For benefactors, parishioners, and website visitors.
1. Who we are: We are the Irish Province of the Society of the Missionaries of the Sacred Heart (“MSC”, or the “Charity”) with our address at MSC Provincial Office, 65 Terenure Road West, Terenure, Dublin 6W P295, Ireland. We are a registered charity with RCN 20006402 and CHY 4783.
2. What personal data we collect and why: We collect and use personal data relating to our benefactors, parishioners, website visitors, and others who engage with MSC. We will use this personal data for the following purposes:
2.1 Benefactors: We collect and process personal data of benefactors in our Missions Office in Cork. This personal data includes your name, address, email address, phone number, details of when you were last in contact with us, and any other personal data provided to us. Benefactors do not have to provide any personal data to us, but if you do not provide it we cannot undertake any of the steps outlined below. We will use your personal data for the following purposes:
2.1.1 Donations: If you make a charitable donation by card, we use that financial information to process your donation. If you give us your card details (e.g. over the telephone), they will be held in encrypted form pending completion of the payment and then securely deleted once the payment has been processed. If you make the donation online via our website mscmissions.ie, the payment will be processed by the payments platform Realex (otherwise known as Global Payments Direct Inc, the trading name of Pay and Shop Limited). For further information on how Realex handle payment data, please see their policy at www.globalpaymentsinc.com/en-ie/accept-payments/ecommerce/privacy. Your payment details are not stored on our website, they are solely processed directly by Realex. We only receive a payment ID to verify your payment has been received.We will process this personal data based on your consent. If you make a donation via our website, or send us a donation by post, we will contact you to thank you for your donation (see 2.1.2 below) and add your details to our postal list (see 2.1.4 below).
2.1.2 Acknowledgement of donation:
(a) Letter of thanks: We will use your personal data to send you (by post) a receipt and thanks for any donation. We send you these by post on the basis of our legitimate interests as a charity to thank our benefactors for their support, to build our relationship with our benefactors. Having taken into consideration the reasonable expectations of the benefactor based on the fact that they have made a donation to us, we believe our writing to thank them for the donation does not override their fundamental rights and freedoms. We have undertaken a legitimate interests assessment to ensure the correct balance has been reached. We notify benefactors of their right to object to receipt of any correspondence from us (see further section 9 below). These opt-out options will be displayed at the bottom of any letters we send you.
(b) Email of thanks: If you make an online donation, we will not collect your postal details/postal address. As a Charity we are trying to keep our overheads small so that we can prioritise our resources towards our charitable projects. Therefore, we ask that benefactors to provide their email address so that acknowledgements of online donations can be sent via email (rather than incurring postal costs).
2.1.3 CHY3 or CHY4: If you wish to enable the Charity to claim back the tax on your donation from the Revenue Commissioners, we will send you a Form CHY3 or CHY4 with our details on it for you to complete. That form will ask for your personal data (including your PPS number), so that the Revenue Commissioners can refund the tax to the Charity at the applicable rate. You complete and submit the form, and we will forward them directly to the Charities Section of the Revenue Commissioners. The Revenue Commissioners is the data controller in respect of your personal data on that form, and the Revenue Commissioners process same in accordance with its own privacy notice (available on revenue.ie). When we receive the tax rebate from Revenue, we do not see what benefactor(s) it relates to; the Revenue Commissioners do not provide us with your personal data.
2.1.4 To send you letters and appeals materials by post: If you have been in contact with us and provided us with your postal address (e.g. been in contact in person or via the telephone), we will take it that there is a relevant and appropriate relationship between us that you are interested in hearing further about our work as a Charity. Therefore we rely on our legitimate interests as a charity to send you materials by ordinary post. Having taken into consideration the reasonable expectations of a person based on the fact that they have been in contact with us, we believe our sending them a letter to let them know about forthcoming events (e.g. Novena, Easter Dawn Mass), or to invite them to make a donation to help us achieve our charitable objectives does not override their fundamental rights and freedoms. We have undertaken a legitimate interests assessment to ensure the correct balance has been reached. We notify people of their right to object (see further section 9 below). These opt-out options will be displayed at the bottom of any letters we send you.
