This Privacy Statement provides information about the ways in which the Irish Tourist Assistance Service (ITAS) collects, stores and uses personal data relating to individuals. This Privacy Statement relates to personal data received by ITAS where individuals contact or request information from ITAS and also personal data received by ITAS from individuals as set out below.
Irish Tourist Assistance Service
ITAS is a charity registered in Ireland with the Charities Regulatory Authority.
Irish Tourist Assistance Service
6-7 Hanover Street East
The GDPR came into force on 25 May 2018 and significantly changed data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations. The GDPR is designed to give individuals more control over their personal data.
The key principles relating to the processing of personal data under the GDPR are lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability.
Processing of Personal Data by ITAS
Personal Data ITAS may Process
- Personal Data
This includes, personal data received by ITAS where data subjects contact, or request information from ITAS directly and personal data received by the ITAS indirectly.
The personal data that we process may include (i) basic personal information, such as a data subject’s name/surname; date of birth; (ii) contact information, such as a data subject’s postal address, email address and phone number(s); and (iii) any other personal data that is provided to ITAS during the course of providing support and assistance to the data subject.
- Special Category Data
ITAS may also processes special category data. This includes special category data received by ITAS where data subjects contact, or request information from, ITAS directly, or received by the ITAS indirectly, i.e. referral. Such special category data may include but is not limited to personal data relating to racial or ethnic origin; religious or philosophical beliefs; biometric data for the purpose of uniquely identifying a natural person; data concerning health; and data concerning a natural person’s sexual orientation.
Where do we get your data from?
We get data about you from you when:
Individuals personal data may come in contact with ITAS via a number of different means. A data subject may be subject to a consensual referral by another body such as An Garda Síochána, an Embassy, or a member of the tourist industry. In such an instance with the consent of the data subject certain documentation may be forwarded on to ITAS for the purposes of ITAS providing assistance to that data subject. Alternatively, a person may make contact directly with ITAS via email, telephone or simply by calling into our offices.
- Phone Calls
ITAS does not audio record or retain audio recordings of phone conversations.
Where an individual contacts ITAS by phone, caller numbers are automatically stored on the recipient phone in ITAS for a limited period of time in a list of inbound and outbound calls, but no further processing of this data is carried out by ITAS.
During the course of dealing with a query, or other matter, ITAS may record personal data received by it during the course of phone calls in the form of notes made on the relevant case file.
Emails sent to ITAS are forwarded to the relevant person or dealt with by staff on duty and are stored for the purposes of the matter/case to which the email relates. The sender’s email address will remain visible to staff tasked with dealing with the query. When the query is dealt with the emails are deleted.
All post received by ITAS is forwarded to the relevant person and stored for the purpose of the matter to which the post item relates.
- Social Media
ITAS may also receive personal data through its social media interactions on Twitter and Facebook. ITAS operates social media accounts on these platforms to promote awareness of its Service. Personal data contained in the messages posted on these accounts are not stored other than on the relevant social medial platform, and no further processing of such personal data is carried out by ITAS
Processing your Personal Data
The legal basis for the processing of personal data by ITAS will depend on the purpose for which the processing is being carried out.
It may include:
(i) where the data subject has given consent to the processing of his or her personal data for one or more specific purposes. This is generally the basis for which ITAS carries out its work assisting tourist victims of crime and other traumatic events.
(ii) where the processing is necessary for the performance of a contract to which the data subject is a party.
(iii) where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Lawful Basis for Communications
We may process your personal information for carefully considered and specific purposes which are in our interests and enable us to enhance the services we provide, but which we believe also benefit our clients and prospective clients. The primary purpose is as follows:
Where the processing enables us to enhance, personalise or improve our services/communications for the benefit of our clients and prospective clients.
We use legitimate interest in the following circumstances:
- Existing client communications
- Referrals from third parties (where the Data Subject is expecting communications from us)
- Inbound phone, email or Contact Us/Enquiry pages from our website, social media or other such channels
- Business communications to raise awareness and enhance our Service
For referrals and inbound enquiries, we only communicate in relation to the specific enquiry.
Whenever we process data for these purposes, we will ensure that we take account of your personal data rights.
In order to store personal data and to contact data subjects as part of communication activities (other than those listed under legitimate interest), we will only do so on the basis that consent has been received.
Disclosure to Third Parties
Personal data collected by ITAS is held confidentially and is not shared with any third parties, with the following exceptions:
- Where the sharing of the personal data is necessary for the performance by ITAS in carrying out its service. This may arise, for example, in the context of organising the issuing of an emergency travel document for a tourist whose passport has been stolen. ITAS, with the tourist’s consent, will disclose personal information to an embassy when carrying out this function.
- In the case of service providers or suppliers to ITAS. ITAS uses certain companies to provide certain services. ITAS requires such companies to abide by certain terms to protect any personal data which is processed by the service provider/supplier during the course of providing the service.
- We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a law, court order, or legal process.
Security of your Personal Data
ITAS is committed to ensuring that your information is secure and we do our utmost to protect user privacy through the appropriate use of security technology. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. When you donate on our website, personal information such as your credit card number, is transmitted to another website. It is protected through the use of encryption such as Secure Sockets Layer (SSL).
Storage of your Personal Data
Data is kept by ITAS on our internal CRM system which is cloud based and stored within the EEA. Further files which are not related to international visitors are held on our internal computer system and a back up of these files are held within the EEA also. With respect to physical files, all are kept within the offices of ITAS and are kept under lock and key.
Retention of Personal Information
The retention periods for personal data held by ITAS are based on the requirements of the data protection legislation and on the purpose for which the personal data is collected and processed. For example, in the case of assisting international visitors, ITAS keeps a file in relation to the client for a period of 6 months post-provision of service, and once this period is up all personal data is anonymised. The retention periods applied by ITAS to personal data which it processes may also be based on legal and regulatory requirements of the Service to retain information for a specified period.
If you have any concerns in relation to the manner in which we process your personal data, you can contact us on firstname.lastname@example.org
Changes to our Privacy Statement
This Privacy Statement is kept under review and is therefore subject to change.