This policy is relevant to the spunout (Community Creations CLG) service Text About It. Community Creations is undergoing a rebrand which will result in a name change to spunout. Once the legal name change has taken place this policy will be updated. 50808 and spunout.ie are currently trading names of Community Creations CLG.
Text About It Volunteer Privacy Policy
Last updated: 28th June 2023
Text About It is a free, anonymous, 24/7 messaging service providing everything from a calming chat to immediate support for mental health and emotional wellbeing.
Text About It is a project of spunout, and is funded by the Health Service Executive (HSE). spunout is a registered charity in Ireland: our registered charity number is 20057923.
spunout is a Data Controller, and pursuant to the terms of a license agreement and standard contractual clauses agreements with its technology vendor Crisis Text Line, Crisis Text Line serves as a Data Controller and Data Processor for aspects of the data discussed herein, as defined in the General Data Protection Regulation (GDPR).
We will process the personal information you provide for our legitimate charitable interests and to enhance the experience of our volunteers. This includes contacting you about relevant volunteering opportunities, news and events.
In brief
We respect your personal data and store it securely.
We will never sell your personal data.
We will remove your data if you ask us to.
We will use your data to maintain contact with you, in order to facilitate your volunteering work with us
We may send you content we think is relevant or interesting to you but you can unsubscribe or change your contact preferences at anytime.
We may use your data to contact you about information you request or to allow you to access our services.
What is the purpose of this document?
We collect and process personal information about you during and after your relationship with us in order to manage that relationship. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).
What personal information do we collect and how is it used?
Personal information means any information about an individual from which that person can be identified. The information that we collect includes details such as your name, email address, physical address, postal code. The information does not include data where the identity has been removed (anonymous data).
Please view below for a list of the purposes for which we use your personal data:
| Data We Collect | What we use it for | Legal basis for processing |
| Names, addresses, telephone numbers, email addresses | To contact you to discuss volunteering opportunities or to keep you updated on our services or activities and events; to record your location in order to understand where our volunteers come from | Justified on the basis of legitimate interest in ensuring the proper functioning of our business operations and ensuring proper communication and emergency handling.
Your consent. |
| Curriculum Vitae or other profiles | To assess and determine your skills, experience and interests in order to assess your suitability for volunteering opportunities or specific projects | Justified on the basis of legitimate interest in ensuring the recruitment of appropriate volunteers.
Your consent. |
| Demographics | To capture information which will help us to identify the demographics most interested in volunteering to assist future marketing campaigns
To capture demographic information to ensure a broadly diverse volunteer population and to seek to rectify any under-representation of particular demographics amongst our volunteer population to help us better understand and serve diverse members of the public who reach out to our services. |
Justified on the basis of legitimate interest in ensuring the proper functioning of business operations.
Your consent. |
| Information gathered from business and social media sources in the public domain, e.g. LinkedIn, Facebook | To build a picture of your skills, experience and interests in order to assess your suitability for volunteering projects | Justified on the basis of legitimate interest in ensuring the recruitment of appropriate volunteers.
Your consent. |
| References and garda vetting information | To assess your suitability for volunteering with us, and for being utilised on specific projects | Necessary for the compliance with a legal obligation.
Justified on the basis of legitimate interest in ensuring the recruitment of appropriate volunteers. Your consent. |
| Information on special requirements, health or medical conditions | To assess your suitability for volunteering with us, and for being utilised on specific projects; to carry out our legal duties (e.g. to ensure health and safety) | Justified on the basis of legitimate interest in ensuring the recruitment of appropriate volunteers.
Necessary for the compliance with a legal obligation. Your consent. |
| Information related to availability and the reasons for periods of unavailability | To assess your suitability for volunteering with us, and for being utilised on specific projects | Justified on the basis of legitimate interest in ensuring the proper functioning of business operations.
Your consent. |
| IP Addresses | As an extra cybersecurity measure, we may log the IP address of the computer used to email us a contact form as part of our registration process. This type of data does not normally identify an individual in Ireland. | Justified on the basis of legitimate interest in ensuring the proper functioning of business operations.