2.1.5 To send you emails and newsletters (eZines): You can sign-up via our website to receive emailed newsletters. There are two newsletters: the ordinary newsletter and the Vocations newsletter. You can sign up via the “Sign up to Vocations newsletter” section, or the “Stay Connected to MSC Missions” section of the website, or you can click the “sign up” button or tick the “I would like to sign up to the MSC Missions e-newsletter and receive the latest news updates by email” box on any website form. The newsletter includes information about our charitable projects, fundraising activities, forthcoming events, ways you can get involved, etc. We send eZines via a data processor, a cloud-based platform called Mailchimp. We use the Mailchimp double-opt-in facility to verify your email address and ensure you are still happy to receive emails and eZines from us. The double-opt-in process is as follows:
(a) Step 1: If you wish, you can enter your name and email address via the website form “Stay Connected to MSC Missions”. By providing us with your details and clicking the “sign-up” button you are acknowledging that you are happy for us to send you an initial verification email for you to complete the first step of the subscription process. The verification email will contain a link for you to click to indicate your consent to be added to our mailing list. If you do not click the link within a month, you will not be signed up to receive emails and newsletters. Unconfirmed names and email addresses will be deleted on a monthly basis.
(b) Step 2: If you do click the link, you will be added to our mailing list. We process this personal data based on your consent.
It is our policy to turn off all Mailchimp tracking features on all email newsletter campaigns. However, should you wish to take extra measures to prevent tracking, there are tools such as uglyemail.com or Pixelblock which can be employed for your personal use. If at any stage you no longer wish to receive these eZines from us, you can withdraw your consent by clicking the “unsubscribe” option that is displayed at the bottom of each email. Alternatively, you can contact us by email at email@example.com, by telephone at +353 (0) 21 4545704, or by post at MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72, and we will update your contact preferences. Mailchimp is based in the United States and this processing involves ex-EEA transfers. Mailchimp has certified its compliance with the EU-US Privacy Shield framework for the purposes of Article 45 GDPR. For further information about Mailchimp’s privacy framework, see www.mailchimp.com/legal/privacy/.
2.1.6 To send you text messages: If you have given us your consent for us to send you text messages, we will send you texts about forthcoming events, MSC news, etc. Your consent remains in place until or unless you withdraw your consent. If at any time you no longer wish to receive these SMS texts from us, you can withdraw your consent by texting back “STOP” (details set out at the end of every SMS text sent). Alternatively, you can contact us by email at firstname.lastname@example.org, by telephone at +353 (0) 21 4545704, or by post at MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72, and we will update your contact preferences. Where you text “STOP” to cease receiving text messages, we will not delete your number, but rather we will put you on the “no marketing” list to ensure we honour your preferences. We sent SMS texts via a processor, a cloud-based platform called Twilio. Twilio is based in Ireland, but processes and stores clients’ data in the United States on the basis of an adequacy decision (within the meaning of Article 45 of GDPR, namely Privacy Shield) or on the basis of appropriate safeguards (within the meaning of Article 46 of GDPR namely Twilio’s Binding Corporate Rules approved May 2018). For further information, see twilio.com/legal/privacy#how-twilio-processes-your-end-users-personal-information.
2.1.7 Website: We collect personal data via our website mscmissions.ie.
(b) Other website forms: You can “Light a Candle” through our website (see 2.1.10), submit a “Prayer Request” (see 2.1.11), and sign up for our newsletters (see 2.1.5 above). You can also donate via the website “Donate Now” form (see 2.1.1 above).
(c) E-Commerce: You can order cards and gifts via our website. Further details are set out at (2.1.9) below.
