PRIVACY STATEMENT

This privacy statement explains how the Brothers of Charity Services Ireland’s (BOCSI) data practice
and tells you
1. Who collects information from you through this website.
2. What information they collect.
3. For what purposes they use that information.
4. When the information is collected.
5. With whom they share that information.
6. Your rights in relation to the collection, use, distribution and correction of that information.
7. The kind of security procedures that are in place to protect against the loss, misuse or alteration of
information under the control of BOCSI.

If you are not happy, either with the contents of this privacy statement or the practices of BOCSI in
relation to this statement, you should first contact us at webmaster@bocsi.ie you do not receive
acknowledgement of your enquiry or feel that it has not been properly addressed, you should then
contact the Office of the Information Commissioner.

1. Who collects information?
This website is operated by BOCSI, the Brothers of Charity Services Ireland. We are a not-for-profit
organisation who provide services to people with an intellectual disability and autism. Our head office
is in Kilcornan House, Clarinbridge, Co. Galway. H91 K2E9, Ireland.
We have notified the Office of the e oathea Prototheectot Commimmisiisotet of our processing operations as
required by the Data Protection Act and intend fully to comply with the provisions of that Act and the
new General Data Protection Regulations (GDPR).
For further information on these matters please contact the Office of the Information Commissioner.
This website is hosted by Blacknight who will not collect any data from which you personally may be
identified from this website.
2. What information BOCSI collects
We collect one type of information from users of the BOCSI website: usage information.
2.1 Usage information
Usage information is information that relates to your use of the website such as which areas of the
site you use most or least often, how often you use the website and when.
3. When do we collect this information?
We collect it at various points on our website. The following are the main ones.
3.1 Cookies
A cookie is a piece of data stored on the user’s hard drive containing information about the user.
Usage of a cookie is not linked to any other information on our site; it collects only usage information.
To find out more about or to change the cookie settings at any time, see our cookie policy, below.
3.2 Log files
We use IP addresses to analyse trends, administer the site and to gather broad demographic
information for aggregate use. IP addresses are not linked to other information, only to usage.
4. With whom will we share your information?
We will share aggregated usage information within the BOCSI Board and Administrators. This is not
linked to any personal information that can identify any individual person.
We may (in appropriate circumstances) use certain other companies to provide services to you, such
as a credit card processing company. These companies do not retain, share, store or use personal
information for any purposes other than to provide the service to us. The relationship between them
and us is regulated by a contract that contains safeguards for your rights.

5. Your rights
If your personal information changes or if you no longer desire any service offered by a website, we
provide a way to correct, update or remove any personal information that you may previously have
provided to us. The Data Protection Act 1998 also grants you certain rights in relation to your
personal data. Please contact the Office of the e oathea Prototheectot Commimmisiisotet for more detail on
these rights.
7. Security
We take precautions to protect your information. When you submit information through our website,
that information is protected both on- and off-line.
Whilst we use SSL encryption to protect sensitive information on-line, we also do everything in our
power to protect user information off-line. Your information is restricted in our offices so that only
employees who need the information to perform a specific job are granted access to it. If you have
any questions about the security at this website, you can send an e-mail to webmaster@bocsi.ie
This website contains links to other sites. Please be aware that BOCSI is not responsible for the
privacy practices of other sites. We encourage users to be aware when they leave our site and to
read the privacy statements of each and every website that collects personal information from them.
This privacy statement applies solely to information collected by this website.
The terms of this privacy statement may change from time to time, so please check back regularly to
keep up to date on our practices.

BOCSI Cookie Policy
What is a cookie?
A cookie is a piece of information in the form of a very small text file that is placed on an internet
user’s device. It is generated by a web page server, which is the computer that operates a web site.
The information the cookie contains is set by the server and it can be used by that server whenever
the user visits the site.
Types of cookies
Cookies can be grouped in the following categories:
Session cookies
These cookies are temporary. They are stored in the devices’ memory only during a user’s browsing
session and are automatically deleted from the user’s device when the browser is closed.
Persistent or permanent
These cookies are stored on the user’s device and are not deleted when the browser is closed.
Permanent cookies can retain user preferences for a particular web site, allowing those preferences
to be used in future browsing sessions. These cookies remain on your device until you erase them or
they expire (this depends on how long the visited website has defined the cookie to last).
Here is a list of all the cookies used on this website:

First party cookies
First party cookies are set by our website, you are visiting and they can only be read by our site.

