Glasnevin Trust Website Privacy Statement

This Data Privacy Statement will be reviewed from time to time to take into account changes in the law and the experience of the notice in practice.

If you have any queries in relation to this Data Privacy Statement, or if you have any concerns as to how your data is processed, please email [email protected]

  • Who we are?

    Glasnevin Trust is a not for profit organisation and a registered Charity (Charity Number CHY5849). The funds generated from our activities support the upkeep of our cemeteries to the highest standards. Glasnevin Trust is run by an executive management team and governed by the Dublin Cemeteries Committee, a voluntary not-for-profit body originally established by Daniel O'Connell in 1828. The Committee was subsequently re-established under the Dublin Cemeteries Committee Acts of 1846 and 1970.

  • About this privacy statement

    Glasnevin Trust have created this Data Privacy Statement as the controller of personal data for visitors to this website, for prospects, clients and former clients. This notice aims to demonstrate our firm commitment to privacy and to inform people dealing with us about the information we collect and process in connection with such interaction.

    This privacy statement sets out an explanation of what personal data about you we process, why we process your personal data, with whom your personal data is shared and a description of your rights with respect to your personal data.

  • What personal data do we process?

    We need to keep and process certain personal data about you to manage our business, for management purposes, to comply with our legal obligations and, where necessary, to protect our legitimate business interests. We will collect and process personal data from you during your visit on this website, during our contractual relationship and following the termination of our contractual relationship.

    Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties, e.g. credit check references.

  • How do we use your personal data?

    The information we hold and process will be used for management and administrative purposes. We keep it and use it to enable us to run our business, manage our contractual relationship with you effectively, lawfully and appropriately and protect your rights and interests. This includes using your information to enable us to manage contracts, comply with legal obligations, pursue our legitimate interests and protect ourselves in the event of legal proceedings against the company.

    The uses we make of each category of your personal data, together with the lawful basis we rely on for those uses are set out in more details below.

    Where there is a need to process your data for a purpose other than those set out in the appendix or otherwise outlined to you, we will inform you of this.

  • How is your personal data shared?

    Your personal data may be disclosed to third parties where we are legally obliged to do so or where our contract requires or permits us to do so. For example, we pass on certain information to our accountant to fulfil our legal obligations.

    More detailed information on how we share your personal data is set out below.

  • Will your personal data be transferred abroad?

    Our data-centres are located in Ireland, so generally, your personal data will not be transferred abroad.

    In limited and necessary circumstances, your personal data may be transferred outside of the EEA (newsletters, website statistics). Appropriate safeguards are in place to ensure the security of your personal data where it is transferred outside of the EEA.

    The transfer of personal data is explained in more detail below.

  • How long do we keep your personal data?

    Any personal data processed about you on this website is retained in accordance to our record retention policy:

    • Website logs: 6 months or less;
    • Invoices: 6 years + current financial year;
    • Marketing opt-ins: until you opt-out.
    • Enquiries: Until the end of our relationship, anonymise thereafter;
  • What happens if you do not provide us with your personal data?

    In some cases, you may decline to provide us with your personal data. If we believe that we require relevant personal data to effectively and properly manage our contractual relationship, we may not be able to continue our relationship with you.

  • Will you be subject to profiling or automated decision making?

    You will not be subject to automated decision making or profiling.

  • What are your rights under the data protection law?

    You have the following rights under data protection law:

    • Information Request: the right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data;
    • Update Data: the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete;
    • Data Deletion: the right, in certain circumstances, to request that we erase your personal data;
    • Restrict Processing Object to Processing: the right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or object to our use of your personal data or the way in which we process it;
    • Data Portability: the right, in certain circumstances, to transfer your personal data to another organisation;
    • Review Automated Decisions: the right to object to automated decision making and/or profiling; and
    • File a Complaint: the right to complain to the Data Protection Commissioner.

    Please note that your ability to exercise these rights may be subject to certain condition.

