Privacy Policy
Introduction and Overview
This Privacy Policy explains how The Open Community—and any third parties we work with—collect and use the personal information you provide to us.
The Open Community, a Company Limited by Guarantee (CLG), supports and empowers community led welcome and integration for displaced people. Within the context of this privacy policy, ‘we’, ‘our’ “The Open Community”, or ‘the organisation” are the collective names for the Limited Company.
Policy Owner
Audience
This policy applies to service users and all staff, volunteers, and third-party organisations or contractors who carry out work on behalf of The Open Community.
Legislation and Regulation
This policy is designed to ensure compliance with our legal obligations under the EU General Data Protection Regulation (Regulation EU 2016/679) (GDPR), as well as all applicable laws concerning the processing of personal data. These laws are collectively referred to as “data protection legislation”.
Questions & Requests
Any questions about this Privacy Policy, or requests relating to how we manage personal data, can be directed to us via:
Email: info@theopencommunity.ie
Roles and Responsibilities
Data Controller
The Open Community is a data controller under data protection legislation. As such, we are responsible for the personal data we process, for ensuring compliance with this Privacy Policy, and for meeting all applicable data protection requirements.
Responsibility
All individuals working with or on behalf of The Open Community share a responsibility to comply with the obligations set out in this policy.
Types of Data we Collect
Personal Data
This policy relates to ‘personal data’. Personal data means any information relating to an identified or identifiable person (“data subject”) who may be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, online information (e.g. an IP address).
We collect information from members of the public who have subscribed on our website to receive information on community sponsorship by email, post, text or phone call, or contacted us via our contact form.
We also may collect information from you if you: join a Peer Support Group for sponsorship or our Cairde Network; engage in one of our support services (such as our legal panel or insurance policy support); or attend an event we run.
The information we gather may include:
- Personal information
We may collect your name, mailing address, email address, telephone number, date of birth, age, and gender where appropriate. - Your preferences
We keep a record of what you’ve told us about how you like to be contacted (e.g. emails only) and what you’d like to receive (e.g. information about community sponsorship.) - Your interests
Sometimes we collect information about your interests, such as your involvement in events you have attended, so we can contact you about information that is relevant to you. - Your affiliations
We may also collect and record any other relevant information you share with us about yourself, such as affiliations with community sponsorship groups, other community groups, or your organisation. - Record of your interaction with us and our support services, where consent has been provided for this.
We collect and process information about your interactions with us, including:- Details about our contact with you through email, text message, post, on the phone or in person
- Details about events that you register for, or attend
Special Category Data
Special category data (also known as sensitive personal data) is any data which by its nature is particularly sensitive. This includes personal data relating to or including racial or ethnic origin, political opinions, membership of trade unions, religious or philosophical beliefs, genetic data, biometric data, data concerning health, sex life or sexual orientation, and data concerning criminal offences or convictions.
Generally, we do not collect or keep a record of sensitive information from members of the public who engage with us. If we do need to gather this information (for example, to process applications from beneficiaries of the Humanitarian Admissions Programme) we only do so with explicit consent, and we have measures in place to protect sensitive information and its confidentiality.
Cookies
Our websites use cookies. We have introduced Google Analytics to our pages in order to assist us in redeveloping our sites. Google Analytics allows us to measure and learn in aggregate how our website is being used, and to see, for example, which are the most popular pages. This will help us ensure we provide relevant information in an easily accessible format. We also use a number of session cookies and a persistent cookie to record your acknowledgement of our cookie usage.
Opting out and managing cookies
You can manage your cookie preferences through your browser settings. Each browser offers different controls, so we’ve included links below to instructions from popular browser manufacturers. In general, you can choose to accept all cookies, reject them entirely, allow cookies only from specific websites, or block third-party cookies (those set by services used by website owners).
Google Chrome : https://support.google.com
Internet Explorer : https://support.microsoft.com
Firefox : https://support.mozilla.org
Safari : https://support.apple.com
Opera : https://www.opera.com
Should you be using another internet browser, please check the instructions in your browser help function on how to manage cookies.
Our full cookie statement is available in the footer of our website and also here.
How we use Personal Data
Purpose of Contact
This section outlines how we may contact you, including direct marketing related to our campaigns, updates on our community sponsorship and refugee support initiatives, fundraising appeals, and events.
