On what grounds do we process personal data?

4 ON WHAT GROUNDS DO WE PROCESS PERSONAL DATA?

4.1 We must have a lawful basis for Processing your information; this will vary according to the circumstances of how and why we have your information but typical examples include:

4.1.1 the activities are within our legitimate interests in advancing and maintaining the Roman Catholic religion, in providing information about the activities of the Order, and to raise charitable funds for our work;

4.1.2 you have given consent (which can be withdrawn at any time by contacting us using the details below) for us to process your information (e.g. to send you marketing or fund-raising communications by e-mail);

4.1.3 we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract (e.g. where you enter into a hire agreement for one of our facilities);

4.1.4 the Processing is necessary for compliance with a legal obligation (e.g. where we pass on information to TULSA for safeguarding or other reasons);

4.1.5 the Processing is necessary for carrying out a task in the public interest (e.g. up-dating and maintaining the Register of Marriages); or

4.1.6 to protect your vital interests (e.g. if you were unfortunate enough to fall ill or suffer an injury on our premises, then we may pass on information to the HSE for treatment purposes and to family members).

4.2 If we Process any Special Categories of Personal Data we must have a further lawful basis for the processing. This may include:

4.2.1 where you have given us your explicit consent to do so (e.g. to cater for your medical or dietary needs at an event);

4.2.2 where the Processing is necessary to protect your vital interests or someone else’s vital interests (e.g. passing on information to the Gardai);

4.2.3 where the Processing is carried out in the course of our legitimate interests as a Roman Catholic Religious Order working with and supporting our current and former Members, benefactors and supporters, parishioners, fellow Roman Catholics and the information is not shared outside the Order other than with your consent (e.g. carrying out a survey or questionnaire);

4.2.4 you have made the information public;

4.2.5 where the Processing is necessary for the establishment, exercise or defence of legal claims;

4.2.6 where the Processing is necessary for carrying out the Order’s employment and social security obligations; or

4.2.7 the processing being necessary for reasons of substantial public interest (e.g. where steps are taken to prevent fraud or other dishonest activity);

provided that the legal basis is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your rights, or as part of our legitimate interests as a Roman Catholic Religious Order and charitable institution.

4.3 If we process any Personal Data comprising criminal convictions or offences we must also have a further lawful basis for the processing. This may include:

4.3.1 where the Order is exercising obligations or rights which are imposed or conferred by law on us or you in connection with employment, social security or social protection and the Order has an appropriate policy document in place (e.g. to undertake appropriate checks on individuals prior to taking up a role);

4.3.2 where it is necessary for the prevention or detection of an unlawful act (e.g. passing on information to the Gardai or other investigatory body);

4.3.3 where the Order is complying with, or assisting others to comply with, regulatory requirements relating to unlawful acts or dishonesty (e.g. passing on information to the Gardai or other investigatory body);

4.3.4 where it is carried out in the course of safeguarding children or other individuals at risk e.g. making a Safeguarding disclosure;

4.3.5 where an individual has given their consent to the processing;

4.3.6 where the Order is establishing, exercising or defending legal claims (e.g. providing information to our insurers or lawyers in connection with legal proceedings);

4.3.7 where it is necessary to protect the vital interests of an individual (e.g. passing on information to the Gardai); or

4.3.8 where it is carried out in the course of the Order’s legitimate activities as a not-for-profit body with religious aims (e.g. carrying out pastoral activities).