Privacy Statement
The Stop Climate Chaos (SCC) Website
This statement relates to our privacy practices in connection with this website. We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identifiable as such.
Stop Climate Chaos is committed to keeping your data safe.
We will only store and process your personal data in accordance with the relevant Irish and EU data protection legislation (including the General Date Protection Regulation - GDPR - you may have heard of recently).
You can opt-out of any communications you are getting from us at any time.
You can make a request about your data at any time using this form.
Our full data protection policy follows below (PDF here).
Our full data protection policy follows below.
Stop Climate Chaos Ireland - Data Protection Policy
Introduction
This document provides a concise policy regarding the data protection practices of Stop Climate Chaos and is part of our commitment to data protection by design and default.
Stop Climate Chaos is a data controller with reference to the personal data which it manages, processes and stores.
Stop Climate Chaos commitment to data protection
Stop Climate Chaos is committed to keeping personal data safe, in particular are committed to privacy and data protection in respect of the rights of data subjects. Stop Climate Chaos is committed to retaining transparency and accountability in data use and management.
Purpose of this Policy
As a data controller, Stop Climate Chaos and its staff (hereafter referred-to collectively as Stop Climate Chaos) must comply with the data protection Principles set out in the relevant Irish and EU legislation.
This Policy applies to all personal data collected, processed and stored by Stop Climate Chaos in the course of its activities. This Policy is designed to ensure Stop Climate Chaos’ compliance with the following legislation:
- The European General Data Protection Regulation (GDPR)
- The EU Electronic Communications Regulations (2011)
The GDPR confers rights on individuals as well as additional responsibilities on those persons and organizations processing personal data and Stop Climate Chaos will ensure that all policies and activities are done in compliance with this legislation.
Definitions
For the purpose of this Policy:
'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
'Controller' means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;
'Processor' means a natural or legal person, which processes personal data on behalf of the controller;
'Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
'Supervisory authority' means the Irish Data Protection Commissioner, as an independent public authority established by Ireland pursuant to Article 51 of the GDPR.
Stop Climate Chaos’ use of personal data
Stop Climate Chaos, as a data controller, collects, processes and stores significant volumes of personal and sensitive personal data on an ongoing basis.
Stop Climate Chaos collects data about its staff, volunteers, partners and programme participants who come into contact with the organisation through our campaigning work. We process personal data for the following reasons:
- The organization and facilitation of campaign actions
- The operations, monitoring and evaluation of our work, including outreach, public campaigning, advocacy, and communications work
- The recruitment, management and payment of staff and contractors
- Ensuring the security of staff and premises
- Compliance with statutory obligations
- The operations, monitoring and evaluation of our work, including outreach, public campaigning, advocacy, and communications work
- Keeping in touch with supporters and informing them of upcoming events and campaigns
Stop Climate Chaos may also contract other companies to act as data processors for the personal data collected by Stop Climate Chaos. In such cases we will satisfy ourselves they have GDPR-compliant data protection policies in place.
This Policy applies to all data collected, both manually and automated, held by Stop Climate Chaos. This includes electronic and paper records.
Ownership
The Data Protection Policy is maintained by the secretariat of the Stop Climate Chaos Coalition and is approved by the Stop Climate Chaos Data Protection Committee. Further comments or questions on the content of this Policy should be directed to that committee. Any material changes to this Policy will require approval by the Data Protection Committee.
Employers
In its role as an employer, Stop Climate Chaos may keep information relating to staff members to ensure its compliance with employment law.
Stop Climate Chaos will ensure that all staff members receive awareness raising and training on data protection.
Failure of Stop Climate Chaos to ensure staff are processing personal data in compliance with this Policy may result in disciplinary proceedings.
The Data Protection Principles
The following key Principles are enshrined in EU legislation and are fundamental to Stop Climate Chaos’ Data Protection Policy.
