Privacy Policy

Who we are

Clannad Care referred to as (‘we’ or ‘us’ or ‘our’) gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant General Data Protection Regulations (GDPR) and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

This privacy policy applies to the personal data of our current, past or prospective Clients, Employees, Candidates, Suppliers, Website Users and other people we may contact in order to find out more about Clients, Employees and Candidates or whom they nominate as an emergency contact, where appropriate.

We reserve the right to amend our privacy policy at any time.

If you have any queries regarding the personal information we hold or how we store and process it, please contact our designated Data Protection Officer:

Fiona Hartley

Clannad Care

Level 2, Deise House

Poleberry

Waterford

T: 051 878 813

Information that we collect

Clannad Care processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our homecare services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

We collect and process your personal data for the performance of a contract to which you are party, or when it is necessary for compliance with a legal obligation to which we are subject or where required, with your prior consent. We may also collect and process your Personal data for Clannad Care’s legitimate interests except where such interests are overridden by your interests or fundamental rights and freedoms.

Clannad Care are a Data Processor when it comes to the provision of data that our Employees use to provide homecare services. In this homecare provision situation, it is our Clients who are the Data Controllers.

Clannad Care also act as a Data Controller of personal data that we maintain as part of our business activities; for example any Employee and Client contact data used for contractual, marketing or sales purposes.

Employees and Candidates

The personal data that we collect from you may include: –

  • Your name, address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e. name, relationship and telephone numbers)
  • Name and contact details of authorised persons which you consent for us to contact regarding your care
  • Your medical history including current and historic illness, treatment and medication
  • Any accidents and incidents or near misses you may have been involved in – this may include details of injuries and treatment you may have received
  • Any dietary needs you may have
  • Any allergies we need to be aware of
  • Your likes, dislikes and lifestyle preferences (as they relate to providing homecare services)
  • Financial information
  • Your feedback and contributions to questionnaires and surveys about the service we offer
  • Your complaints, compliments or concerns about the service we provide

Suppliers

We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide.

Referees and emergency contacts

We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you have been listed as an emergency contact for one of our Clients, Employees or Candidates. In order to provide Candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them and our Employees, we need some basic background information.

Website users

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

We collect information in the below ways: –

  • Personal data that Clients, Employees and Candidates give to us directly;
  • Personal data that we receive from other sources e.g. referees and emergency contacts;
  • Information we may collect from a relative; and
  • Information from a Health Care Professional in the event that you come to us through a health provider (such as the HSE).

You can share your details with us in a number of ways including:

  • Entering your details on the Clannad Care website or through an application form, as part of the registration process;
  • Leaving a hard copy CV at a recruitment event, job fair or our office;
  • Emailing your CV to Clannad Care or being interviewed by the Clannad Care team;
  • Applying for a job through a jobs board website, which then redirects you to Clannad Care;
  • Communicating with us through social media channels;
  • Where you contact us proactively, usually by phone, email, fax or post; and
  • Where we contact you, either by phone, email, fax or post.

To the extent that you access our website or read or click on an email from us, where appropriate and in accordance with any local laws and requirements, we may also collect your data automatically or through you providing it to us.

Legitimate purpose for holding data

Clannad Care takes your privacy seriously and will only process your personal data in accordance with the terms stated in our Privacy Notice.

Primarily we will use your personal data to carry out our obligations arising from any contracts entered into by you and us.

We rely on the following grounds under the GDPR:

  • Processing is conducted with your consent to process personal data for specified purposes
  • Processing is necessary for the performance of our contracts to provide individuals with care and support services
  • Processing is necessary for us to demonstrate compliance with our regulatory framework and the law
  • Processing your personal data in pursuit of legitimate interests

GDPR recognises that additional care is required when processing special category (sensitive) data such as your health information. We process this under the following grounds within GDPR:

Article 9(2)(h) – processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services

  • Article 9(2)(h) – processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services

Where Clannad Care acts for its own purposes under legitimate interest, your personal data is processed mainly for, but not limited to, the following purposes:

  • Recruitment management
  • Human resources management
  • Accounting and payroll
  • Finance and tax management
  • Risk and compliance management
  • Management of employees’ safety
  • Provision of IT tools or internal mobile applications and any other digital solutions or collaborative platforms
  • IT support management
  • Health and safety management
  • Information security management
  • Client relationship management
  • Sales and marketing
  • Supplier management
  • Internal and external communication and events management
  • Compliance with legal requirements

When providing our services for the benefit of our Clients, we may also process personal data on behalf of a Controller (usually a client) essentially for the effective operation, management, performance and delivery of our homecare services. We will ensure that personal data processed is adequate, relevant and limited to what is necessary for the purposes for which it is processed.

