We know your personal information is important to you and Pieta is committed to protecting and respecting your privacy.
Please read Pieta's Privacy Statement effective from January 2024. This is a version-controlled policy and when printed may not be the most up to date.
Who we are
Pieta House is a not-for-profit company and a registered charity in the Republic of Ireland (CHY 16913).
Pieta offers a range of services nationally to people who are experiencing thoughts of suicide, those who engage in self-harm, and those bereaved by suicide.
As a charity, Pieta's funding comes from the generosity of the public and fundraising events that we carry out.
How to contact us
You can contact us at our main business address: First Floor, Greenhills Retail Park, Greenhills Road, Tallaght, Dublin 24, Ireland.
Our Data Protection Officer can also be contacted by email at the following address dpo@pieta.ie
How do we obtain personal data?
When you use our services, we collect data about you and your health. This information can be directly provided by you or can be provided by third parties, such as your GP, CMHTs, CAMHS and TUSLA .
When you donate, participate in any of our fundraising activities, use our services or apps, or interact online with us, we will collect data about you.
Summary:
We obtain your personal data as a client/participant? in one or more of the following ways:
You directly provide it to us when you use and access our services,
You authorise a third party to provide it to us (example: your GP, CMHTs, CAMHS and TUSLA)
We obtain your personal data as a donor or when you participate in our fundraising events or activities in one or more of the following ways:
You directly provide it to us when you use and access our services, interact with us online, register with us, communicate with us, make a donation, take part in an event, buy something from our shops, apply to work or volunteer for us, give us your personal information in any other way,
You authorise a third party to provide it to us (example: third party websites such as JustGiving or Facebook, our business partners, sub-contractors in technical, payment and delivery services, event organisers, sponsors, advertising networks
We automatically record it from your device, depending on the enabled features (example: data collected on a smartphone
Why we use personal data?
We process (use) personal data to help us provide services, conduct fundraising and to run events.
We process data about people for the following purposes:
Counselling, Support and Treatment Services
Donations and Fundraising
Organising and running events
Research
Communications and Marketing
General office administration and accounting
HR administration, including payroll and recruitment
Management of sub-contractors
What data do we use?
We use a variety of categories of personal data depending on our purposes. In all cases, we aim to capture and process the minimum necessary to deliver our services and meet our obligations.
We process the following categories of personal data for the purposes set out. We provide general information on the lawful grounds we rely on for processing in each context. The specific basis relied on will depend on the context of processing.
| Processing Purpose | Category of Information Processed | Lawful Basis for Processing |
|---|---|---|
| Counselling, Support and Treatment Services | • Contact Names • Age • Gender • Telephone numbers (landline and mobile) • Email address • Postal address • Clinical notes/risk assessments • Medical history • Next of kin/list of emergency contacts • Referrals • School/GP reports • Reports from CMHTs, CAMHS, TUSLA • Details of calls/contacts with service • Appointment attendance • Complaints / Incidents | Legitimate Interest Consent Explicit Consent |
| Donations and Fundraising | • Name • Address & Telephone numbers • Email addresses • Contact Preferences • Contact history • Survey responses • Motivation • Social Media identifiers • Transactional details (donation, fees, products, event details, payments details, etc) | Legitimate Interests Contractual Necessity |
| Communications and Marketing | • Name • Address • Telephone numbers • Email addresses • Contact Preferences • Contact history • Survey responses • Motivation • Social Media identifiers | Legitimate Interest Consent |
| Organising and running events | • Contact names • Contact details (e.g. address, email address and telephone number) • Tax identifiers • Timesheets • Data associated with accounts receivable or accounts payable | Legitimate Interests, Contractual Necessity |
| General Office Administration and Accounting | • Contact names • Contact details (e.g. address, email address and telephone number) • Tax identifiers • Timesheets • Data associated with accounts receivable or accounts payable. | Legitimate Interests, Contractual Necessity, Statutory Obligations |
| HR Administration and Management of Sub Contractors | • Contact names • Contact details (address, email and phone number) • Attendance records/time sheets • Training records • Sick certs and data relating to occupational health • CVs | Contractual Necessity Legitimate Interest |
| Health and Safety | • IP Addresses (in server log files) | Legitimate Interests |
Data Processors
We use several different categories of data processors to help us deliver our services.
The categories of suppliers used include:
Telephones & Comms
Office productivity
HR Management
Accounting
Payment Processing
| Type of Processors | Purpose for Processing | Cross-border transfer? |
|---|---|---|
| Software | Office administration, email, video conferencing, document storage, client records and donor records | EU, US, UK |
| Printers | To print materials | EU, UK |
| Couriers and postal services | Support the delivery of materials and printed materials. | EU |
| Fulfilment houses | Material/merchandise requests. | EU |
| Call centres | Client helpdesk and support and Donor support. | EU, UK |
| IT-support | IT Systems Support | EU, UK |
| Payment processors | Process payments (donations/fees) on behalf of Pieta. | US |
| Fundraising platforms | Payments, donations, event registrations | EU, UK |
Third-Party Recipients
In the course of our business, we are required to disclose data to third parties who are not data processors on our behalf.
For many of our processing activities, we are required to disclose data to third parties who are not data processors acting on our behalf or data controllers on whose behalf we are working. Categories of recipients include:
Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
Tax authorities as and when required
How Long Do We Keep Your Data?
