SGI Ireland Data Protection Policy

 

This Privacy Notice Explains How and Why SGI Ireland Uses Your Personal Information

The law on data protection changed on 25th May when the EU General Data Protection Regulations (“GDPR” or the “Regulations”) came into effect. Every organisation, including SGI Ireland (and all other SGI organisations) in Europe and elsewhere if the data applies to a data subject within Europe) is bound by the Regulations and now MUST obtain the specific written confirmation of the informed and free consent of any person to the collection, retention and use of their personal information. Personal information in this context includes any personal details such as name, address, e-mail address, gender, sexuality, age, telephone number/s, photographs or images, details about the health of an individual or any other similar material that may be transferred in a form that can identify the data subject either directly or indirectly. There are also personal responsibilities under the Regulations of which you should be aware and should observe.

The Regulations cover information relating to any identified or identifiable natural person. This means anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It includes references to third parties, if the identity of that third party can be made through a link provided by one or more of the factors specified above.

The Regulations restrict an organisation in how it performs any operation on personal information, such as its collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The SGI Ireland Communications Tree is entirely within this definition, which, applies to paper records in the same way.

How and Why We Use Your Personal Information:

The principal purpose of SGI Ireland acquiring personal data is to allow us to provide information about the Buddhist activities of SGI Ireland and those of other SGI organisations (together “SGI”). This acquisition and use is to enable attendance at Buddhist activities or to receive guidance or study materials through the Communications Tree. It may be that at certain events, SGI Ireland may need additional information, such as next of kin, or other matter properly to assist you with. This could include a special dietary requirement, or to receive details of a health issue that you may have while you attend such activities. Written consent by the next of kin and to the use of your details will be required, as the next of kin and these additional requirements, are covered by the GDPR.

In appropriate cases, your personal details may be shared with SGI outside Ireland, such as when it is necessary to contact you directly about an SGI activity, wherever held, or to circulate study or guidance materials from a central source.

For the SGI, under the GDPR, all personal information held about you must be processed lawfully, fairly and in a transparent manner in relation to you. It may be collected only for specified, explicit and legitimate purposes and must not further be processed in a manner that is incompatible with those purposes. The data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. It must also be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. The data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Lastly, personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

SGI Ireland is the legal controller of the personal data that it has collected about you and is responsible for, and must be able to demonstrate compliance with, all the restrictions mentioned in the last paragraph.

How Long SGI Ireland Will Keep Your Personal Information:

Your personal information will be held for as long as you remain a member of SGI, attend SGI activities or maintain an interest in SGIs Buddhist activities. SGI Ireland will delete or update your personal information at your request. In order for SGI Ireland to be able to process an application to attend any Training or other Course, you may be required to give SGI Ireland written confirmation of your previous consent to process, to store and use your personal information appropriately. You may also be asked to confirm your consent to the collection or use of additional data and, if relevant, your next of kin may be asked similarly to confirm that they have signed a consent form or may be formally requested to do so.

Please note, that without this written consent, and if appropriate, that of your next of kin, SGI Ireland will be unable to accept an application for a course whether in Ireland or elsewhere and will not lawfully be able to correspond with you.

Before you provide us with your personal information, you must give consent that:

(a) Any information you provide, or have provided in the past, can be held (or continue to be held) on computer and/or in paper files.

(b) Any such information which you provide or have provided, including sensitive personal data such as health issues or dietary requirements may be used by SGI to assist you at SGI activities if necessary and to an appropriate extent.

(c) Information may be held about you by anyone who may process your application on your behalf, and fraud prevention agencies to prevent fraud.

(d) Any SGI member with a leadership role or otherwise bearing the responsibility for organisation of activities and thus may need access to your personal information (which access is covered by your consent) may use that personal information to contact you by post, fax, e-mail or telephone, solely to inform you about or discuss SGI Buddhist activities or to convey appropriate directions, instructions, guidance or study materials, in which you may be interested, but the personal information must not be used further or for other activities.

Your Rights in Relation to Your Personal Information:

These are fully set out in the GDPR. However, certain important rights are repeated here for your convenience.

You have the right at any time to request a copy of all and any of your personal information held by SGI Ireland, and you also have the right to have any incorrect information about you corrected. You have the right at any time to withdraw your consent for the processing or use of your personal information and to have your personal information erased, or the processing of it restricted. If you decide to withdraw your consent,  this may be done by your contacting SGI Ireland by email at: info@sgi-ireland.org. You should receive an e-mail confirming your withdrawal. If you prefer, by post to SGI Ireland, 35 Westbourne Close, Clondalkin, Dublin 22.

Please note that if you decide to exercise your right to withdraw your consent or to make a request for restriction/erasure of your information, this may affect SGIs ability to provide you with information about activities or your  freedom to attend an SGI activity that you may wish to attend. Your data may further be subject to certain limitations necessary for SGI to comply with its legal and regulatory obligations towards you and your personal data.

You have the right to object to your personal information being held, to request SGIs data controller afford you access to it (in a structured, commonly used and machine-readable format) and to its rectification or erasure or to the restriction of its processing. You may also object to processing and have the right, called data portability, to have your data transmitted, without hindrance, to another controller.

 

WARNING: Sharing Personal Information:

SGI Ireland’s policy is to respect the privacy and confidentiality of its members and others and as such, it strongly encourages each member to consider carefully the reason if they wish to share personal information with another person before sending such information. The use of “bcc” for addressees and not “replying to all” recipients to an e-mail if the others’ e-mail addresses are openly listed are two highly recommended practices, even between members, unless there is a valid reason openly to share such information.

SGI never condones the indiscriminate or casual sharing of the personal information of a third party. The legal responsibility for doing so is PERSONAL, that is, if a member of SGI Ireland wishes, with good reason, to pass on any personal information, such as a telephone number, e-mail address or other similar material, this is not an activity of SGI Ireland and the legal responsibility for doing so is outside SGI Ireland’s liability. Responsibility rests solely with the person sending or sharing the information.

 

Further, and in particular, any request to other members to chant for or send Daimoku to a third party, the third party’s personal information should so far as practical always be respected. Details such as a name, address, e-mail address, gender, sexuality, age, telephone number/s, photographs or images, references to the health of an individual or any other similar material that may identify the third parts either directly or indirectly, should be avoided. That is, the very reason for the request (such as illness, bereavement or other personal crisis) should not be stated overtly, unless and until the intended recipient has consented in writing. However, and ONLY if the recipient is incapable (due to illness, for example) to give their consent, it MAY be acceptable to send such a request PROVIDED the next of kin is informed and agrees, in writing (say by return e-mail) that the practice may be followed. The sending or forwarding of such requests is and remains a PERSONAL responsibility of the sender.

Please note that SGI Ireland does not authorise any form of social media for communicating with its members. Those who use social media to communicate about SGI Ireland or its activities do so at their own risk and are not covered by this policy.

If you feel aggrieved by the way that SGI has handled your personal information, you also have the right to lodge a complaint with the Data Protection Commissioner. The GDPR describes the method and time-frame involved with such an action.

Thank you for understanding the need and scope of this policy, for giving your consent, and for assisting SGI to comply with its legal obligations under the EU General Data Protection Regulation (GDPR). The law is complicated and it is strict. We must, as a responsible organisation comply and we hope that you understand this and accept your own responsibilities in this regards.

SGI Ireland