1.   Introduction

At Glenstal Abbey, privacy is a priority. The purpose of this document is to set out how Glenstal Abbey, (“us,” “our,” or “we”) collect, use, store, or otherwise process personal information about volunteers, members and other individuals (collectively “you”) who access or use our website, including https://glenstal.com/abbey/ and that link to this Privacy Policy. By using our Services, you understand that we will collect and use your personal information as described in this Privacy Policy

This Privacy Policy explains why and how we will use the personal information that we have obtained from you or others, with whom we share it and the rights you have in connection with the information we use. Please read the following carefully.

Glenstal Abbey will process your data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Glenstal Abbey is the data controller.

2. PERSONAL INFORMATION WE COLLECT ABOUT YOU

We receive personal information about you that you give to us, which we collect from your visits to our website, social media pages and that we obtain from other sources. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.

  • Glenstal abbey Services

Purpose

Categories of Data Subjects

Typical Data Categories

Legal Basis

Special Category Legal basis

Ordained Priests and relevant files

Priests

Name, Email Address, Telephone Numbe, Gender, Nationality, Garda Vetting Disclosures, Information related to involvement in Diocesan activities and events

Performance of a Contract

Substantial Public Interest

Legitimate Activities with Appropriate

Safeguards

       

by a Foundation

Volunteer practice groups

Volunteers, Employees, Members

Name, Email Address, Telephone Number

Performance of a Contract

N/A

Statistical, archiving and historical research

Priests, Employees

Name, Email Address, Postal Address, Diocese Ordainment Details and work

Performance of a Contract

Legitimate Activities with Appropriate Safeguards by a Foundation

Processing is Necessary for Archiving Purposes

Contacting support

Volunteers, Employees, Members

Name, Email Address, Phone Number

Consent

N/A

Web streaming service/church webcams

Priest

Video Images/Recordings

Performance of a Contract

Substantial Public Interest

Event of a serious risk to life or health

Priests, Employees, Volunteers

Name, Next of Kin details, Health Information

Vital Interest

Vital Interest

Baptism Registers and Sacraments

Priests

Name, Address, Baptism Registers, Sacrament Details

Consent

Legitimate Interest

Explicit Consent

Legitimate Activities with

       

Appropriate Safeguards by a Foundation

Booking a room

Visitors

Name, Address, Email Address, Dietary Requirements, Mobility Details

Performance of a Contract

Explicit Consent

 

  • Database Administration and security

 

Purpose

Categories of Data Subjects

Typical Data Categories

Legal Basis

Special Category Legal basis

Ensure security of our online infrastructure  and systems

Website visitors

Name, E-mail Address

Legitimate Interest

N/A

Safeguarding systems and to improve our services

Website visitors

Name, Email Address,

Legitimate Interest

N/A

Detect, prevent and address technical issues

Website visitors

Name, Email Address

Legitimate Interest

N/A

 

  • Visiting our premises or contacting us

 

Purpose

Categories of Data Subjects

Typical Data Categories

Legal Basis

Special Category Legal basis

Managing security and your safety when you visit our site

Visitors, Employees

Name, Time and Date of Visit, Details of Accident and/or Security Incidents, CCTV Images

Compliance with a Legal Obligation

Substantial Public Interest

Reporting accidents and/or security incidents to relevant law enforcement authority

Visitors, Employees

Name, Details of Security Incidents

Compliance with a Legal Obligation

Substantial Public Interest

 

  • Finance

 

Purpose

Categories of Data Subjects

Typical Data Categories

Legal Basis

Special Category Legal basis

Processing payments from volunteers/suppo rts and keeping a record for accounting purposes

Volunteers, Supporters

Name, Job Title, Email Address, Card Details

Performance of a Contract

Compliance with a Legal Obligation

N/A

Processing payments to suppliers

Supplier, Customer

Name, Email Address, Job Title, Contact Details, Card Details

Performance of a Contract

Compliance with a Legal Obligation

N/A

Glenstal shop

Customer

Name, Postal Address, Email Address, Card Details

Performance of a Contract

N/A

Process donations

Customer, Volunteer

Name, Email Address, Postal Address, Card Details

Performance of a Contract

Compliance with a Legal Obligation

N/A

Fundraising purposes

Volunteers, Customers

Name, Email Address, Telephone Number, Card Details

Performance of a Contract

N/A

 

 

3. Who We Share Your Personal Data With

 

We only disclose your personal information outside the Organisation in limited circumstances. If we do, and where relevant, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for or with us will be obliged to follow our instructions. We do not sell your personal information to third parties.