(d) Cookies: Our website utilises cookies. A cookie is a small text file stored on your computer/device when you visit a website. For example, a cookie may allow a website to “remember” your actions or preferences, or it may contain data related to the function or delivery of the site. We use the tool “cookiebot” to manage your cookie consent choices, and to automatically block all first party and third party cookies unless you give your consent:
- Strictly necessary cookies: Some of the cookies on our website are “strictly necessary”, i.e. for website security or to keep items in your shopping cart. These are set to “on” by default to ensure our website works properly. You can set your browser to reject all cookies (although that may affect the functionality of the website). Further details are set out in our MSC Missions Cookies Policy. We rely on our legitimate interests and on regulation 5(5) S.I.336/2011 for the placement of these strictly necessary cookies.
- Non-essential cookies and social media buttons: Some of the cookies are not strictly necessary (e.g. Google Analytics), but these are helpful to us as they help us to see what website pages people are interested in, how many visitors viewed the pages, etc. These cookies are set by default to “off”. If you wish to give consent to and/or manage your preferences in relation to these non-essential cookies, you can do so through the cookiebot tool. In addition, our website has social media buttons so that website visitors can access our Facebook and Twitter pages. These social media plug-ins are set to “off” by default, and you can manage your consent preferences through the cookiebot tool. In respect of non-essential cookies and all social media plug-ins, these are automatically set to “off” by default, and our cookiebot tool will ask for your consent as to whether you want to place these cookies on your device and/or transfer your data to the relevant social media sites. You can do not have to give your consent if you do not want to: you can still visit our website even if you decline these non-essential cookies and reject the plug-ins. You can change your preferences (and withdraw your consent) at any time via the cookiebot tool.
- For further information, please see the MSC Missions Cookies Policy.
2.1.8 Social media: MSC has a Facebook and a Twitter account.
(a) Messaging us: If you use those social media platforms to contact us (i.e. posting or commenting or sending us a direct message), we will process your personal data via that social media platform to respond to you based on our legitimate interests. For the avoidance of doubt, we do not engage in unsolicited messaging via social media – we only reply to you if you comment/direct message us.
(b) Advertising: We do not engage in any form of targeted/custom audiences or advertisements via social media.
2.1.9 E-Commerce: When you place an order on the website, we collect the following data: first name, last name, company name (if applicable), email address (to send you service messages including an email confirming your order, to notify you if we are out of stock, to notify you of dispatch, etc.), phone number (to call you if there is a problem or delay with the order), your postal address, and the delivery address (if different). If you wish to provide any “Order Notes” you can insert them in the order notes section (this is optional). You are asked to insert your credit card details, and the payment processing is via a third-party processor, Realex (for further information, see (2.1.1) above). You can:
- Check-out as guest: You do not have to create an account in order to make a purchase. You can check out as a guest.
- Check out via account: If you already have an account with us, we will ask you to enter your username or email address and password. The same data as referred to above is stored in your account, together with the details of your previous orders.
If you order a personalised item (e.g. a Mass Card, Mass Enrolment Book), you will be asked to insert the name of the person to be enrolled for the saying of Masses and prayers of the Missionaries of the Sacred Heart, to choose your message, and to insert your own details. These details are used for the printing of the personalised item. During check-out, you will be given the option of having the personalised item delivered to a different address (which could be the recipient of the personalised item), in which case we will ask you to insert their name and postal address for posting purposes. As the person placing the order, we process your personal data on the basis of contract (necessary to fulfil the order). You provide us with the details of the recipient of the personalised item and we use their personal data for the printing of the personalised item and the saying of Masses and remembrance of that person in our prayers. See further 2.2.1 below. We process the third party’s personal data on the basis of legitimate interests, to fulfil the order/request made by the benefactor. We have undertaken a legitimate interests assessment to ensure that this strikes the correct balance between our legitimate interests as a charity and the recipient’s fundamental rights and freedoms. We will retain the personal data about the person who placed and paid for the order to prepare the item, process payment, arrange for its postage, resolve customer queries, to facilitate returns (or replacement of items that were damaged in transit), to resolve complaints/disputes, for stock-take and replenishment purposes, and for preparation of audited financial statements.
