Privacy Policy

Privacy Policy

Introduction

This is the Privacy Policy of Brainwave – The Irish Epilepsy Association of Ireland T/A Epilepsy Ireland (Epilepsy Ireland) of 249 Crumlin Road, Dublin 12, D12RW92 (hereby referred to as “us” and “we”). The purpose of this Privacy Policy is to ensure that individuals understand how we process their information.

Epilepsy Ireland endeavours to comply with the General Data Protection Regulation, Data Protection Acts, ePrivacy Regulation and data protection best practices. This Policy informs individuals how Epilepsy Ireland processes personal data in accordance with the principles of data protection identified in the data protection legislation.

We will process any personal information provided to us by individuals, whether it be provided through our website (www.epilepsy.ie), in person, on a form, correspondence, telephone, email or by any other means, or otherwise held by us in relation to you in the manner set out in this policy.

By submitting your information to us and or by using the Website you confirm your consent to the use of your personal information as set out by this Privacy Policy. If you do not agree with the terms of this Privacy Policy please do not use the Website or provide us with any personal information.

Epilepsy Ireland is a registered charity that provides a wide range of services to its members (who can renew or cancel their membership at will) and the general public at large. We employ a number of staff and also at times rely on volunteers; both employees and volunteers have an internal Data Protection Policy that governs how they process data.

Information collected by us

The information about you that we may collect, use, and store (process) includes:

  • Information necessary in order to facilitate, process, deliver or that relates to the billing of an agreed business transaction, fundraising or collection of monies or any transaction associated with membership of Epilepsy Ireland (name, address, contact details, billing details, etc.)
  • Information you provide to us by filling out any forms on the website or by way of emailing us.
  • Records of correspondences whether by email, telephone, through any form on our website or by any other means,
  • Information you provide to us in person.
  • Details of any business, commercial or membership transactions you carry out with us, whether through email, the website, telephone, or by any other means.
  • Details of your visits to our website including traffic data, location data, weblogs and other communication data in accordance with our Cookie Policy that may identify personal information (e.g. cookies) and non-personal information (e.g. information of an anonymised or technical nature).

How we use your personal information

We may use your personal information for the purposes of:

  1. Processing any enquiry requested by you;
  2. Entering into and or completing any sales or membership related request requested by you, including renewal of membership;
  3. Setting up, operating and managing any account or line of credit, if applicable;
  4. Setting up, operating and managing any marketing and or fundraising services subject to your explicit consent (please see Marketing & Fundraising below);
  5. Complying with our legal duties and responsibilities;
  6. Debt collection and the collection of outstanding monies;
  7. Providing, monitoring, reviewing and supporting our online presence via our website and social media (please see our Cookie Policy 
  8. Monitoring any billing or credit transactions for the purpose of preventing fraud;
  9. Provision of security to, and ensuring the health and safety of, employees, volunteers and visitors to company premises.

As Epilepsy Ireland provides support services for persons affected by epilepsy we are sometimes contacted by members of Epilepsy Ireland and members of the general public to either provide emotional or community support, or to provide a referral to a third party support provider or medical advice provider. By necessity, in order to provide such services, any support or referral may necessitate the processing of special categories of personal data (medical history, current medication, etc.).

We will only process such data with the explicit consent of any individual that we request in writing (via a consent form) and the data will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once it is no longer necessary (in accordance with our data retention policy).

Epilepsy Ireland does not engage in any automated decision making processes nor do we use any personal data as a basis for any such automated decisions.

Epilepsy Ireland does not transfer personal data outside the EU or outside the jurisdiction of the General Data Protection Regulation. However, Epilepsy Ireland may use some external service providers to provide business functions [For example, the use of Salesforce to provide customer care facilities (if you so choose to become a client of Epilepsy Ireland)] some of whom may be located outside the EU or EEA. In such cases, personal data is protected by use of binding corporate rules or EU-US privacy shield to ensure continued compliant with the General Data Protection Regulation and uphold the privacy rights of all data subject.

Some of these service providers may be located within another EU member state, and any that are, are subject to the One Stop Shop Mechanism as identified by the Irish Data Protection Commission.

For more information about binding corporate rules, EU-US Privacy Shield and the One Stop Shop Mechanism please visit the Data Protection Commission website at www.dataprotection.ie

Marketing & Fundraising

Epilepsy Ireland is a registered charity that relies on the public for support and fundraising; without which we are unable to provide a wide range of support services. Our fundraising is governed by our fundraising and governance policies that are available on our governance page.

