Effective Date: May 17, 2018

JCI Ireland GDPR & Privacy Policy

Updated 17/05/2018

Privacy Notice

JCI Ireland will be what’s known as the ‘Controller’ of the personal data you provide to us. JCI Ireland also contains local branches, for the purposes of clarity, references to JCI Ireland below include all branches of JCI Ireland as well as the National Board of Officers. We are committed to the security of your data and have appointed a Data Protection Officer in this role. They may be reached at dpo@jciireland.ie.

We collect data from the following types of people:

 

General Users

We do not collect personal information from general users. We use Google Analytics on our website to track visit information for analysis of traffic and this does not include personal information, see our cookie policy for more information. Further information on Google GDPR compliance is available to read here https://privacy.google.com/businesses/compliance/

 

JCI Members

To become a JCI Member you must provide your email address to use as a unique login to your account. Through this account, you may choose to opt in to receive email notifications on your membership. Your email address is never shared nor used for marketing purposes. Our database is encrypted to prevent access to your email address. All personal data on members who choose not to renew their JCI Ireland membership is removed automatically from our database 3 months after their membership lapses.

 

Competition Entries

From time to time, JCI Ireland runs projects in which persons and businesses may be nominated for an award or competition. Only the information necessary for the competition to be awarded or judged is entered through the website. This information is stored in our encrypted database, accessed only by the project manager and deleted when no longer necessary to the project. Each project contains its own DIPA document detailing the use of personal data during the project.

 

Email Marketing

JCI Ireland conducts email marketing to inform you of upcoming events & projects and JCI Ireland past activity using the Mailchimp system. Signing up to receive emails from JCI Ireland is only available through an opt in form on the JCI Ireland website. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/. Your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.

What Is Sensitive Data?

Sensitive data is any data that can be used to identify a person and includes but is not limited to your:

  • Name
  • Phone number
  • Email address
  • Date of birth
  • Photograph
  • Video
  • Personal biography
  • Passport
  • Driver’s License or other ID card
  • IP address
  • Biometric data
  • Information on a person’s physical or mental health

Why we need your data

We need to know your basic personal data in order to provide you with ongoing organisational updates and funding information. We will not collect any personal data from you that we do not need to do this. For some competitions and projects the data we collect is required to verify your identity and may be submitted electronically via the jci.cc website to JCI Europe and JCI World, who have their own GDPR policies need data. Each project DIPA document will outline the data collected and if it will be shared with JCI Europe and / or JCI World.

How We Store Data in JCI Ireland

Website

Our member data is encrypted and stored on servers located within the UK, provided by VPS.net. Further information on the VPS.net GDPR policy may be found here https://www.vps.net/about-vps-net/legal/gdpr-policy/. No 3rd parties have access to your personal data unless the law allows them to do so. Any data submitted through the website is done on an opt-in basis, provided at the time of data submission. Users and members may opt-in to receive marketing information from JCI Ireland via email.

 

Google Drive

All JCI Ireland data, including Information gathered during JCI projects is stored on Google Drive. Google Drive is fully GDPR compliant and is part of Google’s cloud platform, which is covered by Google GDPR compliance. (https://privacy.google.com/businesses/compliance/)

Only JCI members responsible for projects and membership have access to your data and all access is protected using 2-step verification.

 

Mailchimp

If you have opted in to receive information from JCI Ireland via email, your email addresses will be stored on Mailchimp. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/.

 

Event Brite

JCI Ireland uses Event Brite to manage its events and payments. If you are attending a JCI Event, you will need to enter your personal information into Event Brite. This information is never shared and is protected by the Event Brite GDPR policy and is available here https://www.eventbrite.ie/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_IE

How long do we keep your data?

JCI Ireland does not keep your personal data longer than necessary for projects, events or your JCI membership.

All personal data on members who choose not to renew their JCI Ireland membership is removed automatically from our database three months after their membership lapses.

All personal data collected during the course of a JCI Ireland project is deleted after it is no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.

If you have opted in to receive information emails from JCI Ireland, your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.

Security & Authentication

All personal data stored in our website database is encrypted to protect against unauthorized access.

All personal data stored on Google Drive and Mailchimp is protected by secure login and 2-step verification, which greatly reduces the risk of unauthorized access by asking users for additional proof of identity when logging in.

Procedures For Data Requests

Under GDPR, you have the right to:

  • confirm that your data is being held
  • request a copy of any personal data we have retained on you
  • request that your personal information be deleted

Non-JCI Members

To confirm your data is being held or request a copy of any personal data we have on you send an email request to dpo@jciireland.ie. We will provide the information by email within 21 days.

To request that your personal data be deleted, send an email request to dpo@jciireland.ie. Your personal data will be deleted from our Google Drive and confirmed by email within 21 days.

