Skip links

Privacy Policy

  1. Policy Statement

    1. As part of the services we offer, we are required to process personal data about the people we support (clients), our employees, volunteers, supporters, and suppliers. Processing can mean collecting, recording, organising, storing, sharing or destroying data. We are committed to transparency about why we need your personal data and what we do with it – as set out in this Privacy Notice, which also explains your rights concerning your data.
    2. If you have any questions about this privacy notice or how we handle your personal data email [email protected]
  2. Who we are

    1. Galway Simon Community is a charity that provides support to those that are homeless or at risk of becoming homeless. We provide housing, advocacy, health and wellbeing support to Clients to achieve our mission
  3. How we collect information from you

    1. We obtain information about you when you contact us about or receive our services, apply or begin to work for us, make a donation, participate in or organise a fundraising event or register to receive our newsletters. We do this face to face, via phone, via email, via our website, via post, and via application forms. We also sometimes get information through Information Sharing Agreements we have with partner organisations. When you visit our premises we may obtain CCTV images of you.
  4. Why we need information for the people we support (Clients)

    1. The main reason we collect information from our clients is so that we can provide the right advice and support.We also use information about you for other reasons which include:
      • To keep track of our work
      • To manage the safety of our property (through CCTV)
      • To enter into contractual agreements with you (e.g. Licence Agreement, Tenancy)
      • To publicise our work to the general public and our supporters (with your consent)
    2. What kind of information we may need

      1. To provide you with the high-quality support you need we may need to keep certain records about you, including the following:
        • Your basic details and contact information e.g. your name, address, date of birth and next of kin.
        • Your care and support needs
        • Your financial details e.g. details of how you pay us for your rent (this is not an exhaustive list).
      2. We may also record the following data which is classified as “special category”:
        • Health and Social Care data about you, which might include both your physical and mental health data
        • We may also record data about your race, ethnic origin, sexual orientation or religion
        • Information you provide to us about criminal convictions or legal proceedings.
    3. When do we share information with others?

      1. Your information is confidential. This means we will only ever share information about you with others when it is necessary, on a need to know basis.
      2. At Galway Simon Community, we work in teams so we share information about you with others in the teams you are in contact with.
      3. We may also share information about you with external organisations to help you get referred to them or to advocate on your behalf. Normally, we will not share your information unless you give us consent. We will be specific as to what information is being shared, with whom and for what purpose so you can make an informed decision. You can withdraw your consent at any time and we will no longer share it.
      4. Where it’s necessary, we may share information about you without your consent.
        1. The most common situation where this happens are:
          • Sharing information with Local Authorities through the PASS system. The system keeps record of your housing and support needs.
        2. Other situations where we may share information without your consent are where:
          • We have concerns about your safety and wellbeing, or the safety and wellbeing of others
          • We are required to do so by the law
          • It is necessary in connection with a legal claim
        3. In some circumstances we may anonymise your personal data so that you can’t be identified, in which case we may use and share such data without further notice to you.
    4. Our lawful basis for using your information

      1. We will only use your personal information when we are satisfied that we can do so lawfully. Our lawful basis for processing personal information may sometimes overlap and there may be several grounds which we justify how we use it.
      2. The lawful basis are as follows:
        1. We have legitimate interest, for example

          • To assess your situation and to provide you with confidential advise
          • To make applications, submit forms, obtain documents etc. on your behalf
          • Keep copies of documents on your behalf (correspondence, medical records)
          • To coordinate our work with other organisations that support you
        2. It is necessary for a contract, such as a licence agreement or tenancy with Galway Simon Community.
        3. It is necessary in relation to the work we do on behalf of Local Authorities (public task), e.g. providing accommodation or outreach services.
        4. There is a substantial public interest e.g. we provide confidential advice or support to you, to safeguard adults and children at risk, or we need to share data for the purpose of preventing unlawful acts.
        5. We will ask for your consent to collect, store and share or process your information
        6. Less commonly, we may use your data to protect your vital interests, where we have a legal obligation to comply with legislation or in relation to a legal claim.
    5. How long do we hold your information?