In terms of data processing, subject to your explicit consent, we may also use your personal information for the purpose of:

  1. Marketing and Sales promotions;
  2. Providing you with information about promotional offers on our products and services, including membership;
  3. Carrying out any membership or customer research, survey and analysis;
  4. Fundraising activities, including brand or event awareness, participation and collections of monies;

At some interactions with Epilepsy Ireland you may be asked to consent to your data being used for marketing and or fundraising purposes. In such cases, consent will require a positive action on your part. For example, on a new membership form you would have to tick a box stating that you consent to your data being processed for marketing and or fundraising purposes.

Epilepsy Ireland is committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing or fundraising processes; you will only ever have the option of ‘opting in’ if you’d like to be included. We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed. You are free to withdraw consent for any marketing and or fundraising related matters at any time you want.

Social media

Epilepsy Ireland engages in a number of social media services and we strive to uphold privacy rights online. However, sometimes members of the public may post something objectionable and beyond our control to Epilepsy Ireland’s social media pages/forums. In such cases, we will act to rectify any difficulties as soon as we are notified or become aware of the problem. We do not provide a continuous monitoring of social media sites/forums so there may be a slight delay from the initial post to when we become aware of a problem.

Epilepsy Ireland sometimes hold marketing or fundraising events in which members of Epilepsy Ireland and the general public may be present. Such events are often held at public locations. Sometimes we may wish to take a photograph at such events to promote our brand or event on social media. In such cases, it is our policy for our photographer/social media handler to announce their presence and provide additional instructions and assistance. However, we do not have any control over private individuals or their social media accounts and we cannot stop members of the public from posting pictures of events online without the consent of all participants.

For information relating to social media usages, cookies or widgets, please see our Cookie Policy

Information Storage

We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, and, where applicable, any physical data records will be kept in an appropriately secure environment.

We have a general data retention policy that relates to the retention of relevant data for seven years. Personal data that is no longer required will be destroyed and or deleted in a secure manner.

We do not record or process personal data that is not required or not necessary for any of our stated purposes.

Disclosure of data

We may outsource to an external third party the process of contacting members whose membership has expired or due to expire. In such cases, the member's name and contact details may be shared with the third party for the exclusive purpose of contacting the member regarding membership renewal. An appropriate data processing agreement, with relevant safeguards, is in place to ensure our ongoing obligations under the Data Protection Acts are upheld.

We may also outsource certain other commercial functions to external third parties, e.g. debt collection, accounting auditors, etc.  In such cases where your personal data is required for the purposes of completing those functions then an appropriate data processing agreement, with relevant safeguards, will be put in place to ensure our ongoing obligations under the Data Protection Acts are upheld.

We may also have to disclose certain personal data in accordance with any legal obligation imposed on us. Any such disclosure would be in accordance with the law, e.g. disclosed on foot of a court order etc.

Requesting your data

Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.

If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:

Catherine Powell

Executive Assistant

Epilepsy Ireland

249 Crumlin Road

Dublin 12

D12RW92

Or email Catherine at cpowell@epilepsy.ie

In order to process your request we may request that you send us a copy of your identification (passport, driver’s license, etc.).

The reason we ask for personal identification is to ensure that you are the correct person making the request for your personal data.

Unfortunately verbal access requests cannot be entertained.

In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you would notify us first of any issue so that we may help resolve it as quickly as possible.

Rectifying mistakes

You have the right to rectify any incorrect or inaccurate personal data at no cost to you.

If you believe that we are incorrectly processing any of your personal data, please inform us by writing to Catherine Powell, Executive Assistant at the above address or email cpowell@epilepsy.ie.

Queries or complaints

If you have any queries or complaints regarding our Privacy Policy or any data protection matter, please let us know by writing to the above person or email us at cpowell@epilepsy.ie

Individuals have the right to refer any matter to the Data Protection Commission by contacting them at www.dataprotection.ie or by writing to:

Data Protection Commission

Office of the Data Protection Commission

Canal House

Station Road

Portarlington

Co. Laois

If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on the website.

Any changes will become effective upon posting the revised Privacy Policy on the website. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, by notice on the Website or by use of any other agreed communications channels.

Privacy Policy last reviewed: December 2022