Privacy Notice
Introduction – What is the purpose of this document?
Ranelagh Christian Church (the “Charity” or “RCC”) is a “data controller” (collectively referred to as “we”, “us” or “our” in this privacy notice) in respect of your personal data. This means that we are responsible for deciding how we hold and use personal information about you. The purpose of this privacy notice is to make you aware of how and why we process your personal data and how long your personal data will usually be retained for. We are required to provide this information to you under the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and the Data Protection Act 2018.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
1. Who we are
Controller
The Charity is the controller and is responsible for your personal data.
Contact details
Our full details are:
Full name of legal entity: Ranelagh Christian Church
Email address: ranelaghchristianchurch@gmail.com
Postal address: 36 The Heights, Woodpark, Ballinteer, Dublin, D16 XP29 Telephone number: 01-2987038
You have the right to make a complaint at any time to the office of the Office of the Data Protection Commission (“ODPC”), the supervisory authority in Ireland for data protection issues (www.dataprotection.ie). We would, however, appreciate the chance to deal with any concerns you may have before you approach the ODPC, so please contact us in the first instance.
2. Data protection principles
We will comply with data protection law and principles, which means that your personal data will be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- So far as possible, accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
3. The personal data we collect about you
Recipients of Financial Assistance
If you are a recipient of financial assistance, we obtain your personal data directly from you or from a person or entity representing you. For the purpose of processing your financial assistance and administering such financial assistance, we may collect, store and use the following categories of personal data:
- Your name, phone number, email address, postal address and bank account details
- The name, phone number, email address and postal address for your representative
- Amount of financial assistance sought and provided and its purpose
We do not request any Special Categories of Personal Data from you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we request any information about criminal convictions and offences.
In addition to your contact information we may hold the following categories of corporate data where financial assistance is being provided to a corporate entity:
- The name and purpose of your organisation
- The registered charity number, charity regulator number, company registration number, tax registration number or other identifier relevant to the entity
- Annual Reports and Financial Doners
If you make donations to the Charity by electronic transfer or by cheque, we will obtain your personal data directly from you and as part of the electronic transaction or from the cheque. For the purposes of processing your donation and administering such donation, we may collect, store and use the following categories of personal data:
- Your name, phone number, email address, postal address and bank account details
- Your PPS Number
- Value of donations made
- Any purpose or use specified by you for a donation
Communications
If you wish to be included in the RCC contact list, to receive the weekly newsletter, or to be included in chat groups established and co-ordinated by RCC, we will obtain your personal data directly from you. For the purposes of maintaining the contact list and coordinating the various forms of communication, we may collect, store and use the following categories of personal data:
- Your name, phone number, email address and postal address
If you wish to be included in the monthly birthday announcement we will also collect and store your date of birth.
Garda Vetting
If you wish to be involved in activities involving children, we will obtain your personal data directly from you through the Vetting Invitation Form and the Vetting Application Form. We will also obtain personal data from the National Vetting Bureau through the Vetting Disclosure. For the purposes of maintaining valid and up to date records of appropriately vetted individuals, we will collect, store and use the following categories of personal data:
- Your name, date of birth, phone number, email address and postal address
- Proof of identity in the form of a copy of your passport of driver’s license
4. How we will use your personal data
The law only permits us to use your personal data when we have a lawful basis for doing so. The permitted lawful bases are:
- Where you have consented;
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation;
- Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.
- Where we need to protect your interests (or someone else’s interests); and
- Where it is needed in the public interest or for official purposes.
5. The purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways in which we plan to use your personal data, and which of the legal bases we rely on to do so.
Purpose/Activity |
Lawful basis for processing |
To process requests for financial assistance |
It is necessary for us to pursue our legitimate interest in providing financial assistance to appropriate requests where possible |
To administer financial assistance where a request is successful |
It is necessary for us to pursue our legitimate interest in providing financial assistance to recipients where possible |
To collect and process donations |
It is necessary for us to pursue our legitimate interest in paying the costs and carrying out the objectives of the Charity |
To apply for tax refunds from Revenue under the Charitable Donation Scheme |
It is necessary for us to pursue our legitimate interest in maximising donations under the Charity’s charitable status |
To communicate with you |
Where you have consented |
Where you wish to be involved in activities with children |
It is necessary to comply with legal obligations |
6. Data sharing
We will only share your personal data with the following third parties:
- Third party service providers: We may share your personal data with third party service provides that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, lawyers and providers of security and administration All third party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
- An Garda Siochana, Revenue Commissioners, Government Bodies or officials: We may share your personal information with An Garda Siochana or other government bodies or agencies where required to do so by
7. Transfer of your personal data outside the European Economic Area
We will only transfer personal data outside the European Economic Area if one of the following applies:
- The European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms.
- Appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism such as the EU-US Privacy Shield.
- You have provided explicit consent to the proposed transfer after being informed of any potential
- The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate
8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need it to fulfil the purpose for which it was collected. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We generally retain your personal data for a period of eight years, unless we are required to retain it for a longer period for legal or regulatory purposes.
10. Your legal rights
You have several rights under data protection law in relation to how we use your personal data. You have the right, free of charge, to:
- Request a copy of the personal data we hold about
- Request correction of the personal data we hold about This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of the personal data we hold about This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Request the restriction of processing of your personal This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Object to our use of your personal data where we are relying on a legitimate interest (or that of a third party)
- Request a copy of your personal data in a structured commonly used and machine readable format, and to have that data transmitted to another data
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details contained in this privacy notice. We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will explain why.
You also have the right to lodge a complaint to the ODPC.