A new legislative framework relating to the protection of personal information, the General Data Protection Regulation (GDPR), came into force throughout the EU on 25 May 2018.
The following information ensures compliance with the new regulations to protect the personal information of our supporters and beneficiaries.
Implementation of GDPR Policy
The GDPR policy is implemented by the NLT co-ordinator with oversight from, and under the auspices of, a nominated member of the Board of Directors.
NLT Ireland is committed to ensuring that all personal information is secure. In order to prevent unauthorised access or disclosure, NLT has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
- The following personal information is stored digitally and used for electronic newsletter mailing:
Name and email address
- The following personal information is stored digitally and used for postal newsletter mailing:
Name, postal address and postcode and in a small number of cases NLT stores a telephone number
Digital storage of personal information
All digitally stored personal data is stored with a secure GDPR compliant cloud service provider.
- Deletion of all redundant digital information is recorded. Only the contact person’s name is retained, along with the date that the deletion of the corresponding digital information took place.
Storage of personal information on paper
- All paper copies of personal information are stored in a locked cabinet in a locked building. The following information is stored: name and email address. In a small number of cases (where a supporter/contact person does not have an email address) we store a postal address and a telephone number
- Paper forms containing information for claiming tax on donations are stored for the maximum period required by Revenue.
- All redundant hard copies of information are shredded immediately
- A register of all people who have given consent for their data to be stored is maintained electronically. This register contains the following information: name, email address, postal address and phone number
- Consent for storage of new contact information must be approved by email or signature of the contact person. The contact person must be fully informed about why and how their information will be used at the consent stage.
- Information on withdrawal of consent is made available in any electronic communication via a link to information on the company website and an unsubscribe link.
Requests for personal information
NLT Ireland will not share personal information with any other third parties without permission unless we have a legal obligation to do so.
Requests may be made by individuals to obtain any personal information on themselves held by NLT Ireland under the Data Protection Act 1998. A log of all information access requests is maintained. Requests are responded to within 30 days of the request. If any individual would like a copy of the information held on them, please email this request to firstname.lastname@example.org
If any individual believes that information we are holding on them is incorrect or incomplete, please write to or email as soon as possible to email@example.com We will promptly adjust any information found to be incorrect.
Images and Messages
NLT Ireland is a signatory of the Dóchas Code of Conduct on Images and Messages (see more on https://dochas.ie/images-and-messages). All images and messages related to case stories on the company website or newsletters use first names or village name and not both.
Date for next review of GDPR Policy Winter 2022
GDPR Policy V.2 Reviewed 3rd December 2020 by Board of Directors of NLT Ireland
GDPR Policy V.1 Approved 6th December 2018 by Board of Directors of NLT Ireland