Skip to content

Privacy Notice

1. Who are we? How can you contact us?

“We” are Rainbows Ireland, a registered Charity No 12507.

This Notice applies to Rainbows Ireland as the DATA CONTROLLER for the purposes of the General Data Protection Regulation EU2016/679, and the Data Protection Acts 1988 – 2018.

When you apply to attend a course / project / group the Personal Data that you provide will be held by one or more of the following entities (each is a “Data Controller”):

  • Rainbows Ireland
  • Rainbows Authorised Registered Centres

Each Controller is committed to ensuring that the Personal Data it processes is handled in accordance with the principles set out in the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Acts 1988 to 2018.

Rainbows Ireland also acts as a Processor and Joint Controller in certain circumstances.

For data protection issues, please email privacy@rainbowsireland.ie

2. What personal data do we collect & use and where do we get your personal data from?

“Personal Data” is data that can identify you, either directly or indirectly, as an identified or identifiable individual.

There are many elements of Personal Data which may be sought and recorded at enrolment and may be collated and compiled during the course of participation with us in our projects and groups. That relationship may be as a participant, applicant child, parent/guardian, volunteer or training centre provider/facilitator, or a supporter of our services (by fundraising, donations, parents, and other stakeholders).

Personal Data is collected in order to facilitate the operation, management and coordination of the course and the needs of applicant children and parents and those involved in the projects and groups.

When you apply to attend a course / project / group the Personal Data that you provide will be held by one or more of the following entities (each is a “Data Controller”):

  • Rainbows Ireland
  • Rainbows Ireland Authorised Registered Centres

Each Controller is committed to ensuring that the Personal Data it processes is handled in accordance with the principles set out in the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Acts 1988 to 2018.

At all times we are conscious that our processing of personal data, including sensitive personal data (special category data), will be limited to only what is necessary and proportionate for the purposes for which it is collected.

These records will include:

  • Name
  • Address and contact details
  • Eircode
  • Date and place of birth
  • Names and addresses of parents/guardians and their contact details (including any special arrangements with regard to guardianship, custody or access)
  • Any relevant special conditions (e.g., special educational needs, health issues etc.) which may apply
  • Attendance records
  • Photographs and recorded images of participants (including at events and noting achievements)
  • Personal Data relating to your emergency contacts and parents or guardian details for under 18s
  • Other records e.g., records of any serious injuries/accidents etc.

Personal data which will be sought and recorded through staff and volunteer records:

  • Name, address and contact details, PPS number, Eircode
  • Volunteer referrer details
  • Garda vetting outcome record
  • Contract of employment and any amendments to it
  • Original records of application and appointment to promotion posts

Financial information records:

  • Payroll records
  • Employee review meetings

Grievance and disciplinary procedures information:

  • Details of approved absences (career breaks, parental leave, study leave etc.)
  • Information relating to your health, which could include reasons for absence and GP reports and notes
  • Details of work record (qualifications, classes taught, subjects etc.)
  • Details of any accidents/injuries sustained on school property or in connection with the staff member carrying out their duties
  • Records of any reports made in respect of the staff member to State departments and/or other agencies under mandatory reporting legislation and/or child safeguarding guidelines

Personal data which will be sought and recorded through Parents/Guardians’ Records:

Rainbows Ireland may hold some or all of the following information about parents and/or guardians of participants: names and addresses, Eircode of parents/legal guardians and their contact details (including any special arrangements with regard to guardianship, custody or access) and other related correspondence.

Personal data which will be sought and recorded through fundraising and donation: names, addresses and emails.

You may give us personal data by:

  • Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our services.
  • Filling in forms. Rainbows Ireland will use the personal information you provide in connection with our projects and services.
  • Participating in our groups/projects. The Personal Data collected will be used to facilitate the operation, management, and coordination of these services.
  • That relationship may be as a participant, applicant child, parent/guardian, volunteer or training centre provider/facilitator, or a supporter of our services (by fundraising, donations, parents, and other stakeholders).
  • Personal Data relating to your emergency contacts and parents or guardian details for under 18s will be processed by us. This Personal Data will also be processed jointly with various State Agencies and Authorised Rainbow Centres.
  • Applying to work with us. The type of information you may provide includes your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history, referrer details and education. When you apply to work with us, we may share your Personal Data with our various Funders and/or Auditors.
  • Volunteering with us. We also process referrer details for prospective employees and volunteers.
  • Making a donation.
  • Garda Vetting — as stipulated in The National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016, all staff, volunteers, voluntary officers, and other individuals who provide services to us and who interact with children or vulnerable persons must be vetted by An Garda Síochána. Garda Vetting requires the provision of verified proof of identity and proof of address by all vetting candidates. The purpose for processing your Personal Data in this context is that it is necessary to comply with our legal obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016.

