This is the Privacy Policy of Clarissan Missionary Sisters Company Limited by Guarantee of 28 Waltersland Road, Stillorgan, County Dublin, a non-profit company and charity that provides support services in furtherance of the charitable aims and objectives of the company.  

Clarissan Missionary Sisters Company Limited by Guarantee is affiliated with the Clarissan Missionary Sisters of the Blessed Sacrament who are a religious organisation with charitable interests, aims and objectives. 

Clarissan Missionary Sisters Company Limited by Guarantee runs ‘Our Lady of Guadalupe Residence for Students’ at the same address which provides a support service to students and is hereby referred to as ‘the Residence’. 

The purpose of this Privacy Policy is to ensure individuals and data subjects understand how we process their information.

The Residence endeavours to comply with the General Data Protection Regulation, Data Protection Act 2018 and data protection best practices. 

We process personal information provided to us by individuals, whether it be provided in person, through our website (www.guadaluperesidence.com), any form, correspondence, telephone, email, or by any other means, or otherwise processed by us in relation to you, in the manner set out in this policy.

By submitting your information to us, and or engaging with our services and or by using the Website you consent to the use of your personal information as set out by this Privacy Policy. If you do not agree with the terms of this Privacy Policy please do not use the Website or provide us with any personal information or personal data. 

Information collected by us

The information about you that we may collect, use and store (process) includes:

• Information necessary for the provision of services to students and members of our organisation (of which such data may include name, address, contact details, etc.)
• Information necessary in order to facilitate, process, invoice or collect monies related to any agreed business transaction with Clarissan Missionary Sisters Company Limited by Guarantee (of which such data may include name, address, contact details, billing details, banking details, credit card, etc.). 
• Information you provide to us by filling out any forms on the website or by way of emailing us or by any other form of written communication.
• Records of correspondences whether by email, telephone, through any form on our website or by any other means,
• Information you provide to us in person,
• Details of any business, commercial or trade transactions you carry out with us, whether through email, the website, telephone, or by any other means.
• Information relating to your eligibility for the provision by us of charity services to you if you request such services (e.g. the college course a student attends, student number, etc.).
• Information used to establish your identity for the provision by us of charitable services if you request such services (e.g. Passport, Driver’s Licence, etc.).
• Information provided by an employee, potential employee, volunteer, potential volunteer or member of Clarissan Missionary Sisters Company Limited by Guarantee for the purposes of engaging in any service and or volunteering.
• Details of your visits to our website including traffic data, location data, weblogs and other communication data in accordance with our Cookie Policy that may identify personal information (e.g. cookies) and non-personal information (e.g. information of an anonymised or technical nature).

How we use your personal information 

We may use your personal information for the purposes of:

1. Processing any enquiry requested by you;
2. Entering into and or completing any sales commercial or business-related requests or transactions requested by you;
3. Complying with any contractual obligations relating to any accountancy and or payroll agreement that you may enter into;
4. Setting up, operating and managing any account or line of credit, if applicable;
5. Setting up, operating and managing any marketing and or advertising services subject to your explicit consent (please see Marketing & Fundraising below);
6. Complying with our legal duties and responsibilities;
7. Debt collection and the collection of outstanding monies;
8. Providing, monitoring, reviewing and supporting our online presence via our website and social media (please see our Cookie Policy) 
9. Monitoring any billing or credit transactions for the purpose of preventing fraud;
10. Provision of security to, and ensuring the health and safety of employees, students, visitors and or volunteers to our premises.
11. Providing, and ensuring the integrity of, any charitable service to members and or students requested by any member or student.
12. Monitoring the continued eligibility of any charitable service that we may provide to you if requested by you.
13. If you are a member of our organisation, we will send you information about your membership and updates of our organisation.

We normally obtain consent to process personal data by way of notification on our website that requires an explicit acceptance of this Privacy Policy and associated Cookie Policy to use the website. Consent for data processing purposes can also be obtained by way of a physical application form, credit form or other paperwork of the Residence that refers to our privacy policy on this website and acceptance of same. 

