Privacy Policy

1. Introduction

This is the Privacy Notice for Mental Health First Aid Ireland (“MHFAI”). MHFAI are part of the St John of God Hospitaller Ministries Group (“SJOG Group”). The relevant data controller for the personal data collected by MHFAI is St John of God Hospital Clg., an entity within the SJOG Group.

This Privacy Notice applies to personal data that we collect and process about you when you: 

  • Register to attend or join the waitlist for one of our courses
  • Submit an enquiry on our website or contact us via email, social media, or on the phone
  • Register your interest in a private course 
  • Submit payments to us
  • Subscribe to receive our marketing updates  
  • Interact with us or our posts on social media or community-based discussion forms
  • Attend our courses or events in person or online 
  • Visit our website 
  • Apply for a job vacancy

This Privacy Notice also explains other important information including about how we use your personal data, your rights and how to exercise them. You can contact us using the details available in Section 12 below. 

 

2. Personal Data We Collect

Personal data means any data which can directly or indirectly identify a living individual.  We may collect the following personal data about you:

Personal Identification and Contact Information

  • Identification  Details: your first and last name, your company name. 
  • Contact Details: your business or personal email address, phone number, and address. 

 

Event and Course Participation 

  • Attendance Details: courses attended, waitlisted or completed; confirmation of residency in Ireland and being over 18 years of age. 
  • Dietary Requirements: provided by you, if necessary.

 

Communications, Enquiries and Feedback 

  • Communication Details: information you provide in queries, feedback, or comments via contact forms, email, social media messages, or other means. This may include your identification and contact details, as well as the content of your communications.
  • Registration of Interest Details: information you provide when registering your interest in private courses.

 

Visual Recordings and Media 

Where you attend a training course at our premises or a MHFAI event we may collect:

  • CCTV Recordings: captured when visiting our premises.
  • Event Media: photographs or footage of events or training (with your consent).

 

Payment and Marketing Preferences 

  • Payment Details: payment types, billing addresses, payment status.
  • Marketing Preferences: contact details, preferred method of contact and your interests.

 

Website & Social Media Interaction Data

When you visit our website or social media platforms, we may collect data about you automatically, in particular, if you choose to accept our cookies, such as:  

  • Cookies and Interaction Details: cookies preferences, pages visited, time spent, and technical information like browser type, device, and IP address.
  • Social Media Interactions: if you interact with us via social media, we may collect your username, and any comments you post or images that you choose to share with us. 
  • Promotions and Competitions: if you engage with promotions or competitions through our social media, we will collect relevant contact information and any relevant competition submissions.

 

Careers or Suppliers 

  • Job Application Details: CV, cover letter, role applied for, and related contact information.
  • Supplier Details: name, company name, and related contact information.

 

Personal Data Collected Indirectly 

We may receive personal data about you from indirect sources, for example: 

  • When you are booked onto a course by someone else, on your behalf we may receive Identification, Contact, Attendance and/or Dietary Requirement Details about you from the person booking you in. 
  • When you apply for a job vacancy, we may receive Reference Details about you from your previous employer.

 

3. Purposes For Processing & Legal Bases Relied On

MHFAI collects and uses personal data for the purposes and on the lawful bases as set out below.    

Process

Purpose

Legal Basis

Manage course bookings and waitlists 

To facilitate course registration, manage participant placement, and ensure operational planning and resource allocation.

  • Contractual necessity 
  • Our legitimate interests to ensure efficiency and resources

Manage, schedule and deliver training and events to you 

To register participants, manage attendance, provide course materials and completion certs.

  • Contractual necessity 

Communicate with you about queries, requests, feedback, complaints etc. 

To respond to queries, process feedback, and handle complaints.

  • Our legitimate interests to ensure your queries are answered and your feedback is considered 

Recording phone conversations.

(You will always be informed if your call is being recorded)

To monitor and evaluate our customer service interactions and enhance service quality.

  • Our legitimate interests to ensure good customer service

Manage payments and billing

To process and record payments for courses and events, issue invoices, and track payment status.

  • Contractual necessity

Issue reminders and service updates to registered attendees and clients 

To send notifications about upcoming courses, changes in schedules, or other relevant updates to ensure effective service delivery.

  • Contractual necessity 

Send marketing updates to interested individuals 

To send newsletters and information about upcoming courses you may be interested in attending.

  • Consent 
  • Where applicable, our legitimate interests to keep you updated.

Collect survey responses and feedback 

To gather input from participants and clients to improve services or courses.

  • Our legitimate interests to improve our services.

Carry out competitions and promotions 

To organise, administer and promote competitions or special offers, including participant registration, winner selection, winner announcements, and prize distribution.

  • Consent

Maintain security and safety on our premises 

To monitor our premises using CCTV, ensuring safety and security for all visitors and the premises; and to review footage in the event there is an incident.

  • Our legitimate interests to ensure the safety of our premises and visitors.

Improve our services and websites

To analyse user feedback, interaction data, and other insights to enhance the quality of services, optimise user experiences, and refine website functionality.

  • Our legitimate interest to continuously improve offerings and usability
  • Your consent (where we use cookie data). 