Third party cookies
Our website uses the following third-party suppliers who may also set cookies on your device as you
browse our website. Please note that, where we embed content from third-party sites such as
YouTube, you may also have cookies from these third-party websites installed on your device. BOCSI
does not control these cookies and you should check the privacy policy of the relevant website for
more information.

Site usage and consent
By continuing to use the site we assume that you agree to accept cookies on your device in
accordance with this cookie policy. We have detailed where to find information on how to delete and
manage cookies.
Deleting and managing cookies
Most web browsers allow you to manage or delete your cookies by accessing the browser settings. To
find out more about cookies, including how to see what cookies have been set and how to manage
and delete them, visit www.aboutcookies.org . This cookie policy is in relation to the BOCSI’s
website. This statement does not cover links within this site to other websites.

Data Protection Policy
The Data Protection Act 1998, soon to be replaced by the Data Protection Bill 2018 which will be
enacted in May 2018, sets out a framework for the handling of personal data and is supported by
eight data protection principles as follows.
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall
not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or
purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is
necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this
Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental loss or destruction of, or damage to,
personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic
Area unless that country or territory ensures an adequate level of protection for the rights and
freedoms of data subjects in relation to the processing of personal data.

BOCSI is committed to respecting and protecting the privacy and rights of its Members, students,
affiliates and other contacts in accordance with the Data Protection Act 1998. This document sets out
how BOCSI seeks to apply the requirements of the Data Protection Act and GDPR.

Personal data collected by BOCSI and how it is used
BOCSI will only collect the information required to ensure a quality service delivery.
BOCSI needs for administrative and operational purposes to collect and process certain data about
the People who use our services, Staff, Students, and other individuals (i.e.people who enquire about
jobs). This information would not be collected via the web site unless through the recruitment portal.

Financial information
If an individual makes a donation to the BOCSI it is paid by Direct Debit, BOCSI collects bank account
details to enable the transaction to be processed. The BOCSI does not retain any credit card details
as all payments are taken directly through Paypal. Any hard copies of credit card information received
are processed and immediately securely destroyed.

Personal data collected and recorded by BOCSI’s for commercial services.
The information collected includes: title, name, company name, job title, correspondence address,
email address, telephone number, past purchases and requests for future information on products.
This information is recorded and reviewed to ensure we are compliant with procurement regulations.

Methods of data collection
BOCSI uses several methods for collecting data, including: e-mail and hard copy such as applications
to access Services, HRM and Financial information of employees and those who use our services,
contractors and professional supports.

Data storage & security
Your data is kept on a secure system. All staff with access to your data are contractually bound to
keep this information confidential. All data in transit is encrypted.

Disclosure to third parties
As we are a State Funded Voluntary Agency we are obliged to provide various levels of data to third
parties under legislation or by request mainly from the following State Agencies (note this list is not
definitive other State bodies and Agencies may request information from us):

