Aurora, Kilkenny (Aurora) supports the rights of Data Subjects (people we support, families, employees, service providers) to know what information is held about them within the organisation as defined in the Data Protection Acts 1988 and 2018. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing, storage and security of their personal data.
You supply information about your family member and yourself to the organisation in order to avail of services or satisfy obligations. This Data Protection Statement is intended to assist you in exercising your rights under the Data Protection Acts 1988 and 2018 and the General Data Protection Regulation (GDPR), which commenced in May 2018. It also serves to assist staff in answering requests. For the purpose of Data Protection, Aurora controls the contents and use of personal data and is known as a Data Controller. Aurora undertakes to protect any information provided to it on a confidential basis subject to our obligations under the law, including the Data Protection Acts 1988 and 2018 & GDPR.
The Data Protection Acts 1988 and 2018 and GDPR provide similar rights of access as the Freedom of Information Act 2014, the main difference being that the Data Protection Acts do not apply to records of deceased persons. Our Data Protection Policy can be found here. The GDPR sets out seven key principles. Aurora as a Data Controller must adhere to these principles whether the information is held on computer or in a manual form:
- Obtained and processed lawfully, fairly and in a transparent manner which means that the persons providing it must know the purpose for which it will be used, and the persons to whom it will be disclosed.
- Ensure that it is adequate, relevant and limited to what is necessary for the purpose it is processed.
- Kept for specified, explicit and legitimate purposes and do not otherwise use it in a way that is incompatible with those purposes.
- Keep it accurate, complete, up to date and erase or rectify any inaccurate data without delay.
- Retain it for no longer than is necessary for its purpose(s) and ensure it is kept in a way that allows you to identify who the data is about.
- Keep it secure by using appropriate technical and organisational security measures.
- Be able to demonstrate compliance with the above principles.
Your Rights as a Data Subject under GDPR:
- Right to be informed about your data.
- Right of access to your data.
- Right of rectification if your data is inaccurate, without undue delay.
- Right to erasure of your data (right to be forgotten).
- Right to portability of your data (to another data controller without hindrance).
- Right to object to processing of your personal data.
- Right to restriction (limited) of processing of your personal data.
- Right not to be subject to a decision based solely on automated processing (including profiling).
How to make a request under Data Protection
You can make a request by writing to the Data Protection Officer at the address below or by email to firstname.lastname@example.org. Please state the specific record(s) you are requesting. You may also make your request via our Subject Access Request form which is available here. It is important that you describe the records that you are seeking in the greatest detail possible to enable us to identify the relevant records. Please note that the Data Protection Acts apply to personal information but not to records of the deceased. Please submit your request via letter, email or form to: Áine Forde, Data Protection Officer, Aurora, Unit 11/12 Danville Business Park, Ring Road Kilkenny R95 KD32, or by email: email@example.com
Entitlements under the Data Protection legislation
A decision will, in normal circumstances be issued within one month of receipt of your request. Depending on the complexity of the request, an extension may be required. You will be notified if an extentsion is required within one month of your request and with the reason for the extension. There are exemptions provided for in the legislation; this means that there are specific circumstances when the requested information will not be released. Should this situation arise, the reason(s) will be clearly explained to you. Details of your entitlement to complain to the Data Protection Commissioner will be included in the decision letter. More details on your rights can be obtained from: The Office of the Data Protection Commissioner’s Office Canal House, Station Road, Portarlington, Co. Laois. Telephone: 00353 578 68 4800 or 00353 761 104 800 Email: firstname.lastname@example.org To view the data protection legislation, please visit www.dataprotection.ie