Privacy Policy

1. Introduction

This is the Privacy Notice for Mental Health First Aid Ireland (“MHFAI”). MHFAI are part of the St John of God Hospitaller Ministries Group (“SJOG Group”). The relevant data controller for the personal data collected by MHFAI is St John of God Hospital Clg., an entity within the SJOG Group.

This Privacy Notice applies to personal data that we collect and process about you when you: 

• Register to attend or join the waitlist for one of our courses
• Submit an enquiry on our website or contact us via email, social media, or on the phone
• Register your interest in a private course 
• Submit payments to us
• Subscribe to receive our marketing updates  
• Interact with us or our posts on social media or community-based discussion forms
• Attend our courses or events in person or online 
• Visit our website 
• Apply for a job vacancy

This Privacy Notice also explains other important information including about how we use your personal data, your rights and how to exercise them. You can contact us using the details available in Section 12 below. 

 

2. Personal Data We Collect

Personal data means any data which can directly or indirectly identify a living individual.  We may collect the following personal data about you:

Personal Identification and Contact Information

• Identification  Details: your first and last name, your company name. 
• Contact Details: your business or personal email address, phone number, and address. 

 

Event and Course Participation 

• Attendance Details: courses attended, waitlisted or completed; confirmation of residency in Ireland and being over 18 years of age. 
• Dietary Requirements: provided by you, if necessary.

 

Communications, Enquiries and Feedback 

• Communication Details: information you provide in queries, feedback, or comments via contact forms, email, social media messages, or other means. This may include your identification and contact details, as well as the content of your communications.
• Registration of Interest Details: information you provide when registering your interest in private courses.

 

Visual Recordings and Media 

Where you attend a training course at our premises or a MHFAI event we may collect:

• CCTV Recordings: captured when visiting our premises.
• Event Media: photographs or footage of events or training (with your consent).

 

Payment and Marketing Preferences 

• Payment Details: payment types, billing addresses, payment status.
• Marketing Preferences: contact details, preferred method of contact and your interests.

 

Website & Social Media Interaction Data

When you visit our website or social media platforms, we may collect data about you automatically, in particular, if you choose to accept our cookies, such as:  

• Cookies and Interaction Details: cookies preferences, pages visited, time spent, and technical information like browser type, device, and IP address.
• Social Media Interactions: if you interact with us via social media, we may collect your username, and any comments you post or images that you choose to share with us. 
• Promotions and Competitions: if you engage with promotions or competitions through our social media, we will collect relevant contact information and any relevant competition submissions.

 

Careers or Suppliers 

• Job Application Details: CV, cover letter, role applied for, and related contact information.
• Supplier Details: name, company name, and related contact information.

 

Personal Data Collected Indirectly 

We may receive personal data about you from indirect sources, for example: 

• When you are booked onto a course by someone else, on your behalf we may receive Identification, Contact, Attendance and/or Dietary Requirement Details about you from the person booking you in. 
• When you apply for a job vacancy, we may receive Reference Details about you from your previous employer.

 

3. Purposes For Processing & Legal Bases Relied On

MHFAI collects and uses personal data for the purposes and on the lawful bases as set out below.    

Process	Purpose	Legal Basis
Manage course bookings and waitlists	To facilitate course registration, manage participant placement, and ensure operational planning and resource allocation.	Contractual necessity  Our legitimate interests to ensure efficiency and resources
Manage, schedule and deliver training and events to you	To register participants, manage attendance, provide course materials and completion certs.	Contractual necessity
Communicate with you about queries, requests, feedback, complaints etc.	To respond to queries, process feedback, and handle complaints.	Our legitimate interests to ensure your queries are answered and your feedback is considered
Recording phone conversations. (You will always be informed if your call is being recorded)	To monitor and evaluate our customer service interactions and enhance service quality.	Our legitimate interests to ensure good customer service
Manage payments and billing	To process and record payments for courses and events, issue invoices, and track payment status.	Contractual necessity
Issue reminders and service updates to registered attendees and clients	To send notifications about upcoming courses, changes in schedules, or other relevant updates to ensure effective service delivery.	Contractual necessity
Send marketing updates to interested individuals	To send newsletters and information about upcoming courses you may be interested in attending.	Consent  Where applicable, our legitimate interests to keep you updated.
Collect survey responses and feedback	To gather input from participants and clients to improve services or courses.	Our legitimate interests to improve our services.
Carry out competitions and promotions	To organise, administer and promote competitions or special offers, including participant registration, winner selection, winner announcements, and prize distribution.	Consent
Maintain security and safety on our premises	To monitor our premises using CCTV, ensuring safety and security for all visitors and the premises; and to review footage in the event there is an incident.	Our legitimate interests to ensure the safety of our premises and visitors.
Improve our services and websites	To analyse user feedback, interaction data, and other insights to enhance the quality of services, optimise user experiences, and refine website functionality.	Our legitimate interest to continuously improve offerings and usability Your consent (where we use cookie data).
Take photographs at events and use those photographs online, on social media platforms, if you have given permission	To document and promote our events or training sessions.	Consent
Post on social media which might include you if you have given permission	To share updates, events, and news with our followers and to promote our services	Consent
Record keeping and business analytics	To maintain internal records for auditing, reporting, and administrative purposes and to analyse same for business improvement purposes.	Contractual necessity Legal obligations Our legitimate interests to maintain records.
Process job applications	To review applications, assess candidates’ qualifications, and manage recruitment for open roles.	Pre-contractual necessity; and  Our legitimate interests to identify suitable candidates

 

4. Sharing Personal Data 

To fulfil the purposes described above, from time to time we share your personal data with other trusted entities that assist us in providing our services. These entities may have access to your personal data when necessary to perform their services to us. 