For example, any student who may wish to apply for the use of the residence (charitable service) will have to complete an application form that will be used to establish eligibility. This form has a box for the student to tick to consent to the processing of their personal data in accordance with this Privacy Policy.

All data processed will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once is it no longer necessary in accordance with our data retention policy. Our standard data retention period is seven years.

The Residence does not engage in any automated decision-making processes nor do we use any personal data as a basis for any such automated decisions.

The Residence does not transfer personal data outside the jurisdiction of, or application of, the General Data Protection Regulation. However, the Residence may outsource some commercial activities and or and or engage with some third-party service providers based within the EU that may share data within other EU member states (e.g. back up, storage facilities, etc.) and such third-party suppliers are subject to the One Stop Shop Mechanism as identified by the Irish Data Protection Commission. 

We may also outsource some commercial actives to third parties that are based outside the EU but GDPR still applies to any data processed as a result, in accordance with GDPR, the Data Protection Act 2018 and practice directives issued by the Irish Data Protection Commission. 

For example, if you give us your explicit consent, we may use Mailchimp to send you marketing emails but Mailchimp uses Standard Contractual clauses and has an EU-US Privacy Shield Framework in place to ensure GDPR compliance. For Mailchip’s data protection practices please see their privacy policy available at www.mailchimp.com/legal/privacy.

For more information about the One Stop Shop Mechanism, Privacy Shield Framework or Standard Contractual Clauses applicable to data being processed outside of Ireland and or the EU, please visit the Data Protection Commission website at www.dataprotection.ie.

Data Processing Agreements

A Data processing agreement, which ensures compliance with the Data Protection Act 2018 and GDPR, between a data controller and data processer, is incorporated into our standard terms of business.

For the avoidance of doubt, we have an applicable data processing agreement / terms of service for when we act as a data controller and engage a data processor to process data on our behalf.

Where we act as data processor for a data controller

If requested, and only at the explicit request of a data subject, we may act as a data processor for the Clarissan Missionary Sisters of the Blessed Sacrament in circumstances where a prospective volunteer, or prospective member of the charity/order, may wish to become a member of the Clarissan Missionary Sisters of the Blessed Sacrament. In such circumstances, we will pass on your information if you.

We may also act as a data processor for the Clarissan Missionary Sisters of the Blessed Sacrament (www.misionerasclarisas.com)in circumstances where a member may stay at our premises and or provide charitable services as part of the missionary. In such circumstances, we act as a data processor, processing the members personal data in order to support the Missionary and or provide Missionary services from our premises. 

This policy and our data protection practices also applies for when we act as a data processor. 

Marketing & Fundraising

At present, the Residence does not engage in any marketing and or fundraising activities.

However, we reserve the right to do so and, in such an event, we may use promotional emails, text messages and or phone calls to people who have consented to being contacted for marketing and advertising purposes.

In terms of data processing, subject to your explicit consent, we may use your personal information for the purpose of:

1. Marketing and Fundraising promotions;
2. Providing you with information about our services;
3. Carrying out any service user, membership or volunteer research, survey and analysis;
4. Commercial activities, including brand or event awareness, participation and product or service launches;

At some interactions with the Residence you may be asked to consent to your data being used for marketing purposes. In such cases, consent will require positive action on your part. For example, on an enquiry form you would have to tick a box stating that you consent to your data being processed for marketing purposes in according with this privacy policy in order to receive personalised targeted marketing emails, text messages and or phone calls. 

At times, the Residence may host or organise events in which data subjects may interact with us face-to-face, e.g. at trade shows, talks, presentations, etc. In such cases, we may verbally ask if you consent to your data being processed for marking and advertising purposes subject to this policy. We may also announce that photographs may be taken for social medical purposes but please refer to the social media section below.