In its capacity as data controller, Stop Climate Chaos ensures that all data shall:
- Be obtained and processed fairly and lawfully
Stop Climate Chaos will only processes personal data in line with one of the lawful bases enshrined in Article 7 of the GDPR. Stop Climate Chaos will fulfil its obligation in this regard by ensuring that:
- Where possible, the informed consent of the data subject will be sought before their data is processed. Stop Climate Chaos will ensure that the request for consent is presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Stop Climate Chaos will also ensure that the data subject is made aware of his or her right to withdraw his or her consent at any time
- Where it is not possible to seek consent, Stop Climate Chaos will ensure that collection of the data is justified under one of the other lawful processing conditions listed in Article 7 of the GDPR (compliance with legal obligation, contractual necessity, vital interests of data subject, public interest, or the legitimate interests of the data controller);
- Where the data processed by Stop Climate Chaos can be considered sensitive personal data, as defined in Article 9 of the GDPR, Stop Climate Chaos will not collect, process and store such data, unless permissible under the exemptions listed in Article 2 (a-j) of the GDPR;
- Where Stop Climate Chaos intends to record activity on CCTV or video, a Fair Processing Notice will be posted in full view, prior to the recording and purpose, storage and the conditions for viewing the data will be laid out clearly and communicated to staff;
- Processing of the personal data will be carried out only as part of Stop Climate Chaos’ lawful activities, and it will safeguard the rights and freedoms of the data subject;
- The data subject’s personal data will not be disclosed to a third party other than to a party contracted by Stop Climate Chaos and operating on its behalf, or where Stop Climate Chaos is required to do so by law.
- Be obtained only for one or more specified, legitimate purposes
Stop Climate Chaos will obtain data for purposes which are specific, lawful and clearly stated. A data subject will have the right to question the purpose(s) for which Stop Climate Chaos holds their data, and Stop Climate Chaos will be able to clearly state that purpose or purposes.
- Not be further processed in a manner incompatible with the specified purpose(s)
Any use of the data by Stop Climate Chaos will be compatible with the purposes for which the data was acquired and Stop Climate Chaos take steps to ensure that no personal data will be further processed in a manner that is incompatible with those purposes in line with the principles laid down in Article 5 of the GDPR.
- Be adequate, relevant and not excessive in relation to the purpose(s) for which the data were collected and processed
Stop Climate Chaos will ensure that the data it processes in relation to data subjects is adequate, relevant and limited to what is necessary in relation to the purposes for which the data is collected, in line with the principles laid down in Article 5 of the GDPR. Data which is not relevant to such processing will not be acquired or maintained, in line with the principle of data minimisation.
- Be kept accurate, complete and up-to-date where necessary
Stop Climate Chaos shall endeavour to keep the personal data it controls as accurate and up-to-date as possible, in line with the principles laid down in Article 5 of the GDPR, and to correct any inaccuracies as soon as they are discovered.
- Not be kept for longer than is necessary to satisfy the specified purpose(s)
Stop Climate Chaos will ensure that personal data is not kept for longer than is necessary for the purpose for which the data is processed, in line with the principles laid down in Article 5 of the GDPR.
To fulfil this commitment, Stop Climate Chaos has developed a schedule with retention periods for the categories of personal data processed by the organization.
Once the respective retention period has elapsed, Stop Climate Chaos undertakes to destroy, erase or otherwise put this data beyond use, save for limited personal data which may be stored for longer periods solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in line with Article 5 of the GDPR.
- Be kept safe and secure
Stop Climate Chaos will ensure that the personal data it collects will be protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
In the event of a data breach likely to result in a risk to the rights and freedoms of the data subject or other persons, Stop Climate Chaos will notify the Irish Data Protection Commissioner without undue delay and, where feasible, within 72 hours after having become aware of the breach, in line with Article 33 of the GDPR.
In the event of a data security breach affecting the personal data being processed on behalf of the data controller, the relevant third party processor will notify the data controller without undue delay.
Data subject rights:
A ‘data subject’ is any person whose data we process and store.
Clear and easily accessible communication
Stop Climate Chaos will take appropriate measures to ensure any and all communication with a data subject is conducted in a concise, transparent, intelligible and easily accessible from, using clear and plain language that is easy for the data subject to understand.