When we use third-party service providers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions as a Data Controller.

The Organisation will not share personal data with any other entity or organisation without prior consent from the data subject or another appropriate legal basis. At some point in time we may request your permission to share personal data with another related organisation.

 
   

Typically, we do not transfer your personal information outside of Europe. However, we may rely on adequacy decisions by the European Commission for data transfers to countries outside the EEA such as to the UK.

If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) that are not subject to an adequacy decision, we will amend this statement and notify you of the changes. We will also ensure that appropriate safeguards are in place for that transfer and storage, as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA.

We ensure that appropriate safeguards are in place when transferring and storing your data outside of the region as required by applicable law. This includes adopting EU 2021 Standard Contractual Clauses (SCCs) where applicable.

By submitting or agreeing to the submission of personal data on your behalf, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

5 . Security and Links to Other Websites

 

We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our website, and our social media pages may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.

We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.

Although, we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.

Our website and social media pages may contain links to other websites run by other organisations which we do not control. This statement does not apply to those other websites, so we encourage you to read their privacy statements. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

6.     The Periods for Which We Retain Your Personal Information

We will retain personal information we collect from you where we have a justifiable business need to do so or for as long as we determine it is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). We may delete or de-identify your information sooner if we receive a verifiable erasure request, subject to exemptions under applicable law.

We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information indefinitely (e.g., to supress marketing messages).

7.     Data Processing with your Consent

Where we use consent as our legal basis for processing your data, or process special categories of your data on the basis of your explicit consent, you have the right to withdraw your consent at any time. For further information on when we rely upon consent, please see Section 2 “Personal Information We Collect About You”.

There are two ways that you can easily withdraw your consent, you can:

  • Press the ‘Unsubscribe’ option contained within our email communications to you,
  • Contact our Data Protection Officer directly by post, email and telephone and using the contact details on section 11 of this

We will maintain a record of your withdrawal of consent to comply with our legal obligations.

8.     Cookies

We use cookies to provide you with a tailored experience on our website and to gather statistics on how our online services are used so that we can improve our services. Some of our cookies may also collect personal data.

Please visit our cookie page for more information about how we use cookies on our websites and services. We always seek your consent to use cookies.

 
   

9. Your Rights in Relation To Your Personal Information

 

This section explains the rights you have in respect of your personal data and we have processes to enable you to exercise these rights.

Your Data Rights

Explanation

Right of Access

If you want to know if we are processing personal data relating to you and to have access to any such personal data, you can contact us using the details below. In order to furnish you with a copy of your personal data that we hold we will need to verify your identify. This is known as a Data Subject Access Request.

Right to be Informed

You have the right to be informed about the collection and use of your personal data. The Party provides this in a form of privacy information and/or privacy policys at the point of collection.

Right To Rectification

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the data and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

If you believe that we hold inaccurate personal data about you, please contact us using the details below. Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate, we will make the necessary changes.

   

Right To Erasure

You also have the right to request erasure of your personal data or to restrict processing (where

applicable).

However, this right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims. In addition, if you opt out of marketing communications or have previously opted out of marketing communications, we have to keep a record of such opt out to ensure that we don’t contact you again in the future.

Right To Restriction

You have a right to request that processing of personal data is restricted in certain circumstances. However, we shall still continue to process the personal data for storage purposes, for the establishment, exercise or defence of legal claims.

Right To Object

Where we are relying on legitimate interests as a legal basis to process your data, you have a right to object to such processing on grounds relating to your particular situation.

Right To Portability

You have the right to have the data we hold about you transferred to a third-party organisation, and you can ask that we provide it in a machine-readable format.

Right To Complain to The Supervisory Authority

You have the right to lodge a complaint with the Data Protection Commission and more details can be found on their website – www.dataprotection.ie

10. CHANGES TO THIS PRIVACY STATEMENT


We reserve the right to change this statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this statement. However, if we make material changes to this statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective.

11.       Contact Details

 

For Data Subject Rights

 To exercise your data subject rights, please contact us by clicking here. Or contact us at dataprotection@glenstal.com If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

For Further Information

 

Should you require additional information then you can contact our Data Protection Officer at the following email address: dataprotection@glenstal.com

You may also contact our external Data Protection Officer, Canberk Caldemir, PrivacyEngine, by writing in to:

Data Protection Officer, Murroe Co. Limerick, V94 A725,

Ire

Subscribe To Our Newsletter To Receive Updates

[hubspot type=form portal=6886884 id=9e1d6d0d-c51e-4e35-929d-3a916798de64]