top of page

PsyCare Ireland Privacy Statement

​

0. Preamble and Definitions

Privacy is a fundamental human right which PsyCare Ireland deeply respects and advocates for. This Privacy Policy tells you what your privacy rights are, how we respect them, and how we process any of your personal information.
If you give us personal information about someone else, make sure you have their permission and please make them aware of this Policy as it also applies to them.
 

Definitions

GDPR

meaning the EU (2016) General Data Protection Regulation.

Responsible Person(s)

referring to the DPO and any involved Trustees (respectively, Chris Connors and Michael Ledden)

Register of Systems

meaning a register of all systems or contexts in which personal data is processed by the organisation.

 

Version

2.0

Updated on

09/09/24

Reviewed by

Chris Connors

 

1. About this Policy

This Privacy Policy describes how we process personal data at PsyCare Ireland, herein referred to as the ‘Policy’.

 

It applies to Service Users, Volunteers, and any other parties who use or interact with: 

  • PsyCare Ireland

    • a PsyCare Ireland Service.

    • your contribution to a PsyCare Service

    • the processes required to prepare, provide and maintain both our Welfare and Harm Reduction operations, and our wider PsyCare Ireland community.

 

From now on, we’ll collectively call these ‘PsyCare’ or the ‘Service’.

From time to time, we may develop, host or offer additional, new services. They’ll also be subject to this Policy, unless stated otherwise when we introduce them. 

 

This Policy is not... 

  • The PsyCare Safeguarding Policy, which is a separate document that outlines our policies regarding our efforts to protect vulnerable individuals who avail of the service.

  • The PsyCare Welfare Service Privacy & Data Processing Notice, which is a condensed version of this document that we display in the Welfare Tent.

 

2. Your personal data rights and controls

Privacy laws give certain rights to individuals over their personal data. 

 

The table below explains: 

  • your rights 

  • circumstances when they apply 

  • how to use them 

You will not receive discriminatory treatment for exercising any of your privacy rights. 

 

It’s your right to...

How?

Be informed

Be informed of the personal data we process about you and how we process it.

We inform you:

  • through this Policy

  • through information provided to you as you use the PsyCare Service

  • by answering your specific questions and requests when you contact info@PsyCareIreland.org or speak with a team lead.

Know/

Access

Request to know and access the personal data we process about you.

To request a copy of your personal data from PsyCare, contact info@PsyCareIreland.org or speak with a team lead and we will convey to you the relevant details (in person or by email)

Correction

Request that we amend or update your personal data where it’s inaccurate.

You can request this by contacting info@PsyCareIreland.org or speaking with a team lead.

Deletion

Request that we delete certain of your personal data.

 

Please note there are situations where PsyCare is unable to delete your data, for example when:

  • it’s still necessary to process the data for the purpose we collected it for

  • we have an overriding interest in continuing to process the data, for example where we need the data to protect our services from legal action.

  • PsyCare has a legal obligation to keep the data, or

  • PsyCare needs the data to establish, exercise or defend legal claims.

You can request this by contacting info@PsyCareIreland.org or speaking with a team lead.

Opt-out of data processing

Request to opt out of the processing of your personal data as service user.

You can request this by contacting info@PsyCareIreland.org or speaking with a team lead.

Data portability

Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.

You can request this by contacting info@PsyCareIreland.org. All personal data collected during an event is anonymised upon its conclusion.

Not be subject to automated decision making

Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

PsyCare does not carry out this type of automated decision making.

Withdrawal of consent

Withdraw your consent to us collecting or using your personal data.

 

Do this if PsyCare is processing your personal data solely based on your consent.

To withdraw your consent, you can:

• Speak to a team leader, service lead, or the DPO.

• Contact info@PsyCareIreland.org or speak with a team lead.

 

3. Personal data we collect about you

These tables set out the categories of personal data we collect from you.

Collected when you interact with the PsyCare Service:

Categories

Categories under GDPR

Description

Guest Records

Personal Data; and

 

Special Category Data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union

membership, genetic data, biometric data, data concerning health, or a person's sex life or sexual orientation)

There are some details we need if you avail of PsyCare.

 

The type of personal data we collect depends on how and why you are interacting with PsyCare, but will generally include your:

  • forename

  • gender presentation

  • age range

  • the time, date, location and method of arrival

 

In certain cases we collect special category data, specifically data concerning health, in order to keep you safe when visiting PsyCare. We only collect such data if it is disclosed to us by you, or by someone acting on your behalf while you lack the capacity to consent.

