CLICK HERE TO VIEW DOWNLOAD PDF DOCUMENT
Reference: GDPR REC 4.1
Issue No: 1.5
Issue Date: 02/10/24
Scope
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
- Responsibilities
- The Data Protection Officer and General Secretary are responsible for ensuring that this notice is made available to data subjects prior to PNA collecting/processing their personal data.
- All Employees/Staff of PNA who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
- Personal Data Protection Principles
- The PNA take data protection very seriously and treat personal data confidentially and in accordance with General Data Protection Regulation.
- Personal data
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
We adhere to the principles relating to Processing of Personal Data set out in the DPAs which require Personal Data to be:
- Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
- Collected only for specified, explicit and legitimate purposes (Purpose Limitation).
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).
- Accurate and where necessary kept up to date (Accuracy).
- Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).
- Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
- Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
- Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).
- We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).
3. Who we are and what we do with your data.
- The PNA is an organisation representing Psychiatric Nurses and Students in the nursing services including in Mental Health, Intellectual Disabilities, Psychiatry of Later Life, Child & Adolescent Services and Firefighters and Ambulance Paramedics who accept the rules and objectives of the association and whose application is approved, in relation to Industrial and Professional matters.
- Our Data Protection Officer can be contacted directly here:
This email address is being protected from spambots. You need JavaScript enabled to view it. - 045 852300
- Available 24 hours.
- The personal data we collect/process on you is: Name, Date of Birth, postal address, phone number, grade, qualifications, current practice address, email, local PNA branch, payroll officer, work location, payroll reference, bank details, employment details for representation purposes
- The personal data we collect/process will be used for the following purposes:
- Contact details to distribute news, industrial relations issues, job adverts, merchandise, information, for e.g. PNA Diary. We may periodically send promotional email about new services, special offers or other information which we think you may find interesting using the email address which you have provided.
- Grade, Qualification data, which may be used to provide you with information specific to your role and educational opportunities.
- Work location for the purposes of contacting/assigning local branch.
- Personnel number for the purpose of collecting subscriptions
- Information regarding salary protection to update scheme providers
- Internal record keeping.
- Employment Details in the event of representation.
- Reasons we process your personal data:
- To supply services you have requested, i.e. membership/representation. This processing will only be relevant for the purposes of completing your membership and/or providing representation and/or providing miscellaneous expenses and the category of recipient will be based on the facility required. For example, our representation procedure is that, where at all possible and where relevant, an IR issue, should be dealt with locally initially, this is because the local knowledge of the service is vital and can prove highly effective in dispute resolution. In this regard we may pass on your phone number to a local/regional representative for the purposes of dispute resolution.
- For the purposes for which it was provided by you and any reasonable purpose including providing you with information and or services/representation.
- For the purposes of completion of membership deductions or employee contracts.
- For marketing and admin purposes including providing you with information, offers, courses that we provide. (You can exercise your right to prevent certain processing by not ticking certain boxes on our membership forms.)
- For branch notifications and information distribution. Once consent is given a members name, number and email address will be processed to your branch rep who may then add you to a local mailing list so as to keep you informed and up to date with relevant information.
- For administration or analysis purposes or to improve services.
- Right of access – you have the right to request a copy of the information that we hold about you. (Data Subject Access Request Form and Procedure is available on www.pna.ie)
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to judicial review: in the event that the PNA refuses your request under rights of access, we will provide you with a reason as to why.
- All of the above requests will be forwarded on should there be a third party involved
Under the GDPR, breach notifications will be mandatory “unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”
Notification must be provided within 72 hours of first noticing the breach.
Service providers are also obliged to notify the organisations involved “without undue delay” after becoming aware of a personal data breach
Document Approval
The Data Protection Officer /General Secretary is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR. A current version of this document is available to all members of staff and all members and is available on www.pna.ie
|
This procedure was approved by the General Secretary and is issued on a version controlled basis under his signature.
