Privacy statement for HLI Ireland
HLI is committed to protecting the privacy of users of the HLI Ireland website in compliance with the General Data Protection Regulation. This privacy statement outlines how we manage the information you give us while you use HLI Ireland’s website. HLI Ireland will never be intrusive or use the information you provide to us in any way detrimental to you. It will only be used in the way you want it to be used, in other words to be used with your permission to make a donation, to make a purchase, to help us in our work, to help claim tax back, to provide you with information on our work, events, conferences, campaigns and fundraising efforts in our mission.
Your right to access, correct, delete, amend, transfer and make a complaint on matters concerning your data that is held by HLI Ireland.
Our supporters have the right to access, amend, correct, transfer and delete personal data relating to them, and to object to the processing of such data, by addressing a written request (an email can also be used), at any time. We will complete your request within one month from the date the request was made. You also have the right to make a complaint to HLI and the Data Commissioner of Ireland if you are unhappy with any aspect of how HLI has handled your data or request(s). HLI Ireland makes every effort to put in place suitable precautions to safeguard the security and privacy of personal data, and to prevent it from being altered, corrupted, destroyed or accessed by unauthorized third parties. However, HLI does not control each and every risk related to the use of the Internet, and therefore warns the Site users of the potential risks involved in the functioning and use of the Internet. The Site may include links to other web sites or other internet sources. As HLI cannot control these web sites and external sources, HLI cannot be held responsible for the provision or display of these web sites and external sources, and may not be held liable for the content, advertising, products, services or any other material available on or from these web sites or external sources.
An Overview of your rights:
● Right to be Forgotten: this right to erasure of personal data allows a person to request from the HLI Controller the deletion of personal data, without undue delay, on particular grounds. In particular, this right is important for HLI where we may have collected personal data from a child in the past and where, as an adult, the Data Subject now has a different viewpoint of the risks involved in the processing. (Note that the general age of consent under the GDPR is 16 years and Ireland has introduced a national threshold of 13 years);
● Right to Restriction of Processing: in certain circumstances, a person can request the HLI Controller to restrict processing either permanently or temporarily. For example, the accuracy of data may be contested, there may be concerns that the processing may be unlawful or there are queries over the legitimate interests of the Controller overriding the rights and freedoms of a person. Within HLI, for example, the person in question could ask the Controller not to publish a photograph from a fundraising event showing his or her face until the lawful processing condition for this is clarified.
● Right to Object to Certain Processing: a person is entitled to object to the processing of their personal data based on his or her situation, preference or state of mind. Where data is processed, for example, for the purpose of direct marketing, consent may be withdrawn at any time and free of charge. An objection to processing may be overridden in certain circumstances. For example, Irish law may require HLI Ireland’s Controller to continue keeping fundraising records for financial auditing reasons. However, the Controller has to bear in mind that the burden of complying with such an overriding factor rests with the Controller, not the Data Subject.
● Right to Data Portability: where a person is moving their account from one provider to another (or one organisation to another), the person in question should be able to receive a copy of his or her personal data in a structured, commonly used, machine-readable format. There are some exceptions to this right.
● Right of Access to Information: where a person submits a written request, the HLI Controller will provide a copy of any information relating to the person in question without undue delay and at the latest, within one month of receipt of the request. Any reference to other individuals in the data will be removed or redacted before the information is handed over. This deadline may be extended to two months in certain situations. There will be no fee for this facility under the GDPR rules.
● Right to Complain, Right to Judicial Remedy: where a person is not satisfied that the HLI Controller adhered to its obligations under the GDPR, he or she can consider bringing a complaint to the Irish Data Protection Commissioner or seek a judicial remedy in the Irish courts.
HLI, In addition, where the personal data is/was not obtained from the person themselves, either at the time their data is first processed or at the time of disclosure to a third party, all the above information must be provided to the person concerned and they must also be informed of the identity of the original data controller from whom the information was obtained and the categories of data concerned.
Management of personal data
You can view or edit your personal data online for many of our services. You can also make choices about our collection and use of your data. How you can access or control your personal data will depend on which services you use. You can choose whether you wish to receive promotional communications from our store by email, SMS, physical mail, and telephone. If you receive promotional email or SMS messages from us and would like to opt out, you can do so by following the directions in that message. You can also make choices about the receipt of promotional email, by opting out of email subscriptions by choosing unsubscribe on the newsletter that is sent out to you.