2.1.10 Light a Candle: Lighting a candle in our online gallery is a special way to pray for an intention, for thanksgiving, or to remember a loved one.
(a) About “Light a Candle”: You can complete a form on our website that allows you to “light a candle”. The lit candle is then displayed in the online candle gallery page of our website. Once you complete the online form, the candle will be displayed on the website for three (3) days. The candle name and special intention will be given to an MSC priest so that they can be remembered in the prayers of our MSC priests for one week. The data will then be deleted after one week. For further information see (2.2.1) below. When you complete the online form, you can submit your name, your email address, your candle name (limited to 15 characters including spaces), and your prayer intention. The candle form is checked by a member of our staff in the Missions Office and the Charity reserves the right to shorten or amend the “candle name” information to ensure the online candle gallery does not inadvertently disclose identifying information about the third party. This is to respect that third party’s privacy, and to ensure there is no embarrassment or distress caused to any person. We process your personal data gathered in this form on the basis of your consent. If you ask us to pray for someone else (i.e. a third party), we will process the third party’s data based on our legitimate interests to ensure that your special intention is remembered in our prayers. For further information see (2.2.1) below.
2.1.11 Prayer request (online): MSC priests are asked to pray for people’s special intentions in times of worry, grief, or celebration. You can make a prayer request online via our website. By submitting this form, your special intentions will be remembered in the prayers of our MSC priests. You can submit your name, your email address, and the details of your prayer petition. These are processed as described at (2.2.1) of this Policy.
2.1.13 Retreats and Workshops: MSC priests conduct retreats and workshops in Croí Nua Spirituality Centre (Taylor’s Hill, Galway).
(a) If you sign up for a retreat day, workshop, prayer group, or educational programme, you will be asked to provide certain personal data for the purposes of booking your place, processing your payment (if applicable), sending you details about the event details (e.g. venue, start time), and contacting you where necessary (e.g. cancellations due to adverse weather, etc.). If you provide us with your email address or mobile phone number, we will use your email address/mobile number to email/text you details relating to the retreat/workshop you have booked. We do so based on your consent. You will be asked to sign your consent to this on the booking form. For the avoidance of any doubt, we will not use your email/mobile for further direct marketing purposes (unless you separately give us consent for that).
(b) If you have attended a retreat/workshop event, we will that you are interested in hearing about other MSC events and we will rely on our legitimate interests to send you MSC materials by post. For further information see (2.1.4) above.
(c) If you have any particular special needs, access requirements (e.g. disability access, ramps, etc.) or dietary requirements (e.g. coeliac, nut allergies) that you wish to notify us of, you can let us know in advance of the retreat/workshop event so that we can make all reasonable accommodations for you to ensure you can participate in the event. We will process that data on your explicit consent to accommodate your needs.
2.1.14 Wills: Where a benefactor leaves us an inheritance, we will retain the Will (which may include details of the personal representative/executor and other beneficiaries) for the purpose of administering any bequest, to ensure the terms of any trust are honoured if the Will is a trust instrument, for the saying of Masses (if requested), to remember the benefactor (and their family) in prayers, and for issuing letter of thanks to the estate/family. MSC considers the Will to be a document of enduring historical value to acknowledge the meaningful contribution benefactors have made to the work of MSC. We will keep the Will (and any correspondence with the estate) in our active accounting system for accounting and audit purposes in line with our legal obligations as a registered charity. If Will is a trust instrument we will hold as a constitutional document of the Charity in line with our legal obligations as a registered charity. We process same on the lawful basis of legal obligation to comply with the charity’s corporate governance obligations under Charities Act 2009 and Taxes Consolidation Act 1997. Once the inheritance has been administered we will retain the Will in archives on the lawful basis of our legitimate interests and as part of our Archives (Article 89) as an enduring historical record commemorating the significant contribution benefactors make to the work of the MSC.
