The Open Community: The National Support Organisation for Ireland’s Community Sponsorship Programme for Refugees
Privacy Policy
What is the purpose of this Privacy Policy?
This Privacy Policy explains how The Open Community, and any third parties we work with, collect and use the personal information you provide to us.
We take care to ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This privacy notice explains:
- Who we are
- The Community Sponsorship Ireland Programme
- Who is responsible for complying with the obligations in this policy?
- Type of data we may collect
- Purpose and lawful basis for processing
- How we will contact you
- Who might we share your data with?
- How long data is kept
- What security measures should be in place to protect data and, in particular, sensitive data?
- What is a data breach and what is the appropriate response in the event of a data breach?
- What rights do individuals have in relation to their data?
- Who is responsible for maintaining this policy?
The Open Community has designated a primary point of contact in relation to its obligations under this Privacy Policy and to allow for communications for any data breaches. Any questions about this Privacy Policy or about how The Open Community manages data or any complaints can be made via email: info@theopencommunity.ie, telephone: 01 863 8300, or in writing: The Open Community, Sean MacBride House, 48 Fleet Street, Dublin, D02 T883.
Who We Are
The Open Community, Company Limited by Guarantee ( CLG), provides national-level support for Ireland’s Community Sponsorship Programme for Refugees. Within the context of this privacy policy, ‘we’, ‘our’ “The Open Community”, or ‘the organisation” are the collective names for the Limited Company.
The Open Community works in partnership with the Irish Refugee Protection Programme (IRPP) of the Department of Children, Equality, Disability, Integration and Youth (DCEDIY), and with UNHCR, Doras, the Irish Red Cross, the Irish Refugee Council, Nasc, and Amnesty International Ireland to empower people across Ireland to welcome refugees into local communities.
Community Sponsorship Ireland Programme
We work with the following “Actors” who are involved in the implementation of the Programme and in supporting resettlement of refugees in communities:
- The Irish Refugee Protection Programme or IRPP – under the authority of the Minister for Children, Equality, Disability, Integration and Youth.
- Regional support organisations or RSOs – include Nasc, the Migrant and Refugee Rights Centre, the Irish Red Cross, the Irish Refugee Council, and Doras.
- Community sponsorship groups or CSGs – small, community-led volunteer groups.
Each Actor is an independent and separate data controller with respect to any personal data it processes in connection with the Programme and refugee support work. Each data controller is independently responsible for ensuring compliance with their own policies. Each Actor may have separate policies which govern the processing activities of the relevant Actor with respect to other activities the Actor conducts, which are outside the scope of this Policy.
Who is responsible for complying with the obligations in this policy?
As an organisation holding information about individuals on computer or in structured manual files, The Open Community is a ‘data controller’ under the data protection legislation. The Open Community is responsible for processing personal data, compliance with this Privacy Policy, and for compliance with applicable data protection laws.
Type of data we may collect
We collect information from members of the public if you have subscribed on our website to receive information on community sponsorship by email, post, text or phone call, or contacted us via our contact form.
We also may collect information from you if you: joined a Peer Support Group for sponsorship or our Cairde Network; engaged in one of our support services (such as our legal panel or insurance policy support); or attended an event we have run.
The information we gather may include:
Personal information
We may collect your name, mailing address, email address, telephone number, date of birth, age, and gender where appropriate.
Your preferences
We keep a record of what you’ve told us about how you like to be contacted (e.g. emails only) and what you’d like to receive (e.g. information about community sponsorship.)
Your interests
Sometimes we collect information about your interests, such as your involvement in events you have attended, so we can contact you about information that is relevant to you.
Your affiliations
We may also collect and record any other relevant information you share with us about yourself, such as affiliations with community sponsorship groups, other community groups, or your organisation.
Record of your interaction with us and our support services, where consent has been provided for this.
We collect and process information about your interactions with us, including:
- Details about our contact with you through email, text message, post, on the phone or in person
- Details about events that you register for, or attend
Sensitive personal data
This means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data and biometric data processed for the purpose of uniquely identifying a person; data concerning health; data concerning an individual’s sex life or sexual orientation; and data concerning criminal offences or convictions.
Generally, we do not collect or keep a record of sensitive information from members of the public who engage with us. If we do need to gather this information (for example, accessibility information to support participation at an event, training course or a legal panel consultation session) we only do so with explicit consent. We have measures in place to protect sensitive information and its confidentiality.
