Version 1. Last updated 24 October 2022.
About us and our role in minding your data
We collect and handle personal data of you when you sign up as a member or a donor to MS Readathon
Personal data is any information that makes you identifiable directly or indirectly.
We process data for the following groups of individuals
- Readers under 18
- Adult Readers
- Parents/ guardians
- Teachers
- Team/Group Leaders
- Donors
- Ambassadors
- Sponsors
- Partners
We are the controller for the personal information we process, unless otherwise stated.
We are responsible for your personal data (collectively referred to as “MS Readathon as, “we”, “us” or “our” in this privacy statement).
How you can contact us for any queries about your information and about your rights
There are many ways you can contact us, including by phone, email, and post.
80 Northumberland Rd, Dublin 4, D04 T856
01 6781600
What happens if we make changes to this notice
Where changes to this Privacy notice occur, the updated version will be published on our website. If any major changes occur to this privacy notice during a competition and where appropriate/possible we will communicate the changes directly to individuals through a communication channel such as email and/or our social media.
The reason we collect your data
To help us help you, make sure you check your information is correct before submitting it to use. If you change your contact details let us know or you can update it yourself on your member or donor account. We will only collect your data which we need to provide our Readathon services to you which is necessary for the following purposes:
General
- Provide this website to you and response to your queries
- To inform you of other fundraising events where you have consented to do so
- To provide you with our newsletters where you have consented to do so
- To fundraise for us
- To complete our surveys
- To provide our Readathon services
- To maintain our relationship with you whilst you hold a donor and or member account
- To comply with all relevant law
- To defend legal claims or other claims of a similar nature
- To report on the donation leader board from the superhero club, the top kids, top classes, top schools, top teams and top adults which is publicly available
- To help your donors find your child’s details (name, class and school) to provide a donation which is publicly available
- To report on the book leaderboard about the number of books you have read which anyone who visits the website can see
Readers
- To register you
- To set up and administer your membership account
- To provide you with a welcome package for the first 500 who sign up
- To provide you with support and resources
- To record each book you read
- To record your book ratings and reviews
- To record your achievements
- To record and process the donations collected by you
- To report on the donation leader board from the superhero club, the top kids, top classes, top schools, top teams and top adults which is publicly available
- To record testimonials from you
- To report on the book leaderboard about the number of books you have read which anyone who visits the website can see
- To record statements and feedback from you (if you contact us with ideas or suggestions or leave your opinion in a review)
Parents/ guardian
- To register your child under the age of 18 as a reader
- To provide consent for your client to participate in the Readathon
- To set up and administer your child’s account
- To provide you with support and resources
- To provide your child with a welcome package for the first 500 who sign up
- To contract you regarding your child’s achievements and upcoming Readathon events
- To invite your child to entry various competitions throughout the reading month
- To help your donors find your child’s details (name, class and school) to provide a donation which is publicly available
- To invite to you to participate in a post Readathon survey
- To provide updates of campaign totals received
Teachers and Team/Group Leaders
- To register you
- To set up and administer your account
- To provide you with support and resources
- To provide you will progress reporting on your students reading and donations achieved
- To enable you to invite readers and/or parents/guardians to consent to join your group
- To help your donors find your team’s details (group name, class/school) to provide a donation which is publicly available
- To invite your students/team members to enter various competitions throughout the reading month
- To invite to you to participate in a post Readathon survey
- To provide updates of campaign totals received
Donors
- To set up and administer your account
- To process your kind donations
- To inform you of upcoming events and MS Ireland Newsletters where you have consents
- To provide your donation details where you have consented to do so
Ambassadors
- To capture your story
- To share your story with the readers, donors, and any other users of this site
Partners
- To contact them
Sponsor for prizes
- Provide details of winners to collect their prizes
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree. Once consent is obtained, it can be withdrawn at any stage.
Parental/ Guardian consent is required to process personal data for any individuals under the age of 18
Legal basis we use to have your data
Consent
Where you have clearly agreed to us processing your information for a specific reason such as
- collecting your child’s data to enable them to partake in our Readathon.
- explicit consent for us to process any information about you or your child having Multiple Sclerosis.