HSE – Health Service Executive
HIQA – Health Information Quality Agency
An Garda Síochána
Department of Health
Department of Children and Youth Affairs
Health Research Board
Acute Hospitals
Medical/Health Professionals
State Claims Agency
Department of Education & Skills
Department of Employment Affairs & Social Protection
Department of Finance
Department of Housing, Planning, Community & Local Government
Department of Public Expenditure & Reform
Revenue Commissioners
Health & Safety Authority
Mailings – Print companies / fulfilment houses
BOCSI will only disclose your information to agents who are conducting business on our behalf and
only use it for the agreed purposes i.e. contact in relation to issues which may affect your service.
Tuition providers
Staff numbers may be issued to Tutors with your prior consent.
Details provided in support of employment applications
As an employer BOCSI receives verification requests from prospective employers, employment
agencies, regulators or other third party contacts we will confirm only that you are an employee and
issue reference on request.
Sharing / selling data to third parties
BOCSI only shares data internally if appropriate to carry out Services and with those State Agencies
listed above. Your data is never sold or made available to a third party.
Retention of data – relevant periods
The BOCSI has a National Records Management Policy which sets out Retention Periods that are in
line with the requirements under various legislation relating to health records, financial records and
employee records.
Changes to data
BOCSI will review and maintain up-to-date records for all current employees, and past employees for
the purpose of administering pensions and references. However it is the responsibility of the individual
to ensure that the data held by BOCSI is accurate and up-to-date. Individuals should notify their local
HR Department of any changes to their circumstances i.e.: address, contact details, email address
etc. to ensure accurate records are maintained.
Rights
The Data Protection Act and General Data Protection Regulations gives individuals a right of access
to a copy of the information comprising their personal data.
If you wish to access a copy of your data please write to:
Data Protection Officer, Kilcornan House, Clarinbridge, Co. Galway, Ireland. H91 K2E9, stating the
records required and the Region of the Services your records are located.
BOCSI as a data controller maintains its statutory rights to hold data for as long as is required for
legitimate purposes.
Right to object
You have the right to object to the use of your personal data if the processing of the data is construed
as likely to cause damage or distress.

Notification
BOCSI is recognised as the Data Controller by the Data Protection Commissioner’s Office.
APPENDIX 1
Key definitions as defined by the Data Protection Act
GLOSSARY OF TERMS AND DEFINITIONS
DATA MEANS INFORMATION WHICH IS BEING PROCESSED BY MEANS OF EQUIPMENT OPERATING
AUTOMATICALLY IN RESPONSE TO INSTRUCTIONS GIVEN FOR THAT PURPOSE; IS RECORDED WITH THE
INTENTION THAT IT SHOULD BE PROCESSED BY MEANS OF SUCH EQUIPMENT; IS RECORDED AS PART OF A
RELEVANT FILING SYSTEM OR WITH THE INTENTION THAT IT SHOULD FORM PART OF A RELEVANT FILING
SYSTEM. THE ACT REFERS TO A RELEVANT FILING SYSTEM AS ANY PAPER OR MANUAL FILING SYSTEM WHICH
IS STRUCTURED IN SUCH A WAY AS TO MAKE THAT INFORMATION ABOUT AN INDIVIDUAL READILY ACCESSIBLE.
 “Biometric data” means personal data resulting from specific technical processing relating to
the physical, physiological or behavioural characteristics of a natural person, which allow or
confirm the unique identification of that natural person, such as facial images or dactyloscopic
data.
 “Personal data” is data relating to a living individual who can be identified from that data or
information which is in the possession of, or is likely to come into the possession of, the data
controller. This includes any expression of opinion about the individual and any indication of
the intentions of the data controller or any other person in respect of the individual.
 “Binding Corporate Rules” means personal data protection policies which are adhered to
by BOCSI for transfers of personal data to a controller or processor in one or more third
countries or to an international organisation.
 “Consent” of the data subject means any freely given, specific, informed and unambiguous
indication of the data subject’s wishes by which he or she, by a statement or by a clear
affirmative action, signifies agreement to the processing of personal data relating to him or
her.
 “Cross Border Processing” means processing of personal data which: –
o takes place in more than one Member State; or
o which substantially affects or is likely to affect data subjects in more than one
Member State
 “Data controller” means, means any person (or organisation) that determines the purposes
for which and the manner in which any personal data are, or are to be, processed. The data
controller has a responsibility to ensure all files relating to individuals are kept securely, are
accurate, are up-to-date and are used only for the purposes specified. A data controller must
be a “person” recognised in law; this would be individuals, organisations and other corporate
or unincorporated bodies of persons. BOCSI is a data controller.
 “Data processor” means a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller.
 “Data protection laws” means for the purposes of this document, the collective description
of the Data Protection Bill 1988, the General Data Protection Regulations (GDPR), and any
other relevant data protection laws that BOCSI complies with.
 “Data subject” means an individual who is the subject of personal data
 “GDPR” means the General Data Protection Regulation (EU) (2016/679)
 “Genetic data” means personal data relating to the inherited or acquired genetic
characteristics of a natural person which give unique information about the physiology or the
health of that natural person and which result, in particular, from an analysis of a biological
sample from the natural person in question.
 “Personal data” means any information relating to an identified or identifiable natural person
(‘data subject’); an identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person.
 “Processing” means any operation or set of operations which is performed on personal data
or on sets of personal data, whether or not by automated means, such as collection,
recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction. In essence data processing, means
obtaining, recording or holding the information or data or carrying out any operations on the
information or data i.e.: viewing, amending, copying, extracting storing, disclosing, destroying,
deleting etc.
 “Profiling” means any form of automated processing of personal data consisting of the use
of personal data to evaluate certain personal aspects relating to a natural person, in particular
to analyse or predict aspects concerning that natural person’s performance at work, economic
situation, health, personal preferences, interests, reliability, behaviour, location or
movements.
 “Recipient” means a natural or legal person, public authority, agency or another body, to
which the personal data are disclosed, whether a third party or not. However, public
authorities which may receive personal data in the framework of a particular inquiry in
accordance with Union or Member State law shall not be regarded as recipients; the
processing of those data by those public authorities shall be in compliance with the applicable
data protection rules according to the purposes of the processing.
 “Supervisory Authority” means an independent public authority – Data Protection
Commissioner’ Office – (see contact details below)
 “Third Party” means any individual and or organisation other than the data subject or the
data controller.
 “Regional Data Administrator/Data Champion means the Data Protection administrator
identified in each of the six BOCSI Regions. Each Region has a Data Protection
administrator identified in Services, Human Resource Management, and Finance.
 Data Protection Officer’s role is defined in the Data Protection Bill 2018 as someone
appointed by the organisation who informs, advises and monitors, the controller, in this case
BOCSI, and its employees who carry out processing, of their obligations under the Data
Protection Law and GDPR.
The Brothers of Charity Services Ireland have appointed a Data Protection Officer in line with GDPR Regulations.:
Gina Magliocco LLM., BBS(Hons) BA(HRM), FCIPD, MIITD.
National Head of Risk & Regulation
Brothers of Charity Services Ireland
Kilcornan House Clarinbridge, Co. Galway. H91 K2E9.
Phone: 076-1064323