      1. Your personal details and any support you have received from us are held securely in a case management system (PASS) and Galway Simon Community Customer Relationship Management System for 7 years from the last time we had contact with you. We also need it to monitor our work, comply with audits (internal and external), produce statistics, as well as defend legal claims.
    6. Your Data Rights

      1. Under some circumstances, by law you have a right to:
        • Request access to your personal data (also known as a data subject access request). This enables you to receive a copy of the personal information we hold about you.
        • Ask us to correct personal data that we hold about you which is incorrect, incomplete or inaccurate.
        • Ask us to erase your data from our files and systems but only if there is no good reason for us continuing to hold it. Please be mindful that we need to hold the record of our work with you for a period of time so we won’t be able to delete everything on request.
        • Object to us using your personal data for legitimate interests or for a public task. When requesting this, please provide us with as much detail as you can about your reason for the request as we will need to balance your request against organisational needs.
        • Ask us to restrict or suspend the use of your personal data e.g. if you want to stop us from deleting it.
        • Ask us to transfer your personal data to another person or organisation
    7. If you want to do any of the above please contact your key worker or email [email protected]
    8. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office the Irish supervisory authority for data protection issues. Steps on how to make a complaint can be found using the following link https://www.dataprotection.ie/en/contact/how-contact-us
  5. Why we need information for supporters

    1. The information below explains how and why Galway Simon Community uses your personal information when you donate to us or take part in an event organised by us.
    2. We only ever use your personal data if we are satisfied that it is lawful and fair to do so. When we process your personal information, it will be because:
      • You have consented to the processing for the specific purposes described in this notice
      • It is necessary in the pursuit of a legitimate interest. A legitimate interest in this context means a valid interest we have in using your personal data which is not overridden by your interests in data privacy and security.
    3. Information we collect and process

      1. Donations: The personal information we collect will include your name, address, email address and telephone number (this list is not exhaustive). If you make a donation online either once off or direct debit , your card information or bank details are not held by us, it is collected by our third party payment processor, Stripe, who specialise in the secure online capture and processing of credit/debit card transactions. Stripe payment details are entered directly to their systems for the purpose of completing the transaction and are never handled or stored by our website.
        1. If you make a once off donation to us by post or over the phone, we will record the personal information you provide to us in order to process your donation, to acknowledge receipt of the donation and to comply with our record keeping obligations for auditors.
      2. Legacies: If you indicate that you intend to leave a legacy to us, we will keep a record of your personal information (name, address, contact details) as well as information about any other organisation that you provide to us e.g. family member or lawyer. This is so we are able to communicate appropriately with you about your support.
            1. Fundraising Events: We organise and execute a number of fundraising events throughout the year such a Dip a Day and Sleep Out for Simon. If you sign up to take part in an event, we will ask you to provide us with personal information such as your name, address and contact details (this list is not exhaustive), to allow us to process your application. Depending on the event, we may also collect payment details from you through our website or over the phone. Sometimes, we will ask you to give us your clothes size so that we can provide you with branded T-shirts.
              1. We sometimes we partner with other Simon organisations to run events under the Simon Community Ireland (SCI) banner. Any personal data collected by SCI is shared with the relevant regional Simon Community organisation where you reside. We will only share information where you have provided us with consent or where we have a legitimate interest but we will always let you know in advance.
            2. Corporate support and corporate volunteers: We benefit from financial and in-kind support from companies and other commercial organisations. We keep a record of the name and contact details of key contacts of the organisation. If you work for one of our corporate supporters and you volunteer your time with us, we will collect some personal information from you (name, contact details) so that we can communicate with you about volunteering opportunities and make arrangements for you to volunteer with us.
            3. Marketing:We would like to keep in touch with you about the work that we do, events that we organise, and ways in which you can support us (volunteer your time, donations in kind etc.). We will only send marketing communications by email with your consent. You can opt out of email marketing by clicking the ‘unsubscribe’ link in any of emails or you can contact us by calling 091- 381828 or emailing [email protected] to opt out, change your contact details or to update you communication preferences.
              1. We may also send marketing information to you by post if we are satisfied that we have legitimate interest to do so e.g. if you have donated to one of our appeals we may contact you to let you know the impact your donation has made and ask if you wish to support us again. You can contact us by calling 091-381828 or emailing [email protected] if you no longer wish to receive marketing by post or to update your communication preferences.
              2. From time to time, we may make marketing telephone calls to you. We will only contact you in this way if we are satisfied that we have a legitimate interest to do so and we will always check that you have opted to receive telephone calls from us. You can contact us by calling 091-381828 or emailing [email protected] if you no longer wish to be contacted by telephone for marketing purposes.
            4. Client Stories: We often use Client stories to demonstrate the work of our organisation, Client experience of homelessness and its services and the impact of donations received. More often than not identifiable information will be anonymised so that it can be no longer associated with a Client, in which case we can use the information without further notice. When a Client decides they would like to share their story using their own name and picture we will ask for consent to do this.
            5. Case studies and photographs (Supporters and Clients):