Type of information we collect
The type of information we collect may include your personal data which identifies you or can be used to identify or contact you. This includes name, postal or email address, telephone number and other contact information you provide on our online forms, it is important to note that this can only be done with your consent. It is important to note that this is information provided voluntarily by you and as such can be withdrawn by you at any time. HLI Ireland does not collect any personal information other than information that is knowingly and willingly given. This personal data includes a record of your interactions with us and is stored in-house on our database to enable us to keep you informed our work and how donations are used. Through our interaction with you we may gather a range of contact details include emails, mobile, postal address and landline numbers, which are all retained with your permission. You have the right to have any details you provide, amended, corrected or removed from our data base and records.
Why does HLI Ireland collect your personal information?
We need to collect your personal information in order to respond to queries, keep you informed on any events, campaigns and fundraising and mission work that is taking place, to process donations and to assist with claiming tax back on your donations if so desired by you.
If you make a donation or a purchase on the HLI Ireland website you will be asked to provide your credit/debit card number, HLI will not receive these details, they will be encrypted through a secure service.
If you set up a standing order we will require your BIC and IBAN numbers (which will be securely retained).
How we use the information you provide
The information you provide will be used solely for the purpose for which you provided it & with your consent.
We process personal data you provide to us for the following purposes:
• for purchasing any of our products or processing your online donation.
• for registering your interest in and communicating with you about our mission, campaigns, our fundraising goals and any events (when you have specifically given your consent).
• To let you know about our conferences and other HLI Ireland events and programmes (When you have requested such information)
• for mailing list(s) and eNewsletter(s) (when you have specifically given consent)
Disclosure of information to third parties
HLI will never trade your personal details with third parties, except to process your online donation or purchase, this will be through a safe and secure financial system
HLI Ireland will ensure your details are treated with the utmost care and in accordance with the Irish Data Protection Act 1988/2003 and the ePrivacy regulations 2011 & GDPR policies.
HLI Ireland will work to protect your data from loss, misuse, unauthorised access or disclosure, or alteration. HLI will respect your privacy and will not sell or give your details to other organisations for marketing or any other purpose.
Your personal data is held on a secure server hosted by our hosting service provider. The nature of the Internet is such that we cannot 100% guarantee or warrant the security of any information you transmit to us via the Internet to be secure. However, once we receive your personal data we take all reasonable technical and organisational measures to protect personal data from loss, misuse, alteration or destruction and to prevent any unauthorised or unlawful disclosure or processing.
Security Data Breach policy
In the case of a personal data breach, the HLI Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
The processor shall notify the Controller without undue delay after becoming aware of a personal data breach.
The notification shall at least:
• describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
• communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
• describe the likely consequences of the personal data breach;
• describe the measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
• Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
• The Controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.
Communication of a personal data breach to the data subject
• When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the personal data breach to the data subject without undue delay.
• The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33 (3).
• The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met:
• the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
• the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialise;
• It would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
• If the Controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in paragraph 3 are met.
As you use this website technical details in connection with visits to this website are logged by our internet service provider for statistical purposes. No information is collected that could be used by us to identify website visitors. The technical details logged are confined to the following items:
• The IP address of the users webserver.
• The top level domain name used (for example .i.e., .com, .net, .biz)
• The previous website address from which the user reached us, including any search criteria used.
• Click screen data which shows the traffic of users around this website (for example pages accessed and documents downloaded).
• The type of web browser used by the website user.
HLI will make no attempt to identify individual visitors, or to associate any technical details listed above with any individual.
Right of access to and updating or deleting your personal data
If you have subscribed to one of our mailing lists or eNewsletters, you can update your profile and preferences or unsubscribe at any time. Click on the 'update preferences or unsubscribe' link at the foot of the email, this link appears on every eNewsletter we send out.
You may also inform HLI of any changes in your personal data and we will update your details. To find out what personal data we hold for you, to receive a copy of this data, or to have your personal data updated, amended, or deleted, please write to us using the contact details below.
Human Life International (Ireland).
Rep. of Ireland.
Telephone: +353 94 9375993
Data Commissioners of Ireland can be contacted at;
The Office of the Data Protection Commissioner