- If you subscribe to any of our e-newsletters, fundraising or other communications resources, we will retain your details so that we can email you as requested.
- We also collect any other personal information that you choose to provide to us when you complete our survey or otherwise provided to us.
- We collect any information provided by or about you through our website including comment boxes, forms, links, website usage or any other means.
- If any person contacts us via phone, email, post, surveys, through our website or otherwise, we may keep a record of that correspondence.
You may unsubscribe or manage your subscriptions at any time by following the link at the bottom of all emails or contacting us.
Where you have entered into a service with us and the processing is necessary to perform this service per the Terms and Conditions
Compliance
The processing is necessary for compliance with a legal obligation we have such as keeping records for revenue or tax purposes or providing information to a public body or law enforcement agency and to defence of legal claims.
Legitimate interest
Processing is necessary for the purposes of a legitimate interest pursued by us
- to safeguard the safety and security of our staff, members, donors, sponsors, resources and systems
- to operate our Readathon services generally to our members, donors, teachers, team leaders and partners.
- manage and administer our services to our members, donors, teachers, team leaders and partners.
- To inform our existing our members, donors, teachers, team leaders and partners about upcoming Readathons events.
- To inform our members, donors, teachers, team leaders and partners about how we spent the generous donations collected.
- From time to time we may conduct member and donor satisfaction surveys. Where we do so we reply on the lawful processing of legitimate interest to enhance our service delivery.
- To ensure the security of our IT systems and to prevent any unauthorised access
Where you do not register as a member or donor, we will be unable to provide our Readathon online services.
Personal data we hold
As part of our Readathon services, we need to collect certain information as required where necessary to provide our services. We collect the following types of information.
Customer Surveys
Photographs/ Videos for Ambassadors, testimonials
- Identity Dataincludes first name, last name
- Contact Dataincludes, billing address, delivery address, email address, telephone and numbers.
- Images includes Photograph/videos/audio for Ambassadors
- School Data includes Class, Teacher and School if provided
- Financial Data no data is collecting about bank account and payment card details via all banking is processed directly on Stripe or PayPal
- Transaction Data includes details about payments from you and other details of donations or fundraising you have provided to us.
- Technical Data includes
- internet protocol (IP) address - this is how the internet knows what computer/tablet/phone you are working on, its kind of like your computers name on the internet
- Longitude/Latitude - this is how the internet finds you on a map of the world. If you look at a map of the world or a globe, there are imaginary lines drawn from the North to the South Pole and all around the planet and where these lines cross over or meet is where your computer/tablet/phone is found
- web browser user agent of all entries – a web browser is something you use to look things up on the internet, like Google Chrome/Firefox/Microsoft Edge/Internet Explorer, it is software that speaks to the internet and tells it what you are looking for, the internet then gives the browser the information which it shows you in a way you can understand
- your login information – the username and password used to access your fundraising page
- Profile Information includes your interests (things you like), preferences (if you like one thing more than another), feedback (when you tell us if you think we did a good job or could make things better) and survey responses (answers to questions we ask to see if we need to change things to make it work better), sign ups (when you join the Readathon).
- Usage Information includes information about how you use our services and deal with us.
- Social media handles Account, URL Facebook, URL LinkedIn, URL Pinterest, URL Instagram, SnapChat and Google Tag manager – if you link/share your Readathon profile to any of these
- Profile Data includes your interests, preferences, feedback and survey responses, sign ups.
- Usage Dataincludes information about how you use our services and deal with us.
- Social media handles Twitter Account, URL Facebook, URL LinkedIn, URL Pinterest, URL Instagram, SnapChat and Google Tag manager
How we protect your data
We collect this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to use, the following rules apply. Our data will be:
- Accurate as you provide to us and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by us on the basis of either a valid consent, legal compliance or legitimate interest
- Protected against any unauthorised access or illegal processing by internal or external parties.
Our data will not be:
- Communicated to any unauthorised internal or external parties
- Stored for longer than required for the purpose obtained
- Transferred to organisations, states or countries outside the European Economic area without adequate safeguards being put in place as required under Data Protection law.