  • Details of Processing Activities

    As a visitor to the website

    The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

    Personal data processed

    • Your IP address,
    • The page viewed
    • The time the page was viewed
    • The browser you used to view the page.
    • We do not cross reference the log with the enquiry, but we reserve the right to do so should we be concerned about the security of our operations.

    Purpose and lawful basis for processing of your personal data

    • Legitimate interest:
      • For statistics.
      • Legitimate interest: To help our marketing team gauge the popularity of material we would refer to.

    Sharing of personal data

    • Our website infrastructure provider is CTI Global. CTI Global is based in Ireland and will only access personal data on our instructions.
    • On occasion, we use Webfactory to maintain the website who are now trading as DEPT Agency Ireland. DEPT Agency Ireland is based in Ireland and will only access personal data on our instructions.
    • We use Cloudflare to protect our website against DDoS attacks (Distributed Denial of Service, a type of hacking). This requires personal data to transit through Cloudflare’s infrastructure. This takes place in multiple locations both inside and outside the EEA (for transfers to the USA, EU-US Privacy Shield). The traffic through Cloudflare is fully-encrypted.

    When you make an enquiry via a form on this website

    The transfer of the website content between your browser and our server is secured through TLS 1.2 encryption. You can verify by clicking the padlock on your browser.

    Personal data processed

    We collect

    • your name, email address, phone
    • comments supplied in the form.
    • the time of the enquiry
    • country

    Purpose and lawful basis for processing of your personal data

    • Contractual obligations: We collect the information so we can manage your enquiry.

    Sharing of personal data

    • The enquriy is handled by staff in our office.
    • Our website infrastructure provider is CTI Global. CTI Global is based in Ireland and will only access personal data on our instructions.
    • On occasion, we use Webfactory to maintain the website who are now trading as DEPT Agency Ireland. DEPT Agency Ireland is based in Ireland and will only access personal data on our instructions.
    • We use Cloudflare to protect our website against DDoS attacks (Distributed Denial of Service, a type of hacking). This requires personal data to transit through Cloudflare’s infrastructure. This takes place in multiple locations both inside and outside the EEA (for transfers to the USA, EU-US Privacy Shield). The traffic through Cloudflare is fully-encrypted.

    When you purchase on-line

    Personal data processed

    We collect

    • your name, email address, phone, address
    • comments
    • the goods or services you purchase from us

    Purpose and lawful basis for processing of your personal data

    Contractual obligations: We collect the information so we can handle your account 

    To keep your information up to date.

    Sharing of personal data

    • Our website infrastructure provider is CTI Global. CTI Global is based in Ireland and will only access personal data on our instructions.
    • We use Shopify as our shopping cart. Shopify is based in the US and the safeguards in place for transferring personal data outside the EEA is “Privacy-Shield”.
    • On occasion, we use Webfactory to maintain the website who are now trading as DEPT Agency Ireland. DEPT Agency Ireland is based in Ireland and will only access personal data on our instructions.
    • We use Cloudflare to protect our website against DDoS attacks (Distributed Denial of Service, a type of hacking). This requires personal data to transit through Cloudflare’s infrastructure. This takes place in multiple locations both inside and outside the EEA (for transfers to the USA, EU-US Privacy Shield). The traffic through Cloudflare is fully-encrypted.
    • When making a payment, payment information is handled by Global Payments (formerly Realex Payments) to process your debit/credit card on behalf of Glasnevin Trust. Global Payments fully comply with the PCI/DSS 3.2 security requirements. Please note that Glasnevin Trust does not store your credit/debit card.
    • Invoices are stored on-premises.

    When you register for our newsletter

    Personal data processed

    We collect the following personal data

    • your name
    • your email address

    Purpose and lawful basis for processing of your personal data

    To send you monthly newsletters and to inform you of forthcoming events.

    Consent: You need to opt-in to receive our newsletters, and you can opt-out any time using the link at the bottom of each newsletter emails.

    Sharing of personal data

    Our Newsletter provider is MailChimp. MailChimp is based in the US and the safeguards in place for transferring personal data outside the EEA is “Privacy-Shield”.