This Notice sets out the basis on which any personal data we at Cloyne Diocesan Youth Services CLG (CDYS) collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

This Notice is divided into several sections – if you click on a heading in the Table of Contents, you will be taken directly to that section. More detailed information is available in several sections, or on request in some instances.

Table of Contents

1. Who are we? How can you contact us?

2. What information about me do you collect & use? Where do we get your personal data from?

3. Do you collect information from children (under 16yr olds)?

4. How and why do use my personal information?

5. Do you share my information?

6. Is my information sent outside the European Union?

7. What is the legal basis for you collecting and processing my information?

8. What are my rights, and how do I exercise them?

9. Can I stop getting emails, text messages and other communications from you?

10. Is my information secure?

11. How long do you keep my information?

12. How do you contact us?

13. Miscellaneous CCTV and Photography

14. Links to other sites

15. Social Networks

16. Changes to this Notice

1. Who are we? How can you contact us?

“We” are Cloyne Diocesan Youth Services CLG,(“ CDYS”). CDYS is a voluntary and not for profit organisation that works with young people in the Dioceses of Cloyne since 1962. Registered Charity No. CHY16840.

This Notice applies to CDYS as the DATA CONTROLLER for the purposes of the General Data Protection Regulation EU2016/679, and the Data Protection Acts 1988 – 2018 .

CDYS also acts as a Processor and Joint Controller in certain circumstances

For data protection issues, please email our DPO at privacy@cdys.ie

Or write to us at:

CDYS, Regional Office,
Mallow Community Youth Centre, New Road,
Mallow, Co.Cork
Phone: 022 53526

2. What information do you collect & use? Where do we get your personal data from?

“ Personal Data” is data that can identify you, either directly or indirectly, as an identified or identifiable individual.”

There are many elements of Personal data which may be sought and recorded at enrolment and may be collated and compiled during the course of participation with us in our Youth Projects, Youth Clubs, Youth Ministries, Youth Diversion Projects, Therapeutic Services, Creative Community Alternative Programs, Family Support Services, Local Training Initiatives and other projects. That relationship may be as a participant, or service provider, or a support of our services (by fundraising, donations, parents, and other stakeholders).

At all times we are conscious that our processing of personal data, including sensitive personal data( special category data ) will be limited to only what is necessary and proportionate for the purposes for which it is collected.
These records will include:
name, address and contact details, PPS number
date and place of birth
names and addresses of parents/guardians and their contact details (including any special arrangements with regard to guardianship, custody or access)
racial or ethnic origin and or sexual orientation data
membership of the Traveller community, where relevant
whether they (or their parents) are medical card holders
whether English is the participants first language and/or whether the participant requires English language support
any relevant special conditions (e.g., special educational needs, health issues etc.) which may apply
Information on previous academic record (including reports, references, assessments, and other records from any previous school(s) attended by the student
Psychological, psychiatric and/or medical assessments and your GP and other medical attendee details
Attendance records
Photographs and recorded images of participants (including at events and noting achievements).
Academic record – subjects studied, class assignments, examination results as recorded on official reports
Records of significant achievements
Garda vetting outcome record
Your Personal Data that will be collected and processed for the purposes of the various programs including in order to facilitate the operation, management, and coordination of these services. Personal Data relating to your emergency contacts and parents or guardian details for under 18s will be processed by us. This Personal Data will also be processed jointly with various State Agencies.

Other records e.g., records of any serious injuries/accidents etc.
Records of any reports medical or otherwise CDYS have made/ received or sought in respect of a participant/ youth or parent or guardian to or from State departments, especially TUSLA and/or other agencies under mandatory reporting legislation and/or child safeguarding guidelines or otherwise
CCTV images and recordings

Personal data which will be sought and recorded through staff and volunteer records:
• Categories of staff/volunteer Personal Data: As well as existing members of staff/volunteers (and former members of staff/volunteers), these records may also relate to applicants applying for positions. These staff/volunteer records may include:
• Name, address and contact details, PPS number
• Contract of employment and any amendments to it
• Original records of application and appointment to promotion posts