Our commitment to protect your data:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in data protection and security measures
- Build secure networks to protect online data
- Establish clear procedures for reporting privacy breaches or data misuse
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.).
Who we share your data with
In some cases we will share your information with:
- Your school leader – where you join your fundraising page with your school/class
- Your school – where you join your fundraising page with your school/class
- Your team/group leader – where you join your fundraising page with a team
- Your group – where you join your fundraising page with a team
- Your parents/guardian if under the age 18 – they need this information to keep you safe and they will help you run your Readathon
- Your donors – people who give you money for reading can see your profile, how much you have raised and how many books you have read
- Sponsors where you are a winner so you can collect your prize
- MS Ireland
- Anyone who visits the website – anyone who visits the website can see a fundraising profile, how much they have raised and how many books they have read and who has donated to the profile
Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information where necessary to the following:
- Revenue, Data Protection Commission, legal advisors, business advisors, financial and leasing institutions, law enforcement, Garda, IT providers, couriers, shredding company, printing company, administration services, accountant/auditors, insurers, or marketing consultants and any other suppliers we use to operate this competition.
Some of third parties we share your data with may reside outside the European Economic Area (which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in Ireland and include the following data protection transfer mechanisms:
- Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. Copies of our current Model Clauses are available on request.
- Transfers to countries outside the EEA which have an adequate level of protection as approved by the European Commission (such as the United Kingdom).
- Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR. For example, where it is necessary to transfer information to a non-EEA country to perform our contract with you.
How long will we hold your personal data
We will only retain personal data for as long as necessary for the purposes for which it was collected as required by law or regulatory guidance to which we are subject or to defend any legal actions.
For home readers we hold the data for four years and for schools we hold the data indefinitely.
Your Rights
Erasure
When have I the right to all my personal data being deleted by [name the organisation]?
You have the right to have your personal data deleted without undue delay if:
- The personal data is no longer necessary in relation to the purpose(s) for which it was collected/processed
- You are withdrawing consent and where there is no other legal ground for the processing
- You object to the processing and there are no overriding legitimate grounds for the processing
- The personal data has been unlawfully processed
- The personal data must be erased so that we are in compliance with legal obligation
- The personal data has been collected in relation to the offer of information society services with a child.
What happens if you made my personal data public?
If we have made your personal data public, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform those who are processing your personal data that you have requested the erasure.
What happens if you have disclosed my personal to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them of your request for erasure where possible. We will also confirm to you details of relevant third parties to whom the data has been disclosed where appropriate.
Data portability
When can I receive my personal data in machine readable format from you?
You will receive your personal data concerning you in a structured, commonly used and machine-readable format if:
- processing is based on consent or contract
- processing is carried out by automated means.
Would you transfer the personal data to another service provider if I requested this?
We can transfer this data to another company selected by you on your written instruction where it is technically feasible taking account of the available technology and the feasible cost of transfer proportionate to the service we provide to you.
Under what circumstances can you refuse?
You will not be able to obtain, or have transferred in machine-readable format, your personal data if we are processing this data in the public interest or in the exercise of official authority vested in us.
Will you provide me with my personal data if the file contains the personal data of others?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person.
Contact us at dataprotection@ms-society.ie
Automated individual decision making
What are my rights in respect of automated decision making?
use does not have any automated decision-making processes. Where any such processes are introduced, we will provide you with the relevant information required under the “General Data Protection Regulation”.
Object
Have I already been informed about my right to object?
We have informed you of your right to object prior to us collecting any of your personal data as stated in our privacy statement.
When can I object to you processing my personal data?
You can object on grounds relating to your situation at any time to processing of personal data concerning you which is based on one of the following lawful basis:
public interest or
legitimate interest, including profiling based on those provisions.
We will stop processing your personal data unless:
- we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms
- the processing is for the establishment, exercise or defence of legal claims.
What are my rights to object for direct marketing purposes?
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, we will no longer process this data for such purposes.
What are my rights to object in the use of information society services?
In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications.
Contact us at dataprotection@ms-society.ie
Restrict processing
When can I restrict processing?