 

Special category data may be included in notes about your:

  • arrival

  • drug use

  • observations

  • conclusions

  • incident reporting and handover information

 

We may collect some of this data from your facilitator and retain it for the duration of the service. Upon conclusion of the event, personal data is anonymised into Service Records.

Service Records

N/A

Our Service Records may be used for statistical and research purposes, in order to improve and advocate for better services.

 

Additionally, there may be other reasons you use or interact with PsyCare

Additional data you may wish to give us

Categories

Categories under GDPR

Description

Inquiry/Subscription Data

Personal Data

If you inquire, email, or subscribe to updates then we use your name, email address and any message therein to respond to your request.

Payment Data

Personal Data

If you choose to donate to PsyCare Ireland this will be done through PayPal as we do not process this data. We may store your name, email address, and donation amount for our record.

Volunteer Data

Personal Data; Special Category Data (depending on what is disclosed)

If you choose to volunteer with PsyCare Ireland you will have to provide some personal details so we can contact you, screen your suitability, organise/manage the Service and ensure your safety and well-being while you volunteer with us. These data include your name, postal and email address, phone number, gender, age/birth year, and next of kin, as well as other data you deem relevant.

Cookies

N/A

It is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.

Survey and Research Data

Personal Data; or Special Category Data (depending on the survey contents)

If you respond to a survey or take part in user research, we collect and use the personal data you provide as described in the survey or research. This is done in-keeping with applicable legislation, research ethics, and best practice.

We may receive some of the data mentioned above from third parties. The below table describes the categories of those third parties. 

 

Third party sources that we receive your data from

Categories of third parties

Description

Data categories

Another service at an event

If you are assessed by another service (such as medic, security, welfare, etc.) and then referred to PsyCare, they must share your information with us. This helps us keep you safe during your time with us.

Personal Data, Special Category Data

Event management, staff, volunteers, and the public

If you are directed to our service by members of the event or the public and you have shared personal details with them, they may convey these to us and we may record them if relevant.

Personal Data, Special Category Data

Your friends and/family

If you are unable to communicate relevant details to us your friends or family may choose to do so on your behalf. This helps us keep you safe during your time with us.

Personal Data, Special Category Data

As stated in regards to Guest Records, if you avail of the Service we collect limited data about you so we know who is in the Service, how busy the Service is, and to comply with insurance and safeguarding obligations. All personal data is anonymised upon conclusion of the Service.

 

4. Our purpose for using your personal data

The table below sets out:

  • our purpose for processing your personal data 

  • categories of personal data which we use for each purpose. See more about these categories in Section 3 ‘Personal data we collect about you’ 

 

Purpose for processing your data

Categories of personal data used for the purpose

To provide the PsyCare Service.

 

For example, when we use your personal data to:

• admit you to PsyCare

• run the Service

• liaise with other services (such as medics)

• keep you safe during your interactions with the Service

  • Guest Records

  • Service Records

  • Volunteer Records

To evaluate and improve PsyCare’s Services

​

For example:

• we use service records to produce research showing the benefit of a PsyCare Service both to Guests and to Events

• we ask how our survey participants feel about or act in relation to certain topics and what they would like to see or whether we should make any changes

  • Service Records

  • Survey and Research Data

 

For preparing for a Service as well as other community functions

 

For example:

• when we use your personal data to contact you about volunteering opportunities

• when we send you community updates

  • Inquiry/Subscription Data

  • Volunteer Records

To comply with a legal obligation that we are subject to.

 

This might be:

• an obligation under the law of the country / region you are in

• Irish law, or

• EU law that applies to us

 

For example, when we ask your age/date of birth when required for volunteering

  • Guest Record

  • Volunteer Records

  • Service Records

To comply with a request from law enforcement, courts, or other competent authorities.

  • Guest Record

  • Volunteer Records

  • Service Records

To fulfil contractual obligations with third parties.

 

For example, when we provide anonymized data about our Service because we have an agreement with events to do so.

 

Anonymized data means that the data is no longer personally identifiable so it can’t be linked to an individual.

  • Service Records

To establish, exercise, or defend legal claims.

 

For example, if we are involved in litigation, we need to provide information to our lawyers in relation to that legal case.

  • Guest Record

  • Volunteer Records

  • Service Records

To conduct business planning, reporting, and forecasting.

 

For example, when we look at aggregated Service Data like the number of guests and kind of drug use at a Service to prepare for upcoming events and Services

  • Service Records

To conduct research and surveys.

 

For example, when we contact our users and volunteers to ask for your feedback.

