GDPR and Data Protection Law
The Irish Nurses Cardiovascular Association
General Data Protection regulation (‘the GDPR’) came into effect 25th May, 2018. The GDPR applies across European Union (EU) and aims to give individuals more rights, control and understanding of how their personal data is processed.
The Irish Nurses Cardiovascular Association (INCA) value the trust placed in us by our members, presenters and colleagues who attend our events and may/may not be INCA members. Data security is one of our highest priorities and we aim to be as clear as possible on the types of data we hold on you, the purpose it is used for and your rights in relation to how it is processed.
Your privacy is important to us, and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do and why we do it. INCA is committed to the privacy of all its members, presenters, event delegates and colleagues.
WHO ARE WE
The Irish Nurses Cardiovascular Association (INCA) was formed in September 1996. The Association was formed to encourage nurses working within this area to meet on a regular basis and to exchange views and research on their work. Over the years the focus of the Association has evolved to encompass the broad range of cardiovascular nursing specialities. INCA is now the major scientific group for nurses in Ireland working in the field of cardiovascular disease.
INCA is a voluntary organisation and its aim is to provide a forum for education, communication and research development among members working in the field of cardiovascular nursing.
Committee members share responsibilities of planning, organising and managing INCA’s scientific meetings and travel to International conferences with the aim of bringing back information to our colleagues in the Irish Cardiovascular Nursing sector.
WHO THIS POLICY APPLIES TO
This Privacy Policy covers our treatment of your personal information that we gather when you are interacting with INCA as a member, conference delegate, presenter, vendor, supplier, website user, or otherwise (a “Data Subject”). In the course of our business, we gather various types of information about our Data Subjects including information that identifies you as an individual (“Personal Data”) as explained in more detail below.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”), the data controller is The Irish Nurses Cardiovascular Association (INCA) c/o The Irish Heart Foundation, 17-19 Rathmines Road Lower, Dublin, D06 C780
WHO CAN YOU CONTACT IF YOU HAVE QUESTIONS OR REQUESTS?
For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at
Email: secretary@incanursing.ie
Post: The Irish Nurses Cardiovascular Association (INCA) c/o The Irish Heart Foundation, 17-19 Rathmines Road Lower, Dublin, D06 C780
KEY PRINCIPLES
We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles that INCA applies when dealing with your personal data are as follows:
- Lawfulness: we will only collect your Personal Data in a fair, lawful and transparent manner.
- Data minimisation: we will limit the collection of your Personal Data to what is directly relevant and necessary for the purposes for which they have been collected.
- Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and not process your Personal Data further in a way incompatible with those purposes.
- Accuracy: we will keep your Personal Data accurate and up to date.
- Data security and protection: we will implement technical and organizational measures to ensure an appropriate level of data security and protection considering, among others, the nature of your Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of Processing.
- Access and rectification: we will process your Personal Data in line with your legal rights.
- Retention limitation: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations and for no longer than is necessary for the purposes for which it has been collected.
- Safeguards re third parties: we will ensure that Personal Data access by third parties is not permissible through INCA channels.
- Lawfulness of direct marketing and cookies: if we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with applicable law.
INFORMATION WE COLLECT
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
• Identity Data
We collect the personal data that you may volunteer as part of your interaction with INCA. We do not collect information about our members from any other sources apart from that which you volunteer to provide. We do not collect or use personal data for any purpose other than the specific tasks related to the provision of the INCA forum for education, communication and research development.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
LAWFUL BASIS FOR PROCESSING
Please note that in accordance with applicable data protection law, your Personal Data can be processed if:
- you have given us your consent for the purposes of the Processing. For the avoidance of doubt, you will always have the right to withdraw your consent at any time;
- with such processing, we pursue a legitimate interest that is not outbalanced by your privacy rights. Such legitimate interest will be duly communicated to you if applicable; or
- it is required by law.
HOW WE USE YOUR INFORMATION / PURPOSES OF PROCESSING
We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.
