All data subjects whose personal data is collected, in line with the requirements of the GDPR.
2.1 The Data Protection Officer and General Secretary are responsible for ensuring that this notice is made available to data subjects prior to PNA collecting/processing their personal data.
2.2 All Employees/Staff of PNA who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject's attention and their consent to the processing of their data is secured.
3. Privacy notice
3.1 Personal data
Under the EU's General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
4. Personal Data Protection Principles
We adhere to the principles relating to Processing of Personal Data set out in the DPAs which require Personal Data to be:
4.1 Processed lawfully, fairly and in a transparent manner ( Lawfulness, Fairness and Transparency ).
4.2 Collected only for specified, explicit and legitimate purposes ( Purpose Limitation ).
4.3 Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed ( Data Minimisation ).
4.4 Accurate and where necessary kept up to date ( Accuracy ).
4.5 Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed ( Storage Limitation ).
4.6 Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage ( Security, Integrity and Confidentiality ).
4.7 Not transferred to another country without appropriate safeguards being in place ( Transfer Limitation ).
4.8 Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data ( Data Subject's Rights and Requests ).
4.9 We are responsible for and must be able to demonstrate compliance with the data protection principles listed above ( Accountability ).
5. Who we are and what we do with your data.
5.1 The PNA is an organisation representing Psychiatric Nurses and Students in the nursing services including in Mental Health, Intellectual Disabilities, Psychiatry of Later Life, Child & Adolescent Services and Firefighters and Ambulance Paramedics who accept the rules and objectives of the association and whose application is approved, in relation to Industrial and Professional matters.
5.1 Our Data Protection Officer can be contacted directly here:
• 045 852300
• Available 24 hours.
5.2 The personal data we collect/process on you is: Name, Date of Birth, postal address, phone number, grade, qualifications, current practice address, email, local PNA branch, details of salary protection schemes, payroll officer, work location, payroll reference.
5.3 The personal data we collect/process will be used for the following purposes:
5.3.1 Contact details to distribute news, job adverts, merchandise, information, for e.g. We may periodically send promotional email about new services, special offers or other information which we think you may find interesting using the email address which you have provided.
5.3.2 Grade, Qualification data, which may be used to provide you with information specific to your role and educational opportunities.
5.3.3 Work location for the purposes of contacting/assigning local branch.
5.3.4 Information regarding salary protection for you to update scheme providers
5.3.5 Employee info for the purposes of employment contracts.
5.3.6 Internal record keeping.
5.3.7 We may use the information to improve our products and services.
5.4 Reasons we process your personal data:
5.4.1 To supply services you have requested, i.e. membership/representation. This processing will only be relevant for the purposes of completing your membership and/or providing representation and/or providing miscellaneous expenses and the category of recipient will be based on the facility required. For example, our representation procedure is that, where at all possible and where relevant, an IR issue, should be dealt with locally initially, this is because the local knowledge of the service is vital and can prove highly effective in dispute resolution. In this regard we may pass on your phone number to a local/regional representative for the purposes of dispute resolution.
5.4.2 For the purposes for which it was provided by you and any reasonable purpose including providing you with information and or services/representation.
5.4.3 For the purposes of completion of membership deductions or employee contracts.
5.4.4 For marketing and admin purposes including providing you with information, offers, courses that we provide. (You can exercise your right to prevent certain processing by not ticking certain boxes on our membership forms.)
5.4.5 For branch notifications and information distribution. You can opt to give your email address to your branch rep who may then add you to a local mailing list so as to keep you informed and up to date with relevant information.
5.4.6 For administration or analysis purposes or to improve services.
5.5 Third parties we use are as follows:
• Employer Salaries Departments
• Cornmarket (in the case of PNA Plus)
• Logicore, cloud based database providers
• PNA Solicitor (only when required)
• Accountant (only specific to those receiving expenses, employee details for salaries)
The special categories of personal data concerned are :
• Trade Union Membership
By consenting to this privacy notice, upon signing your application form, you are giving us permission to process your personal data specifically for the purposes identified.
You may withdraw consent at any time, if you wish to do so please contact PNA Data Protection Officer for details of with Withdrawal of Consent Procedure.
5.7 Retention period
5.7.1 PNA will process personal data for only for the term of your membership with our Union. Your data will be stored also for the duration of your membership. Upon cancelling/ceasing membership with the PNA your data will be archived to a secure retention location in PNA head office. If you wish to have your data erased please contact PNA Head Office regarding your right to be forgotten claim. We keep your application form on record even after membership has ceased in case there is an administrative issue for example; salary protection, refund claim, issue regarding application of PNA plus, branch benevolent funds and any other administration issue that may arise.
5.7.2 With regard to the above, it is imperative that you keep us updated as to the status of your membership should there be changes after you join. If you are contacted as part of mailing system after cancelling your membership but have failed to inform us we cannot be held liable.
5.7.3 A copy of PNA Data Retention Procedure is available on request.
5.8 Your rights as a data subject
Unless subject to an exemption under the GDPR, at any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you. (Data Subject Access Request Form and Procedure is available on www.pna.ie)
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Organisation Name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
• All of the above requests will be forwarded on should there be a third party involved (as stated above @ 5.5) in the processing of your personal data.
5.9 Data Breaches:
Under the GDPR, breach notifications will be mandatory “unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”
Notification must be provided within 72 hours of first noticing the breach.
Service providers are also obliged to notify the organisations involved “without undue delay” after becoming aware of a personal data breach
In the event that you wish to make a complaint about how your personal data is being processed by PNA (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and/or PNA's Data Protection Officer. The details for each of these contacts are:
Supervisory Authority contact details
[Data Protection Officer (DPO)] - PNA
Data Protection Commissioner
Co. Laois 1890252231
Ms Elayne Melia
Psychiatric Nurses Association
Co. Kildare 045 852300
The Data Protection Officer /General Secretary is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR. A current version of this document is available to all members of staff and all members and is available on www.pna.ie
This procedure was approved by the General Secretary and is issued on a version controlled basis under his signature.
Description of Change
Approval – General
Date of Issue