2.1.15 General charity records: We process benefactors’ personal data based on our legitimate interests for proper record keeping, for good corporate governance, to manage risk, for verification purposes, to obtain professional advices (including legal advice), for insurance purposes, to prevent fraud. We also keep records where we are required to do so for compliance with any legal obligation applicable on us as a registered charity. The legitimate interests are to achieve our charitable objectives, and to run an efficient charity. We use your personal data on the lawful basis of establishment, exercise or defence of legal claims to obtain legal advices to resolve disputes and take or defend litigation, etc.
2.2 Parishioners, local parish community, volunteers, etc.: We collect and process personal data of parishioners, the local parish community, and volunteers in our parish: Sacred Heart Church, Cork. Parishoners do not have to provide any personal data to us if they do not wish to do so. Volunteers do have to provide certain personal data to us, particularly to comply with vetting requirements, child safeguarding training, etc. We collect the following data for the following purposes:
2.2.1 Prayers: Our MSCs all over the world are often asked to pray for people’s special intentions in times of worry, grief and celebration. You are welcome to submit a prayer request to the MSC (either in person or online – see further (2.1.11 above)). Your special intentions will be remembered in the prayers of our MSC priests at the Sacred Heart Church in Cork. Any prayer petitions submitted online containing a specific request (e.g. Novena petition, or request for a particular Mass) will be processed by the Missions Office to ensure the benefactor’s wishes are honoured. Your prayer petition (but not your name or email address) is given to a MSC priest for remembrance in his prayers. MSC priests will pray for your special intentions for the relevant period (generally 1 month unless an alternative period is agreed with the benefactor).
(a) Praying for you: Where our benefactor specifies their special intentions and they relate only to the requester (e.g. their own ill-health, their new job, etc.), we will record the benefactor’s special intentions to ensure they are remembered in our prayers. We will process your personal data for the prayer request based on your consent/explicit consent.
(b) Praying for a third party: Where a benefactor asks us to pray for another living person with whom we have no regular contact (a “third party”), we will record the benefactor’s special intentions based on legitimate interests to ensure that special intention is remembered in the our prayers. In order to respect that third party’s privacy, where possible we will endeavour not to record any special categories of personal data relating to that third party.
(c) Enrolment Master Book: Each year’s enrolments in the Golden Book of the Sacred Heart and the Our Lady of the Sacred Heart Blue Book are stored in the specific Enrolment Master Book. The data categories that are entered in the Master Book are the name of the person enrolled and the date they were enrolled. This is to preserve a contemporaneous record of the work of the MSC and their benefactors’ support. The Master Book is processed for the legitimate activities of a not-for-profit body established for religious aims where the processing relates to persons who have regular contact with it in connection with its purpose and the data are not disclosed outside the body without the data subject’s consent (Article 9(2)(d)GDPR).
2.2.2 General parish work, pastoral care, sacraments: Sacred Heart Church in Cork processes records relating to parishioners.
(a) General information about parishioners: The parish processes the usual records about parishioners, e.g. baptismal register, marriage register, Mass stipends, information required to coordinate sacraments, etc. The parish processes this data on the lawful basis of legitimate activities of a not-for-profit body with a religious aim (Article 9(2)(d)GDPR). Certain parish records (e.g. baptismal register, marriage register, etc.) are retained in archives to preserve a contemporaneous record for their enduring historical value (Article 9(2)(j) and Article 89).
(b) Parish newsletter: The parish operates a newsletter with information about Mass times, forthcoming events, community news, etc. The parish newsletter is not posted out – it is only available for collection in the parish. If a person requests for their special intentions, or personal news, or photographs to be published, we will ask them to sign an consent form and will process their personal data based on their consent.