The recipients may include: 

• Service providers and data processors – we may engage service providers from time to time who assist us to provide our services, for example:
  • Business partner suppliers, including without limitation: IT providers, website hosting providers, CRM database providers, training providers, marketing mail providers, etc.
  • Marketing and advertising companies that assist us or carry out marketing activities on our behalf.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website and social media platforms.
• Other entities within the SJOG Group. We may share data with other entities to the extent required for internal administration purposes, management purposes or other business-related purposes.

We may also share personal data with third parties:

• Who are Professional Advisors – including, without limitation: tax, legal or other or other corporate advisors who provide professional services to us to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm and for risk management purposes.
• In the case of a legal requirement or legal proceedings – such as in response to a court order or warrant; or where required, to establish, protect or exercise our legal rights, as required to enforce our terms of service or other contracts and to defend against legal claims.
• In the case of a corporate transaction or reorganisation – personal data may be disclosed to third parties as part of any merger, sale, transfer of our assets, acquisition, bankruptcy, or similar event.  
• In line with your consent or request – we may disclose your personal data to a third-party where you have provided prior consent or have requested that we do so.  

We do not sell, trade, or rent your personal data to others.

5. International Data Transfers 

In limited circumstances, we may need to transfer your personal data outside of the European Economic Area (EEA). For example, where the recipients of personal data described in Section 4 are located in countries outside of the EEA. 

In such cases, we will ensure that any transfer of your personal data to countries outside the EEA is subject to appropriate safeguards, meaning that your personal data will receive the same level of protection as within the EEA and under the principles set out in this Privacy Notice. We will rely on the following safeguards: 

• European Commission issued Adequacy Decisions 
• European Standard Contractual Clauses (“SCCS”) 
• In limited circumstances, where the transfer is permitted by applicable data protection laws. 

The European SCCs are contractual clauses approved by the European Commission that ensure appropriate data protection safeguards when personal information is transferred outside of the EEA. They can be viewed here.

6. Retention of Personal Data 

The time periods for which we retain your personal data depends on the type of data and the purposes for which we use it. We will keep your data for no longer than is required or permitted. 

To determine the appropriate retention period for personal data, we firstly consider applicable legal requirements or whether any statutory retention periods apply. We also consider the volume, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process the data and whether we can achieve those purposes through other means.   

7. Automated Decision–Making and Profiling

MHFAI does not carry out automated decision making or profiling of individuals. 

8. Our Website & Social Media

Links to Other Sites: Our website contains links to external websites. MHFAI is not responsible for the privacy practices or content of these third-party sites. If you visit one of these sites, we encourage you to review their privacy notices to be informed about their privacy practices.

Cookies: Our website uses cookies. For further information please refer to our Cookie Policy.

User Generated Content on Social Media: MHFAI reserves the right to publish content (e.g., posts, comments, or other submissions) shared on our social media channels at our discretion. Content may remain published for a duration determined by MHFAI and may be removed without prior notice. MHFAI is not responsible for the deletion or failure to store any submitted content.

Information Provision Through Social Media: If you share information with us via social media, we will only use that information to respond to or address your queries or comments and to fulfil the specific purpose for which the information was provided.

We advise against sharing sensitive personal or financial information, such as bank account details, through MHFAI’s social media channels. Any such information shared will not be used or retained by MHFAI, and we cannot guarantee its security on third-party platforms. 

Promotions and Competitions: By participating in MHFAI-hosted promotions, competitions, or similar activities through social media, you acknowledge that:

• Your personal data will be used solely for conducting and managing the activity.
• Submitted content (e.g., photos, comments, or competition entries) may be published along with limited identifying information (e.g., name or username).
• If you are a winner, your name and submission may be shared across MHFAI media channels and/or within the SJOG Group.

Participants can contact MHFAI to inquire about their data usage or request removal of published content.

9. Marketing Messages & Preferences

If you have opted-in to receive marketing communications from MHFAI, we will use the details you provide to us to send you updates on upcoming events, training courses etc., and other areas that might be of interest to you. 

You have the right to ask us to stop processing your personal details for marketing communication purposes and you can ‘opt out’ of receiving marketing updates at any time.

How To Opt-Out: 

• Simply click the ‘unsubscribe’ button located at the bottom of any email which you receive from us.
• Alternatively, send us an email, writing “unsubscribe” in the subject heading to DPOHosp@sjog.ie. Please make sure to specify that you wish to unsubscribe from marketing materials from MHFAI to assist us in efficiently opting you out. 

Please note that opting out of marketing messages will not stop service communications, such as reminders about upcoming courses or payments. 

 

10. Your Personal Data Rights

Under the GDPR and Irish Data Protection Act 2018, you have the right to: 

• Request a copy of and access your personal data.
• Request us to rectify any inaccurate personal data about you without undue delay. 
• Request that we erase any personal data we hold about you in circumstances, such as, where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
• Object to the processing personal data about you, such as, processing for profiling or direct marketing purposes.
• Ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
• Request a restriction of the processing of your personal data. 
• Withdraw your consent where you have previously provided it for certain purposes. Note that this will not affect the lawfulness of the processing prior to your withdrawal. 

You may exercise any of the above rights by contacting the DPO using the details set out at Section 12.

You also have the right to lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie

11. Changes To This Notice

This notice may change from time to time, and any changes will be posted on our site and will be effective when posted. Please review this notice each time you visit our website or use our services. 

This notice was last updated in December 2024.

 

12. How To Contact Us

For Data Protection related queries, our Data Protection Officer can be contacted by:

Email: DPOHosp@sjog.ie

Post: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92

For training or other queries, please contact: MHFAI@sjog.ie