Information provided to data subjects
Stop Climate Chaos will ensure that all data subjects will be made aware, at the time their data is being collected, of:
- The identity of the data controller (Stop Climate Chaos);
- The purpose(s) for which the data is being processed;
- The legitimate interests pursued by the controller (if processing is based on Article 6 (1)(f) of the GDPR)
- The person(s) to whom the data may be disclosed by the data controller;
- Any other information that is necessary so that the processing may be considered fair.
Right of access by data subjects
Upon receipt of a valid, formal request by a data subject in relation to the personal data held by Stop Climate Chaos which relates to them, Stop Climate Chaos will provide the data subject with the following information, free of charge, in line with Article 15 of the GDPR:
- The basis on which the data was obtained.
- The purposes for processing the data.
- The categories of personal data concerned.
- To whom the data has been or will be disclosed.
- Whether the data has been or will be transferred outside of the EU.
- The period for which the data will be stored, or the criteria to be used to determine retention periods.
- Information about the right to make a complaint to the Irish Data Protection Commissioner.
- Information about the right to request rectification or deletion of the data.
- Whether the individual has been subject to automated decision making.
Stop Climate Chaos will ensure that all subject access requests receive a response within 30 days. Further details can be found in the Stop Climate Chaos Subject Access Request Policy.
Right to rectification and the right to be forgotten
As covered above in point 5 of this Policy, Stop Climate Chaos has put in place processes to ensure the accurate nature of the personal data it collects. However, in the event that a data subject submits a valid request for correction or completion of incorrect or incomplete data, Stop Climate Chaos will ensure that any such data will be rectified or completed without undue delay, in line with Article 16 of the GDPR, and that the data subject is informed of the correct or completion of data.
Stop Climate Chaos will ensure that, upon request of the data subject, and where one of the specific grounds listed in Article 17 of the GDPR applies, all personal data related to the data subject in question is erased without undue delay, and that the data subject is informed of the erasure.
The right to restriction of processing and the right to object
Stop Climate Chaos will put in place processes that ensure respect for a data subject’s right to object or have restriction put in place against processing of their data. Friend of the Earth will ensure these processes comply fully with Articles 19 and 21 of the GDPR.
Review
This Policy will be reviewed at least annually by the Stop Climate Chaos Data Protection Committee to ensure alignment to appropriate risk management requirements and its continued relevance to current and planned operations, or legal developments and legislative obligations.
Supervisory authority
Stop Climate Chaos’ headquarters is in Ireland. Should you wish to contact the relevant supervisory authority in relation to a data protection issue involving Stop Climate Chaos, you should contact:
The Irish Data Protection Commissioner
Telephone | +353 57 8684800 +353 (0)761 104 800 |
Fax | +353 57 868 4757 |
Postal Address | Data Protection Commissioner Canal House Station Road Portarlington |
Dublin Office | 21 Fitzwilliam Square Dublin 2 D02 RD28 Ireland. |
Portarlington Office | Canal House Station Road Portarlington R32 AP23 Co. Laois |
Data Protection Committee contact details:
The Data Protection Policy is maintained by the Stop Climate Chaos Data Protection Committee.
Meaghan Carmody – Mobilisation Coordinator
Email: meaghan@stopclimatechaos.ie, info@stopclimatechaos.ie
Phone: 01-6394653
Requests regarding data supplied via this website
On request, we supply copies of your personal data which you may have supplied via this website. If you wish to obtain such copies, you must send an email to SCC at info@stopclimatechaos.ie. You should include any personal identifiers which you supplied earlier via the website (e.g. Name; address; phone number; e-mail address). Your request will be dealt with as soon as possible and will take not more than 40 days to process.
Collection and use of technical information
Like most websites SCC site uses cookies to help make the site better. We provide detailed information on our use of cookies on our Cookie Policy web page.
Glossary of technical terms used
- web browser - The piece of software you use to read web pages. Examples are Google Chrome, Firefox, Microsoft Internet Explorer, Safari and Opera.
- IP address - The identifying details for your computer (or your internet company's computer), expressed in "internet protocol" code (for example 192.168.72.34). Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.
- cookies - Small pieces of information, stored in simple text files, placed on your computer by a web site. Cookies can be read by the web site on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the web site can "remember" you on your return visit. Generally speaking, cookies do not contain personal information from which you can be identified, unless you have furnished such information to the web site.