APPENDIX 2

1 Contacting Us
The Office is now also providing a new 0761 number for callers to use. The 0761 prefix is part of
a Government initiative to reduce call costs for both public bodies and customers. Call costs to
0761 numbers vary. Your telephone service provider should be able to give you further details on
the costs that apply for your telephone package.
Please note that the rates charged for the use of 1890 (LoCall) numbers may vary among
different service providers. It is recommended that you only ring these numbers using a ‘nonbundled’*
landline as calls made using mobiles or ‘bundled’^ landlines may be expensive.
* On a ‘non-bundled’ landline you are charged individually per call.
^ On a ‘bundled’ landline you pay for a package which typically includes free local and/or national
calls.
Telephone
+353 57 8684800
+353 (0)761 104 800
Lo Call
Number
1890 252 231
Fax +353 57 868 4757
E-mail info@dataprotection.ie
Postal
Address Data Protection
Commissioner
Canal House
Station Road
Portarlington
R32 AP23 Co. Laois
Offices Dublin Office
21 Fitzwilliam Square
Dublin 2
D02 RD28
Ireland.
Portarlington
Office
Canal House
Station Road
Portarlington
R32 AP23 Co. Laois
Phone lines 09:15 – 17:30hrs (17.15
Friday)
You can also submit your comments or queries to us using our on-line feedback form.
For Requests and invitations to the Commissioner and staff of the Office to attend / speak at
events .
An organisation chart for the Office is also available.

PDF version of this policy