NRRI PRIVACY POLICY
>>click here for .pdf file>>
NATIONAL REGISTER OF REFLEXOLOGISTS (IRELAND)
(Under GENERAL DATA PROTECTION REGULATION (GDPR) 2018)
This document outlines the "Collection & Processing of Information" performed by the National Register of Reflexologists (Ireland) (further known as NRRI).
It describes and explains (in a simplest way possible) WHY do we collect personal information, HOW and WHEN do we process it, and WHAT are available controls to keep everyone happy.
All this obviously adherent to the new (2018) General Data Protection Regulation Policy GDPR: official link: >>here>>
Summary and Introduction
National Register of Reflexologists (Ireland) is committed to complying with new "Data Protection Act" governing privacy of personal information by businesses and to protecting and safeguarding your privacy when you deal with us (coming into life on 25th May 2018).
This Privacy Policy is our official privacy policy and it applies to all personal information collected by the National Register of Reflexologists (Ireland). In this policy we explain how and why we collect personal information, how and when we use it, and what controls one have over our use of it.
This privacy policy is not intended to, and does not create any contractual or other legal rights.
Official Data Protection Officer (DPO) of the NRRI
For any queries related to collecting and processing data by National Register of Reflexologists (Ireland) please do not hesitate to contact our dedicated DPO (Data Protection Officer):
Name: Tomasz Stanczyk
Address: Rathgorgin, Athenry, Co. Galway.
Telephone: 086-8159855
Email: [email protected]
Your Privacy is Important to Us!
NRRI recognises "privacy" as very important and is fully committed to respecting it. We will apply appropriate protection and management of any personally identifiable information shared with us. The information submitted will be kept confidential and with the highest standards of security once it reaches our server. The information provided will be entered onto a database, stored within EU and processed by in accordance with the Data Protection regulations.
Our "Legitimate Interests"
The lawful basis under which we hold and use your (both Member and non-Member information) information is "our legitimate interests" i.e. our requirement to retain the information you provide to us in order to provide you with "the best possible membership related support and related services support". (For more details please refer to "NRRI Objectives", "Membership Guidelines" and "Members' Code of Ethics").
Use of Personal information
We may use (or disclose - see down below) personal information held about an individual for the primary purpose for which it is collected e.g. provision of our services, including administration of our services, notification to you about changes to our services, record-keeping following termination of our services to you and technical maintenance.
We may also use such information for a purpose related to the primary purpose of collection and where it would reasonably be expected by individual that we would use the information in such way. This information is only disclosed to persons outside our business in the circumstances set out in this policy or as otherwise notified to you at the time of collection of the information.
At or before the time the personal information is collected by us we will take reasonable steps to ensure that you are made aware of who we are, the fact that you are able to gain access to the information held about you, the purpose of the collection, the type(s) of organisations to which we usually disclose the information collected about you, any laws requiring the collection of the information and the main consequences for you if all or part of the information is not collected.
Membership related Records
NRRI records details voluntarily provided during "registration of membership" process, including name, age, phone numbers, addresses and e-mail addresses. Either signing or online submission of the "Application for Membership" is considered as a consent voluntarily given to store provided details. NRRI was always dedicated to safeguard those details and so will continue under new GDPR.
Any personal information provided to NRRI will be used for NRRI purpose ONLY!
In order to provide our wide range of membership services and support, we need to ask for and keep information about our members at all times (especially membership renewals). We will not use this information for any other purpose (except as required for legal purposes) without their prior consent.
Members' information to be held:
1. Personal details (name, age, address),
2. Contact details (telephone numbers, emails, websites),
3. Qualifications and all Reflexology related work history (including photocopies),
4. CPD achievement (including copies of CPD certificates),
5. Record of any correspondence,
6. Record of any sales (membership fees, purchases, advertising)
Members' information that might be retained:
We may retain following information (other than sales records) in respect of non-members and past/lapsed-members, in case of:
1. An unsuccessful applicant who may wish to reapply at a later date,
2. A lapsed member who may wish to rejoin at a later date.
Non-Membership related Records
Some information provided to us by clients, customers, contractors and other third parties (non-membership related) might be considered private or personal. However without these details we would not be able to carry on our business and provide our services to them. Therefore we will only collect such personal information if it is necessary for one of our functions or activities ("our legitimate interests") and to provide our best customer service.
