The data protection acts to which Donegal Sports Partnership is subject are the Data Protection Acts of 1988 and 2003 together with the Data Protection Act 2018 which gives further effect under Irish law to the GDPR and enactment of the Law Enforcement Directive [EC/2016/680].
In undertaking the business and activities of Donegal Sports Partnership, we create, gather, store and process personal data on a variety of data subjects including beneficiaries, clients, staff, volunteers, donors, suppliers and members of the public. The Company’s use of personal data ranges from client enquiries, CCTV footage, financial transactions with customers, donors and suppliers through to the processing of beneficiary and client data throughout their journey and interactions with The Company. As The Company processes the personal data of staff, volunteers, beneficiaries and other individuals, it is defined as a Data Controller for the purposes of the GDPR.
Purpose of Policy
This Data Protection Policy sets out the responsibilities of The Company, its staff, volunteers, contractors, agents and third parties associated with The Company with respect to compliance with the GDPR and data protection acts. This policy and its associated policies and procedures, forms the framework from which staff, volunteers, contractors and associated third parties should operate to ensure compliance with the GDPR and data protection legislation.
Scope
The policy applies to all staff, volunteers, contractors, agents and third parties associated with The Company, and all items of personal data that are created, collected, stored and/or processed through any activity of The Company, across all its services, programmes and departments. Unless specifically stated otherwise, personal data and sensitive data will be referred to equally as personal data in this policy.
Data Protection Principles
The Company is required to adhere to the data protection principles as set out in Article 5 of the GDPR, meaning that information must be collected and used fairly, stored safely and not shared with any other person unlawfully. The data protection principles are set out in sections 4.1 to 4.7 inclusive.