This Privacy Notice is intended to inform you about how the Osteopathic Council of Ireland (the “OCI”) uses your personal information. The OCI is committed to respecting your rights under the General Data Protection Regulation (the “GDPR”) and any national law of Ireland which implements the GDPR (together “applicable data protection law”).
Personal information or data means any information identifying a living, natural person (the “Data Subject”).
WHO WE ARE
The OCI is the self-regulatory body for Osteopaths in Ireland. The OCI is based at Gray Office Park, Galway Retail Park, Headford Road, Galway, H91 WC1P and is the Data Controller in respect of your personal information under the applicable data protection law.
PERSONAL INFORMATION COLLECTED
The OCI collects information from its members for the purposes of maintaining a membership database and a register of OCI members which is publically accessible. This information includes your name, practice details, email and contact details.
Some personal information may be collected about you from forms and surveys you complete, records of our correspondence and phone calls and details of your visits to our website, including but not limited to, online identifying information like Internet Protocol (IP) addresses.
We may collect information about your computer, including your IP address, operating system and browser type and for system administration. This is statistical data about how you browse our Website and is not specific enough to identify any individual user.
For the same reason, we may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. Cookies help us to improve our Website and to deliver a better and more personalised service. They enable us:
- To estimate usage numbers and patterns.
- To store information about your preferences, and so allow us to customise our Website according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
HOW WE USE YOUR INFORMATION
- We collect information that you have already made public in relation to your practice such as your name, and practice contact details to be displayed on our website www.osteopathy.ie. This information is shared by us with other relevant authorities, such as health insurance companies who maintain a list of OCI members for the purpose of treatment reimbursement for your patients.
- We also collect personal information such as your name and practice contact details for the OCI purposes of maintaining a register of members. This information is held securely and will not be shared with anyone else. For data storage purposes, your data may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement.
- Information in relation to any previous, ongoing or pending claims made against you is collected and retained securely for the purposes of ensuring that you have the requisite level of professional indemnity insurance cover as set out in the OCI membership application form. This information will not be shared with anyone else and is only retained for as long as is necessary in relation to evaluating your professional indemnity insurance cover.
GDPR 2018 PRIVACY NOTICE
- Your contact details, such as email addresses, phone numbers and postal addresses you provide, may be used to send membership documents and information such as certificates, receipts, membership renewal forms as well as AGM & CPD invitations. We will always provide you with an option to unsubscribe to our communications however doing so might mean that we will be unable to perform our functions appropriately.
- The OCI may also use your personal information to contact you including making telephone contact and emailing information which the OCI believes may be of interest to you. This includes a monthly newsletter with OCI updates, course information and job advertisements. Our monthly newsletters are sent via a company called Mailchimp. We need to share minimal data (your name and email address), with them in order to send these newsletters. This company is based in the United States, which means your personal data travels outside of the European Economic Area (the “EEA”). Mailchimp are GDPR compliant and hold the EU - US Privacy Shield. You may unsubscribe to these communications at any time and we will always provide you with an option to do so.
- The OCI do not sell your information and you can ask to be removed from our marketing database by emailing or phoning the OCI using the contact details provided at the end of this Privacy Notice.
LEGAL BASIS FOR PROCESSING
The OCI collects and uses your personal information on the grounds that:
- You have given us your consent to do so. Where this is the case, you are entitled to withdraw your consent at any time; and / or,
- Our use is in the legitimate interests of the OCI in our functions and supply of services in order for us to be the self-regulatory body for Osteopaths in Ireland and to promote Osteopaths and Osteopathic treatment to the public and other health professionals. The OCI will not use your information in any manner which would interfere with your rights and freedoms.
The OCI will keep your personal information safe and secure. The OCI will not disclose your personal information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. The OCI may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
The OCI will process personal data over the duration of your membership of the OCI and will continue to store only the personal data needed for eight years after your membership has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details.
All Data is held in the Republic of Ireland. When data is shared with any companies outside of the EEA, we will ensure that said companies have a level of data protection which is no less protective than that which we provide.
At any point while we are in possession of, or processing your personal data, you have the following rights:
- Right of access – you have the right to obtain knowledge of and access the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
GDPR 2018 PRIVACY NOTICE
To deal with any of your requests in relation to your personal information, the OCI will need to confirm your identity and will need to ask you a number of identifying questions before we can process your request. All requests should be made to firstname.lastname@example.org or by phoning 353 (0)761 104 800 or writing to us at the address further below.
In the event that we refuse your request under rights of access, we will provide you with a reason as to this refusal.
You have a right to make a complaint to the Data Protection Commissioner at email@example.com or by writing to Data Protection Commissioner, 1 Fitzwilliam Square, Dublin 2, Ireland D02 RD28.
CHANGES TO THIS PRIVACY STATEMENT
This Privacy Notice will be reviewed as required in light of any legislative or other relevant developments.