How we use your personal data

Clannad Care takes your privacy very seriously and will never disclose or share your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

The purposes and reasons for processing your personal data are detailed below: –

  • To deliver homecare services we have been contracted to provide, client due diligence and duty of care towards Clients and Employees;
  • To communicate with you, your representatives and any appropriate external social or health care professionals about your individual needs and personalise the service delivered to you;
  • To provide you with information that you request from us relating to our services;
  • To carry out any obligations which arise from any contracts entered into between yourselves and us to allow us to provide information or services;
  • To protect a prospective Client and/or Employee’s vital interests;
  • To process information relating to job applications;
  • To provide you with information relating to other services which may be of interest to you (only with your expressed consent);
  • To inform you of any changes to our services and website;
  • To ensure that the quality of our service is continually enhanced and refined and for purposes which are within legitimate business such as technical support or business development;
  • We use referees’ personal data to assist with our employment process;
  • We may also use referees’ personal data to contact them in relation to activities that may be of interest to them; and
  • We use the personal details of a Client, Employees or Candidate’s emergency contacts in the case of an accident or emergency affecting that individual.

Sharing and disclosing your personal information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Some of your personal data may be shared with:

  • Employees: the relevant Clannad Care Employees who need to know this information in order to adequately respond to your enquiry and provide the necessary services. This will involve sharing only the necessary Personal Data with Employees involved in the management and administration of the business and the delivery of homecare services.
  • Health care professionals: We share your medical information with appropriate external social, health care professionals, emergency services and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need.
  • Service providers: our trusted service providers provide us with a range of services, including web support. They may have access to your Personal Data as part of providing us services under a contract. These service providers are bound to protect your Personal Data from disclosure or misuse and will not share it with any third party without your prior consent.
  • Governmental authorities or under legal action: We reserve the right to disclose your Personal Data to Government institutions or supervisory authorities, including tax authorities when requested to do so or as required by law. We also reserve the right to disclose your Personal Data when we have reason to believe that disclosing this Personal Data is necessary as part of a legal action. This also includes information required by public bodies to evidence our compliance with the applicable regulatory framework.

Safeguarding measures

Clannad Care takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We have established security controls in place to prevent, detect and respond to vulnerabilities and data breaches. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

  • A protective monitoring regime to oversee how ICT systems are used;
  • Locks and security systems;
  • Computer passwords and limited access to shared network drives to authorised staff;
  • Virus checking;
  • Timely patching applied against known vulnerabilities;
  • Systems protected from malicious and mobile code;
  • Boundary protection in place on all systems with a connection to an untrusted network;
  • Network security boundaries defined and enforced to group users, services and information that require different levels of protection
  • Software and hardware locked down to restrict unnecessary services;
  • Auditing procedures and data integrity checks; and
  • Security classification to identify data needing special protection.

The security of our ICT systems has been evaluated through external penetration testing. We employ an IT Support and Security Company to ensure our Servers, Desktops and Electronic Correspondence are fully secure and maintained to the highest standards. Our systems software and virus protection is regularly updated in line with current updates and threats.

Transfers outside the EU

Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data.

Your personal data will not be transferred outside of the EU.

If it is ever necessary for data to be transferred outside of the EU e.g. where we might be using a cloud based storage system, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by Clannad Care to protect your data and comply with the relevant data protection laws.

How long we keep your data

Clannad Care only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.

We will keep your details on file for the length of our contract or a period of time in accordance with our data retention policy before seeking confirmation that you are happy for us to continue to hold your data. After which time your data will be deleted from our systems unless we have had meaningful contact to say otherwise or if a law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Cookie notice

‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options.

Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.

Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit https://www.aboutcookies.org

Your rights

You have the right to access any personal information that Clannad Care processes about you and to request information about:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request the deletion of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us; to exercise your data portability rights, and to be informed about any automated decision-making we may use.

If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please contact us.

We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Lodging a complaint

Clannad Care only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

In the first instance, please send your complaint to:

Fiona Hartley

Clannad Care

Level 2, Deise House

Poleberry

Waterford

T: 051 878 813

Under Article 77 of the GDPR, you have the right to lodge a complaint with the Data Protection

Commission if you consider that processing of your personal data is contrary to the GDPR.

Under Article 78 of the GDPR, you have a right to an effective judicial remedy where the Data

Protection Commission does not handle your complaint, or does not inform you within three months

on the progress or outcome of your complaint.

Under Article 80, you may authorise certain third parties to make a complaint on your behalf.

Complaints to the Data Protection Commission should be made in writing and submitted through an online form: https://forms.dataprotection.ie/contact or in writing to:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

The Data Protection Commissioner also operates a helpdesk function, which is contactable at

+353 761 104 800 or +353 578 684 800.

This privacy policy is effective from 25th May 2018 (updated 7th May 2019).