Effective Date: May 04, 2023
JCI Galway will be what’s known as the ‘Controller’ of the personal data you provide to us. JCI Dublin also contains local branches, for the purposes of clarity, references to JCI Galway below include all branches of JCI Galway as well as the National Board of Officers. We are committed to the security of your data and have appointed a Data Protection Officer in this role. They may be reached at dpo@jciireland.ie.
We collect data from the following types of people:
General Users
We do not collect personal information from general users. We use Google Analytics on our website to track visit information for analysis of traffic and this does not include personal information, see our cookie policy for more information. Further information on Google GDPR compliance is available to read here https://privacy.google.com/businesses/compliance/.
JCI Members
To become a JCI Member you must provide your email address to use as a unique login to your account. Through this account, you may choose to opt in to receive email notifications on your membership. Your email address is never shared nor used for marketing purposes. Our database is encrypted to prevent access to your email address. All personal data on members who choose not to renew their JCI Galway membership is removed automatically from our database 3 months after their membership lapses.
Competition Entries
From time to time, JCI Galway runs projects in which persons and businesses may be nominated for an award or competition. Only the information necessary for the competition to be awarded or judged is entered through the website. This information is stored in our encrypted database, accessed only by the project manager and deleted when no longer necessary to the project. Each project contains its own DIPA document detailing the use of personal data during the project.
Email Marketing
JCI Galway conducts email marketing to inform you of upcoming events & projects and JCI Galway past activity using the Mailchimp system. Signing up to receive emails from JCI Galway is only available through an opt in form on the JCI Galway website. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/. Your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.
What Is Sensitive Data?
Sensitive data is any data that can be used to identify a person and includes but is not limited to your:
- Name
- Phone number
- Email address
- Date of birth
- Photograph
- Video
- Personal biography
- Passport
- Driver’s License or other ID card
- IP address
- Biometric data
- Information on a person’s physical or mental health
Why we need your data
We need to know your basic personal data in order to provide you with ongoing organisational updates and funding information. We will not collect any personal data from you that we do not need to do this. For some competitions and projects the data we collect is required to verify your identity and may be submitted electronically via the jci.cc website to JCI Europe and JCI World, who have their own GDPR policies need data. Each project DIPA document will outline the data collected and if it will be shared with JCI Europe and / or JCI World.
How We Store Data in JCI Galway
Website
Our member data is encrypted and stored on servers located within the UK, provided by VPS.net. Further information on the VPS.net GDPR policy may be found here https://www.vps.net/about-vps-net/legal/gdpr-policy/. No 3rd parties have access to your personal data unless the law allows them to do so. Any data submitted through the website is done on an opt-in basis, provided at the time of data submission. Users and members may opt-in to receive marketing information from JCI Galway via email.
Google Drive
All JCI Galway data, including Information gathered during JCI projects is stored on Google Drive. Google Drive is fully GDPR compliant and is part of Google’s cloud platform, which is covered by Google GDPR compliance. (https://privacy.google.com/businesses/compliance/)
Only JCI members responsible for projects and membership have access to your data and all access is protected using 2-step verification.
Mailchimp
If you have opted in to receive information from JCI Galway via email, your email addresses will be stored on Mailchimp. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/.
Event Brite
JCI Galway uses Event Brite to manage its events and payments. If you are attending a JCI Event, you will need to enter your personal information into Event Brite. This information is never shared and is protected by the Event Brite GDPR policy and is available here https://www.eventbrite.ie/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_IE
How long do we keep your data?
JCI Galway does not keep your personal data longer than necessary for projects, events or your JCI membership.
All personal data on members who choose not to renew their JCI Galway membership is removed automatically from our database three months after their membership lapses.
All personal data collected during the course of a JCI Galway project is deleted after it is no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.
If you have opted in to receive information emails from JCI Galway, your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.
Security & Authentication
All personal data stored in our website database is encrypted to protect against unauthorized access.
All personal data stored on Google Drive and Mailchimp is protected by secure login and 2-step verification, which greatly reduces the risk of unauthorized access by asking users for additional proof of identity when logging in.
Procedures For Data Requests
Under GDPR, you have the right to:
- confirm that your data is being held
- request a copy of any personal data we have retained on you
- request that your personal information be deleted
Non-JCI Members
To confirm your data is being held or request a copy of any personal data we have on you send an email request to dpo@jciireland.ie. We will provide the information by email within 21 days.
To request that your personal data be deleted, send an email request to dpo@jciireland.ie. Your personal data will be deleted from our Google Drive and confirmed by email within 21 days.
