Think Contraception Privacy Policy
1. Purpose of the Policy
The information collected on Thinkcontraception.ie is used to help us to improve
the content of our website and educational resources. Any information submitted
by you will be used by the HSE Crisis Pregnancy Programme only and will not be shared
with others without your prior consent.
Any contractors working on behalf of the Agency to maintain and update the Thinkcontraception.ie website will only be able to process data on our behalf and in accordance with our principles and instructions and not for any other independent purpose.
Should we elect to change our privacy policy we will post the changes here. Where the changes are significant, we may also choose to email any registered users with the new details.
Aggregate statistics about website users, traffic patterns and related site information may be provided to reputable third-party vendors, but these statistics will include no personally identifying information.
This policy is a statement of the Crisis Pregnancy Agency’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003
2. Principles of the Acts and Policy of the Agency
Obtain and process information fairly
The Agency will obtain and process personal data fairly and in accordance with
the fulfilment of its functions.
Keep data only for one or more specified, explicit and lawful purposes
The Agency will keep data for purposes that are specific, lawful and clearly
stated and the data will only be processed in a manner compatible with these
purposes.
Use and disclose data only in ways compatible with these purposes
The Agency will only disclose personal data that is necessary for the purpose(s)
or compatible with the purpose(s) for which it collects and keeps the data.
Keep data safe and secure
The Agency will take appropriate security measures against unauthorised access
to, or alteration, disclosure or destruction of, the data and against their
accidental loss or destruction. The Agency is aware that high standards of
security are essential for all personal information. Security measures will
include stringent controls, passwords, encryption, access and backup controls
of computerised data. Personal manual data will be held securely in locked
cabinets, locked rooms and access will be limited to authorised persons only.
Keep data accurate, complete and up-to-date
The Agency will have procedures that are adequate to ensure high levels of
data accuracy. The Agency will put in place appropriate procedures to assist
staff in keeping data up-to-date. The Agency will also carry out periodic
reviews and audits to ensure data is accurate, complete and up-to-date.
Ensure that data is adequate, relevant and not excessive
Personal data held by the Agency will be adequate, relevant and not excessive
in relation to the purpose(s) for which it is kept. The Agency will decide
on specific criteria by which to decide what is adequate, relevant and not
excessive and apply those criteria to each information item and the purposes
for which it is held.
Retain data for no longer than is necessary for the purpose or purposes
The Agency will have a policy on the retention periods for personal data and
assign specific responsibility to someone to ensure files are regularly purged
and that personal information is not retained on computer for any longer
than necessary.
Give a copy of his/her personal data to that individual on request
The Agency will have procedures in place to ensure that data subjects can exercise
their rights under the Data Protection legislation.
A data subject is entitled to the following on written application within forty days:
- A copy of her/his personal data;
- The purpose of processing the data;
- The persons to whom the Agency discloses the data;
- An explanation of the logic used in any automated decision making;
- A copy of recorded opinions about her/him, unless given in confidence.
- The requester must pay an access fee to the Agency not exceeding €6.35. The Agency is not obliged to refund any fee that it charges for dealing with access requests if it is determined that no data is kept. Fees will be refunded if the Agency does not comply with the request, or if the personal data concerned must be rectified, supplemented or erased.
The right of access may be restricted where the data is:
- Required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, or assessing monies due to the State;
- Subject to legal professional privilege;
- Kept only for statistical or research purposes and the results are not made available in a way that identifies data subjects;
- Back up data.
Disclosing personal data
Personal data should only be disclosed in ways that are necessary or compatible
with the purpose for which the data is kept. Special attention should be
paid to the protection of sensitive personal data, the disclosure of which
would normally require explicitly consent.
- Except where there is a statutory obligation to comply with a request for personal data, or where a data subject has already been made aware of disclosures, information will not be disclosed to any third party without the consent of the data subject.
- Verbal consent to disclose personal data on the data subject may be obtained by telephone in the case of non-sensitive personal data, but must include asking the subject to confirm facts that should be known only to them, such as date of birth. The date and time of the giving of the verbal consent should be recorded in writing.
- Verbal consent to disclosure of personal data to a third party is not permitted unless there is a statutory obligation to disclose, or the information is released, to the Gardai for example, for the prevention of crime and if informing the subject of the disclosure would prejudice the enquiries, or unless it is in the vital interest of the data subject.
- Personal data should only be disclosed to work colleagues where they have
a legitimate interest in the data in order to fulfil administrative functions.
All employees of the Agency must be satisfied of the need to disclose.
Personal data should not be disclosed outside of the EEA unless written consent has been obtained, unless the disclosure is required for the performance of a contract, to which the data subject is a party, or unless disclosure is necessary for the purpose of any legal proceedings.
Permitted disclosures of personal data
The Act provides for disclosures where data is:
- Authorised for safeguarding the security of the State;
Required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, or assessing moneys due to the State; - Required to protect the internal relations of the State;
- Required urgently to prevent damage to health or serious loss/damage to property;
- Required under law;
- Required for legal advice or legal proceedings;
- Disclosed to the data subject;
- Disclosed at the request or with the consent of the data subject.
3. Responsibility
The Agency has overall responsibility for ensuring compliance with the Data
Protection legislation. However, all employees of the Agency who collect and/or
control the contents and use of personal data are also responsible for compliance
with the Data Protection legislation. The Agency will provide support, assistance,
advice and training to all employees to ensure it is in a position to comply
with legislation. The Agency has appointed a Data Protection Officer who will
assist the Agency and its employees in complying with Data Protection.
4. Review
This Policy will be reviewed regularly in light of any legislative or other
relevant indicators.
5. Requests under the Acts.
Requests under the Acts should be made to:
The Data Protection Officer
The Crisis Pregnancy Agency
89-94 Capel Street
Dublin 1
Privacy Policy Queries
If you have any queries about the Thinkcontraception.ie Privacy Policy, please
contact the HSE Crisis Pregnancy Programme at +353 1 814 6292 or email info@crisispregnancy.ie
