Dara Data Protection
About Us – Data Protection
Welcome to the DARA Data Protection (DP) section of the Website.
- a) DARA supports the rights of an individual and family members to see what information is held about them within the organisation as defined in the Data Protection Act 2018. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing, storage, and security of their personal data.
b) DARA undertakes to protect any information provided to it on a confidential basis subject to our obligations under law, including the Data Protection Act 2018 and the EC (Electronic Communication Regulation) Act 2011.
c) For the purpose of Data Protection, DARA is known as a Data Controller and this Data Privacy Statement sets out our obligations to manage your data in a fair, transparent and lawful manner whilst also upholding your rights under Data Protection.
- Principles of Data Protection
DARA as Data Controller must adhere to the 7 Principles of the Data Protection Act 2018 where the information is held on computer or in a manual form. The 7 Principles of Data Protection include the following:
- Obtained and processed in a fair, transparent and lawful manner, meaning that the person(s) providing the information must be informed of the purpose for which the information is required and how will it be used.
- The information collected is used for the purpose for which it was provided.
- The information is adequate, relevant and limited to what is necessary in relation the purposes for which it has been provided.
- The information is accurate, complete, up to date and well organised at all times.
- The information is retained for no longer than is necessary and in compliance with DARA’s Records Management Policy
- The information is safe and secure at all times with access limited on a need to know basis
- DARA as the Data Controller will demonstrate accountability for the personal and
sensitive information that it processes and retains.
- What information do we collect?
The following is the type of personal/sensitive data that DARA collects about you, depending on whether you are a person we support or your family/guardian, an employee/ volunteer, board member or persons contracted for business/services:
Personal information that identifies you, including name, contact information, location details, email address, date of birth and any other identifiable personal data that is provided to the Service that is required.
Special categories of personal data, such as that relating to your physical/mental health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data.
4.1 How is your personal/sensitive information collected?
We obtain your information from a variety of sources, including information you give us. We may also receive information from Third Parties, for example, a former service provider or former employer.
4.2 What are the legal basis for processing (using) your personal/sensitive data?
Any use of your personal data must have a legal basis. The basis under GDPR which we, depending on the circumstances, may rely on include:
- When it is necessary for the provision of a health or personal social service under Section 38(1) of the Health Act 2004.
- Where you have consented to the processing of your personal data by us.
- To perform a contract or to take steps at your request (clearly with your knowledge and consent) before entering into a contract, such as a contract to provide you with a service, or an employment contract.
- When it is necessary for DARA to comply with a legal obligation, such as reporting to a statutory or regulatory body. e.g. HIQA, Túsla, or law enforcement.
- When it is necessary to protect your vital interests in exceptional circumstances, such as in a case of a medical emergency.
- When it is necessary for the legitimate interests of DARA, except where those interests are overridden by your interests or your fundamental rights and freedoms.
4.3 How we use your personal/sensitive data.
We will only use your personal data when the law permits us. We may use your personal data for the following purposes:
Providing you with services – we may process information about you when you avail of our services.
Legal and Contractual obligations – we may process your data to comply with our legal and/or contractual obligations.
Running our Service – we will process your data to monitor and improve the quality of our services and to meet certain legal and regulatory obligations that apply to our organisation, including administration, operations and security.
4.4 Who may access your personal/sensitive data?
Access to your personal data is strictly on a need-to-know basis. Those authorised to access your personal data will vary, depending on whether you are a person supported by DARA or your family/guardian, a staff member or volunteer, or a person contracted for services.
Third parties who may be provided access to your personal data include the following:
- DARA Senior Management Team/Service Managers/Heads of Departments/Administration staff.
- DARA healthcare professionals, Nurses
- External healthcare professionals, including physicians and psychiatrists;
- Staff/ Volunteers providing support to Persons Supported;
- Statutory and regulatory bodies;
- Banks, financial institutions, insurers, pension fund administrators;
- DARA’s legal advisors, as and when appropriate.
We require third parties to respect the security of your data and to treat it in accordance with the law.
All our third-party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
4.5 For how long will DARA hold your personal/sensitive data?
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal data are available in our records management policy. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use
such information without further notice to you.
- Your rights under Data Protection – General Data Protection Regulation (GDPR May 2018)
- Right to have your personal data processed in accordance with the Data Protection Acts.
2. Right to be informed.
3. Right of access.
4. Right to establish existence of personal data.
5. Right of rectification or erasure if the information is inaccurate.
6. Right to block certain issues.
7. Right to have your name removed from a direct marketing list.
8. Right to object.
9. Freedom from automated decision making.
10. Right under Data Protection and Privacy in Telecommunications Regulations.
Please contact the Data Protection Officer by email or mobile phone details below, should you wish to exercise your Data Protection rights.