To unsubscribe from JCI Galway emails sent through Mailchimp, click the unsubscribe link at the bottom of the email.
Authentication
To authenticate the identity of the requester, we will check the email address against the email address we have on file. In the case that the name of the requester matches the information we have, but the email address does not match, we may ask that the request be resent from the email address we have on file.
Repeat requests
In the case that requests are unfounded or excessive, in particular in the case of repeat requests, we will charge a €6.35 administration fee for each repeat request for the same data. This is to cover the administration costs of multiple requests, as provided for in Article 15 of the EU GDPR policy https://gdpr-info.eu/art-15-gdpr/
Personal information required for projects
If your personal data is deleted at your request, but is necessary for participation in a project or competition, this may disqualify you from being involved further in the project or competition.
JCI Members
In addition to the procedures above, you may login to your members area on the JCI Ireland website to edit and delete your personal data. If you cannot remember your password, please use the Forgot Password link on the login page to set a new password.
If you choose to delete your email address from the system, you will no longer be able to access your JCI Member area on the JCI Ireland website and will also not receive any notifications regarding your membership or renewal.
Procedures For Data Breach
If a data breach occurs which poses a risk to individuals then the Data Commissioners (https://www.dataprotection.ie/docs/Home/4.htm) will be notified within 72 hours of the organisation becoming aware of the breach. In certain circumstances the individuals themselves must also be notified.
JCI Dublin will comply with all directions from the Office of the Data Commissioner in relation to the breach. Every attempt will be made to retrieve and / or delete the data that was breached and all security logins and access controls will be updated with new passwords.
In addition an investigation will be conducted into how the breach occurred, with the goal of preventing a similar reoccurrence.
Communication Guidelines Within JCI Galway
For non-JCI members, your personal data is never sent through any communication channels within JCI Galway, apart from Gmail, which is part of Google’s cloud platform and covered by Google GDPR compliance (https://privacy.google.com/businesses/compliance/). It is sometimes necessary to mention your name in our communications, in order for us to confirm who we are referring to when discussing an event or project.
For JCI members, only the personal data which you have provided to JCI Ireland during sign up or through your membership area, or that which you have provided to other members as a contact method may be shared internally on communication channels.
Gmail
All official JCI Galway communication takes place within Gmail, which is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.
JCI Galway uses Facebook as a communication method internally between members and also to promote our events. Facebook is GDPR compliant and further information is available here https://www.facebook.com/policy.php
JCI Galway uses Whatsapp as a communication method internally between members and your personal data is never shared over Whatsapp.
Website
The member database system on the JCI Ireland website is used to communicate with JCI members, solely to send notifications regarding their membership payments and renewals. Members may opt out of receiving these notification in their members area and also upon signup.
Google Drive
JCI Galway uses Google Drive to store and share internal access to your personal information only to those members that are authorized and require access to it to carry out projects. Google Drive is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.
Photos & Videos
JCI Galway takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of the organization. At all events, an announcement is made to state that photos and videos will be taken and used in this manner.
Member Information
For JCI members, as stated above your personal data is stored on the JCI Ireland website database. You have access to this data and may edit and delete it should you choose to do so. You may also opt in or out of receiving payment confirmation and membership renewal notifications through your website members area
Payment Processing
All payment processing on the JCI Ireland website is carried out securely by Stripe Payments who are fully GDPR compliant https://stripe.com/ie/privacy. Payment card details are never stored by JCI Ireland.
Events
JCI Galway takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of the organization. At all events, an announcement is made to state that photos and videos will be taken and used in this manner.
Upon entering the event, for Fire & Safety reasons, guests and members are asked to sign in and provide their name only on a physical sign in sheet. This sheet is then destroyed after the event. If you wish to opt in for JCI Galway promotional and information emails, you may do so on the JCI Galway website on the appropriate JCI Local Branch page. If the event is related to a JCI Galway project in which personal data has been obtained, the project DIPA policy will be displayed at the event.
Projects
All JCI Galway projects will have a DIPA document, detailing what personal data will be requested, why it is needed, what will be done with it, where it will be stored, who will have access to it and when it will be deleted. If the project involves a public event, this DIPA document will be displayed at the event.
Timelines & Dates
All personal data collected during the course of a JCI Galway project is deleted when no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.
All personal data on members who choose not to renew their JCI Galway membership is removed automatically from our database 3 months after their membership lapses.
In December of each year, an audit is carried out by all National Officers and Local Presidents, to ensure that the Google Drive account they are responsible from no longer holds any unnecessary personal data.
More Information
For more information and all enquiries email: dpo@jciireland.ie