The Missionaries of the Sacred Heart are committed to protecting the privacy and security of your personal data.
The Missionaries of the Sacred Heart (“MSC”), a religious congregation practising in Ireland with an address at the MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72, are responsible for any personal data collected when anyone avails of services from MSC (including on-line services).
The MSC website is one of our primary channels of communication providing information on our programmes and services.
MSC is a data controller. This means that we are responsible for deciding how we hold and use personal data about you.
This notice is provided to you in line with our obligations under Data Protection Law*. This privacy notice describes how we collect and use personal data about you in accordance with Data Protection Law.
From 25 May 2018, existing data protection law will be amended and we will have enhanced accountability and transparency obligations concerning your personal data.
It is important that you read this notice so that you are aware of how and why we are using your information.
How is your personal information collected?
Data subjects of MSC include visitors to MSC and online; participants in our programmes; donors and lenders; members and volunteers; partners; sponsors; and, other stakeholders (“Data Subjects”).
We collect personal data about our Data Subjects through our interactions with you, when you avail of our services and when you complete our administrative forms in hard copy or on-line for our programmes and services.
We may collect information about our Data Subjects when you avail of the following services: making purchases from or donations or requests to MSC (including via our website), attending religious events and programmes; receiving pastoral services.
We may also collect your information for research purposes.
The kind of information we hold about you
Personal data means any information about an individual from which that person can be identified. It does not include anonymous data i.e. data from which you cannot be identified.
There are special categories of more sensitive personal data which require a higher level of protection.
When you avail of our services or donate to MSC, we may collect, store, and use the following categories of personal data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and business and personal email addresses.
- Payment Data: If you pay by direct debit, we will collect the IBAN, BIC and the name of your bank/building society or your credit card details where relevant.
- Interactions with us: When you interact with us we will record details of those interactions (for example, phone calls, e-mail correspondence and hard copy correspondence). If you make a complaint we will process details concerning that complaint.
- Data to comply with certain legal and regulatory obligations that apply to our business such as our health and safety obligations.
- Special categories of more sensitive personal data including information about your health, including any medical condition, where you disclose those details to us so that we can accommodate any special needs you may have when you avail of our services including to comply with our obligations under the Equal Status Acts.
- Personal data on CCTV footage for security purposes.
- Personal data in photographs, where you provide us with permission to do so.
- Personal data provided during the receipt of pastoral services.
For each visitor to reach the site, we expressively collect the following non-personally identifiable information, including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are at this site.
To view the cookies used on our website, please click here.
If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in your browser settings. For further information about how to turn off cookie acceptance please refer to the “Help” function in your browser.
Please note that disabling cookie support may prevent this website from functioning properly and you may not be able to fully utilise all of its features and services.
How we use your personal information
We will only use your personal data when the law allows us to.
We need to process your personal data primarily to allow us to perform our contract with you and to enable us to comply with our legal obligations. In some cases we may use your personal data to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
We may also use your personal information where we need to protect your interests (or someone else’s interests) or where it is needed in the public interest.
We may use your personal data for the following purposes:
- Providing you with services – we may process information about our Data Subjects when you avail of the following services: making purchases from or donations or requests to MSC (including via our website), attending religious events and programmes; receiving pastoral services.
- Running our business – we will process your data to monitor and improve the quality of our service and to meet certain legal and regulatory obligations that apply to MSC.
- Marketing and Donations – we will process your data when contacting you about our services and seeking donations. If we have a legitimate interest to do so or you consent to us sending messages to you about such matters, we will process your personal data to make sure that any messages we send to you are relevant to you.
If you fail to provide personal information
If you fail to provide certain data when requested, we may not be able to enter into or perform our contract with you or provide you with our services.
Where we require your personal data to enter into a contract and to provide you with our services, we will make this clear.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and ground for processing.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so unless this is otherwise required or permitted by law (in which case we may process your personal data without your knowledge or consent).
How we use particularly sensitive personal information
Special categories of particularly sensitive personal data require higher levels of protection.
We may process special categories of personal data where we need to carry out our legal obligations or where it is needed in the public interest
Less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will use information about your physical or mental health, or disability status, to ensure your health and safety when you are availing of our services and to ensure that we comply with the Equal Status Acts.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We may contact you by mail, email and telephone and social media about our products and services and other events which might be of interest to you.
You may receive marketing communications from us if:
- you have requested to receive or consented to the receipt of information from us; or
- purchased goods or services from us (and our marketing communications will only be in relation to similar goods or services); or
- it is in our legitimate interest;
and, in each case, you have not opted out of receiving the marketing communications.
You will only receive electronic marketing communications under (b) above where such products or services were purchased within the 12 months prior to the receipt of the communication.
You have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, please send us an email to firstname.lastname@example.org.
We will share your personal data with third parties where required by law, where it is necessary to perform our contract with you or where we have another legitimate interest in doing so.
We will share your data with trusted third-party service providers. We may also share your personal data with other third parties, for example, in the context of a transfer of our statutory functions or with a regulator or to otherwise comply with the law.
We require third parties to respect the security of your data and to treat it in accordance with the law.
All our third-party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transferring information outside the EU
We do not envisage that any of your personal data will be transferred outside of the European Economic Area (EEA). However, we may transfer the personal data we collect about you outside the European Economic Area (EEA) where a trusted service provider is based outside of the EEA. We will always take steps to ensure that any transfer of your information outside of the EEA is carefully managed to protect your privacy rights.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal data are available in our retention policy.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information.
- Request correction of the personal information that we hold about you.
- Request erasure of your personal information.
- Object to processing of your personal information.
- Request the restriction of processing of your personal information.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Champion in writing at the details set out below.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Champion in writing at the details set out below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Data Protection Champion
We have appointed a data protection champion to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Fundraising Manager at the MSC Missions Office, PO Box 23, Western Road, Cork, T12 WT72, Ireland, or by e-mailing email@example.com.
You have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues. The Data Protection Commission can be contacted at the Office of the Data Protection Commissioner. Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland, or by e-mailing firstname.lastname@example.org.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please contact our Data Protection Champion.
*Data Protection Law means the Data Protection Acts 1988 and 2003 as may be amended, supplemented or replaced by any Irish legislation transposing Regulation EU/2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) and any legislation which amends, extends, consolidates, re-enacts or replaces same, including any statutory instruments and regulations that may be made pursuant thereto from time to time.