- How to make a request under Data Protection?
You can make a request by writing to the Data Protection Officer at the address below or by email to email@example.com Please state the specific record(s) you are requesting.
It is important that you describe the records that you are seeking in the greatest detail possible to enable us to identify the relevant records. Please note that the Data Protection Acts apply only to personal information but not to records of the deceased.
Please submit your request to:
Mary McMahon Director of Operations, The HUB, Main Street Celbridge Co Kildare W23EK68 or email firstname.lastname@example.org
Entitlements under the Data Protection Acts
A decision will, in normal circumstances be issued within 30 working days including weekends and public holidays of receipt of your request. There are exemptions provided for in the Acts, this means that there are specific circumstances when the requested information will not be released. Should this situation arise, the reason/s will be clearly explained to you. Details of your entitlement to complain to the Data Protection Commissioner will be included in the decision letter.
More details on ‘Your Rights’ can be obtained from:
The Office of the Data Protection Commissioner’s Office, Canal House, Station Road, Portarlington, Co. Laois.
LoCall: 1890 25 22 31 Telephone: 00353 57 868 4757
To view The Data Protection Act 2018, please visit www.dataprotection.ie
6.1 How and to whom can you voice a concern or make a complaint in relation to your information?
You may voice a concern or make a complaint regarding the processing of your personal data to any Manager, CEO, or if you prefer, directly to DARA’s Data Protection Officer.
You have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues. The Data Protection Commission can be contacted at:
The Office of the Data Protection Commissioner’s Office Canal House, Station Road,
LoCall: 1890 25 22 31 Telephone: 00353 57 868 4757 Email: email@example.com
A cookie is a small piece of data that may be stored on your computer or mobile device. It allows a website “remember” your actions or preferences over a length of time.
- Changes to this Privacy Statement
We reserve the right to update this Privacy Statement at any time. We may also notify you in other ways from time to time about the processing of your personal data.
Completed by: Mary McMahon Date: 12th January 2024 Data Protection Officer
To view/download a copy of this document please click here.
Dara Privacy Notice
Dara takes your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which will come into force on 25th May, 2018. From that date, the GDPR, together with applicable Irish requirements, will amend existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information, including a right to object to processing of your personal information where that processing is carried out for the delivery of our Services. Please take the time to read this notice carefully. If you are under 16 years of age, please read this summary with a parent or guardian and ensure you understand it. If you have any questions about how we use your information, please contact our Data Protection Officer at the details below.
This summary explains the (Dara) data practice and tells you about the information we collect about you.
- What type of information we may hold on you:
- We hold data to identify you, your name address and contact details.
- We may hold information about your medical conditions.
- We may hold information about your personal circumstances, marriage, family and living arrangements (for paying tax, pensions and wages).
- We hold information on your next of kin supplied by you (name, address and contact details).
- We hold any information you may have supplied to us in the form of your job application or your CV.
- We may hold information about you provided by professional bodies relating to your qualifications.
- We may hold financial information relating to bank accounts to facilitate the paying of your salary, pension, remuneration, and tax.
- We may hold information about your membership of a Trade Union (in order to pay your subscription).
- We may hold information relating to the grievance and disciplinary process.
- We may hold information obtained during the Garda Vetting process.
- When we collect your information:
We start to collect your information when you apply to join our services and build on that information in order to meet the requirements of your employment contract, administration of pensions, agency contract, student training, and our legal obligation as an employer.
- How we use your information and the legal basis?
We use and share your data only where:
- We have a contract of employment or a contract for services – Under Contract.
- You have agreed or have been given by you explicit consent to the using of your data in a specific way and you can withdraw your consent at any time.
- When it is necessary in relation to the provision of your employment contract.
- To contact you or your next of kin in an emergency relating to your service.
- Used for our legitimate interests such as managing our services including providing you with information regarding your employment.
- Under legal obligation and in the public interest to which Dara is mandated under the General Data Protection regulations, May 2018.
- How we use automated processing or “analytics”.
We do not use any automated processing or analytics of your personal or sensitive information.
- With whom we might share your information?
- Third parties with whom we need to share your information for the purpose of administrating your salary, pension, remuneration and insurance.
- Statutory or regulatory bodies including central and local government, and law enforcement authorities under disclosure orders or other relevant regulations.
- Health & Safety Authority in the case of accidents or incidents at work.