Cookies
Our websites use cookies. We have introduced Google Analytics to our pages in order to assist us in redeveloping our sites. Google Analytics allows us to measure and learn in aggregate how our website is being used, and to see for example, which are the most popular pages. This will help us ensure we provide relevant information in an easily accessible format. We also use a number of session cookies and a persistent cookie to record your acknowledgement of our cookie usage.
Opting out and managing cookies
Within your browser settings you can choose whether your wish to accept cookies or not. Different browsers make different controls available to you and so we provide links below to popular manufacturers’ instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or reject all cookies at all times, or those from providers that website owners use (“third party cookies”), or those from specific websites.
Google Chrome : https://support.google.com/
Internet Explorer : https://support.microsoft.com/
Firefox : https://support.mozilla.org/
Safari : https://support.apple.com/
Opera : https://www.opera.com/
Should you be using another internet browser, please check the instructions in your browser help function on how to manage cookies.
Our full cookie statement is available in the footer our website and also here.
Purpose and lawful basis
To comply with Irish data protection rules, The Open Community must have a legal justification for collecting and using your personal information.
The legal basis that we rely on will depend upon the circumstances in which we collect and use your personal information. In almost all cases, our processing of your personal information will fall into one of the following categories:
| Purpose of Processing | Categories of Data Subjects | Categories of Personal Data | Lawful Basis |
|---|---|---|---|
| Communications in response to queries | Individuals who have contacted The Open Community via staff email accounts |
|
Legitimate Interest to operate the Programme |
| Responses to queries on supports we provide and on our work | Info account email contacts |
|
Legitimate Interest to operate the Programme |
| Conducting surveys to improve the supports of the programme | Individuals who have attended an event or completed a training course |
|
|
| Email marketing to provide updates on community sponsorship opportunities, campaigns, fundraising and areas of work, where consent has been provided. | Subscribers to our mailing list |
|
|
| Online registration lists required for reporting purposes and send updates about the event | Online Event attendees |
|
|
| Peer Support Network - to facilitate Peer Support Meetings and support to network | CSG members |
|
Legitimate interest to operate the Programme |
| Management of the legal panel to provide legal support to refugees and Community Sponsorship Groups | Members of the legal panel |
|
Legitimate interest to operate the Programme |
| Support and updates to Cairde Allies Network | Cairde Allies Network partners |
|
Legitimate interest to operate the Programme |
| Provision of online training, course improvement and reporting | Course subscribers |
|
Legitimate interest to operate the Programme |
How we will contact you
The below explains how we will contact you – including direct marketing relating to our campaigns, updates on our community sponsorship and refugee support work, fundraising appeals and events.
We have processes in place to review how we communicate with you, especially in situations where you have not engaged with us for a while, or where the circumstances of how you interact with us change. Where you tell us that you no longer want our updates, we will act on this as soon as we can.
We will only contact you by email if you have given us your consent along with your email address. Where you have contacted us through our contact form, requested to be included in our Peer Support or Cairde Allies Networks, or requested support from our pro bono legal panel or inclusion in our insurance policy support for CSGs, we will then only contact you in relation to this unless you have provided consent to receive information about our other community sponsorship or refugee resettlement work.
You can opt out at any time by clicking on the ‘unsubscribe’ link at the bottom of our emails, or by emailing us directly at info@theopencommunity.ie.
We will only contact you by text if you have given us your consent along with your mobile phone number. You can opt out at any time by following the unsubscribe instructions in our text messages.
We will only contact you by telephone if you have given us your consent along with your phone number.
If you have already provided us with your phone number, we may call you occasionally, and will be checking that you consent to future phone contact during the call. You can opt-out of phone calls at any time by contacting us.
If you have provided us with your postal address, we may send you post unless you have told us that you would prefer not to receive such information. You can opt-out of receiving post from us at any time by contacting us.
Where needed, we may also contact you for administrative purposes using the contact details that you have given us.
Targeted subscriber communications
We want to ensure our updates are as interesting and engaging as they can be to our supporters, so we tailor our communications based on what we know about our subscriber’s interests and experiences. This also helps us with using our resources as efficiently as we can.
We do this by using profiling and analysis techniques to target our marketing communications. This involves analysing responses to our previous campaigns, your subscription preferences, and to look for patterns amongst our current subscribers which so we can tailor who we send communications to in the future. This is so we can send relevant campaigns to supporters who would be the most interested in them.
Who might we share your data with?
In connection with the purposes described above, and where you have given consent for us to do so, personal data may be shared with the specific Regional Support Organisation (RSO) that provides support services in your area, to contact you for community sponsorship opportunities. These RSOs are: Doras, Nasc, the Irish Red Cross, and the Irish Refugee Council, and a full list of the areas they support can be found here.