(c) Live streaming: Masses, Novenas, and special services are live-streamed via our website mscmissions.ie, facilitated by our data processor called Church Services TV (for further information, please see www.churchservices.tv). The Sacred Heart Church also records some important celebrations, such as the Novena to Our Lady of the Sacred Heart, Mass celebrations in November, and events during the run-up to Christmas. These recording are then available to view on our website and on www.churchservices.tv for a certain period determined by MSC. These services are to facilitate the sick and homebound to join in our daily worship. Signs are prominently displayed in the Church to alert parishioners and visitors that the service is being live-streamed and/or recorded to be shown on our website, and letting them know the location of the camera. The camera is positioned to capture the altar, and people on the altar. Those participating in activities at the altar (the priest, altar servers, Eucharistic Ministers, readers, cantors, etc.) have signed consent forms, and we process their data on consent/explicit consent. For all sacraments wholly or mainly involving children (e.g. Baptism, preparation for First Holy Communion, Ceremony of Light, Confirmation), the live-streaming and recording functions are turned off by default for child safeguarding reasons. By prior agreement with the parish priest, parents of the child in a Baptismal ceremony can request for the live-streaming or recording to be turned on (e.g. to facilitate the ceremony being viewed by a sick or infirm relative), but participants will be asked to sign a consent form for same in advance.
(d) Ministries: The parish processes data relating to Eucharistic ministers, altar servers, choir members, etc. to co-ordinate services and celebrations. The parish processes this data on the lawful basis of legitimate activities of a not-for-profit body with a religious aim.
(e) Pastoral care: Where a parishioner is sick or housebound, the parish co-ordinator can be contacted to request a visit by an MSC priest. Pastoral care and care of the sick is an important part of our ministry, and the priest can upon request visit sick parishioners for confession, Holy Communion, or, where necessary, the Sacrament of the Sick. The parish processes this data on the lawful basis of legitimate activities of a not-for-profit body with a religious aim.
(f) Sacraments: The parish will, where requested, liaise with schools and/or individual parents to co-ordinate the preparation of children for the sacraments of Baptism, First Confession, First Holy Communion, Confirmation, etc. The parish processes the child’s personal data on the explicit consent of the parents/guardians of the child concerned. A consent form will be prepared and issued to parents/guardians for that purpose.
2.2.3 Vetting: The Parish is required to undertake the vetting for certain persons per the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 (the “Vetting Acts”). MSC has an obligation to obtain a vetting disclosure from the National Vetting Bureau prior to employing, contracting, or placing a person to undertake relevant work or activities with children or vulnerable persons or prior to permitting a person to undertake such relevant work or activities on behalf of the organisation. We process this on the lawful basis of legal obligation (i.e. the Vetting Acts) and explicit consent (the signed NVB1/NVB3 Forms).
2.2.4 CCTV: The Parish has CCTV in operation at the gates, in the car park, and at certain internal points within the Church. In areas where CCTV is in operation, appropriate notices are prominently displayed to alert visitors that CCTV is in operation. The lawful basis is legitimate interests and the taking/defence of litigation. We use CCTV for security purposes: to protect premises and assets; to deter crime and anti-social behaviour; to assist in the investigation, detection, and prosecution of offences; to monitor areas in which cash and/or goods are handled; to provide a safe environment for all parishioners, staff and MSC members; for verification purposes and for dispute-resolution, particularly in circumstances where there is a dispute as to facts and the recordings may be capable of resolving that dispute; for the taking and defence of litigation. For further information, please see our CCTV Policy. The CCTV recordings will be retained for dispute resolution and/or verification purposes, and will be transferred to MSC’s insurers and legal advisors for the taking and defence of legal claims.
3. How we obtain your data: We generally obtain your personal data directly from you. However, we may receive a third party’s personal data if same is given to us by a benefactor or parishioner (e.g. see 2.2.1 above). We also cross-check our database against publicly available sources (e.g. rip.ie) to ensure we are not contacting people on our benefactor database who are now deceased (to avoid causing distress to their family members).
4. How long we keep it: The Charity complies with the storage limitation principle by only keeping data for the period necessary for the purposes for which the data is processed. How long we retain personal data depends on various factors.
4.1 Some personal data is only kept for a short period, such as:
(a) CCTV images are generally retained for 28 days unless an issue is identified in which case the recordings will be retained with copies being transferred to An Garda Síochána, our insurance company and lawyers).
