1. Purpose of the Policy
The information collected on Thinkcontraception.ie is used to help us to improve the content of our website and educational resources. Any information submitted by you will be used by the HSE Crisis Pregnancy Programme only and will not be shared with others without your prior consent.
Any contractors working on behalf of the Programme to maintain and update the Thinkcontraception.ie website will only be able to process data on our behalf and in accordance with our principles and instructions and not for any other independent purpose.
Aggregate statistics about website users, traffic patterns and related site information may be provided to reputable third-party vendors, but these statistics will include no personally identifying information.
This policy is a statement of the HSE Crisis Pregnancy Programme’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003
2. Principles of the Acts and Policy of the Programme
Obtain and process information fairly
The Programme will obtain and process personal data fairly and in accordance with the fulfilment of its functions.
Keep data only for one or more specified, explicit and lawful purposes
The Programme will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
Use and disclose data only in ways compatible with these purposes
The Programme will only disclose personal data that is necessary for the purpose(s) or compatible with the purpose(s) for which it collects and keeps the data.
Keep data safe and secure
The Programme will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. The Programme is aware that high standards of security are essential for all personal information. Security measures will include stringent controls, passwords, encryption, access and backup controls of computerised data. Personal manual data will be held securely in locked cabinets, locked rooms and access will be limited to authorised persons only.
Keep data accurate, complete and up-to-date
The Programme will have procedures that are adequate to ensure high levels of data accuracy. The Programme will put in place appropriate procedures to assist staff in keeping data up-to-date. The Programme will also carry out periodic reviews and audits to ensure data is accurate, complete and up-to-date.
Ensure that data is adequate, relevant and not excessive
Personal data held by the Programme will be adequate, relevant and not excessive in relation to the purpose(s) for which it is kept. The Programme will decide on specific criteria by which to decide what is adequate, relevant and not excessive and apply those criteria to each information item and the purposes for which it is held.
Retain data for no longer than is necessary for the purpose or purposes
The Programme will have a policy on the retention periods for personal data and assign specific responsibility to someone to ensure files are regularly purged and that personal information is not retained on computer for any longer than necessary.
Give a copy of his/her personal data to that individual on request
The Programme will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection legislation.
A data subject is entitled to the following on written application within forty days:
- A copy of her/his personal data;
- The purpose of processing the data;
- The persons to whom the Programme discloses the data;
- An explanation of the logic used in any automated decision making;
- A copy of recorded opinions about her/him, unless given in confidence.
- The requester must pay an access fee to the Programme not exceeding €6.35. The Programme is not obliged to refund any fee that it charges for dealing with access requests if it is determined that no data is kept. Fees will be refunded if the Programme does not comply with the request, or if the personal data concerned must be rectified, supplemented or erased.
The right of access may be restricted where the data is:
- Required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, or assessing monies due to the State;
- Subject to legal professional privilege;
- Kept only for statistical or research purposes and the results are not made available in a way that identifies data subjects;
- Back up data.
Disclosing personal data
Personal data should only be disclosed in ways that are necessary or compatible with the purpose for which the data is kept. Special attention should be paid to the protection of sensitive personal data, the disclosure of which would normally require explicitly consent.
- Except where there is a statutory obligation to comply with a request for personal data, or where a data subject has already been made aware of disclosures, information will not be disclosed to any third party without the consent of the data subject.
- Verbal consent to disclose personal data on the data subject may be obtained by telephone in the case of non-sensitive personal data, but must include asking the subject to confirm facts that should be known only to them, such as date of birth. The date and time of the giving of the verbal consent should be recorded in writing.
- Verbal consent to disclosure of personal data to a third party is not permitted unless there is a statutory obligation to disclose, or the information is released, to the Gardai for example, for the prevention of crime and if informing the subject of the disclosure would prejudice the enquiries, or unless it is in the vital interest of the data subject.
- Personal data should only be disclosed to work colleagues where they have a legitimate interest in the data in order to fulfil administrative functions. All employees of the Programme must be satisfied of the need to disclose.
Personal data should not be disclosed outside of the EEA unless written consent has been obtained, unless the disclosure is required for the performance of a contract, to which the data subject is a party, or unless disclosure is necessary for the purpose of any legal proceedings.
Permitted disclosures of personal data
The Act provides for disclosures where data is:
- Authorised for safeguarding the security of the State;
Required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, or assessing moneys due to the State;
- Required to protect the internal relations of the State;
- Required urgently to prevent damage to health or serious loss/damage to property;
- Required under law;
- Required for legal advice or legal proceedings;
- Disclosed to the data subject;
- Disclosed at the request or with the consent of the data subject.
The Programme has overall responsibility for ensuring compliance with the Data Protection legislation. However, all employees of the Programme who collect and/or control the contents and use of personal data are also responsible for compliance with the Data Protection legislation. The Programme will provide support, assistance, advice and training to all employees to ensure it is in a position to comply with legislation. The Programme has appointed a Data Protection Officer who will assist the Programme and its employees in complying with Data Protection.
This Policy will be reviewed regularly in light of any legislative or other relevant indicators.
5. Requests under the Acts
Requests under the Acts should be made to:
The Data Protection Officer
The Crisis Pregnancy Programme
89-94 Capel Street