              We will always ask for your consent to use your personal information such as your name, your story and/or your photograph to help us promote our organisation, our events and our activities. If you use social media to publicly share information about fundraising activities you have done for us, we may share this information on our own social media platforms (Facebook, Instagram, and LinkedIn).

    4. Sharing personal information

      1. We will never sell your personal data or share it with third parties who might use it for their own commercial purposes.
      2. We routinely (3 times a year) share your personal information with a mailing company to assist us with our postal marketing campaigns and/or appeals. We will always have a Data Sharing Agreement in place for the duration of the project ensuring the safe management and disposition of data for the duration of the project.
      3. We will only disclose your personal information to other third parties:
        • Where you have given us consent to share the information with a specific third party.
        • If we are under a legal duty to disclose or share personal information e.g. for the purposes of prevention of fraud.
        • Where we have a legitimate interest to do so, such as
          • Conducting fundraising activities that benefit Galway Simon Community
          • Receiving IT support from external contractors
    5. Data Retention

      1. We retain your personal information for 6 years from the time of the last donation. We store financial records of donations for a period of 7 years, as required by Revenue for audit purposes. Ifyou request to have your contact details removed before this date, this financial information is anonymised where possible.
    6. Your Data Rights

      1. Under certain circumstances, by law you have a right to:
        • Request access to your personal information (commonly known as a “data subject accessrequest”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
        • Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate.
        • Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
        • Object to us using your personal information to further our legitimate interests (or those of a third party), e.g. for direct marketing purposes.
        • Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
        • Ask us to transfer your personal information to another person or organisation.
    7. If you want to access, correct or request restriction or erasure of your personal information, or to object to us using your personal data, or request that we transfer a copy of your personal information to another party, please contact [email protected] in writing.
    8. If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact [email protected] .Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
    9. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office the Irish supervisory authority for data protection issues. Steps on how to make a complaint can be found using the following link https://www.dataprotection.ie/en/contact/how-contact-us
  6. Why we need information for employees and volunteers

    1. Recruitment of Employees:

      The information below explains how and why Galway Simon Community uses your personal information during the recruitment process.