(b) In relation to prayer requests (see 2.2.1 above) the retention period is generally one month, unless an alternative period is stipulated by the benefactor.
4.2 Some data is retained for a longer period, for example:
(a) Donations data: Records of financial donations are used for the preparation of audited financial statements. They are then retained for until the end of the audit of the financial period to which they relate (for audit and verification purposes, and in the event of an audit by the Revenue Commissioners). Thereafter, the donation history of that benefactor remains in the Charity’s record management system.
(b) Benefactors remain on our benefactor database (to receive charity and appeals materials) until they unsubscribe. Benefactors signed up to receive our emailed newsletter remain signed up until they withdraw their Consent.
(c) Parish volunteers: if you are parish volunteer, we will retain your data even after you cease your voluntary work, e.g. where same is required for compliance with vetting retention periods (NVB audits), where same is required for compliance with audits by the National Board for Safeguarding Children in the Catholic Church in Ireland, etc.
(d) We will retain personal data to manage risk, to prevent fraud, for insurance purposes, for production to the regulatory bodies, to resolve disputes, and take or defend litigation, etc.
4.3 The level of information we collect about you and how long we keep it depends on various factors. MSC has developed a record retention schedule stipulating how long certain records are to be retained, or if that is not possible the criteria used to determine that period. In determining its retention periods, MSC has endeavoured to strike a balance between the following interests:
- An individual’s rights for data not to be held about them for unjustifiably long period.
- An individual’s rights to access records concerning them, particularly where the individual needs same to vindicate their rights (e.g. “Windrush” scandal).
- MSC’s rights to retain records required to demonstrate compliance with a legal obligation, or for administrative and operational purposes, or to take or defend legal action.
- MSC’s rights to maintain archival records of enduring historical or archival value. Some data are retained in MSC Archives as they have enduring historical and archival value. Where records are assessed to have enduring historical and archival value, they are retained in MSC’s Province archives. MSC’s archives are administered in accordance with the Archives & Records Association UK and Ireland “Code of Ethics”. The MSC Province archives are not currently open to the public.
4.4 We will continue to keep our retention periods under review, and change the retention periods where statutory retention periods are developed, or where statutory bodies issue codes of practice or guidelines around the length of record retention.
5.1 Benefactors: We share benefactors’ personal data with third parties, for example:
(a)If you make a donation via our website, your credit/debit card details will be transferred to and processed by the payment service provider Realex. For further information, see 2.1.1 above.
(b) If you sign up to receive emailed newsletters from us, your email address will be transferred to and processed by Mailchimp. For further information, see 2.1.5 above.
(c) For audit: Information is shared with our auditors for audit and verification purposes in compliance with our financial audit requirements as a registered charity.
(d) For regulatory compliance: Our financial records and donations information are disclosed to the Charities Section of the Revenue Commissioners and the Charities Regulatory Authority as part of routine filings and during the course of any audits and/or investigations.
5.2 Parishioners, volunteers and employees: In addition to the above, we share personal data in circumstances including:
(a) Vetting: Vetting applications are processed via AMRI (the Association of Leaders of Missionaries and Religious of Ireland) and/or the Diocese of Cork & Ross. Those bodies are registered with the National Vetting Bureau for the purposes of sections 9 and 13(4) Vetting Act. Those bodies are each MSC’s “data processor” for the vetting process. MSC members and staff who are legally required to undertake vetting are required to complete the relevant form (NVB1) accurately and provide the supporting identification documents. MSC submits the documentation to the vetting data processor. The vetting data processor then submits the vetting information to NVB and liaises with NVB to ensure the vetting outcome is returned to MSC. Further information is made available at the time vetting is being undertaken.
