(Updated August 2022)
This statement describes how Extern manages and processes your personal information in accordance with the law and your rights. It does not cover every situation so please read notices on forms, web pages or other points where you give us information about yourself. These will describe specifically how we use your information, the reasons and legal basis for holding it as well as your rights. We may update this statement from time to time so please check our website for the most recent version. The term “Extern” is used to cover, Extern Group, Extern NI, and Extern Ireland.
Who we are Extern is the leading Social Justice Charity across the island of Ireland. We provide a wide range of services to families and individuals in need of support. We work with people dealing with issues including homelessness, addiction, social exclusion, offending and family problems.
Information we may hold about you and why This could include:
· To support you when you use any of our services
· Information you give us when you fill in forms, subscribe to our services, (such as publications, sponsorship, or to attend events) and email newsletters
· When you apply for a job or to volunteer with us, including to process applications and to monitor recruitment statistics. If you come to work for us, we will retain it to administer your employment including your pension
· Information relevant to being an Extern employee, Board member, volunteer, or student
· To manage feedback and complaints
· Information we hold about you to support our fundraising operations
Who do we share your personal information with?
We may share your personal information:
· With our contractors who carry out work on our behalf
· Where we are under a legal obligation to disclose or share your information (for example, with the PSNI/Garda where the information is relevant to the prevention or detection of a crime)
· In some circumstances we may disclose information of potentially criminal behaviour under the Regulation of Investigatory Powers Act
· Providing your personal data to others
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We may disclose your personal data to our insurers and/or professional advisers insofar as is reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose your contact information to our suppliers or subcontractors insofar as is reasonably necessary, for example, when arranging for you to speak to media, with your consent.
Financial transactions relating to our website and services are handled by our payment services providers, STRIPE. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your donations and payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/gb/privacy.
In addition to the specific disclosures of personal data set out in Section 4 of the GDPR Regulation, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
· Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
1. Your data will be made available to our website provider
2. The data that may be available to them include any of the data we collect as described in this policy.
3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
4. They will store your data for a maximum of 7 years.
Transferring information abroad Your personal information may be transferred to and stored and processed outside the European Economic Area (“EEA”). If this is the case, we will ensure that equivalent standards of information security are maintained.
How long do we keep your information? As long as necessary for the purpose/s it was collected for. This will vary depending on the type of information, legal requirements or other justifications permitted by Data Protection law. We have a Retention & Disposal Guidance document which sets out retention periods. If you opt-out from fundraising communications, we keep your information only to ensure we don’t inadvertently contact you.
Does the law allow this? Data Protection law including the General Data Protection Regulation, Regulation (EU) 2016/679 sets out the principles we must adhere to and other conditions which must be satisfied. Forms, webpages, or other places where you submit information will describe how the particular use complies with the law. If you have any queries, please contact the Data Protection Officer.
Your Rights You have the right to:
- Ask us not to process your personal information for fundraising or our marketing of Extern. If you wish to do this, please contact the Data Protection Officer.
- See copies of information held about you. Please send your request in writing to the Data Protection Officer as this is our preferred method, but you can verbally request this information. Verification checks will be completed for this process. We will respond as soon as possible and not longer than one month from receipt
- Ask us to amend, update or delete your information in some circumstances or withdraw consent to our processing of your information for particular purposes by contacting the Data Protection Officer.
If you are unhappy with the way, we are managing your personal information please contact our Data Protection Officer. If you are still unhappy you can register complaint to the Information Commissioner’s Office (NI) or the Data Protection Commissioner (ROI).
Who to contact For queries about this privacy statement or any other data protection issues, please contact the Data Protection Officer, [email protected] m+44 (0)7762040894 or by post at Extern, Hydepark House, 3 McKinney Road, Newtownabbey, BT36 6PE.
Other contacts The Information Commissioner’s Office – Northern Ireland 3rd Floor 14 Cromac Place, Belfast BT7 2JB
The Information Commissioner’s Office (Northern Ireland) is Extern’s nominated commissioning authority however if you are in the Republic of Ireland, you may contact the Data Protection Commissioner (ROI),
Data Protection Commissioner Canal House Station Road Portarlington R32 AP23 Co. Laois