DATA PROTECTION
This is a data protection information notice as required by the GDPR’s Article 13 that sets out how Gerri’s Place processes personal data that comes into its possession. If you have a particular interest in how this site uses cookies, you will find information on these by clicking on the ‘cookie’ in the bottom right-hand corner of the screen.
Data Controller
The Data Controller whose processing activities are described in this notice is Gerri’s Place which is a registered company (a Company Limited by Guarantee with number 702907) at the Companies Registration Office for Ireland. Gerri’s Place is also registered with the Charities Regulator with a number of 20206680.
Data protection inquiries can be directed to info@gerrisplace.ie or write to us at: Gerri’s Place, Terenure Enterprise Centre, Unit 6 Desk C, 17 Rathfarnham Road, Terenure, Dublin 6 (please mark as private and confidential). We can be called or texted on (089) 254 09 90.
Processing Activities
Gerri’s Place only processes personal data as a Data Controller; it does not process any personal data for any other Data Controllers.
|
Activity |
Legal Basis |
Categories of Personal Data |
Categories of Data Subjects |
|---|---|---|---|
|
Applications from prospective participants for weekends |
Performance of a contract. Explicit consent for health data. |
Name, contact details (including nominated emergency contacts), gender, date of birth, current mental well-being and wider health issues. |
Participants |
|
Contributions for weekend participation |
Performance of a contract |
Name, card details |
Participants
|
|
Medical attention consent and waiver form for weekends
|
Performance of a contract |
Name and signature |
Participants |
|
Individual donations |
Legitimate interests |
Name, email and card details |
Donors |
|
Recontacting donors |
Legitimate interests |
EMail addresses for dissemination |
Former funders |
|
Contacting past and prospective participants |
Consent |
EMail addresses for dissemination |
Stakeholders including past and prospective participants |
|
Analysing web traffic to optimise site |
Legitimate interests |
IP address; device type and OS; pages visited; referring website if relevant |
Visitors to our website |
|
Feedback forms to refine design of the weekends |
Legitimate interests |
email address injected |
Participants |
|
Evaluation of weekends |
Legitimate interests |
Impacts of activities on participant’s confidence in dealing with their own mental health and wellbeing |
Participants |
|
Registering Directors with CRO and Charities Regulator |
Legal requirement |
Name, (residential address and PPSN for CRO) |
Directors |
Gerri’s Place relies on a number of service providers for the processing of personal data which are identified in the table below for the various activities previously identified along with the criteria used for retaining the data.
|
Activity |
Recipients |
Retention Criterion |
|
Applications from prospective participants for weekend |
Google Forms |
Held until the end of the year following a lapse of seven years for those who participated in a weekend For applicants who do not participate, their data is deleted at the end of the year following a complete calendar year since their registration |
|
Contributions for weekend participation |
iDonate |
Held until the end of the year following a lapse of seven years for those who participated in a weekend
|
|
Medical attention consent and waiver form for weekends |
None |
Held until the end of the year following a lapse of seven years for those who participated in a weekend |
|
Individual donations |
iDonate |
Six months after the donation date |
|
Recontacting donors |
Squarespace |
Deleted one year after last donation. |
|
Contacting past and prospective participants |
Squarespace |
Retained until the end of the year following seven years from the date of initial accession unless Consent is previously withdrawn |
|
Analysing web traffic to optimise site |
Squarespace |
All logs deleted after seven days. |
|
Feedback forms to refine design of the weekends |
Google Forms |
Deleted five years after the event |
|
Evaluation of weekends
|
Michael J. Norton (researcher processing participants’ responses on behalf of Gerri’s Place). |
Ten years after conclusion of study as per Social Research Ethics Committee of University College Cork |
|
Registering Directors with CRO and Charities Regulator |
Companies Registration Office and Charities Regulator |
Deleted within six months of the Director resigning |
Service providers in the United States of America qualify for adequacy as they are signatories to the Data Privacy Framework.
Data Protection Rights
Data subjects have a variety of rights under the GDPR. The applicability of these rights can vary by specific data, not least due to the legal basis for specific processing. These rights include:
-
Right of access – you have the right to know what data we might hold on you and to have a copy of it as set out in Article 15 of the GDPR.
-
Right of rectification – you have the right to have data amended as set out in Article 16 of the GDPR.
-
Right of erasure – you may have a right to have certain personal data deleted as set out in Article 17 of the GDPR.
-
Right to restrict processing – you have the right to seek a restriction of processing in line with Article 18 of the GDPR.
-
Right to data portability – if we have your personal data in a structured form, you may have the right to have such data passed in that form to another service provider or given to you in a commonly used machine-readable form in accordance with Article 20 of the GDPR.
-
Right to object to processing – you may have the right to object to your personal data being processed in line with Article 21 of the GDPR, particularly where we are doing so on the basis of our legitimate interests.
Contacting the regulatory authority
If you feel that Gerri’s Place has not addressed your data protection concern in a satisfactory manner, you may contact the Data Protection Commission (DPC) as the regulatory authority for data protection in Ireland. The DPC would wish you to use the following page to record your concern:
https://forms.dataprotection.ie/contact