Financial information records
• Payroll records
• Employee review meetings
Grievance and disciplinary procedures information
• Details of approved absences (career breaks, parental leave, study leave etc.)
• Information relating to your health , which could include reasons for absence and GP reports and notes
• Details of work record (qualifications, classes taught, subjects etc.)
• Details of any accidents/injuries sustained on school property or in connection with the staff member carrying out their duties
• Records of any reports (or its employees) have made in respect of the staff member to State departments and/or other agencies under mandatory reporting legislation and/or child-safeguarding guidelines.
• CCTV images

Personal data which will be sought and recorded through Parents/Guardians’ Records:
Categories of Personal Data: CDYS may hold some or all of the following information about parents and/or guardians of participants: Names and addresses of parents/legal guardians and their contact details (including any special arrangements with regard to guardianship, custody or access) and place of work, financial information and other related correspondence.

Personal data which will be sought and recorded through fundraising and donation: names and addresses.

You may give us personal data by:
• Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our services
• Filling in forms on the website, via download or in person CDYS will use the personal information you provide in connection with our projects and services.
• your Personal Data that will be collected and processed for the purposes of the various programs including in order to facilitate the operation, management, and coordination of these services. There are many elements of Personal data which may be sought and recorded at enrolment and may be collated and compiled during the course of participation with us in our Youth Projects, Youth Clubs, Youth Ministries, Projects, Therapeutic Services, , Creative Community Alternative Programs, Family Support Services, Local Training Initiatives and other projects. That relationship may be as a participant, or service provider, or a support of our services (by fundraising, donations, parents, and other stakeholders).

• Personal Data relating to your emergency contacts and parents or guardian details for under 18s will be processed by us. This Personal Data will also be processed jointly with various State Agencies.
• Taking part in events. Photographs and recorded images of attendees are taken to celebrate students’ achievements.
• Using our facilities. CCTV are used on our premises to monitor health and safety standards and for security The Controller of the CCTV data is the owner/occupier of that premises . CCTV systems are installed (both internally and externally) in the premises for the purpose of enhancing security of the building and participants and staff. These CCTV systems may record images of staff, youth attendees and members of the public who visit the premises
• Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). When you apply to work with us, we may share your Personal Data with our various Funders and or Auditors.
• Volunteering with us
• Making of a donation.
• The processing of your Personal Data may include personal data relating to your socio-economic background such as your ethnic or cultural background and/or living circumstances, health, and criminal conviction data) or otherwise which is regarded as Special category data.
• Garda Vetting
o As stipulated in The National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 all CYDS staff, volunteers, voluntary officers, and other individuals who provide services to us and who interact with children or vulnerable persons must be vetted by A Gardaí Síochána.
o Garda Vetting is a procedure through which A Garda Síochána is asked, with a person’s permission, to disclose any information held on Garda file. The vetting process requires the provision of verified proof of identify and proof of address by all vetting candidates and, subsequently, checks by An Gardaí Síochána of their records The purpose for processing your Personal Data in this context is that it is necessary to comply with our legal obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016.

We may also process other data, which is not personal data.

When you access our website your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.

What information about you do we obtain from others?
When you use our services, we may obtain the following categories of personal data from others:to include Government Agencies/ Public Sector Bodies, Other NGO ‘s and Community Services, Tusla, the HSE and /or your authorised Representatives or involved agencies and statutory bodies.

3. Do you collect information from children? (under 16yr olds)?

Children’s Personal Data: We do collect and manage information about children. The information is usually collected when children use our services. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children however we also process children’s data including special category data as is necessary for compliance with legal obligations to which we are subject.

4. How and why do you use my personal information?

We collect the information in order to provide you with our services, to

We will use this information:
• To enroll you on our systems so as to provide you with our services in order to facilitate the operation, management and coordination of our programme or course
• To liaise with you about services that we are providing to you.
• To deliver information about our services, where you have subscribed to receive same.
• To fulfil our statutory functions.
• To administer and improve our website and for internal operations, including troubleshooting, and statistical and survey purposes where consent is given.
• as part of our efforts to keep our website safe and secure.
• To make suggestions and recommendations to you and other users about services that may interest you or them.
• To publicise and promote the benefits of our services for their participants, by way of social media and other online platforms

The legal bases for the processing of your Personal Data are:
• That you have provided consent for the processing for one of more specified purposes.
• Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract.
• Processing necessary for compliance with a legal obligation to which we are subject.
• to comply with the monitoring, reporting, and evaluating requirements:
• where you are a participant in a European Union co-funded program to which they provide funds
• Processing done on the basis of the legitimate interest, balancing the rights of freedoms of the data subject.