We regularly review how we communicate with you—particularly if you haven’t engaged with us for some time or if your interaction with us changes. If you inform us that you no longer wish to receive updates, we will respect your preferences and act on them as promptly as possible.
We will only contact you by email if you have provided your consent and your email address. If you have reached out via our contact form, joined our Peer Support or Cairde Allies Networks, or requested assistance from our pro bono legal panel or insurance support for Community Sponsorship Groups (CSGs), we will only contact you in relation to those specific matters—unless you have also consented to receive information about our broader community sponsorship or refugee resettlement activities.
You may opt out of receiving emails at any time by clicking the ‘unsubscribe’ link at the bottom of our emails or by contacting us directly at info@theopencommunity.ie
Text Messages
Phone Calls
Postal Mail
If you have shared your postal address, we may send you mail unless you have indicated that you prefer not to receive such communications. You may opt out of receiving post at any time by contacting us.
Administrative Contact
Targeted Subscriber Communications
We aim to make our updates as relevant and engaging as possible for our supporters. To do this efficiently, we tailor our communications based on what we know about your interests and engagement with us.
We use profiling and analysis techniques to better target our marketing. This includes reviewing responses to past campaigns, analysing your subscription preferences, and identifying patterns among our current subscribers. This helps us ensure that we send relevant updates to supporters who are most likely to be interested.
Processing and Legal Basis
The Open Community will comply with all obligations, policies, and procedures set out in our Data Protection Policy. This includes implementing appropriate technical and organisational measures to protect personal data against unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition, or access. These measures also include providing appropriate training for individuals who handle personal data.
When handling personal data, The Open Community will ensure the following:
- Data will only be processed when necessary for the specific purpose for which it was collected or provided, and not for any other purpose.
- Access to personal data will be limited to individuals who require it for their role, and disclosure will be restricted accordingly.
- Where possible, data will be protected or pseudonymised.
- Data will be deleted as soon as it is no longer required for the purpose it was collected.
Please see the below table that sets out the data we process, and the associated legal basis.
| Data Subject | Data Type | Purpose | Legal Reason |
|---|---|---|---|
| Contacts in staff email accounts | Names, contact details, email content | Responding to queries | Legitimate interest |
| Mailing list subscribers | Newsletter sign-up data | Sending email updates | Consent |
| Website visitors | Website usage data (via cookies) | Improving user experience | Consent |
| Online event attendees | Event registration info | Event planning, communication, and follow-up | Consent |
| Online meeting attendees | Meeting recordings and transcripts | Documenting and sharing meeting outcomes | Consent |
| Peer Support Network subscribers | Names and contact details | Providing peer support and coordination | Consent |
| Legal Panel members | Names, contact info, and involvement details | Managing and supporting the panel | Consent |
| Cairde Allies Network partners | Organisation name, contact info, Cairde participation | Support and sharing updates | Consent |
| Course subscribers | Names, emails, course activity data | Delivering and improving training courses | Consent |
| Humanitarian Admissions Programme Participants | Names, contact details, sensitive personal information | Data gathered to form an application to the IRPP, establish a protection need for the beneficiary, and verify suitability of CSG members | Consent |
| STEP Project Employer Contacts | Organisation name, contact info, participation information | Outreach, relationship-building, STEP event invitations, project updates | Legitimate Interest / Consent |
| Welcome at Work (STEP) volunteers/supporters | Names, contact details, participation information. Languages spoken and cultural background if volunteered | Coordination of local welcome group activities and matching with newcomers | Consent |
| Welcome at Work (STEP) newcomer participants | Organisation name, contact info, participation information, arrival date | Matching with local WAW support, planning post-arrival support | Consent |
| Job applicants | CVs and cover letters | Recruitment and HR processes | Contract / Legal obligation |
Data Sharing and Transfers
The Open Community works in partnership with the Irish Refugee Protection Programme (IRPP) of the Department of Justice, Home Affairs and Migration, and with other civil society partners to empower people across Ireland to welcome refugees into local communities.
We work with the following “Actors” who are involved in the community led welcome for displaced people:
- The Irish Refugee Protection Programme (IRPP) – under the authority of the Minister for Justice, Home Affairs and Migration.