It may also be necessary to share personal data with third parties including:
- Providers of CRM systems used to manage information about the Programme and communicate to subscribers
- Other external service providers such as accountants, auditors, experts, lawyers and other professional advisors; IT systems, support and hosting service providers;
Any data shared will be subject to a joint Data Processing Agreement between us and the relevant organisation or third party.
We also may be required by law to share data with:
- Government and other public authorities for example courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies.
To the extent possible, data is hosted in the European Economic Area. Where personal data is transferred to an entity outside the European Economic Area which is not deemed to have an adequate level of protection under EU data protection law (such as the US) we will ensure that appropriate measures are in place to protect the data. This generally will involve the use of EU-approved standard contractual clauses.
How long is data kept?
Any personal data processed for the purposes set out above will be stored for no longer than is necessary for those purposes. The Open Community is responsible for the personal data that it collects and for ensuring this data is deleted or anonymised when it is no longer required.
In general, data from members of CSGs, host communities, or members of the public who are engaged in our support or online training services, events, or campaigns, will be retained only for as long as they are involved with the Programme and/or engaged with The Open Community and no longer than necessary after, unless there are any legal requirements which necessitate longer periods.
What security measures should be in place to protect data and, in particular, sensitive data?
The Open Community will adhere to all obligations, policies and procedures of our Data Protection Policy. This includes having in place technical and organisational measures to protect personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. This includes the provision of appropriate training for persons handling personal data.
In regard to handling of personal data, The Open Community will ensure that data will:
- Only be processed where necessary for the purpose that the data is collected or provided and not for any other purpose;
- Only be accessed by or disclosed to limited people who need access to that data;
- Be protected or pseudonymised where possible (use password protected files, mark as private and use abbreviations like JD instead of John Doe); and
- Should be deleted as soon as the data is no longer needed for the purpose for which it was collected or provided (for example, if particular sensitive information is contained in an email then the email should be deleted when the assistance has been provided – it is also recommended the sensitive information is shared by phone instead of sent or forwarded as this creates multiple copies).
What is a data breach and what is the appropriate response in the event of a data breach?
A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Examples of data breaches include leaving hard copy documents on a bus or train, lost or stolen laptop, unauthorised access by bad actors through the use of phishing emails and sending an email to the wrong person.
If a data breach occurs, The Open Community is responsible for notifying the Data Protection Commission where required by the GDPR, within 72 hours. As necessary, affected individuals will also be notified of high-risk data breaches where, for example, sensitive data is involved.
What rights do individuals have in relation to their data?
The Open Community is responsible for the personal data they hold in connection with the Programme and for responding to data subject rights requests made to it in relation to such Personal Data.
Individuals have the rights set out below under the GDPR in relation to their data. These rights won’t apply in all circumstances and are subject to exceptions in the GDPR and the Data Protection Acts 1988-2018.
- Right of access: The right to receive a copy of that individual’s personal data held by The Open Community and information on how that data is used.
- Right to amend/rectify data: The right to correct data where it is incorrect or incomplete.
- Right to deletion (‘right to be forgotten’): The right to request that personal data be deleted. However, this right only applies in certain circumstances – it wouldn’t apply, for example, if there is a continuing lawful basis to retain such data.
- Right to restrict processing: The right to request the suspension of the use of personal data, for example, pending a determination of its accuracy or if the data is no longer needed for any other reason other than a legal claim.
- Right to data portability: The right to obtain personal data in a format that can be transferred to another organisation.
- Right to object to processing: The right to object to use of personal data in certain circumstances, unless there are compelling legitimate grounds of The Open Community to overcome the objection or the data is needed in connection with any legal claims or must be kept to comply with a legal obligation.
- Right to withdraw consent: An individual may withdraw their consent to the processing of any information that The Open Community holds. This would not affect the lawfulness of processing based on consent before its withdrawal.
To exercise the above rights, please contact us via email: info@theopencommunity.ie, telephone: 01 863 8300, or in writing: The Open Community, Sean MacBride House, 48 Fleet Street, Dublin, D02 T883.
- Right to complain to the relevant data protection authority: All individuals are entitled to make a complaint to the Data Protection Commission if they believe that The Open Community has processed their personal data in a manner that is not in accordance with data protection law.
Who is responsible for maintaining this policy?
This Privacy Policy will be maintained by The Open Community and may be changed from time to time. This Privacy Policy was last updated February 2024.