NRRI will record non-membership related details (including name, phone numbers, addresses and e-mail addresses voluntarily provided when you contact us via:
1. Telephone
2. Email
3. Contact Us form
4. Subscription for eNewsletter
NRRI may keep records of ALL correspondence, but only to improve our services!
Any personal information collected will be retained by NRRI and will only be disclosed where required by law.
Data & Information that we NEVER record/store:
1. Telephone conversations (audio recordings),
2. Cookies and visitor's IP (when visiting our website),
3. Bank details and credit/debit card numbers.
How Long we keep Data/Information for:
The criteria used for determining the retention period is as follows:
1. For current Members: we keep all information while membership is current in line with our legitimate interest (above),
2. For non-members as: disqualified applicants/lapsed & former members/business partners: we keep all information to enable us to:
A. issue a speedy response in case you wish to re-apply for membership at a later date,
B. be able to confirm any details of past membership which you may ask us about,
C. provide with the best level of services (incl. customer care service)
Disclosure of Information
We are permitted to use or disclose personal information:
1. Where individual have consented to the use or disclosure,
2. Where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety,
3. Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities,
4. Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
5. Where we reasonably believe that the use or disclosure is reasonably necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, conduct of, proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body.
Using our Website
Our website may contain links to other web sites and those third party web sites may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. National Register of Reflexologists (Ireland) encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information.
Data Security and Storage
NRRI is committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
We place a great importance on the security of all information associated with our members and clients. We have security measures in place to protect against the loss, misuse and alteration of personal information under our control.
Personal information is de-identified or destroyed securely when no longer required by us.
1. NRRI retains the information "one" provides to us including possibly a contact to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. This information is held on secure servers in controlled facilities.
2. Information stored within our computer systems can only be accessed by those entrusted with authority and computer network password sanctions.
3. No data transmission over the Internet can be guaranteed to be 100 per cent secure. As a result, while we strive to protect user's personal information, NRRI cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once NRRI receives your transmission, it makes every effort to ensure its security on its systems.
Complaints
When an individual wants to complain about our Privacy Policy or "the collection, use or safe disposal or destruction of your personal information", a complaint should be directed in the first instance to us at e-mail: [email protected]
We will investigate your complaint and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of personal information held by us about you in accordance with the Data Protection Act. If you are not satisfied with the outcome of this procedure then you may request that an independent person (usually the Information Commissioner's Office) investigate your complaint.
Changes to NRRI Privacy Policy
If NRRI changes its Privacy Policy, it will post changes on this Privacy Policy page so that users are always aware of what information is collected, how it is used and the way in which information may be disclosed. As a result, please remember to refer back to this Privacy Policy regularly to review any amendments.
Contacting us
If you require further information regarding our Privacy Policy, please contact our DPO (top for this document) or at the following email address: [email protected]
YOUR RIGHTS (INDIVIDUAL: either MEMBER or NON-MEMBER):
GDPR gives you the following rights:
• The right to be informed:
To know how your information will be held and used (this notice).
• The right of access:
To see our records of your personal information, so you know what is held about you and can verify it.
• The right to rectification:
To tell us to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called "the right to be forgotten"):
For you to request us to erase any information they hold about you if you ask them not to hold it anymore
• The right to restrict processing of personal data:
You have the right to request limits on how we use your personal information
• The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
• The right to object:
To be able to tell us you don't want them to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner's Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don't have to be.
Full details of an individual rights can be found at https://dataprotection.ie/docs/A-guide-to-your-rights-Plain-English-Version/r/858.htm
The NATIONAL REGISTER OF RELFEXOLOGISTS (IRELAND) RIGHTS:
• If you don't agree to us keeping records of information about you and your membership, then we will not be able to accept you as a member, or to renew your membership, and we will not be able to answer any queries you may have at a later date.
• We have to keep your records for a certain period as described above, which may mean that even if you ask us to erase any details about you, we might have to keep these details until after that period has passed
• We can move records between our computers and IT systems, as long as your details are protected from being seen by others without your permission.
MORE & FURTHER READ:
Should you wish to read more information on privacy legislation or the Data Protection Act we recommend that you visit the Information Commissioner's Office at www.dataprotection.ie