To unsubscribe from JCI Ireland emails sent through Mailchimp, click the unsubscribe link at the bottom of the email.

Authentication

To authenticate the identity of the requester, we will check the email address against the email address we have on file. In the case that the name of the requester matches the information we have, but the email address does not match, we may ask that the request be resent from the email address we have on file.

Repeat requests

In the case that requests are unfounded or excessive, in particular in the case of repeat requests, we will charge a €6.35 administration fee for each repeat request for the same data. This is to cover the administration costs of multiple requests, as provided for in Article 15 of the EU GDPR policy https://gdpr-info.eu/art-15-gdpr/

Personal information required for projects

If your personal data is deleted at your request, but is necessary for participation in a project or competition, this may disqualify you from being involved further in the project or competition.

JCI Members

In addition to the procedures above, you may login to your members area on the JCI Ireland website to edit and delete your personal data. If you cannot remember your password, please use the Forgot Password link on the login page to set a new password.

If you choose to delete your email address from the system, you will no longer be able to access your JCI Member area on the JCI Ireland website and will also not receive any notifications regarding your membership or renewal.

Procedures For Data Breach

If a data breach occurs which poses a risk to individuals then the Data Commissioners  (https://www.dataprotection.ie/docs/Home/4.htm) will be notified within 72 hours of the organisation becoming aware of the breach. In certain circumstances the individuals themselves must also be notified.

JCI Ireland will comply with all directions from the Office of the Data Commissioner in relation to the breach. Every attempt will be made to retrieve and / or delete the data that was breached and all security logins and access controls will be updated with new passwords.

In addition an investigation will be conducted into how the breach occurred, with the goal of preventing a similar reoccurrence.

Communication Guidelines Within JCI Ireland

For non-JCI members, your personal data is never sent through any communication channels within JCI Ireland, apart from Gmail, which is part of Google’s cloud platform and covered by Google GDPR compliance (https://privacy.google.com/businesses/compliance/). It is sometimes necessary to mention your name in our communications, in order for us to confirm who we are referring to when discussing an event or project.

For JCI members, only the personal data which you have provided to JCI Ireland during sign up or through your membership area, or that which you have provided to other members as a contact method may be shared internally on communication channels.

 

Gmail

All official JCI Ireland communication takes place within Gmail, which is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.

 

Facebook

JCI Ireland uses Facebook as a communication method internally between members and also to promote our events. Facebook is GDPR compliant and further information is available here https://www.facebook.com/policy.php

 

Whatsapp

JCI Ireland uses Whatsapp as a communication method internally between members and your personal data is never shared over Whatsapp.

 

Website

The member database system on the JCI Ireland website is used to communicate with JCI members, solely to send notifications regarding their membership payments and renewals. Members may opt out of receiving these notification in their members area and also upon signup.

 

Google Drive

JCI Ireland uses Google Drive to store and share internal access to your personal information only to those members that are authorized and require access to it to carry out projects. Google Drive is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.

Photos & Videos

JCI Ireland takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of
the organization. At all events, an announcement is made to state that photos
and videos will be taken and used in this manner.

Member Information

For JCI members, as stated above your personal data is stored on the JCI Ireland website database. You have access to this data and may edit and delete it should you choose to do
so. You may also opt in or out of receiving payment confirmation nd membership
renewal notifications through your website members area

Payment Processing

All payment processing on the JCI Ireland website is carried out securely by Stripe Payments who are fully GDPR compliant https://stripe.com/ie/privacy. Payment card details are never stored by JCI Ireland.

Events

JCI Ireland takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of
the organization. At all events, an announcement is made to state that photos
and videos will be taken and used in this manner.

Upon entering the event, for Fire & Safety reasons, guests and members are asked to sign in and provide their name only on a physical sign in sheet. This sheet is then destroyed after the event. If you wish to opt in for JCI Ireland promotional and information emails, you may do so on the JCI Ireland website on the appropriate JCI Local Branch page. If the event is related to a JCI Ireland project in which personal data has been obtained, the project DIPA policy will be displayed at the event.

Projects

All JCI Ireland projects will have a DIPA document, detailing what personal data will be requested, why it is needed, what will be done with it, where it will be stored, who will have access to it and when it will be deleted. If the project involves a public event, this DIPA document will be displayed at the event.

Timelines & Dates

All personal data collected during the course of a JCI Ireland project is deleted when no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.

All personal data on members who choose not to renew their JCI Ireland membership is removed automatically from our database 3 months after their membership lapses.

In December of each year, an audit is carried out by all National Officers and Local Presidents, to ensure that the Google Drive account they are responsible from no longer holds any unnecessary personal data.

More Information

For more information and all enquiries email: dpo@jciireland.ie