Pieta retains personal data about individuals for a range of periods. The basis for our retention periods is based on:
Statutory obligations
Contractual obligations
Quality assurance standard obligations provided by our training partners or accrediting bodies.
For reasonable periods after the conclusion of engagements for QA and risk management purposes.
On a case-by-case basis, records may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to the organisation. Where records are subject to this kind of “hold” process, the ongoing retention will be reviewed on an annual basis.
Cross-border Data Transfers
Some of our service providers or partners are based outside the EU/EEA. We make sure to only use providers who are processing data outside the EU on a valid basis. Pieta will, from time to time, make use of services provided by Third parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as http://teamwork.com/Office365, and similar tools. Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of
Model Contract Clauses
An Adequacy Decision from the European Commission
Appropriate additional technical safeguards, including but not limited to the use of encryption, including own-key encryption.
In exceptional circumstances, we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into. On a case-by-case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.
Keeping your data safe and secure
We place great importance on the security of all personal data associated with our clients. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
Periodic reviews of our security standards are carried out to identify any new risks.
However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet.
In the event of a breach of data security, Pieta will:
Where we are acting as a Data Controller, notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our services.
Where we are acting as a Data Controller, and we identify a high risk to your rights and freedoms, notify you of the incident without undue delay.
Automated decision-making and profiling
Pieta uses profiling to gain a better understanding of our supporters and donors to improve our fundraising methods, products and services. We may use profiling and screening techniques to ensure communications are relevant, timely, and to provide an improved experience for our supporters.
Pieta does not carry out automated decision-making or profiling with clinical data.
Your Rights under GDPR
You have a range of rights under EU Data Protection law. These rights are:
For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be overridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular reason may prevent us from executing a contract or delivering a service to you.
You have the right to request:
A copy of data we hold about you. (Right of Access)
That any error in data we hold about you is corrected. (Right of Rectification)
That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it. (Right of Erasure)
That we refrain from processing data for a specific purpose. (Right to Restrict processing)
Right to Complain to the Data Protection Commission
You have the right to file a complaint with the Supervisory Authority, the Data Protection Commission which can be contacted at https://dataprotection.ie/en/contact/how-contact-us
Child-Friendly Privacy Statement
Who we are?
Pieta is a charity that offers a range of services nationally to people who are experiencing thoughts of suicide, those who engage in self-harm, and those bereaved by suicide.
As a charity, Pieta's funding comes from the generosity of the public and fundraising events that we carry out.
This Privacy Policy tells you how we use your personal data so that you know what happens with it when you give it to us. Where you require help in understanding this policy, you might want an adult to help with these because they can sometimes be confusing.
What is personal data?
Any information that we can use to identify you is personal data. This includes things such as your full name, your date of birth, medical records and gender.
How to Contact Us
We have someone who works at Pieta called our Data Protection Officer, and their job is to ensure we follow all the rules when using your personal data. This means they make sure that your data is safe. If they see something is wrong, they tell us how we can fix it.
If you have any concerns you can write to our Data Protection Officer by post at our main business address: First Floor, Greenhills Retail Park, Greenhills Road, Tallaght, Dublin 24, Ireland.
You can also write to Our Data Protection Officer by email at the following address dpo@pieta.ie
Why do we need your personal data?
The main reason we need personal data is to know who you are. We use your personal data to carry out assessments and provide you with services.
We sometimes use your personal data when you register or participate in our fundraising events.
If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.
How we collect your data
Your personal data is given to us by yourself, your parents or your GP when they sign you up for counselling or when they register you for events that we run.
We also receive your data from Community Mental Health Teams, Child and Adolescent Mental Health Services and TUSLA when they share your personal data with us for us to provide you with counselling or therapy services.
Who can see your data?
Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of external companies that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include therapists we have engaged to provide additional support. For fundraising, this would include partners we engage with to run our events
How Long Do We Keep Your Data?
We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary. We take care to delete your personal data as soon as it is no longer required.
How do we look after your data?
We use security measures to protect your information against any unlawful use or unauthorised access. For example, our computer servers are secured by strong passwords and encryption and only people who need to work on your data get to see your data.
Do you have a say in what happens to your data?
Yes, you do. You have a range of rights when we use your data. These rights are:
A right to ask for a copy of your data that we have
A right to ask us to correct any errors or inaccuracies in the data that we hold relating to you
A right to object to processing and to “opt-out” of having your data processed by us based on consent, our legitimate interests or a public interest basis unless we can demonstrate genuine grounds that override your interests, rights, and freedoms.
A right to ask us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data
for compliance with a legal obligation,
for reasons of public interest in relation to public health,
for archiving purposes for historical or scientific research
or where necessary to establish or defend legal claims
A right to restrict processing in certain circumstances
If you want to know more about how you can exercise these rights, you can ask an adult to read the full Privacy Policy with you to help you understand the details.
Is there somewhere you can complain if you are worried about how we use your personal data?
Yes. There is also a government agency whose job it is to make sure organisations like us follow the rules and correct us if we do things wrong. You can also email or write to them. That agency is called the Data Protection Commission and their website can be found here: https://dataprotection.ie/en/contact/how-contact-us