Privacy Statement

Who we are

NOVAS is a registered charity and Approved Housing Body working with families and single adults who are disadvantaged and socially excluded; primarily those who are homeless or at risk of being homeless. We provide a range of services and accommodation for marginalised households throughout Ireland. We offer bespoke, client-centred services, based on empirical evidence of more than 20 years’ experience of working with people who are homeless in Ireland. We believe everyone is entitled to a home.

About this Privacy Statement

The purpose of this statement is to outline how NOVAS complies with the General Data Protection Regulation and what steps we take to protect your rights and freedoms when managing your personal data. In addition, this notice states how we process your personal data, what data is collected, why it is collected, with whom it is shared, where it is stored, and how long it is retained.

Contact Details

If you have any queries in relation to this notice or our processing of personal data you can contact us by writing to, emailing or phoning our head office:

NOVAS

87 O’Connell Street,  Limerick, V94 XN1                                                

Phone: (061) 370325     Mail: info@novas.ie

You can also contact our Data Protection Officer using the above details or at: dpo@novas.ie

Personal Data we Process

 We process the personal data you provide to us for the following purposes:

  • To process your donations
  • To send you marketing information based on your preferences.
  • To inform you of:
    • Campaigns
    • Fundraising events
    • Advocacy work
    • Conferences
  • To process your job application.
  • To administer your HR file if you are an employee.
  • To administer your data if you are a client or tenant.
  • To respond to your queries, complaints, and information requests.

NOVAS processes your personal data on one or more of the following grounds:

  • Where you have given consent, which can also be withdrawn by you.
  • Where it is necessary to protect someone’s life or health.
  • Where we are required to comply with a legal obligation.
  • Where it is a legitimate activity of NOVAS’s daily functions.
  • When it is for the purpose of public health or an official function.
  • If we are required to defend ourselves in a legal claim.

Special Categories of Personal Data

Under GDPR certain data is considered ‘special’ and requires a greater level of security due to the potential impact on you and your rights if it were to be disclosed. Special categories of data include:

  • Your sexual orientation
  • Your religious beliefs
  • Your political opinions
  • Your health data
  • Your racial or ethnic origin

We do not process ‘special’ categories of data unless one of the following GDPR exemptions apply.

  • You consent.
  • It is within our Legitimate interest to do so.
  • The data has been made public by you.

Profiling and Automated Decision Making 

You have the right to not be the subject of a decision based solely on automated processing or profiling. NOVAS does not use any automated decision-making processes.

Data Sharing

Data Processors

NOVAS uses services and systems provided by third parties to conduct our daily business activities. Third party vendors are required under GDPR to protect your personal data and take appropriate security measures. Further, they process data on our behalf and can’t use it for their own purposes.

NOVAS contracts data processors for the following functions.

  • External IT Support
  • Microsoft Office & Cloud Services
  • CRM system, Salesforce
  • Payment platforms for donations
  • Fundraising platforms
  • Social Media platforms
  • Accounting system for processing financial data
  • Payroll System for processing wages
  • Legal Services
  • Insurers

Who we share data with

 NOVAS are required to disclose data to third parties who have a statutory footing or in some cases institutions who are not processing data on our behalf. Categories include:

  • Tax authorities
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)
  • Standards bodies
  • Statutory bodies
  • Legal representatives
  • Insurers
  • Financial Institutions

International transfers outside the EU

Some third-party providers may process your data outside of the European Union (EU) or the European Economic Area (EEA). Where data is transferred outside of the EU/EEA there are two processes that ensure your personal data is safeguarded.

Adequacy Decision

 An adequacy decision is a formal decision by the EU Commission that recognises another country provides an equivalent level of protection to personal data as GDPR.

Standard Contractual Clauses

 Standard contractual clauses are contractual terms and conditions that the sender and receiver of personal data sign up to and ensure the data protection rights of the individual are upheld.

How long do we keep your data

NOVAS keeps data for a specified period and when it is no longer needed, it will be securely deleted. Retention periods may be determined by a statutory obligation to keep records. For a full list of our retention schedule please contact dpo@novas.ie and request of a copy of our NOVAS ORG06 Data Protection Policy.

Your Rights

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right to be informed: How your personal data is being collected, stored, and shared.
  • Right to Access: Your personal data held by NOVAS through a subject access request.
  • Right to Rectification: You can request the correction of inaccurate or incomplete data.
  • Right to Erasure: You can request the deletion of your personal data when it is no longer needed for the purpose it was collected, or if the legal basis for collecting the data was through consent and you withdraw it.
  • Right to Restrict Processing: You can request a restriction of our processing if you believe it is inaccurate or unlawful, but you oppose erasure.
  • Right to Data Portability: You can request a copy of your personal data in a commonly used format to transfer to another controller.
  • Right to Object: You can object to the processing of your personal data based on legitimate interest or direct marketing.
  • Right Not to Be Subject to Automated Decision-Making: You have the right to not be subject to decisions based solely on automated processing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time if processing is based on consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Data Protection Commissioner if you believe your rights have been violated.

Complaints

If you feel that NOVAS has not upheld your rights, or you are not satisfied with our processing of your personal data you can try to resolve the issue by:

  • Contacting the person in the organisation that you feel has not upheld your rights and asking them to resolve the issue.

Or you can

Or you can

  • Make a complaint to the Data Protection Commissioner (DPC) who is the regulator for data protection in Ireland. If you wish to complain to the DPC, you can access their contact details here: https://www.dataprotection.ie/en