in good faith, that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
The nature of the Internet and e-mail communications is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data. We endeavour to ensure the highest level of security as regards your credit or debit card details, during your use of this site by using Secure Sockets Layer (“SSL Software,”) which encrypts information which you have inputted. You accept that any information or message you send to the site may be intercepted or read by others. You hereby acknowledge and accept that we have no responsibility and shall accept no liability whatsoever for loss, injury or damage occasioned by the interception by third parties of your transmissions, or the disclosure of information including but not limited to credit card numbers by any party with whom you transact, nor do we offer any guarantees, warranties or indemnities as to the security or otherwise of any information which you give us.
7. Updating, verifying and deleting personal data
You may inform us of any changes in your personal data, and in accordance with our obligations under the GDPR and domestic legislation we will update or delete your personal data accordingly. To find out what personal data we hold on you or to have your personal data updated, amended or removed from our database, please contact us by email at email@example.com. If the request is considered manifestly unfounded or excessive then an administrative charge may apply.
8. Helpline feedback and complaints policy
We aim to provide a high-quality service to people with skin disorders their families and carers. It’s important that we know about any problems so we can deal with them quickly and effectively. We recognise, however, that there are times when our services may not meet people’s needs or expectations. When this happens, it is important that we know about it so that we can deal with any problem quickly and effectively. It also helps us to continue to improve the quality of services that we offer.
If you have a complaint or would like to raise any issues informally, we ask that you to contact us. All complaints are treated confidentially.
What to do if you have a complaint
As a first step, we ask you to contact the Helpline on (01) 4866-280 or email firstname.lastname@example.org to see if the problem can be resolved; we will take reasonable steps to resolve the matter. We will ensure that your complaint is treated seriously, and that your confidentiality is respected, while taking reasonable steps to resolve the matter.
If you are not happy with the response, do not feel comfortable approaching a member of staff directly, or feel that the matter is a more serious issue; you may wish to make a formal complaint either by telephone or in writing. The complaint will be acknowledged in writing within 72 hours. Where possible, the investigation will be completed with 14 days.
What will we do with your complaint?
We will assess your complaint on an individual basis; there are no standard or automatic replies. We will consider all relevant factors when deciding on an appropriate response and will offer what we believe to be a fair resolution. If we find that we have made a mistake, or not dealt with you properly, we will do what we can to put things right.
This may involve apologising, taking further action to resolve the issue, or telling you that we have learnt from the complaint and what action we will take to ensure that no other person has the same issue.
If you are unhappy with the response you receive, you have the right to escalate the complaint. Details of how to do this will be included in the initial letter/e-mail we send to you on foot of a formal complaint.
Please get in touch with us to make a complaint using the details below:
Email: email@example.com or firstname.lastname@example.org
Call: Carmel Blake, Helpline Clinical Manager or David McMahon, CEO on (01) 486-6280
Write to: Carmel Blake, Helpline Clinical Manager or David McMahon, CEO, Irish Skin Foundation. Charles Institute for Dermatology, University College Dublin, Dublin D04 V1W8
We also welcome all general feedback about the Helpline, whether comments or suggestions.
Date of review: May 2020