Skip to main content

Privacy Statement

Website Privacy Statement

EPIC, Empowering People in Care, is committed to protecting your personal information and data. This privacy statement provides you with details of how we collect and process your data through your use of our website.

EPIC, Empowering People in Care’s registered address is: 7 Red Cow Lane, Smithfield, Dublin 7, D07 KX52.

We are a registered charity in Ireland and our charity number is 20055080.

If you have any questions about your data or this privacy statement, please contact our Data Protection Officer at dpo@epiconline.ie.

Your Rights

You are entitled to have your personal information:

  • Protected.
  • Used in a fair and legal way.
  • Made available to you when you ask for a copy.
  • Corrected if you ask for the information to be corrected.

If you believe that any of your data is incomplete or incorrect, you can request to change it. We will aim to update or correct the information as quickly as possible. We will notify you if this is not possible.

You also have the right to request that we erase your personal data or to restrict its processing in accordance with data protection laws.

If you submit a request to exercise any of your rights, we may require you to verify your identity before we act on your request to ensure the protection and security of your data.

You can contact our Data Protection Officer by emailing dpo@epiconline.ie, by calling 01 8727661 or by writing to: EPIC, Empowering People in Care, 7 Red Cow Lane, Smithfield, Dublin 7, D07 KX52.

Legal basis for processing your data

We process all personal data lawfully, fairly and in a transparent manner and we adhere to the relevant GDPR and data protection laws.

The lawful grounds for processing personal data are set out in Article 6 of the GDPR. These are:

  • The consent of the individual;
  • Performance of a contract;
  • Compliance with a legal obligation;
  • Necessary to protect the vital interests of a person;
  • Necessary for the performance of a task carried out in the public interest; or
  • In the legitimate interests of company/organisation (except where those interests are overridden by the interests or rights and freedoms of the data subject).

Your data

The ways we collect your data

We collect sensitive and personal information in order to deliver our service. We collect data when you:

  • Contact us via email, text, social media message
  • Fill out an advocacy request form
  • Request a Care Community callback
  • Give us feedback
  • Make a complaint
  • Sign up to our newsletter
  • Donate via PayPal
  • Use our website  – technical data like your IP address may be collected. This data cannot be used to contact or identify you.

How we process this data

EPIC will process communication data (e.g. contact via email, text, advocacy request forms, Care Community callbacks or social media messages) in order to contact you in relation to your query or direct you towards our National Advocacy Service or Youth Engagement and Participation programme.

EPIC processes personal data through our advocacy request forms, our Care Community call back form, and our feedback and complaints forms. We treat this personal information and data as confidential, and we store the information securely. All personal information submitted via our website is transferred directly to secure databases where a record is created. This record will be used and kept by EPIC for the purpose intended only. EPIC will not share this information, or any other information gathered, with any person or organisation, unless we have permission to do so, or there is a safeguarding concern.

Access to our database is restricted to authorised personnel. Our staff are aware of their professional and legal duty to respect and protect the confidentiality of your information.

Disclosure

We do not share or disclose any of your personal information without your consent, except for the ways outlined in this privacy statement or when there is a mandatory reporting matter under the Children First Act 2015 or other mandatory legal requirement (e.g. TUSLA, An Garda Síochána, Courts Service). If such a case arises the mandatory reports will be made to the relevant authorities only and you will be notified that a report has been made.

We use third parties to provide certain services and business functions. All processors acting on our behalf only process your data in accordance with EPIC policies and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Our website hosting and support is provided by Fusio.

Our IT support is provided by Right Cloud.

EPIC uses a number of third parties services:

  • Microsoft Office 365 is used for communication purposes, data processing and data storage.
  • Salesforce is used for data processing and data storage.
  • Microsoft Forms is used for our referral forms. The data gathered from these forms is transferred directly to Salesforce and data is only available to relevant staff in order to carry out our work.
  • Microsoft Forms is used for our Care Community call back form and feedback forms. Data collected via these forms is stored in our secure Microsoft Office 365 and only available to relevant staff for the intended purposes of the communication.
  • Mailchimp is used for managing our newsletter mailing list and the data collected is only available to relevant staff members.
  • PayPal is used for all donations made through our website.

All of the above companies are compliant with the GDPR, and all data stored on these systems is held securely in line with GDPR.

We do have external links on our website to third party sites, which are visibly defined as such throughout the website. We are not responsible for the content or privacy policies of these other websites.

Retention

EPIC will not keep personal data in a form which permits the identification of the data subject for longer than needed for purpose for which it was originally collected, including for the purpose of satisfying any legal, accounting or reporting requirements. Personal data is deleted, within a reasonable time, after the purposes for which it was being held has elapsed. We will take all reasonable steps to destroy or erase from our systems all personal data that we no longer require. This includes requiring third parties to delete such data where applicable.