    2. Types of Information

      1. When we use the term personal information we mean any personal data you give us from which you can be identified. This might include your name, your home address, your personal email contact details, or your telephone number. Personal information does not include information where your identity has been removed (i.e. anonymous data).
      2. We use the term special categories of personal information to mean information about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexual orientation.
      3. We only ever use your personal data if we are satisfied that it is lawful and fair to do so. When we process your personal information, it will be because:
        • The processing is necessary to enter into, or perform, a contract with you;
        • In order to comply with a legal obligation; or
        • The processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in using your personal data which is not overridden by your interests in data privacy and security.
      4. We will only collect and use any special categories of personal information (information about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexual orientation) where we have your explicit consent.
    3. Information we collect about you: The organisation collects a range of information about you. This may include:

      1. Names, addresses, telephone numbers, email addresses, Next of Kin, PPSN (this list is not exhaustive) What we use it for: To contact you regarding a job application that you have made to us
      2. References (Personal Data) What we use it for: To assess your suitability for employment purposes
      3. Current salary details (Personal Data) What we use it for: To help us assess your suitability for a paid employment role
      4. Your right to work in Ireland (Personal Data) What we use it for: To ensure that you are legally entitled to work in the Ireland
      5. Criminal Records Check (Personal Data) What we use it for: the organisation is obliged to seek information about criminal convictions and offences. Where the organisation seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment. This check will only be completed if the role is a regulated activity within the meaning of the National Vetting Bureau (Children and Vulnerable Persons) Act 2012 to 2016, and will not be completed without your explicit consent.
      6. Equal opportunities information (Special Category Data) What we use it for: This is for equal opportunities monitoring purposes to ensure meaningful equal opportunity monitoring and reporting where it may be needed in the public interest.
      7. Information on special requirements, health or medical conditions. (Sensitive Data) What we use it for: To allow us to make any reasonable adjustments to allow you to effectively carry out the duties of your role, and to ensure we are meeting any health and safety obligations. This is not mandatory and will not affect any offer of employment.
      8. We collect the majority of this information directly from you during the application and recruitment process. We also sometimes collect additional information from third parties including former employers and other background check agencies including Garda Vetting Bureau.
      9. We only ever use your personal information if we are satisfied that it is lawful and fair to do so. We will never sell your personal information or share it with third parties who might use it for their own commercial purposes.
      10. We will only disclose your personal information to third parties:
        • Where you have given us consent to share the information with the specific third party;
        • When we transfer personal information to our occupational health provider.
    4. Data Storage

      1. Data will be stored in a range of different places, including on your application record, manual files and on other IT systems (including email). If your application is unsuccessful, the Galway Simon Community will keep your personal data on file for a period of 1 year, and then this will be securely destroyed. You are free to withdraw your consent to this data being held at any time. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
      2. We only keep your personal information in a secure environment. Personal Data will only be used as set out in this Privacy Notice.
        • We hold data electronically in our secure document management system and on our on-site file servers, which are protected by both hardware and software firewalls.
        • We have on-site back-up servers in secure locations.
        • We encrypt all data stored on our servers with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered.
        • We regularly back up and encrypt all of the data we hold.
        • We store papers in lockable cabinets in our offices when not being actively used and we have a secure off-site document storage facility for archived papers.
        • We ensure that our employees, agents and contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations.
        • We limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know.
      3. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are contained in our retention policy. If you wish to receive a copy of our retention policy please email [email protected]
      4. These retention periods may be extended or reduced if required by applicable law or we deem it necessary, for example, to defend legal proceedings or if there is an on-going investigation relating to the information. We review the personal data (and the categories of personal data) we hold on a regular basis to ensure the data we are holding is still required and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take steps to correct or delete the data.
    5. Your Data Rights

      1. Under certain circumstances, by law you have the right to:
        • Request access to your personal information (commonly known as a “data subject accessrequest”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
        • Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate;
        • Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it;
        • Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes;
        • Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it;
        • Ask us to transfer your personal information to another person or organisation.
    6. If you have any questions about this privacy policy or how we handle your personal information, please email [email protected]
    7. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office the Irish supervisory authority for data protection issues. Steps on how to make a complaint can be found using the following link https://www.dataprotection.ie/en/contact/how-contact-us
  7. Closed Circuit Television (CCTV)

    1. Galway Simon Community uses CCTV to provide a safe and secure environment for people who use services, employees and visitors, in order to prevent the loss or damage to property and assets, and for the prevention, investigation and reduction of crime, which may include the provision ofevidential data to the Gardaí. All employees are aware of our CCTV policy and procedure. All users of the building are aware of CCTV usage through signage at building entrances.
    2. How we use this information?

