Diabetes Federation of Ireland (trading as Diabetes Ireland) is committed to protecting your personal data and being transparent about what information we hold about you.
The purpose of this policy is to give you a clear explanation about how Diabetes Ireland and its subsidiary charity, Diabetes Ireland Research Alliance, collect and use any personal data we collect from you, or that you provide to us whether online, via phone, email, in letters or in any other correspondence.
Who controls the use of your data?
Diabetes Ireland, whose registered address is 19 Northwood House, Northwood Business Campus, Santry, Dublin 9 is the organisation that controls and is responsible for personal data that is collected in relation to our services.
If you have any queries in relation to the processing of your personal data, you can contact us as follows: by post at Operations Co-ordinator, 19 Northwood House, Northwood Business Campus, Santry, Dublin 9 or by email at [email protected]
Who we are
Founded in 1967, Diabetes Ireland is the national charity dedicated to helping people with diabetes. It achieves this by providing support, education and motivation to all people affected by diabetes. The charity also raises public awareness of diabetes and its symptoms and funds research into finding a cure for diabetes.
The Diabetes Ireland Research Alliance (DIRA) was set up in 2008 as a subsidiary charity of Diabetes Ireland. The Diabetes Ireland Research Alliance has the specific aim of promoting, supporting and funding research related to the causes, prevention and cure of diabetes.
Within the context of this policy, “we” means both Diabetes Federation of Ireland (trading as Diabetes Ireland) CHY 6906 and Diabetes Ireland Research Alliance CHY 18304.
What personal data is collected?
You may give us information about you by filling in our membership form, forms on our website, posting comments or stories on our interactive services, or by corresponding with us by phone, email or otherwise. This will include information you provide when you make a donation to us, place an order through our site, ask or answer a question about diabetes, participate in social media functions, enter a competition or survey, become a member, sign up for an event or service or when you report a problem with our site, amongst others.
In order to provide our services to you we need to process certain personal data in relation to you, which includes:
- Biographical data – The information you give us may include your name, gender, date of birth, postal address, email address, phone number, family relationship (eg children with diabetes) and if you are a student, senior citizen or healthcare professional.
- Payment Data – If you pay by direct debit or receive payments though electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society or your credit/debit card details where relevant.
- Sensitive Personal Data – You may provide us with information about yourself that is classed as “sensitive personal data”. This may include details of your health condition. We will record this information for a number of reasons. These are:
- Member or supporter -As a member or supporter you will be asked if you have diabetes, and the type of diabetes. We will record this information as part of your personal data. We will only use this information to send you information about our products, events and services that are appropriate to you. Your personal information will be held on our secure members/supporters database.
- Care Centre Services- If you register to attend our Care Centre Services as a client we will seek your consent to collect the following health information from you: Type of diabetes, year of diagnosis, latest HbA1c result, if you smoke, name of hospital/ consultant/GP you attend, your current medication and your medical history. This information will be collected by our Podiatrist or Dietitian as part of your initial appointment in order to provide you with an appropriate treatment plan. This information will be stored on our secure Care Centre client database.
- CODE Education Programme-If you register to attend one of our CODE education programmes, we will seek your consent to collect the following health information from you: Age, how long you have diabetes, latest HbA1c result, if you smoke, name of hospital/ consultant/GP you attend, your current diabetes medication, weight, height, body mass index, cholesterol, waist circumference and your medical history.This CODE Health Information will be collected by us, via a paper questionnaire, on day 1 of the programme and again on week 26 of the programme. This information will be stored in a locked press for the duration of the programme and for up to 18 months after completion of the programme, during which time your data will be anonymised as part of our overall annual report. Your completed paper questionnaire will be destroyed (shredded) on completion of the anonymised programme report. The anonymised report will be stored on our secure company server.
- Children’s Data- We collect personal and health information of children (under -16s) who may attend our various children and family events. We will always ask for consent from a parent or guardian before we collect information about children. The collection of this data will be managed in accordance with each individual event, with appropriate safeguards in place.
- Interactions with us¬- If you interact with us we may record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make a complaint we will process details in relation to that complaint.
- Online services- When you interact with us online you may provide personal data to us by completing one of our online forms (e.g. to become a member or to register for an event or to receive our ezine), which you will be aware of when using the services or for which you give consent.
- Fundraising Data- When you make a donation, register for one of our fundraising events or undertake a fundraising event on our behalf, we will seek your consent to process and hold your personal data on our member/supporters secure database.
Where does Diabetes Ireland collect personal data from?
Most of your personal data that we collect will be provided by you through our application forms and your interactions with us.
However, with regard to each of your visits to our website, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This information tells us the number of visitors to the various part of our website and the amount of time spent on our website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can opt out of this by visiting Google Analytics current available opt out for the web.
We also use Google Analytics Advertising Features which also collects information on age, gender and interest data. We do this to help enable our online advertising to be targeted at the right audience. This information is only processed in a way which does not identify anyone.