Take photographs at events and use those photographs online, on social media platforms, if you have given permission

To document and promote our events or training sessions.

  • Consent 

Post on social media which might include you if you have given permission

To share updates, events, and news with our followers and to promote our services

  • Consent 

Record keeping and business analytics

To maintain internal records for auditing, reporting, and administrative purposes and to analyse same for business improvement purposes.

  • Contractual necessity
  • Legal obligations
  • Our legitimate interests to maintain records.

Process job applications

To review applications, assess candidates’ qualifications, and manage recruitment for open roles.

  • Pre-contractual necessity; and 
  • Our legitimate interests to identify suitable candidates

 

4. Sharing Personal Data 

To fulfil the purposes described above, from time to time we share your personal data with other trusted entities that assist us in providing our services. These entities may have access to your personal data when necessary to perform their services to us. 

The recipients may include: 

  • Service providers and data processors – we may engage service providers from time to time who assist us to provide our services, for example:
    • Business partner suppliers, including without limitation: IT providers, website hosting providers, CRM database providers, training providers, marketing mail providers, etc.
    • Marketing and advertising companies that assist us or carry out marketing activities on our behalf.
    • Analytics and search engine providers that assist us in the improvement and optimisation of our website and social media platforms.
  • Other entities within the SJOG Group. We may share data with other entities to the extent required for internal administration purposes, management purposes or other business-related purposes.


We may also share personal data with third parties:

  • Who are Professional Advisors – including, without limitation: tax, legal or other or other corporate advisors who provide professional services to us to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm and for risk management purposes.
  • In the case of a legal requirement or legal proceedings – such as in response to a court order or warrant; or where required, to establish, protect or exercise our legal rights, as required to enforce our terms of service or other contracts and to defend against legal claims.
  • In the case of a corporate transaction or reorganisation – personal data may be disclosed to third parties as part of any merger, sale, transfer of our assets, acquisition, bankruptcy, or similar event.  
  • In line with your consent or request – we may disclose your personal data to a third-party where you have provided prior consent or have requested that we do so.  


We do not sell, trade, or rent your personal data to others.

5. International Data Transfers 

In limited circumstances, we may need to transfer your personal data outside of the European Economic Area (EEA). For example, where the recipients of personal data described in Section 4 are located in countries outside of the EEA. 

In such cases, we will ensure that any transfer of your personal data to countries outside the EEA is subject to appropriate safeguards, meaning that your personal data will receive the same level of protection as within the EEA and under the principles set out in this Privacy Notice. We will rely on the following safeguards: 

  • European Commission issued Adequacy Decisions 
  • European Standard Contractual Clauses (“SCCS”) 
  • In limited circumstances, where the transfer is permitted by applicable data protection laws. 

The European SCCs are contractual clauses approved by the European Commission that ensure appropriate data protection safeguards when personal information is transferred outside of the EEA. They can be viewed here.


6. Retention of Personal Data 

The time periods for which we retain your personal data depends on the type of data and the purposes for which we use it. We will keep your data for no longer than is required or permitted. 

To determine the appropriate retention period for personal data, we firstly consider applicable legal requirements or whether any statutory retention periods apply. We also consider the volume, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process the data and whether we can achieve those purposes through other means.   


7. Automated Decision–Making and Profiling

MHFAI does not carry out automated decision making or profiling of individuals. 


8. Our Website & Social Media

Links to Other Sites: Our website contains links to external websites. MHFAI is not responsible for the privacy practices or content of these third-party sites. If you visit one of these sites, we encourage you to review their privacy notices to be informed about their privacy practices.

Cookies: Our website uses cookies. For further information please refer to our Cookie Policy.

User Generated Content on Social Media: MHFAI reserves the right to publish content (e.g., posts, comments, or other submissions) shared on our social media channels at our discretion. Content may remain published for a duration determined by MHFAI and may be removed without prior notice. MHFAI is not responsible for the deletion or failure to store any submitted content.

Information Provision Through Social Media: If you share information with us via social media, we will only use that information to respond to or address your queries or comments and to fulfil the specific purpose for which the information was provided.

We advise against sharing sensitive personal or financial information, such as bank account details, through MHFAI’s social media channels. Any such information shared will not be used or retained by MHFAI, and we cannot guarantee its security on third-party platforms. 

Promotions and Competitions: By participating in MHFAI-hosted promotions, competitions, or similar activities through social media, you acknowledge that:

  • Your personal data will be used solely for conducting and managing the activity.
  • Submitted content (e.g., photos, comments, or competition entries) may be published along with limited identifying information (e.g., name or username).
  • If you are a winner, your name and submission may be shared across MHFAI media channels and/or within the SJOG Group.

Participants can contact MHFAI to inquire about their data usage or request removal of published content.


9. Marketing Messages & Preferences

If you have opted-in to receive marketing communications from MHFAI, we will use the details you provide to us to send you updates on upcoming events, training courses etc., and other areas that might be of interest to you. 

You have the right to ask us to stop processing your personal details for marketing communication purposes and you can ‘opt out’ of receiving marketing updates at any time.