- How long we hold your data?
How long we hold your data is subject to legislation and regulatory rules we must follow, set by authorities such as the Department of Finance, Health Service Executive, Health & Safety Authority and Revenue. Usually this means that we hold your data while you are employed by Dara and for a period thereafter in line with our records retention and destruction policy, Dara Records Management Policy. Please also refer to the Dara’s Data Protection Policy and Procedure, for further information on the Service’s data management practices and obligations under the General Data Protection Regulation May 2018 (GDPR) and the Data Protection Act 2018.
- Your rights?
From 25th May, 2018, you will have several enhanced rights in relation to how we use your information, including the right, without undue delay to:
- The right to be informed of the data that Dara holds on you
- The right of access to one’s personal and sensitive data
- The right of erasure(to be forgotten) in certain circumstances
- The right to restrict processing of data in certain circumstances
- The right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider).
- The right to correct inaccurate or incomplete data
- The right to object to automated decision making
If you wish to exercise any of your data rights you can contact the Data Protection Officer Ms Mary McMahon who will advise you of the process (contact details below):
Phone Number: (01) 6271484
Mobile Number: (086) 2239134
Data Protection Officer, Dara,
Dara Community Living
The Hub, Celbridge
Co Kildare W23EK68
Email Address: firstname.lastname@example.org
If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests) we may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically if possible.
You also have the right to complain to the Data Protection Commissioner. You can contact the Office of the Data Protection Commissioner at:
Telephone: +353 57 8684800 +353 76 1104800
Lo Call Number:1890 252 231
Postal Address: Data Protection Commissioner Canal House
Co. Laois R32 AP23 8.
Updates: We may have to update our Data Privacy Notice from time to time. Any updates will be made available and where appropriate on our website: http://www.dara.ie
- What do I do now?
You do not need to do anything following receipt of this notice. Dara wishes to assure you that we endeavour to operate in compliance with the Data Protection Act 2018 and the EU General Data Protection Regulations.
Updated by the DPO on the 10th January 2024
To view/download a copy of this document please click here.
What is a Cookie?
A cookie is a small text file stored on your computer or mobile device that contains data related to a website you visit. Cookies have a number of uses. They are used to ensure that a website functions properly as you might expect it to. Cookies also allow websites to ‘remember’ your browsing habits or preferences over a period of time. Cookies may be set by Dara as the website operator directly (“first-party cookies”) or in some cases, by another third-party service provider (“third-party cookies”). In the latter scenario, cookies are deployed for social media, advertising, or analytics purposes. Dara will only be able to directly recognise and read the information contained on first-party cookies.
Other Tracking Technologies
There are other technologies which we may deploy which track behaviour on our website. ‘Tracker Pixels’ are a means of allowing us to check whether you have viewed our content. These “pixels” are essentially tiny, invisible images on our web pages that, once loaded, will communicate your interaction with our content. This allows DARA and our partners to gauge the validity of material being presented to you.
We avail of third-party technologies across our site. These technologies help us to understand how you use the site and the ways in which we can improve your user experience. These technologies may track certain information such as the pages you visit across our site as well as how long your visit lasts. This allows us to continue providing engaging content.
What Information Do We Obtain from You?
For each visitor to our site, we automatically gather certain potentially identifying information and store it. This information includes your Internet Protocol (IP) address, your browser type, internet service provider (ISP), referring/exit pages, your operating system, date/time stamp, processor or device serial number, unique device identifier, and clickstream data. We collect this information on an individual basis and in aggregate, or combined form.
- Network Optimisation.
- Analysing visitor traffic across our site.
- Remembering your cookie consent status.
Categories of Tracking Technologies That We Set
We avail of both first and third-party technologies across our site. DARA takes our visitors’ right to privacy seriously in keeping with our obligations. Should you consent to the deployment of any category of optional technology, we will record your consent for a period of no longer than 6 months subject to interaction; at which point these technologies will be disabled. You will then be prompted to refresh your consent.
Strictly Necessary Cookies
These cookies are necessary for the website to function. They are set for security purposes and in response to actions made by you which amount to a service request such as when you fill out forms on our site. You have the option to disable these cookies via your browser settings, but should you do so, certain aspects of our site will no longer function. For more information about the specific technologies we use for this purpose, please see below.
Should you wish to disable these cookies via your browser settings, please see the following links relating to your particular browser.
- Google Chrome Browser
- Microsoft Internet Explorer Browser
- Mozilla Firefox Browser
- Apple Safari Browser
- Opera Web Browser
To view/download a copy of this document please click here.