If you do not provide us with your Personal Data so that we can process it for the above purposes, we will not be able to enrol you or administer your participation on our programs/projects.

Special Category Data and the lawful basis for that processing activity.
The processing of your Personal Data may include personal data relating to your socioeconomic background such as your ethnic or cultural background and/or living circumstances, your health and wellbeing , your sexual orienation or otherwise which is regarded as Special category of Personal data under the GDPR.
The legal bases for the processing of your special category data or sensitive data are:
• That you have explicitly provided consent.
• Processing necessary for compliance with a legal obligation to which we are subject, including but not limited to statistical and research purposes at an aggregate level and comparing the progress of socio-economic groups participating on programmes.
• Such statistics and research will assist in identifying gaps in the systems and assisting in the development and implementation of appropriate policies.

If you do not provide us with your Personal Data so that we can process it for the above purposes, we will not be able to enrol you or administer your participation on our programme

5. Do you share my information?

We may share your personal data with our selected suppliers and contractors to provide you with our services. The Personal Data held on your record will be disclosed to relevant staff/volunteers of CDYS and other State Agencies or NGOs on the basis of contract or statute. All staff/volunteers are made aware of the procedures they must follow to ensure your Personal Data is appropriately protected.

The Personal Data you provide may be disclosed to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request or to perform a public function. It may also be necessary, under contract, to disclose your Personal Data to comply with reporting obligations where you are a participant of a European Union co-funded programme. Some of your Personal Data will be disclosed to allow monitoring, reporting, and evaluating of programmes where the programme is co-funded by the European Union.

We may also disclose your Personal Data to governmental, regulatory and/or public bodies or other third parties

  • If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and /or court orders
  • Your Authorised representatives
  • Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information.

We attach at Schedule 1 a list of some entities with whom your personal data is shared.

6. Is my information sent outside of the European Union?

We will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365/Microsoft. Where Personal Data needs to be transferred or processed outside the EU/EEA, we chose providers who process Personal Data on the basis of

  •  Standard Contractual Clause (s)(SCC’s)
  • An Adequacy Decision from the European Commission.

7. What is the legal basis for you collecting and processing my information?

Irish and EU law sets out the grounds upon which data controllers such as CDYS can rely on to lawfully process personal data.

We rely on the following grounds:

Where you have given, us consent to the processing of your personal data for a specific purpose.

The processing is necessary for CDYS to fulfil our contract with you or others, such as funding agencies.

The processing is necessary for compliance with a legal obligation, for example to comply with child protection and/or Revenue requirements.

The processing is necessary in order to protect the vital interests of a staff member or another person, for example, an attendee at a training course in a medical emergency.

The processing is necessary for the purposes of the legitimate interests pursued by CDYS or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.  Some marketing might take place under this heading, but never to children.

The legal bases for the processing of your special category data or sensitive data (for example health and wellbeing data) are:

  • That you have explicitly provided consent.
  • Processing necessary for compliance with a legal obligation to which we are subject.
  • Processing necessary for substantial reasons of public interest, which will always respect the essence of the right to data protection.

8. What are my rights, and how do I exercise them?

As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Personal Data. These rights apply in certain circumstances and are set out below: –

The right to access Personal Data relating to you (‘access right’).
The right to rectify/correct Personal Data relating to you (‘right to rectification’).
The right to object to processing of Personal Data relating to you (‘right to object’).
The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
The right to erase/delete Personal Data relating to you (i.e., the ‘right to erasure’).
The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to Personal Data portability’).