  • Inquiry and Subscription Data

  • Service Records

  • Surveys and Research Data

5. Disclosing your personal data

This section sets out who receives personal data which is collected or generated through your use of the Service. 

 

Personal data we may disclose 

We will only disclose the following personal data with those outlined in the table below 

  • if you grant us your permission to disclose the personal data. For example, you ask us to contact a friend or family member on your behalf

  • if it is in your vital interest that we disclose such data due to a safeguarding concern

Categories of recipients

Categories of data we may share

Reason for choosing to share

Other services either internal or external to the event

• Guest Records

• Volunteer Records

 

If we need to refer you to another service (such as medics) we must share your information with them to help keep you safe.

Event management

• Guest Records

• Volunteer Records

If we need support in order to refer you to another service or provide appropriate care we may have to liaise with event management and staff.

Your friends and/family

• Guest Records

• Volunteer Records

If you expressly ask us to communicate a with your friends or family we will do so.

Information we may disclose 

 

See this table for details of who we disclose to and why. 

 

Categories of recipients

Categories of data

Reason for disclosing

Academic researchers

• Service Data

For activities such as statistical analysis and academic study (Service Data is anonymous).

Law enforcement and other authorities, or other parties to litigation

• Guest Records

• Volunteer Records

When we believe in good faith it’s necessary for us to do so, for example:

  • to comply with a legal obligation

  • to respond to a valid legal process (such as a court order, or subpoena)

  • for our own or a third party’s justifiable interest, such as those relating to:

    • litigation (a court case)

    • protecting someone’s safety

    • preventing death or imminent bodily harm

Transfer or transformation of our business

• Service Data

• Volunteer Records

If we were to transfer or transform our business (e.g. into a charity) then in this case, we may transfer your personal data to a successor or affiliate as part of that transaction or transformation.

6. Data retention

We keep your personal data only as long as necessary to provide you with the Service and for PsyCare’s legitimate and essential business purposes, such as: 

  • maintaining the performance of the Service 

  • safeguarding the well-being of guests and volunteers

  • complying with our legal obligations 

  • resolving disputes 

 

It’s your right to request that we delete certain of your personal data. (See section 2 for more information on the circumstances in which we can act on your request).

 

  • Data that expires after a specific period of time 

We have set certain retention periods so that some data expires after a specific period of time. For example; upon conclusion of an event where the Service operates all personal data relating to Guest Records is anonymised; volunteer records are held for five years the current volunteering period (defined by registering availability for events or otherwise communicating their interest), plus five years.

 

  • Data retained for extended time periods for limited purposes 

After an event concludes, we keep some data for a longer time period but for very limited purposes. For example, we may be subject to legal or contractual obligations that require this. These may include mandatory data retention laws, government orders to preserve data relevant to an investigation, or data kept for the purposes of litigation. However, we always advocate for privacy, confidentiality and the human rights of our guests and volunteers; we will not retain data longer than absolutely necessary.

 

7. Transfer to other countries

We do not transfer your personal data to other countries.

 

8. Keeping your personal data safe

We’re committed to protecting our volunteer and service users’ personal data. We put in place appropriate technical and organizational measures to help protect the security of your personal data. However, be aware that no system is ever completely secure.

 

We put various safeguards in place to guard against unauthorized access and unnecessary retention of personal data in our systems. These include data minimisation, anonymisation, encryption, access controls, retention policies, and back-ups. 

 

In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data we will assess the incident and report as appropriate to The Data Protection Commission (DPC) and/or the affected Data Subjects.

 

We keep records, reports, and a register of systems as required. We also maintain back-up and disaster recovery solutions as appropriate. This policy is implemented by the responsible person(s) and, along with the register of systems, is reviewed annually.

 

Where a purpose is relied upon as a lawful basis for processing data, evidence thereof is kept with the personal data (e.g. evidence of consent, evidence of incapacity and concern for vital interest, etc.). The option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Charity’s systems.

 

9. Children

We do not work with children at events and as such do not collect children’s data. We do not currently allow children to volunteer with PsyCare.

 

10. Statistics, Metrics and Research

We may use anonymised data from the Service to produce statistics, metrics and conduct research for the purpose of improving the Service, contributing to public health policy, and advocacy.

 

11. Changes to this Policy

We may occasionally make changes to this Policy, but the most recent version of the Policy will be posted to the PsyCare Ireland website.

 

When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances (e.g. by sending you an email). 

 

12. How to contact us

For any questions or concerns about this Policy, contact our Data Protection Officer any one of these ways: 

PsyCare Ireland CLG is the data controller of personal data processed under this Policy.

bottom of page