We use the information given to us by you to provide the services you request from us in the way that is set out in this privacy policy. We may use your Information to (but not limited to):
- Create and manage your account
- Process your membership transactions;
- Members – Send email notices about INCA organised events and membership information
- Secure our systems and applications;
- Enforce our legal rights or comply with legal requirements;
DISCLOSURE OF PERSONAL DATA
Any Personal Data which is collected will be used SOLELY for the purposes of INCA administration and access will be limited to authorized committee members.
VISITORS TO OUR WEBSITE
Our website was developed by Kevin Costello Web Design and is managed by authorised committee members. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
WEBSITE HOST
We use a third-party service, by Kevin Costello Web Design, to publish our website. This site is hosted by Register365.
SOCIAL MEDIA
INCA has a Twitter page: https://twitter.com/INCAnursing
And a Facebook page: https://www.facebook.com/www.inca.ie
These are managed by authorised committee members.
STORAGE OF DATA
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will not store your personal information for any longer than we need to, however we may be obliged by law to store your communications and personal information including activity logs and we may need to show details of these to government or authorised officials upon request. Like many websites, we use log files to monitor the effectiveness of our website.
The data we collect from you will be stored within the EU. By providing us with this data, you agree to this storing and/or processing.
All our data is stored on our secured servers or on secure servers that are operated by a third party.
If we have provided you with a password which enables you access to our website, you are responsible for keeping this password confidential.
CONFIDENTIALITY/SECURITY
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
All our committee members who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our members’ and visitors’ personal data.
BREACH MANAGEMENT
In the event that any personal information is accessed without authorization, INCA will refer the information to the office of the Data Protection Commissioner within two working days of becoming aware of the incident, outlining the circumstances surrounding the incident. Further steps will be taken in consultation with the office of the Data Protection Commissioner thereafter.
ACCESS TO THE PERSONAL DATA WE MAY HOLD ABOUT YOU
You can ask us whether we are keeping personal data about you upon request, which you can indicate by
Email: secretary@incanursing.ie
Post: The Irish Nurses Cardiovascular Association (INCA) c/o The Irish Heart Foundation, 17-19 Rathmines Road Lower, Dublin, D06 C780
We will provide you with a readable copy of the personal data which we keep about you, within one month of receipt of this request – although we will before require proof of your identity. We will provide this information free of charge.
We may however charge a reasonable fee to comply with the requests for further copies of the same information. This fee is based on the administrative cost to provide this information.
We allow you to challenge the data that we hold about you and, where appropriate, you may have the data erased, rectified or amended if it is incorrect or inaccurate.
ERASURE OF DATA
You have a right to have your personal data erased to prevent processing in the following specific circumstances:
- Where the personal data is no longer necessary in relation to the purposes for which it was originally collected/processed.
- If you wish to withdraw consent.
- If you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The data was unlawfully processed in accordance with the GDPR.
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
KEEPING YOUR INFORMATION SECURE – TO HELP US KEEP YOUR INFORMATION CONFIDENTIAL YOU SHOULD:
- Keep your password secret.
- Never distribute the website addresses for pages that you have looked at while logged in as a registered member or visitor.
- You should choose a password that is not obvious or known to anyone else. You should never give a third party your password, as you will be responsible for all activity and charges incurred through use of your password whether authorised by you or not.
- If you forget your password, you can request a new password, which will be emailed to the address we hold for you. You can change your password anytime through your account on the website. Should we think that there is likely to be, or has been any breach of security, we may change your password and notify you of the change by email.
NOTIFICATION OF CHANGES TO THIS POLICY
If we decide to change our Privacy Policy, we will post these changes on this website so you know what information we collect and how we use it. If at any point we decide to use personally identifiable information in a way different from that told to you at the time it was collected, we will tell you. You will have a choice as to whether or not we use your information in this different manner.
SUMMATION
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of INCA’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the following address:
The Irish Nurses Cardiovascular Association (INCA) c/o The Irish Heart Foundation, 17-19 Rathmines Road Lower, Dublin, D06 C780