(b) Safeguarding: We share safeguarding data with TUSLA (pursuant to Children First and the HSE Policy on Safeguarding of Vulnerable Adults), An Garda Síochána, and any other statutory child protection and law enforcement bodies from other relevant jurisdictions. In appropriate cases we will notify you that this data-sharing/reporting is taking place. We will not seek your consent, as we are legally required to make such reports due to mandatory reporting laws. We reserve the right not to notify you this is being done, particularly if that would put another person at risk.
6. Third-country transfers: Where personal data are being transferred outside the EEA, that will only be done on the basis of an adequacy decision, or on the basis of appropriate safeguards (binding corporate rules, or standard contractual clauses) or with the person’s explicit consent (Article 49 derogation) or any other Article 49 derogation. The Charity transfers personal data outside the EEA for the following purposes and on the following safeguards:
(a) Email/ezines (Mailchimp): Transferred to the US on the basis of Privacy Shield.
(b) SMS texts (Twilio): Transferred to the US on the basis of Privacy Shield.
(c) Cookies on our website (Google Analytics): Transferred to the US on the basis of Privacy Shield. For further information, please see our MSC Missions Cookies Policy.
(d) MSC priests abroad: In more limited situations, for example, if a benefactor wishes us apply their donation to a particular MSC missionary priest working outside the EEA, we will ask the benefactor if they would be happy for us to send their contact details to that MSC priest so that he can correspond with the benefactor to thank them for the donation and let them know how their donation will be applied in that country. In such situations, we will only transfer their personal data outside the EEA with the benefactor’s explicit consent, and this will be discussed with you at the time.
7. Automated Decision Making/Profiling: We do not undertake any automated decision making and/or profiling.
8. Security: We take appropriate security measures (including technical and organisational measures) to protect your personal data. This includes protecting same from unauthorised access, unlawful processing, accidental loss, destruction, and damage. Where you submit your payment details via our website (e.g. to make a donation, or to make a purchase), you are transferred to Realex, the payments platform, who processes your card data as our processor. Realex takes appropriate security measures to protect your financial information, including encryption, secure payment gateways, and other security and fraud-management tools. Although our website is protected by HTTPS (any information you transfer to us via our website is in encrypted), please note that communications across an electronic network cannot be guaranteed as a secure form of communication. Due to the risk of online fraud and the potential for unauthorised interception, we respectfully request that you never send us any sensitive data or financially sensitive information (e.g. bank account details) using the “Contact Us” page of our website or by email. We accept no responsibility or liability in the event that any person or party suffers loss as a result of cyber-crime, unlawful interception of communications, or otherwise.
9. Your rights: You have the following statutory rights that can be exercised at any time by contacting us, and providing us with proof of identity and the detail of your request:
- Right to complain to supervisory authority.Their contact details are set out below:
Telephone: +353 57 8684800 +353 (0)761 104 800/Lo Call Number 1890 252 231
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois.
- Right of access, provided that such access shall not adversely affect the rights and freedoms of others.
- Right to rectification.
- Right to erasure (right to be forgotten).
- Right to restrict processing.
- Right to data portability.
- Right to object (e.g. to processing based on legitimate interests, such as receipt of fundraising and appeals materials). You can opt-out of receiving postal communications at any time by contacting us. You can contact us by email at email@example.com, by telephone on +353 (0) 21 4545704, or by post at MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72, and we will update your contact preferences.
Please note that if you ask us to delete or restrict processing your personal data (e.g. if you withdraw your consent something, or opt-out of receipt of postal marketing) we reserve the right to retain your contact details on our suppression list to ensure we do not inadvertently contact you as part of any future direct marketing/fundraising campaigns. These rights can be exercised at any time subject always to the exemptions and exceptions set down by GDPR and the Data Protection Act 2018.
10. Contact us: If you have any queries, please contact us by email at firstname.lastname@example.org, by phone at +353 (0) 1 4906622, or by writing to us at MSC Provincial Office, 65 Terenure Road West, Terenure, Dublin, D6W P295, Ireland. If the matter relates to the Missions Office, you can contact us by email at email@example.com, by telephone on +353 (0) 21 4545704, or by post at MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72.