      1. We process these images, which are considered personal data, to assist with security, law enforcement, risk prevention and reduction and safeguarding. The legal basis for this processing is for the legitimate interest of Galway Simon Community to perform its obligations to its clients and the public.
    3. Who has access to your information?

      1. The data is held on secure computer equipment within the Head Office or in locked cabinets at other properties where access is carefully controlled.
    4. Sharing and Disclosing your Personal Information

      1. Galway Simon Community may disclose certain personal data to external bodies. At all times, the amount of information disclosed and the manner in which it is disclosed will be in accordance with the provisions of the GDPR. If your personal data is shared with an external body it will be done so in a manner that is secure and we will only share what is necessary. Such external bodies may include the Gardaí.
    5. How long do we keep your information?

      1. Galway Simon Community will keep your personal data only as long as it remains relevant, accurate and is absolutely necessary to conclude the purpose(s) for which it was collected in accordance with Galway Simon Community Data Protection and Retention of Records policy. Notwithstanding the above, we will retain personal data:
        • To the extent that we are required to do so by law
        • If we believe that the data may be relevant to any ongoing or prospective legal proceedings; and
        • In order to establish, exercise or defend our legal rights

        7.5.1.2 Data will be destroyed via secure means when no longer required.

    6. Your Data Rights

      1. Galway Simon Community observes individual’s rights to access, rectification or erasure of their data within Data Protection and GDPR legislation. If you wish to request a copy of the personal data we hold about you, rectify any of the data held about you or request full or partial erasure please email [email protected]
      2. Any such request will be considered within the legitimate interest of the Galway Simon Community and the individual, taking into account organisations need, safeguarding and best interest considerations.
    7. If you have any questions about this privacy policy or how we handle your personal information, please email [email protected]
    8. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office the Irish supervisory authority for data protection issues. Steps on how to make a complaint can be found using the following link https://www.dataprotection.ie/en/contact/how-contact-us
  8. Social Media

    1. We use social media platforms, such as Facebook, Instagram and Twitter, to stay in touch with people interested in our work and give updates about our activities. We also use it as a cost- effective way to raise funds and promote our events. We use the available tools provided by these platforms, such as Custom Audiences and Lookalike Audiences, to better target our adverts. These are based on:
      1. This information is then used to identify others who may be interested in supporting the work we do, as well as to exclude you from seeing our ads. It also enables us to see how effective our adverts are and if they provide value for money. You can find more information here:
      2. Our legal basis for us using your information in this way is our legitimate interest to raise funds for our work in the most cost- effective way. Where we use information the social media provider already has about you, we are acting as joint controllers. Please bear in mind that we do not have a direct access to the personal data used for the purposes outlined above and don’t hold any copies.
    2. Your Data Rights

      1. You can opt out of receiving adverts from us as well as from your information held by the social media platform being used by advertisers, by using the ads settings provided by the platform provider. You can also exercise your other data rights, such as access, deletion, correction and portability on those platforms, as explained in their respective privacy notices. We set the Facebook Pixel only if you give us consent via the cookie banners on our websites. If you do not wish to be tracked in that way, please change your settings via the banner on the website you visited.
    3. If you have any concerns about how we use your data, or have any questions, please email [email protected]
    4. You have the right to make a complaint at any time to the Data Protection Commissioner’s Office the Irish supervisory authority for data protection issues. Steps on how to make a complaint can be found using the following link https://www.dataprotection.ie/en/contact/how-contact-us
Last Updated: March 2023