The Association of Adolescent Psychotherapists and Counsellors in Ireland (AAPCI) is committed to protecting the privacy and personal data of its members, clients, and stakeholders. This General Data Protection Regulation (GDPR) Policy outlines how we collect, process, store, and protect personal data in compliance with the GDPR and relevant Irish data protection laws.
1. Introduction
The GDPR, effective from 25 May 2018, governs the processing of personal data within the European Union. It emphasizes transparency, security, and accountability by data controllers and processors, while strengthening individuals' rights regarding their personal data. AAPCI is dedicated to ensuring compliance with these regulations.
2. Data Collection
AAPCI collects personal data for specific, legitimate purposes, including:
Membership Management: Processing applications, maintaining membership records, and communicating with members.
Professional Development: Organizing training events, workshops, and maintaining CPD records.
Regulatory Compliance: Ensuring adherence to legal obligations and industry standards.
The types of personal data collected may include:
Contact details (e.g., name, address, email, phone number).
Professional qualifications and accreditation details.
Records of CPD activities and supervision.
Financial information for processing fees and subscriptions.
3. Lawful Basis for Processing
AAPCI processes personal data based on one or more of the following lawful bases:
Consent: Where individuals have provided clear consent for specific purposes.
Contractual Necessity: Processing necessary for the performance of a contract with the individual.
Legal Obligation: Compliance with legal obligations to which AAPCI is subject.
Legitimate Interests: Processing necessary for the legitimate interests of AAPCI or third parties, provided these interests are not overridden by individuals' rights.
4. Data Usage and Processing
Personal data is used exclusively for the purposes for which it was collected. AAPCI ensures that data processing is conducted fairly, transparently, and securely. We do not share personal data with third parties without explicit consent, except where required by law or for legitimate organizational purposes.
5. Data Storage and Security
AAPCI implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. This includes:
Secure Storage: Storing physical records in locked facilities and digital data on secure servers with encryption.
Access Control: Restricting access to personal data to authorized personnel only.
Regular Audits: Conducting periodic reviews of data processing activities and security measures.
6. Data Retention
AAPCI retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We adhere to the principle that personal data shall not be kept for longer than is necessary. Specific retention periods are defined in our Record Keeping and Retention Guidelines.
7. Rights of Data Subjects
Individuals have the following rights regarding their personal data:
Right to Access: Obtain confirmation of whether their data is being processed and access to their personal data.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of personal data under certain conditions.
Right to Restrict Processing: Request limitation of data processing under specific circumstances.
Right to Data Portability: Receive their data in a structured, commonly used format and transfer it to another controller.
Right to Object: Object to data processing based on legitimate interests or direct marketing.
Requests to exercise these rights can be submitted in writing to AAPCI's Data Protection Officer.
8. Data Breaches
In the event of a data breach, AAPCI will promptly assess the risk to individuals' rights and freedoms and, if necessary, report the breach to the Data Protection Commission within 72 hours. Affected individuals will be informed without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
9. Data Protection Officer
AAPCI has appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance. The DPO's duties include:
Monitoring adherence to data protection policies.
Providing guidance on data protection obligations.
Serving as a point of contact for data subjects and the Data Protection Commission.
10. Policy Review
This GDPR Policy is reviewed regularly to ensure continued compliance with data protection laws and best practices. Updates will be communicated to members and stakeholders as necessary.
By adhering to this policy, AAPCI demonstrates its commitment to protecting personal data and upholding the rights of individuals in accordance with the GDPR.