- Irish Civil Society Organisations including the Irish Red Cross and its partners in its role as the National Support Organisation for the Community Sponsorship Ireland programme.
- European partners in projects funded by the EU Asylum, Migration and Integration Fund (AMIF)
- Community sponsorship groups or CSGs – small, community-led volunteer groups.
Each Actor is an independent and separate data controller with respect to any personal data it processes in connection with projects and refugee support work. Each data controller is independently responsible for ensuring compliance with their own policies. Each Actor may have separate policies which govern the processing activities of the relevant Actor with respect to other activities the Actor conducts, which are outside the scope of this Policy.
It may also be necessary to share personal data with third parties, including:
- Providers of CRM systems used to manage information about the Programme and to communicate with subscribers.
- Other external service providers, such as accountants, auditors, legal experts, lawyers, and other professional advisors; as well as IT systems providers, support services, and hosting providers.
Any personal data shared with these parties will be governed by a joint Data Processing Agreement between us and the relevant organisation or third party.
In some cases, we may also be legally required to share data with:
- Government bodies and other public authorities, including courts, regulatory agencies, law enforcement, tax authorities, and agencies involved in criminal investigations.
Transfers outside the EEA
Where possible, all data is hosted within the European Economic Area (EEA). If personal data must be transferred outside the EEA to a country not considered to provide an adequate level of protection under EU data protection law (such as the United States), we will implement appropriate safeguards. Typically, this will include the use of EU-approved Standard Contractual Clauses to ensure the protection of your data.
Data Retention
Any personal data processed for the purposes set out above will be stored for no longer than is necessary for those purposes. The Open Community is responsible for the personal data that it collects and for ensuring this data is deleted or anonymised when it is no longer required.
In general, personal data relating to members of Community Sponsorship Groups (CSGs), host communities, or members of the public who participate in our support services, online training, events, or campaigns will be retained only for the duration of their involvement with the Programme and/or their engagement with The Open Community. Data will not be kept beyond this period unless there are legal obligations that require it to be retained for longer.
Data Subject Rights
The Open Community is responsible for the personal data it holds in connection with the Programme and for responding to data subject rights requests relating to that personal data.
Under the General Data Protection Regulation (GDPR), individuals have the rights listed below in relation to their personal data. These rights may not apply in all situations and are subject to exceptions outlined in the GDPR and the Data Protection Acts 1988–2018.
- Right of Access: The right to receive a copy of the individual’s personal data held by The Open Community, along with information about how that data is used.
- Right to Rectification: The right to have inaccurate or incomplete personal data corrected.
- Right to Erasure (‘Right to be Forgotten’): The right to request the deletion of personal data. This right applies only in certain circumstances, such as when there is no longer a lawful basis to retain the data.
- Right to Restrict Processing: The right to request a temporary halt to the processing of personal data—for example, while its accuracy is being verified or when the data is no longer needed except for legal claims.
- Right to Data Portability: The right to receive personal data in a structured, commonly used format and to have that data transferred to another organisation, where technically feasible.
- Right to Object: The right to object to the processing of personal data in certain situations, unless The Open Community can demonstrate compelling legitimate grounds for continuing the processing or the data is needed to comply with legal obligations or for legal claims.
- Right to Withdraw Consent: Where processing is based on consent, individuals have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, individuals may contact The Open Community by:
- Email: info@theopencommunity.ie
Right to Lodge a Complaint:
Individuals also have the right to lodge a complaint with the Data Protection Commission if they believe their personal data has been processed in a way that does not comply with data protection law.
Data Breaches
A data breach refers to a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data that is transmitted, stored, or otherwise processed. Examples of data breaches include:
- Leaving hard copy documents on public transport
- Losing or having a laptop stolen
- Unauthorised access due to phishing emails
- Accidentally sending an email to the wrong recipient
If a data breach occurs, The Open Community is responsible for notifying the Data Protection Commission, where required under the GDPR, within 72 hours. Where a breach poses a high risk to the rights and freedoms of individuals—such as when sensitive personal data is involved—affected individuals will also be notified as appropriate.
Review and Maintenance
This Privacy Policy is maintained by The Open Community and may be updated periodically.
The current version was last reviewed in June 2025 and is scheduled for its next review in June 2026, in line with legislative guidance. However, it may be revised earlier if required.