Your consent. |
| Content of Volunteers’ conversations arising out of or concerning the services | To monitor the quality of the service provided to texters, to support Volunteers in the execution of their role, and to analyse trends and operational considerations for the improvement of the service. | Justified on the basis of legitimate interest in ensuring the proper functioning of our business operations and ensuring proper communication and emergency handling.
Your consent. |
Overview of the legal basis for each such purpose.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. If you fail to provide certain information when requested, we may not be able to register you for volunteering opportunities, or we may be prevented from meeting our legal obligations (such as to ensure your health and safety).
Where we rely on our legitimate interests for a given purpose, we provide (i) the transparency we provide on the processing activity, (ii) our regular privacy reviews and (iii) the rights you have in relation to the processing activity.
We will process your personal data for the purposes and on the legal bases outlined above. To the extent that prior consent is mandatory under applicable laws, processing of your data will be subject to obtaining your prior consent.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
How we use particularly sensitive personal information
We will take extra precautions to safeguard any sensitive personal information we process on your behalf. Sensitive personal information can include information on your health, ethnic origin, political opinions, sexual orientation or religious beliefs.
Except for certain information that is required by law, your decision to provide any personal data to us is entirely voluntary.
We will ask you for your express consent to allow us to process sensitive personal information. We will only process this sensitive personal information to process or evaluate your application, for training, quality monitoring, evaluating the services we provide and that allow us to understand the background and experience of our volunteers. We also ask about your experiences of mental health and related services. This is to allow us to reasonably consider whether working with people in crisis might be likely to cause you (or the members of the public that we serve) physical or emotional harm.
You should carefully consider whether you wish to consent to us collecting, processing, and storing this data.
How is your personal information collected?
We collect information through our volunteer registration process, either directly from you or the references you will be asked to provide. We may sometimes collect additional information from third parties including internet, media, and social media searches such as LinkedIn. We may collect personal information in the course of volunteering activities throughout the period of you volunteering for us.
Legal basis for processing our personal data
We will process your personal data on any or all the following grounds
Your consent - where processing is based on your consent, you have the right to withdraw that consent
Where it is necessary for the performance of a contract;
Where it is necessary for compliance with a legal obligation to which we are subject;
Where it is in our legitimate charitable interests
Automated Decision Making
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Who has access to your data?
Your information may be shared internally, including with staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.
We share your data with carefully selected third parties, including third-party service providers, including but not limited to those providers used in connection with supporting our CRM system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to an individual. In providing the Service we are supported by contractors and Licensor who are based in the United States. In order to provide support, in some cases they may have to access material which includes our volunteer personal data. We will not transfer personal data outside the EU/EEA without your permission nor without appropriate assurances on the adequacy of data privacy protection commitments.
We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the EU/EEA. It may also be processed by staff operating outside the EU/EEA who work for us, Licensor, or for one of our third party suppliers. In order to safeguard your information we will make any such transfers in strict compliance with data protection legislation with all appropriate contractual arrangements
Privacy Shield, Binding Corporate Rules, or Model Contracts) will be in place. By submitting your personal data for such purposes, you agree to this transfer, storing or processing. We will take all reasonable steps necessary to ensure that your personal data is processed securely and in accordance with this Privacy Policy.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Data Security
We take the security of your data seriously. We have internal policies and controls in place to reasonably ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. We implement appropriate network access controls, user permissions and encryption to protect data.
When we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data Retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our retention policy which is available from the person responsible for data protection.
Your legal rights
As a data subject, you have a number of rights, details of which can be found at https://www.dataprotection.ie/en/individuals/rights-individuals-under-general-data-protection-regulation
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Once confirmed, we will no longer process your information for the purpose you originally agreed to, unless we have another legitimate basis for doing so in law.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Data Protection Commissioner.
Accessing your data
As a matter of course, you will not have to pay a fee to access your personal information. However, if we think that your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request.
We may need to confirm your identity or ensure your right to exercise your legal rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
For queries and further Information, Community Creations CLG, registered address Sean MacBride House, 48 Fleet St, Temple Bar, Dublin, D02 T883, is the Data Controller. For any queries, please contact the Data Protection Officer at dpo@spunout.ie