We may also process other data which is not personal data. When you access our website, your device’s browser provides us with information such as your IP address, browser type, access time and referring URL, which is collected and used to compile statistical data. This information may be used to help us improve our website and the services we offer.

What information about you do we obtain from others?

When you use our services, we may obtain personal data from Government Agencies/Public Sector Bodies, Schools and Community Services, Tusla, and/or your authorised representatives or involved agencies and statutory bodies.

3. Do you collect personal data from children (under 16 year olds)?

Children’s Personal Data: We do collect and manage information about children. The information is usually collected when children use our services. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children; however we also process children’s data including special category data as is necessary for compliance with legal obligations to which we are subject.

4. How and why do we use personal data?

We collect the information in order to provide you with our services. We will use this information:

  • To enrol you on our systems so as to provide you with our services in order to facilitate the operation, management and coordination of our group support groups.
  • To liaise with you and the various Authorised Registered Centres about services that we and they are providing to you.
  • To deliver information about our services, where you have subscribed to receive same.
  • To fulfil our statutory functions.
  • To administer and improve our website and for internal operations, including troubleshooting, and statistical and survey purposes where consent is given.
  • As part of our efforts to keep our website safe and secure.
  • To make suggestions and recommendations to you and other users about services that may interest you or them.
  • To publicise and promote the benefits of our services for their participants, by way of social media and other online platforms.
  • To facilitate donations.

The legal bases for the processing of your Personal Data are:

  • That you have provided consent for the processing for one or more specified purposes.
  • Processing necessary for the performance of a contract which you have entered into with us, or to take steps at your request prior to entering into a contract.
  • Processing necessary for compliance with a legal obligation to which we are subject.
  • To comply with monitoring, reporting, and evaluating requirements.
  • Processing done on the basis of legitimate interest, balancing the rights and freedoms of the data subject.

If you do not provide us with your Personal Data so that we can process it for the above purposes, we will not be able to enrol you or administer your participation in our groups/projects.

Special Category Data and the lawful basis for that processing activity.

The processing of your Personal Data may include personal data relating to children’s data or otherwise which is regarded as Special Category Personal Data under the GDPR.

The legal bases for the processing of your special category data or sensitive data are:

  • That you have explicitly provided consent.
  • Processing necessary for compliance with a legal obligation to which we are subject, including but not limited to statistical and research purposes at an aggregate level and comparing the progress of socio-economic groups participating in groups.
  • Such statistics and research will assist in identifying gaps in the systems and assisting in the development and implementation of appropriate policies.

If you do not provide us with your Personal Data so that we can process it for the above purposes, we will not be able to enrol you or administer your or your children’s participation in our group. Where we process Personal Data based only on consent, you may withdraw your consent. When someone withdraws their consent, this does not affect the lawfulness of the processing up to that point.

5. Do we share personal data?

We may share your personal data with our selected suppliers and contractors and authorised registered centres to provide you with our services. The Personal Data held on your record will be disclosed to relevant staff/volunteers of Rainbows Ireland and other State Agencies on the basis of contract or statute. All staff/volunteers are made aware of the procedures they must follow to ensure your Personal Data is appropriately protected.

The Personal Data you provide may be disclosed to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request or to perform a public function. It may also be necessary, under contract, to disclose your Personal Data to comply with reporting obligations where you are a participant of a European Union co-funded group.

We may also disclose your Personal Data to governmental, regulatory and/or public bodies or other third parties:

  • If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our course participant attendees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
  • Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and/or court orders.
  • Your authorised representatives.
  • Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information. We attach at Schedule 1 a list of some entities with whom your personal data is shared.
6. Is personal data sent outside the European Union?

We will, from time to time, make use of services provided by third parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365/Microsoft. Where Personal Data needs to be transferred or processed outside the EU/EEA, we choose providers who process Personal Data on the basis of:

  • Standard Contractual Clauses (SCCs)
  • An Adequacy Decision from the European Commission
7. What is the legal basis for collecting and processing personal data?

Irish and EU law sets out the grounds upon which data controllers such as Rainbows Ireland can rely on to lawfully process personal data.

We rely on the following grounds:

  • Where you have given us consent to the processing of your personal data for a specific purpose.
  • The processing is necessary for Rainbows Ireland to fulfil our contract with you or others, such as funding agencies.
  • The processing is necessary for compliance with a legal obligation, for example to comply with child protection and/or Revenue requirements.
  • The processing is necessary in order to protect the vital interests of a staff member or another person, for example, an attendee at a training course in a medical emergency.
  • The processing is necessary for the purposes of the legitimate interests pursued by Rainbows Ireland or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Some marketing might take place under this heading, but never to children.