You may have processing of your personal data restricted:
- While we are verifying the accuracy of your personal data which you have contested
- If you choose restricted processing over erasure where processing is unlawful
- If we no longer need the personal data for its original purpose but are required to hold the personal data for defence of legal claims
- Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override.
What if you have provided my personal data to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them about the restriction on the processing, unless it is impossible or involves disproportionate effort to do so.
How will I know if the restriction is lifted by use and/or relevant third parties?
We will inform on an individual basis when a restriction on processing has been lifted.
Contact us at dataprotection@ms-society.ie
Rectification
What can I do if you are holding incorrect personal data about me?
Where you suspect that data we hold about you is inaccurate, we will on demand rectify any inaccuracies without undue delay and provide confirmation of same.
What happens if you have disclosed my personal to third parties?
Where we have disclosed inaccurate personal data to third parties, we will inform them and request confirmation that rectification has occurred. We will also provide you with details of the third parties to whom your personal data has been disclosed.
Contact us at dataprotection@ms-society.ie
Withdraw consent
Under what circumstances could I withdraw consent?
You can withdraw consent if we are processing your personal data based on your consent.
When can I withdraw consent?
You can withdraw consent at any time.
If I withdraw consent what happens to my current data?
Any processing based on your consent will cease upon the withdrawal of that consent. Your withdrawal will not affect any processing of personal data prior to your withdrawal of consent, or any processing which is not based on your consent.
Contact us at dataprotection@ms-society.ie
Lodge a complaint
Can I lodge a complaint with the Data Protection Commission?
You can lodge a complaint with the Data Protection Commission in respect of any processing by or on behalf of use of personal data relating to you.
How do I lodge a complaint?
Making a complaint is simple and free. All you need to do is write to the Data Protection Commission giving details about the matter. You should clearly identify the organisation or individual you are complaining about. You should also outline the steps you have taken to have your concerns dealt with by the organisation, and what sort of response you received from them. Please also provide copies of any letters between you and the organisation, as well as supporting evidence/material.
What happens after I make the complaint?
The Data Protection Commission will then take the matter up with use on your behalf.
Access your data
When do I have the right to access my personal data from use?
Where use process any personal data relating to you, you have the right to obtain confirmation of same from us, and to have access to your data.
What information will you provide to me?
If we are processing your personal data, you are entitled to access a copy of all such personal data processed by us subject to a verification process to ensure we are communicating with the correct person. We will provide any of the following information:
- why we are processing your personal data
- the types of personal data concerned
- the third parties or categories of third parties to whom the personal data have been or will be disclosed. We will information you if any of the third parties are outside the European Economic Area (EEA)or international organisations
- how your personal data is safeguarded where we provide your personal data outside the European Economic Area or to an international organisation
- the length of time we will hold your data or if not possible, the criteria used to determine that period
- your rights to:
- request any changes to inaccurate personal data held by us
- have your personal data deleted on all our systems
- restriction of processing of personal data concerning you
- to object to such processing
- data portability
- your right to lodge a complaint with the Data Protection Commission info@dataprotection.ie
- where we have collected your personal data from a third party, we will provide you with the information as to our source of your personal data
- any automated decision-making, including profiling which includes your personal data. We will provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
What Information is not provided?
- Business Information pertaining to your role as an employee
How long will it take to receive my personal data from use?
We will provide you with a copy of the personal data we are currently processing within one month of request. In rare situations if we are unable to provide you with the data within one month we will notify you, within 10 days of your request, explaining the reason for the delay and will commit to delivery within a further two months.
How much will it cost me to receive my personal data?
We will not charge for providing your personal data unless we believe the request is excessive and the cost of providing your data is disproportionate to your services provided.
Can I request additional copies of my personal data?
If you require additional copies we will charge €20 to cover our administrative costs.
Can I receive my personal data electronically?
You can request your personal data by electronic means and we will provide your personal data in a commonly used electronic form if technically feasible.
What will you do if another person’s personal data is shared with my personal data?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person.
Contact us at dataprotection@ms-society.ie
Version Control
This information was issued on 17.09.24 and is version 4.00 (only minor edits since version 1.00 issued on 02.10.21.
September 2024
Connect with Us