Unit B Terenure Enterprise Centre, 17 Rathfarnham Road, Terenure, Dublin 6w

Security and Privacy Policy

Health Service Reform represents people let down by the Irish public health service. Health Service Reform is a non-governmental body set up to change the Public Health Service in Ireland. Health Service Reform is a trading name of HSReform Limited.

Terms used in this policy


Data protection is the means by which the privacy rights of individuals are safeguarded in relation to the processing of their personal data. The Data Protection Acts 1988 and 2003 confer rights on individuals as well as placing obligations on those entities processing personal data.

Personal data is information relating to an identified or identifiable natural person (‘data subject’). It is a broad term and includes a wide range of information. It includes online identifiers such as IP addresses and cookie identifiers.

Special categories of personal data means information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data processing is a very broad concept and includes almost anything you can do with personal data, including collection, storage, use, disclosure and destruction.

Data retention is the length of time for which personal data will be kept and the reasons why the information is being retained. In determining appropriate retention periods, regard must be had for any statutory obligations imposed on a data controller.

Data controller is the legal person who, alone or jointly with others, determines the purpose and means of the processing of personal data. In other words, ‘what personal data will be processed for and ‘how’ it will be done. For the purpose of the Data Protection Acts 1988 and 2003 (as amended) (the ‘DPA’) and from 25 May 2018, the General Data Protection Regulation (the ‘GDPR’), the data controller is Health Service Reform.

Data processer means the legal person such as an individual or a company who processes personal data on behalf of HSR. For example, the payroll provider used by us and data cloud providers HSR use (eg. Salesforce, Mailchimp).

HSR will process any personal information provided to it by individuals, whether it be provided through our website, in person, by any form, correspondence, telephone, email or by any other means, or otherwise held by us in relation to you in the manner set out in this policy.

By submitting your information to us and or by using the HSR website you confirm your consent to the use of your personal information as set out by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not use the website or provide us with any personal information.

You may provide HSR with information by:
• Corresponding with HSR by letter, telephone, e-mail or in person;
• Subscribing to the HSR newsletter or E-zine (electronic magazine);
• Registering for a HSR event;
• Applying for membership of HSR;
• Donating to HSR;
• Applying to work with HSR as an employee or volunteer;
• visiting the HSR website.

This information may include traffic data, location data, blogs and other communication data in accordance with HSR’s Cookie Policy that may identify personal information and information of an anonymised or technical nature.

HSR will only ever ask you to disclose only as much information as is necessary for the purpose of your interaction with us.

Why HSR collect this information


HSR collects the information in order to function effectively as an organisation; to communicate with our membership; to campaign and fundraise, to improve our HSR website; to recruit staff and volunteers; to host events and to undertake research.

How HSR will use this information


HSR will use this information to:
process any enquiry from you;
liaise with you about projects that HSR is undertaking with you;
comply with obligations arising from a contract entered into between you and HSR;
register you for an HSR event;
provide you with news about HSR’s work;
process a membership application from you;
set up, operate and manage any marketing or fundraising services subject to your explicit consent;
comply with our legal duties and responsibilities;
provide security to, and ensuring the health and safety of, employees, volunteers and visitors to company premises;
administer and improve the HSR website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
as part of our efforts to keep our website safe and secure; and
to make suggestions and recommendations to you and other users of our website about services that may interest you or them.
The legal bases for the processing of your data are:
That you have provided consent for the processing for one or more specific purposes; or
The processing is necessary for the performance of a contract which you have entered into with HSR or to take steps at your request prior to entering into a contract; or
The processing is necessary to comply with a legal obligation to which HSR are subject.
HSR does not engage in any automated decision making processes nor do HSR use any personal data as a basis for any such automated decisions.
Disclosure of your information

HSR may also share your information with selected third parties including, business partners, suppliers and sub-contractors for the performance of any contract HSR enter into with them or you and to assist us in fulfilling our functions such as:
Cloud computing services;
Customer Relationship Management (CRM) service providers;
Archive or confidential shredding companies;
Information and Communications Technology service providers
How long HSR retain your information
The time periods for which HSR retain your information depends on the type of information and the purposes for which HSR use it. HSR will keep your information for no longer than is required or permitted. For further information, please see HSR Data Protection Policy.

HSR does not transfer your data outside of the EU.

Your rights with respect to your personal information


You have the following rights:
The right to access the information HSR hold about you;
The right to require us to rectify any inaccurate information about you without undue delay;
The right to have us erase any information HSR hold about you in circumstances such as where it is no longer necessary for us to hold the information for your use of our services or if you have withdrawn your consent to the processing;
The right to object to us processing information about you such as processing for profiling or direct marketing;
The right to ask us to provide your information to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people; and
The right to request a restriction of the processing of your information.
When HSR processing of your information is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that HSR have carried out before you withdrew your consent remains lawful. You may exercise any of the above rights by writing to:
Unit B Terenure Enterprise Centre, 17 Rathfarnham Road, Terenure, Dublin 6w
contact@healthservicereform.ie