How To Opt-Out: 

  • Simply click the ‘unsubscribe’ button located at the bottom of any email which you receive from us.
  • Alternatively, send us an email, writing “unsubscribe” in the subject heading to DPOHosp@sjog.ie. Please make sure to specify that you wish to unsubscribe from marketing materials from MHFAI to assist us in efficiently opting you out. 

Please note that opting out of marketing messages will not stop service communications, such as reminders about upcoming courses or payments. 

 

10. Your Personal Data Rights

Under the GDPR and Irish Data Protection Act 2018, you have the right to: 

  • Request a copy of and access your personal data.
  • Request us to rectify any inaccurate personal data about you without undue delay. 
  • Request that we erase any personal data we hold about you in circumstances, such as, where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
  • Object to the processing personal data about you, such as, processing for profiling or direct marketing purposes.
  • Ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
  • Request a restriction of the processing of your personal data. 
  • Withdraw your consent where you have previously provided it for certain purposes. Note that this will not affect the lawfulness of the processing prior to your withdrawal. 

You may exercise any of the above rights by contacting the DPO using the details set out at Section 12.

You also have the right to lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie


11. Changes To This Notice

This notice may change from time to time, and any changes will be posted on our site and will be effective when posted. Please review this notice each time you visit our website or use our services. 

This notice was last updated in December 2024.

 

12. How To Contact Us

For Data Protection related queries, our Data Protection Officer can be contacted by:

EmailDPOHosp@sjog.ie

Post: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92

For training or other queries, please contact: MHFAI@sjog.ie 

1. Introduction

Mental Health First Aid Ireland (“MHFAI”, “we”, “us”) is committed to protecting your personal information and respecting your privacy. This policy outlines how we collect, use, store, and safeguard personal data when you engage with our websites, apps, and services.

MHFAI is part of the St John of God Hospitaller Ministries group (“SJOG Group”), which includes affiliated ministries in Ireland, the UK, and overseas.

We encourage you to read this policy carefully to understand how your information is handled.


2. Who We Are

MHFAI is the only licensed provider of Mental Health First Aid training in Ireland. Our mission is to train individuals and organisations to recognise, understand, and respond to mental health difficulties using a practical, skills-based approach.

Our registered office is located at:
Mental Health First Aid Ireland
c/o St John of God University Hospital
Stillorgan, Co. Dublin, Ireland


3. How We Collect Information

We collect personal data when you:

  • Visit or interact with our website or apps
  • Enquire about or book one of our training programmes
  • Sign up to receive communications from us
  • Contact us directly by phone, email, or web form
  • Submit feedback or complete surveys

We may also collect limited usage data through cookies and analytics tools to help us understand website traffic and improve user experience.


4. What Information We Collect

The information we collect may include:

  • Name, email address, phone number, and other contact details
  • Course booking information (e.g. attendance records, course preferences)
  • Feedback or survey responses
  • Technical data such as browser type, IP address, time on site, and navigation patterns (collected via cookies or analytics tools)

5. How We Use Your Information

We only collect and process your data where there is a lawful basis for doing so. These include:

  • Consent: where you have provided clear permission (e.g. for marketing emails)
  • Contract: where processing is necessary to fulfil a booking or request
  • Legal obligation: where we are required to retain records for compliance purposes
  • Legitimate interest: such as improving our services and ensuring website security

Your data may be used to:

  • Register you for MHFAI training
  • Send you course materials or updates
  • Respond to your queries or feedback
  • Improve our services, websites, and communications
  • Comply with legal and regulatory obligations

We do not sell or rent your personal data to third parties.


6. Cookies and Website Analytics

We use cookies to ensure our website functions correctly and to analyse usage patterns. Some cookies are necessary for the operation of our site, while others (e.g. Google Analytics) help us improve user experience.

You can manage your cookie preferences when you first visit our website or at any time thereafter. For more information, please refer to our Cookie Policy.


7. How We Keep Your Data Secure

We take appropriate technical and organisational measures to protect your personal information, including:

  • Secure servers and encrypted communications
  • Access controls and staff training
  • Regular reviews of our data protection policies and procedures

We are committed to handling your data in accordance with Irish law and international standards.


8. Sharing Your Information

Your data may be shared within the SJOG Group where necessary for administrative or technical support purposes, and always in line with applicable data protection laws.

We may also share data with trusted third-party service providers (e.g. cloud hosting, analytics platforms) under strict data processing agreements. These providers are contractually obligated to protect your information and may not use it for any other purpose.

If data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place.


9. Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Rectify incorrect or outdated data
  • Erase your data in certain circumstances
  • Restrict or object to processing
  • Withdraw your consent (where applicable)
  • Lodge a complaint with the Data Protection Commission

If you wish to exercise any of these rights or have a query regarding how your data is handled, please contact our Data Protection Officer:

Email: DPOHosp@sjog.ie
Post:
Data Protection Officer
St John of God University Hospital
Stillorgan, Co. Dublin, A94 FH92


10. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purpose for which it was collected, or to meet our legal, accounting, or reporting obligations.

Once your data is no longer required, it is securely deleted or anonymised.


11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal or regulatory requirements or in our operations. The most recent version will always be published on our website.Last updated: 22/4/25