The legal bases for the processing of your special category data or sensitive data (for example health and wellbeing data) are:

  • That you have explicitly provided consent.
  • Processing necessary for compliance with a legal obligation to which we are subject.
  • Processing necessary for substantial reasons of public interest, which will always respect the essence of the right to data protection.

Where we process your Personal Data based only on your consent, you may withdraw your consent. When someone withdraws their consent, this does not affect the lawfulness of the processing up to that point.

8. What are my rights, and how do I exercise them?

As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Personal Data. These rights apply in certain circumstances and are set out below:

  • The right to access Personal Data relating to you (‘access right’).
  • The right to rectify/correct Personal Data relating to you (‘right to rectification’).
  • The right to object to processing of Personal Data relating to you (‘right to object’).
  • The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
  • The right to erase/delete Personal Data relating to you (the ‘right to erasure’).
  • The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to Personal Data portability’).

These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by contacting us at: privacy@rainbowsireland.ie

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission: www.dataprotection.ie

DATA PROTECTION COMMISSION contact details:

Dublin Office
21 Fitzwilliam Square
Dublin 2
D02 RD28
Ireland

Portarlington Office
Canal House
Station Road
Portarlington
R32 AP23
Phone: +353 57 868 4800 or +353 761 104 800
LoCall: 1 890 25 22 31
Fax: +353 57 868 4757
Email: info@dataprotection.ie

We would ask that you contact us first at privacy@rainbowsireland.ie to enable us to try to deal with the matter to your satisfaction.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time, but any processing that we have carried out before you withdrew your consent remains lawful.

If you are receiving marketing from us, you may opt out at any time. If you no longer wish to be contacted for marketing purposes, please contact us as set out in this Notice to request to opt out of marketing.

9. Can I stop getting emails, text messages and other communications from you?

Yes. If you no longer wish us to contact you in a particular way, just advise us and we will respect your wishes. It may be necessary for us to contact you from time to time in connection with services, for example to ensure your Personal Data is correct.

Marketing: If you no longer wish to receive marketing communications by electronic means, use the opt-out facility in any of our communications, or email us at admin@rainbowsireland.ie

10. Is personal data secure?

We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.

The transmission of information via the internet is not completely secure and may involve the transfer of Personal Data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered through the Cloud. We do not authorise any third party to use your Personal Data for their own purposes.

Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access.

11. How long do we keep personal data?

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

We keep your Personal Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Personal Data to provide this service to you, you can request that we erase your Personal Data. Please note that if you request the erasure of your Personal Data:

  • We may retain some of your Personal Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
  • We may retain and use your Personal Data to the extent necessary to comply with our legal or contractual obligations.
  • Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Personal Data may not be removed from our backup systems for a limited period of time.
12. How do you contact us?

You have the right to complain to the Data Protection Commission if you feel that we are in breach of any of your rights. We would ask that you contact us first to enable us to try to deal with the matter to your satisfaction.

Please contact us at privacy@rainbowsireland.ie

13. Miscellaneous/Photos

Where we process your Personal Data based only on your consent, you may withdraw your consent.

You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Personal Data. In Ireland the Data Protection Commission is the supervisory authority.

In circumstances where the provision of your Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Personal Data whether the Personal Data is a required field, and the consequences of not providing the Personal Data.

Videography and Photography: Some of our groups will involve photographic or video records made for informational and promotional purposes due to your presence at an event hosted by us or by any third party authorised by us. The images resulting from the photography, videography or recordings, and any reproductions or adaptations of same, may be used for promotion, publicity and/or other purposes.

By attending such events, you acknowledge that the event is in a public place and that you may have a reduced expectation of privacy. While you have a right to object to your inclusion in any photographs or video footage, any such objection must be balanced against the legitimate interests pursued by us and/or third-party media outlets and broadcasters.

14. Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies/notices and that we do not accept any responsibility or liability for those policies/notices. Please check those policies/notices before you submit any Personal Data to those websites.

15. Social Networks

We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will involve cookies being set by these networks while using our site. You may choose to refuse these cookies. Your use of these social media platforms remains subject to your own user agreements with the platform providers.

16. Changes to this Notice

This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services.

This Notice is effective from 20th June 2024.

Schedule 1
Third party name
Description of services provided
Cloud Service Providers
Microsoft, Zoom, Callsoft
IT Providers
MicroPro
Website Service Providers
iWorks
Other Service Providers/Funders
List can be provided on request
×

Facilitator Training Booking Form

Important: Before You Book


Your school or organisation must be a Registered Rainbows Centre.

You cannot book this training until registration is complete.

This includes:

  • Your Principal/Senior Manager attending a Rainbows Information Session
  • Completing the required documentation

Need help?

 Email: admin@rainbowsireland.ie
 Call: Head Office 01 4734175
  
  
Facilitator Booking Form (PDF)