Data Protection Policy
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data in both paper and electronic form. The Data Protection Acts 1988 ad 2003 lay down strict rules about the way in which personal data and sensitive data are collected, assessed, used and disclosed. The Data Protections Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.
This document outlines CTL’s policy to help ensure that we comply with the Data Protection Acts
Purpose of this policy
This policy is a statement of Data Ireland’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts
Collecting Information
CTL collects and processes data relating to its employees, participants, host families and host projects. Personal data may include, title, name, address, email address, telephone number and banking details. Personal data is collected for the purpose of facilitating educational and immersion programmes in Ireland such as volunteering, internships, secondary school and customised group programmes. Medical data is collected from participants for the purpose of ensuring a safe and appropriate placement which safeguards their wellbeing.
Data Protection Principles
We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection Principles
-
Obtain and process information fairly
We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations
-
Keep it only for one or more specified, explicit and lawful purposes
We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes.
-
Use and disclose only in ways compatible with these purposes
We shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.
-
Keep it safe and secure
We shall take appropriate security measure against unauthorised access to, or alternation, disclosure or destruction of personal data and against its accidental or destruction
-
Keep it accurate, complete and up to date
We adopt procedures that ensure high levels of data accuracy, completeness and that data is up to date
-
Ensure it is adequate, relevant and not excessive
We shall only hold persona data to the extent that it is adequate, relevant and not excessive
-
Retain for no longer that is necessary
We have a retention policy for personal data
-
Give a copy of his /her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data
Responsibility
Overall responsibility for ensuring compliance with Data Protection Acts rests with CTL Ireland. All employees and partners of CTL who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts.