Privacy Policy
1. Introduction
This is the Privacy Notice for Mental Health First Aid Ireland (“MHFAI”). MHFAI are part of the St John of God Hospitaller Ministries Group (“SJOG Group”). The relevant data controller for the personal data collected by MHFAI is St John of God Hospital Clg., an entity within the SJOG Group.
This Privacy Notice applies to personal data that we collect and process about you when you:
- Register to attend or join the waitlist for one of our courses
- Submit an enquiry on our website or contact us via email, social media, or on the phone
- Register your interest in a private course
- Submit payments to us
- Subscribe to receive our marketing updates
- Interact with us or our posts on social media or community-based discussion forms
- Attend our courses or events in person or online
- Visit our website
- Apply for a job vacancy
This Privacy Notice also explains other important information including about how we use your personal data, your rights and how to exercise them. You can contact us using the details available in Section 12 below.
2. Personal Data We Collect
Personal data means any data which can directly or indirectly identify a living individual. We may collect the following personal data about you:
Personal Identification and Contact Information
- Identification Details: your first and last name, your company name.
- Contact Details: your business or personal email address, phone number, and address.
Event and Course Participation
- Attendance Details: courses attended, waitlisted or completed; confirmation of residency in Ireland and being over 18 years of age.
- Dietary Requirements: provided by you, if necessary.
Communications, Enquiries and Feedback
- Communication Details: information you provide in queries, feedback, or comments via contact forms, email, social media messages, or other means. This may include your identification and contact details, as well as the content of your communications.
- Registration of Interest Details: information you provide when registering your interest in private courses.
Visual Recordings and Media
Where you attend a training course at our premises or a MHFAI event we may collect:
- CCTV Recordings: captured when visiting our premises.
- Event Media: photographs or footage of events or training (with your consent).
Payment and Marketing Preferences
- Payment Details: payment types, billing addresses, payment status.
- Marketing Preferences: contact details, preferred method of contact and your interests.
Website & Social Media Interaction Data
When you visit our website or social media platforms, we may collect data about you automatically, in particular, if you choose to accept our cookies, such as:
- Cookies and Interaction Details: cookies preferences, pages visited, time spent, and technical information like browser type, device, and IP address.
- Social Media Interactions: if you interact with us via social media, we may collect your username, and any comments you post or images that you choose to share with us.
- Promotions and Competitions: if you engage with promotions or competitions through our social media, we will collect relevant contact information and any relevant competition submissions.
Careers or Suppliers
- Job Application Details: CV, cover letter, role applied for, and related contact information.
- Supplier Details: name, company name, and related contact information.
Personal Data Collected Indirectly
We may receive personal data about you from indirect sources, for example:
- When you are booked onto a course by someone else, on your behalf we may receive Identification, Contact, Attendance and/or Dietary Requirement Details about you from the person booking you in.
- When you apply for a job vacancy, we may receive Reference Details about you from your previous employer.
3. Purposes For Processing & Legal Bases Relied On
MHFAI collects and uses personal data for the purposes and on the lawful bases as set out below.
Process |
Purpose |
Legal Basis |
Manage course bookings and waitlists |
To facilitate course registration, manage participant placement, and ensure operational planning and resource allocation. |
|
Manage, schedule and deliver training and events to you |
To register participants, manage attendance, provide course materials and completion certs. |
|
Communicate with you about queries, requests, feedback, complaints etc. |
To respond to queries, process feedback, and handle complaints. |
|
Recording phone conversations. (You will always be informed if your call is being recorded) |
To monitor and evaluate our customer service interactions and enhance service quality. |
|
Manage payments and billing |
To process and record payments for courses and events, issue invoices, and track payment status. |
|
Issue reminders and service updates to registered attendees and clients |
To send notifications about upcoming courses, changes in schedules, or other relevant updates to ensure effective service delivery. |
|
Send marketing updates to interested individuals |
To send newsletters and information about upcoming courses you may be interested in attending. |
|
Collect survey responses and feedback |
To gather input from participants and clients to improve services or courses. |
|
Carry out competitions and promotions |
To organise, administer and promote competitions or special offers, including participant registration, winner selection, winner announcements, and prize distribution. |
|
Maintain security and safety on our premises |
To monitor our premises using CCTV, ensuring safety and security for all visitors and the premises; and to review footage in the event there is an incident. |
|
Improve our services and websites |
To analyse user feedback, interaction data, and other insights to enhance the quality of services, optimise user experiences, and refine website functionality. |
|
Take photographs at events and use those photographs online, on social media platforms, if you have given permission |
To document and promote our events or training sessions. |
|
Post on social media which might include you if you have given permission |
To share updates, events, and news with our followers and to promote our services |
|
Record keeping and business analytics |
To maintain internal records for auditing, reporting, and administrative purposes and to analyse same for business improvement purposes. |
|
Process job applications |
To review applications, assess candidates’ qualifications, and manage recruitment for open roles. |
|
4. Sharing Personal Data
To fulfil the purposes described above, from time to time we share your personal data with other trusted entities that assist us in providing our services. These entities may have access to your personal data when necessary to perform their services to us.
The recipients may include:
- Service providers and data processors – we may engage service providers from time to time who assist us to provide our services, for example:
- Business partner suppliers, including without limitation: IT providers, website hosting providers, CRM database providers, training providers, marketing mail providers, etc.
- Marketing and advertising companies that assist us or carry out marketing activities on our behalf.
- Analytics and search engine providers that assist us in the improvement and optimisation of our website and social media platforms.
- Other entities within the SJOG Group. We may share data with other entities to the extent required for internal administration purposes, management purposes or other business-related purposes.
We may also share personal data with third parties:
- Who are Professional Advisors – including, without limitation: tax, legal or other or other corporate advisors who provide professional services to us to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm and for risk management purposes.
- In the case of a legal requirement or legal proceedings – such as in response to a court order or warrant; or where required, to establish, protect or exercise our legal rights, as required to enforce our terms of service or other contracts and to defend against legal claims.
- In the case of a corporate transaction or reorganisation – personal data may be disclosed to third parties as part of any merger, sale, transfer of our assets, acquisition, bankruptcy, or similar event.
- In line with your consent or request – we may disclose your personal data to a third-party where you have provided prior consent or have requested that we do so.
We do not sell, trade, or rent your personal data to others.
5. International Data Transfers
In limited circumstances, we may need to transfer your personal data outside of the European Economic Area (EEA). For example, where the recipients of personal data described in Section 4 are located in countries outside of the EEA.
In such cases, we will ensure that any transfer of your personal data to countries outside the EEA is subject to appropriate safeguards, meaning that your personal data will receive the same level of protection as within the EEA and under the principles set out in this Privacy Notice. We will rely on the following safeguards:
- European Commission issued Adequacy Decisions
- European Standard Contractual Clauses (“SCCS”)
- In limited circumstances, where the transfer is permitted by applicable data protection laws.
The European SCCs are contractual clauses approved by the European Commission that ensure appropriate data protection safeguards when personal information is transferred outside of the EEA. They can be viewed here.
6. Retention of Personal Data
The time periods for which we retain your personal data depends on the type of data and the purposes for which we use it. We will keep your data for no longer than is required or permitted.
To determine the appropriate retention period for personal data, we firstly consider applicable legal requirements or whether any statutory retention periods apply. We also consider the volume, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process the data and whether we can achieve those purposes through other means.
7. Automated Decision–Making and Profiling
MHFAI does not carry out automated decision making or profiling of individuals.
8. Our Website & Social Media
Links to Other Sites: Our website contains links to external websites. MHFAI is not responsible for the privacy practices or content of these third-party sites. If you visit one of these sites, we encourage you to review their privacy notices to be informed about their privacy practices.
Cookies: Our website uses cookies. For further information please refer to our Cookie Policy.
User Generated Content on Social Media: MHFAI reserves the right to publish content (e.g., posts, comments, or other submissions) shared on our social media channels at our discretion. Content may remain published for a duration determined by MHFAI and may be removed without prior notice. MHFAI is not responsible for the deletion or failure to store any submitted content.
Information Provision Through Social Media: If you share information with us via social media, we will only use that information to respond to or address your queries or comments and to fulfil the specific purpose for which the information was provided.
We advise against sharing sensitive personal or financial information, such as bank account details, through MHFAI’s social media channels. Any such information shared will not be used or retained by MHFAI, and we cannot guarantee its security on third-party platforms.
Promotions and Competitions: By participating in MHFAI-hosted promotions, competitions, or similar activities through social media, you acknowledge that:
- Your personal data will be used solely for conducting and managing the activity.
- Submitted content (e.g., photos, comments, or competition entries) may be published along with limited identifying information (e.g., name or username).
- If you are a winner, your name and submission may be shared across MHFAI media channels and/or within the SJOG Group.
Participants can contact MHFAI to inquire about their data usage or request removal of published content.
9. Marketing Messages & Preferences
If you have opted-in to receive marketing communications from MHFAI, we will use the details you provide to us to send you updates on upcoming events, training courses etc., and other areas that might be of interest to you.
You have the right to ask us to stop processing your personal details for marketing communication purposes and you can ‘opt out’ of receiving marketing updates at any time.
How To Opt-Out:
- Simply click the ‘unsubscribe’ button located at the bottom of any email which you receive from us.
- Alternatively, send us an email, writing “unsubscribe” in the subject heading to DPOHosp@sjog.ie. Please make sure to specify that you wish to unsubscribe from marketing materials from MHFAI to assist us in efficiently opting you out.
Please note that opting out of marketing messages will not stop service communications, such as reminders about upcoming courses or payments.
10. Your Personal Data Rights
Under the GDPR and Irish Data Protection Act 2018, you have the right to:
- Request a copy of and access your personal data.
- Request us to rectify any inaccurate personal data about you without undue delay.
- Request that we erase any personal data we hold about you in circumstances, such as, where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
- Object to the processing personal data about you, such as, processing for profiling or direct marketing purposes.
- Ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
- Request a restriction of the processing of your personal data.
- Withdraw your consent where you have previously provided it for certain purposes. Note that this will not affect the lawfulness of the processing prior to your withdrawal.
You may exercise any of the above rights by contacting the DPO using the details set out at Section 12.
You also have the right to lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie
11. Changes To This Notice
This notice may change from time to time, and any changes will be posted on our site and will be effective when posted. Please review this notice each time you visit our website or use our services.
This notice was last updated in December 2024.
12. How To Contact Us
For Data Protection related queries, our Data Protection Officer can be contacted by:
Email: DPOHosp@sjog.ie
Post: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92
For training or other queries, please contact: MHFAI@sjog.ie
1. Introduction
Mental Health First Aid Ireland (“MHFAI”, “we”, “us”) is committed to protecting your personal information and respecting your privacy. This policy outlines how we collect, use, store, and safeguard personal data when you engage with our websites, apps, and services.
MHFAI is part of the St John of God Hospitaller Ministries group (“SJOG Group”), which includes affiliated ministries in Ireland, the UK, and overseas.
We encourage you to read this policy carefully to understand how your information is handled.
2. Who We Are
MHFAI is the only licensed provider of Mental Health First Aid training in Ireland. Our mission is to train individuals and organisations to recognise, understand, and respond to mental health difficulties using a practical, skills-based approach.
Our registered office is located at:
Mental Health First Aid Ireland
c/o St John of God University Hospital
Stillorgan, Co. Dublin, Ireland
3. How We Collect Information
We collect personal data when you:
- Visit or interact with our website or apps
- Enquire about or book one of our training programmes
- Sign up to receive communications from us
- Contact us directly by phone, email, or web form
- Submit feedback or complete surveys
We may also collect limited usage data through cookies and analytics tools to help us understand website traffic and improve user experience.
4. What Information We Collect
The information we collect may include:
- Name, email address, phone number, and other contact details
- Course booking information (e.g. attendance records, course preferences)
- Feedback or survey responses
- Technical data such as browser type, IP address, time on site, and navigation patterns (collected via cookies or analytics tools)
5. How We Use Your Information
We only collect and process your data where there is a lawful basis for doing so. These include:
- Consent: where you have provided clear permission (e.g. for marketing emails)
- Contract: where processing is necessary to fulfil a booking or request
- Legal obligation: where we are required to retain records for compliance purposes
- Legitimate interest: such as improving our services and ensuring website security
Your data may be used to:
- Register you for MHFAI training
- Send you course materials or updates
- Respond to your queries or feedback
- Improve our services, websites, and communications
- Comply with legal and regulatory obligations
We do not sell or rent your personal data to third parties.
6. Cookies and Website Analytics
We use cookies to ensure our website functions correctly and to analyse usage patterns. Some cookies are necessary for the operation of our site, while others (e.g. Google Analytics) help us improve user experience.
You can manage your cookie preferences when you first visit our website or at any time thereafter. For more information, please refer to our Cookie Policy.
7. How We Keep Your Data Secure
We take appropriate technical and organisational measures to protect your personal information, including:
- Secure servers and encrypted communications
- Access controls and staff training
- Regular reviews of our data protection policies and procedures
We are committed to handling your data in accordance with Irish law and international standards.
8. Sharing Your Information
Your data may be shared within the SJOG Group where necessary for administrative or technical support purposes, and always in line with applicable data protection laws.
We may also share data with trusted third-party service providers (e.g. cloud hosting, analytics platforms) under strict data processing agreements. These providers are contractually obligated to protect your information and may not use it for any other purpose.
If data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place.
9. Your Rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access your personal data
- Rectify incorrect or outdated data
- Erase your data in certain circumstances
- Restrict or object to processing
- Withdraw your consent (where applicable)
- Lodge a complaint with the Data Protection Commission
If you wish to exercise any of these rights or have a query regarding how your data is handled, please contact our Data Protection Officer:
Email: DPOHosp@sjog.ie
Post:
Data Protection Officer
St John of God University Hospital
Stillorgan, Co. Dublin, A94 FH92
10. How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purpose for which it was collected, or to meet our legal, accounting, or reporting obligations.
Once your data is no longer required, it is securely deleted or anonymised.
11. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal or regulatory requirements or in our operations. The most recent version will always be published on our website.Last updated: 22/4/25