These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by contacting us accompanied by all necessary information via:

an e-mail to our DPO at privacy@cdys.ie
or a written request to the following address:
CDYS DPO , Regional Office,
Mallow Community Youth Centre, New Road,
Mallow, Co.Cork

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie

DATA PROTECTION COMMISSION contact details are:

Dublin Office Portarlington Office
21 Fitzwilliam Square Canal House
Dublin 2 Station Road
D02 RD28 Portarlington
Ireland R32 AP23

Phone +353 57 868 4800 or +353 761 104 800
LoCall 1 890 25 22 31
Fax +353 57 868 4757
email: info@dataprotection.ie

We would ask that you contact us first at privacy@cdys.ie to enable us to try to deal with the matter to your satisfaction.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

If you are receiving marketing from us, you may opt out. If you no longer wish to be contacted for marketing purposes, please contact us as set out in this Notice to request to “opt out” of marketing.

The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence we may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.

9. Can I stop getting emails, text messages and other communications from you?

Yes!

If you no longer wish us to contact you in a particular way, for example, to no longer send you text messages, just advise us of that and we will respect your wishes.

It may be necessary for us to contact you from time to time in connection with services, for example to ensure your Personal Data is correct.

MARKETING
If you no longer wish to receive marketing communications by electronic means, just use the opt-out facility in any of our communications, OR advise us at privacy@cdys.ie

You may also write to us:

CDYS, Regional Office,
Mallow Community Youth Centre, New Road,
Mallow, Co.Cork

10. Is my information secure?

We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.

The transmission of information via the internet is not completely secure and may involve the transfer of Personal Data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Personal Data for their own purposes. Non-EEA countries may not provide an adequate level of protection in relation to processing your personal data. By submitting your Personal Data, you agree to this transfer, storing and processing. The sharing, storage and processing of your personal data/ information will predominantly take place within the EEA.

Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access.

11. How long do you keep my information?

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
We keep your Personal Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Personal Data to provide this service to you, you can request that we erase your Personal Data. Please note that if you request the erasure of your Personal Data:

  • We may retain some of your Personal Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety
  • We may retain and use your Personal Data to the extent necessary to comply with our legal or contractual obligations.
  • Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Personal Data may not be removed from our backup systems for a limited period of time.

12. How do you contact us?

You have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights. Full contact details are provided below.

We would ask that you contact us first, to enable us to try to deal with the matter to your satisfaction.

Please contact us our DPO at privacy@cdys.ie
Or:
CDYSDPO
Regional Office,
Mallow Community Youth Centre,
New Road,
Mallow,
Co.Cork

If you wish to exercise any of the rights you have in respect of your data, please contact us privacy@cdys.ie

13. Miscellaneous/Photos

Where we process your Personal Data based only on your consent, you may withdraw your consent.

You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Personal Data. In Ireland the Personal Data Protection Commission is the supervisory authority.

In circumstances where the provision of your Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Personal Data whether the Personal Data is a required field, and the consequences of not providing the Personal Data.

Videography and Photography: Some of our programmes will involve photographic or videos records to be made for informational and promotional purposes due to your presence at the event hosted by us or by any third party authorised by us. The images resulting from the photography, videography or recordings, and any reproductions or adaptations of same, may be used for promotion, publicity and/or other purposes.
By attending at such events, you acknowledge that event run by us is in a public place and that you may have a reduced expectation of privacy. While you have a right to object to your inclusion in any photographs or video footage, any such objection must be balanced against the legitimate interests pursued by us and/or third-party media outlets and broadcasters.

14. Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies/notices and that we do not accept any responsibility or liability for those policies/notices. Please check those policies/notices before you submit any Personal Data to those websites,

15. Social Networks

We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will involve cookies being set by these networks while using our site. You may choose to refuse these cookies. Your use of these social media platforms remains subject to your own user agreements with the platform providers.

16. Changes to this notice

This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on Jan 18th 2024

This Notice is effective from  Jan 18th 2024

Schedule 1

We have set out below a list of third parties with whom we share your Personal Data.

Third party name Description of services provided
Cloud Service ProvidersMicrosoft, Sage, Sage 50
IT Back-up ProvidersEonvia Ltd
Website Service ProvidersLet’s Host
Other Service Providers/FundersList can be provided on request