You may provide your information to another organisation that works with Diabetes Ireland. For example, signing up to a third party event or applying for a job with Diabetes Ireland via a recruitment agency. When working with other organisations, we ensure it is made completely clear to you that your information will be shared with Diabetes Ireland.
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone on 01 8428118 (within Republic of Ireland). To view our Cookies Policy click here.
Why do you process my personal data?
We process your personal data in order to provide you with our services and to assist us in the operation of our business. Under data protection we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.
There are a number of permitted principles under data protection law for the processing of your personal data. Diabetes Ireland rely on four such principles, namely: (a) processing necessary for the provision of our services to you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have you and/or your dependant’s consent, and (d) processing that is required under applicable law. For further information about the criteria that we apply to process your data please see below:
- Members/Supporters- As a member/supporter we will, with your consent, process your personal data and hold it on our secure members/supporters database in order to provide our services to you which are to:- Contact you about upcoming education meetings, workshops and events taking place.
- Send you our “Diabetes Ireland” magazine 3 times per year.
- Send you information about our products and services.
- Send you information about our annual membership categories.
- Ask you about supporting our charitable work and services through fundraising initiatives. (Special fundraising events targeted at specific ages or types of Diabetes e.g. T1 Tea parties).
- Seek your support to improve public services for people with diabetes.
- Ask you to participate in surveys for our research purposes from time to time. (this is normally a targeted age group and it anonymous but is very helpful for research projects).
- To contact you for administrative purposes, including the processing of annual membership, donations and legacies. (If we encounter any problems with your payments, we may need to contact you directly by phone, post or email). – To respond to your query or complaint.
- Care Centre Services- As a Care Centre client, we will, with your consent, process your personal data and hold it on our secure Care Centre client database in order to provide our clinic services to you.
- CODE Education Programme- If you register and consent to attending one of our CODE education programmes we will hold your personal data for 18 months by which time your data will have been anonymised and destroyed. We complete an anonymised annual overall programme report in June of each year. As each programme is of 6 month duration, we need to wait until programmes started in quarter 4 of the previous year to finish before we can audit the data and prepare our annual report. When completed, your personal data will be destroyed.
- Blood Glucose Screening Initiative – If you register and consent to participating in one of our on-site events, we will hold your personal data for 1 month from the date of the event after which time your data will have been anonymised and destroyed.
In order to process personal data in relation to you (which may include health data), we may need to get your consent. When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice. Please note if you withdraw your consent we may not be able to continue providing you with the service to which the consent related.
How long do we keep your data?
Diabetes Ireland will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data. For further information about the criteria that we apply to determine retention periods please see below:
• Member/ Supporter – We may hold your information for as long as you are a member/supporter or are engaged with us as someone who uses our services. We retain your information in order to maintain and enhance our relationship with you.
• Statutory and regulatory obligations – As we work in a highly regulated industry, we have certain statutory and regulatory obligations to retain personal data for set periods of time.
• If you would like further details in relation to our data retention periods, please contact us using the details at the bottom of this notice.
Security of your personal data
We implement a variety of security measures to maintain and safeguard your personal information. We use other third party services to help us with this. These include cloud service providers that provide hosting, data storage and other services pursuant to their standard terms and conditions that may be non-negotiable; these service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures. Any third party service providers only have access to the information they need.
If you provide credit, debit or other payment card and related details to become a member, donate to us, purchase a produce, pay for a service online, over the phone, by post or in person, we will use such information only for the purpose of processing the payment.
Disclosure of Your Personal Information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as part of their contract with us.
Non-personally identifiable information may be provided to other parties for marketing, advertising or other uses. For example, we may disclose the total number of visitors to our website.
Diabetes Ireland takes, and will continue to take, all reasonable steps (which includes relevant technical and organisational measures) to guarantee the safety of the data you provide to us and we will only use the data for the intended purpose.
You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data:
- The right to access information held about you – You have the right to request a copy of the personal data that we hold about you. You also have the right to have any inaccuracies corrected.
- The right to restrict our processing of your personal information or to object to our processing of your personal information – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- The right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- The right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- The right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
- The right to object – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes
- Rights in relation to automated decision making and profiling.
For more information on these rights, please read the relevant guidance issued by the Office of the Data Protection Commissioner.
If you wish to exercise these rights, please address requests to Diabetes Ireland, 19 Northwood House, Northwood Business Campus, Santry, Dublin 9. We will respond within 28 days of receipt of your written request.
Where you have provided consent for our use of your personal information, you always have a right to withdraw your consent at any time.
If you would like to make a complaint about how we process your personal data, please contact us in the first instance at Diabetes Ireland, 19 Northwood House, Northwood Business Campus, Santry, Dublin 9. If you are not happy with how your complaint is dealt with by us you can contact the Data Protection Commission on 1890 252 231 or online at www.dataprotection.ie
Our site will contain links to and from the websites of our partner’s networks, advertisers and other affiliates. If you follow a link to any of these websites, please note these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Postal Address : Diabetes Ireland, 19 Northwood House, Northwood Business Campus, Santry, Dublin 9.