The Residence may use Mailchimp for our email marketing who are GDPR compliant by way of an EU-US Privacy Shield. Please note that if you do not consent to your email being used for marketing purposes then we do not contact you by email for marketing or advertising purposes and the privacy shield stated here is not applicable.  For more information on Privacy Shield please see the Data Protection Commission’s website www.dataprotection.ie  and Mailchimp at https://mailchimp.com/help/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr/

The Residence is committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing processes; you will only ever have the option of ‘opting in’ if you’d like to be included. We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed. You are free to withdraw consent for any marketing matters at any time you want.

Social media 

The Residence engages in a number of social media services and we strive to uphold privacy rights online. However, sometimes members of the public may post something objectionable and beyond our control to our social media pages/forums. In such cases, we will act to rectify any difficulties as soon as we are notified or become aware of the problem. We do not provide a continuous monitoring of social media sites/forums so there may be a slight delay from the initial post to when become aware of a problem.

The Residence may hold marketing and fundraising events in which service users, visitors, employees or members of the public may be present. Sometimes we may wish to take a photograph at such events to promote our brand or event on social media. In such cases, it is our policy for our photographer/social media handler to announce their presence and provide additional instructions and assistance. However, we do not have any control over private individuals or their personal social media accounts, as such we cannot stop or prevent private individuals from posting materials to their own personal social media accounts that others may find objectionable.

For information relating to social media usages, cookies or widgets, please see our Cookie Policy

We welcome enquires and communications from clients and prospective clients through social media however users are bound by the privacy policy of the respective social media organisation (e.g. Facebook, LinkedIn, etc.). We cannot be held liable for any act or omission of the social media organisation nor can we ensure that any communication through social media is encrypted or secure in anyway. 

Information Storage 

We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, where applicable, to include two-step authentication, and, where applicable, any physical data records will be kept in an appropriately secure environment with physical locks and restricted access.

We are in compliance with the Guidance for Controllers on Data Security by the Data Protection Commission issued in June 2019.

We have a general data retention policy that relates to the retention of relevant data for seven years. Personal data that is no longer required will be destroyed and or deleted in secure manner.

We do not record or process personal data that is not required or not necessary for any of our stated purposes.

Disclosure of data

We may outsource certain commercial functions to external third parties, e.g. debt collection, accounting auditors, etc. and in such cases where personal data is required for the purposes of completing those functions then an appropriate data processing agreement, with relevant safeguards, will be in place to ensure our ongoing obligations under the Data Protection Act 2018 are upheld.

We may also have to disclose certain personal data in accordance with any legal obligation imposed on us. Any such disclosure would be in accordance with the law, e.g. disclosed on foot of a court order, Child First Act, etc.

Requesting your data

Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.

If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:

Data Protection 

Our Lady of Guadalupe Residence for Students

28 Waltersland Road, 

Stillorgan,

County Dublin.

Or by email to info@guadaluperesidence.com.

In order to process your request, we may request that you send us a copy of your identification (passport, driver’s licence, etc.). The reason we ask for personal identification is to ensure that you are the correct person making the request for your personal data.

Unfortunately, verbal access requests cannot be entertained.

In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you notify us first of any issue so that we may help resolve it as quickly as possible.

Rectifying mistakes

You have the right to rectify any incorrect or inaccurate personal data at no cost to you. 

If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above address or email info@guadaluperesidence.com.

Queries or complaints

If you have any queries or complaints regarding our Privacy Policy or any data protection matter, please let us know by writing to the above address or email info@guadaluperesidence.com.

Individuals have the right to refer any matter to the Data Protection Commission by contacting them at www.dataprotection.ie or by writing to:

Data Protection Commission

Office of the Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our website. 

Any changes will become effective upon posting the revised Privacy Policy on our website. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, notice on the Website or any other agreed communications channels.

Privacy Policy last reviewed: March 2020 

Copyright retained by Argent Business Consultants and used with licence by Clarissan Missionary Sisters Company Limited by Guarantee 

www.argentbusinessconsultants.ie

/END