The protection of your privacy when processing personal data is an important concern for us. The following apply to the online offer of www.workersparty.ie (“Online Offer”).
Details of the responsible “responsible person” is
The Workers’ Party of Ireland
8 New Cabra Road, Dublin 7, Ireland
01 874 0716
hereinafter referred to as “The Workers’ Party“ or “we” or “us”.
The Workers’ Party proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with the statutory provisions of the Irish Data Protection Act 2018 and in line with Regulation (EU) 2016/679 (General Data Protection Regulation).
The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures The Workers’ Party takes to protect your data and how you can exercise your rights.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Automated decision-making and profiling (Art.22 GDPR)
We do not use automation for decision-making and profiling
Children Data (Art.8 GDPR)
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.
Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint: If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
How Can You Exercise Your Rights?
If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you (Article 15 of the GDPR).
In addition, you have the right to rectification (Art.16 GDPR), deletion (Art.17 GDPR), restriction of processing (Art.18 GDPR) and objection (Art.21 GDPR) and data portability (Art.20 GDPR) if the legal requirements are met.
In all these cases, please contact our Data Protection Manager.
Finally, you have the right to lodge a complaint with a competent data protection supervisory authority (Art.77 GDPR).
The Supervisory Authority
The Data Protection Commission (DPC) in Ireland is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the DPC (www.dataprotection.ie/). We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
What are the relevant legal bases for processing your data?
In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a GDPR)
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b GDPR)
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)
Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. c GDPR)
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights. (Art. 6 para. 1 lit. d GDPR)
What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer as well as our business partners.
Online presences in social media
We maintain online presences in social networks and platforms on the basis of our legitimate interests within the meaning of Article 6 lit. f) GDPR and in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
How personal data is collected
We collect personal data in the following ways:
- direct interactions you may provide personal data when you complete online forms, request services, subscribe to our services, create a membership or otherwise or correspond with us (by post, phone or email)
- automated technology we automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, [server logs] and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.
- publicly available sources we may collect personal data from publicly availably sources such as the Electoral Register.
- third parties we may receive personal data from: (a) analytics providers such as Google our suppliers such as our payment providers when you donate, website support and maintenance providers.
When you visit our website
When you visit our website, our web servers save the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalised evaluation of this data does not take place.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- Amount of data transferred
- Collection, processing and use of your personal data
We send newsletters, e-mails and other electronic notifications with promotional information and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our competitions, offers, promotions and The Workers’ Party. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The legal basis for the storage is Art. 6 Para. 1 lit. a) GDPR.
If you contact us the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. f) GDPR to process your request. Your data provided will not be used for any other purposes, in particular not for advertising.
The Workers’ Party collects personal data from donors and interested parties that is required for the purposes of fundraising and donation administration or for processing queries. Your data during an online donation via PayPal are transmitted via the SSL encrypted system (SSL, 128 bit), so that the subsequent decryption of the data is also impossible. This ensures maximum security. We guarantee that your data will be handled with care.
The data you give us when you apply online for membership of the The Workers’ Party or which we learn from you in the course of your membership will be processed in accordance with the above mentioned data protection guidelines.
Registration on our website
When you register to become a members, some personal data is collected, such as name, address, contact and communication data (e.g. telephone number and e-mail address). If you are registered with us, you can access content and services that we only offer to registered users.
The data entered during registration is processed on the basis of the user’s consent (Art. 6 para. 1 lit. a GDPR). If the registration serves the fulfilment of a contract to which the data subject is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
Recipients of the data are technical service providers who act as order processors for the operation and maintenance of our website.
Data is only processed in this context as long as the corresponding consent is given. Afterwards, they are deleted, provided that there are no legal retention obligations to the contrary.
The provision of your personal data is voluntary, based solely on your consent. Without the provision of your personal data, we cannot grant you access to our content and services for registered users.
Type and purpose of processing: In order to carry out campaigns, the data provided by the participant are processed (in particular surname and first name, postcode,e-mail address). The purposes of the processing are the implementation of campaigns for the formation of political opinion and the further topic-related political information of the participant by e-mail.The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR (consent).
Recipients of the data may be technical service providers who act as order processors for us. The necessary order processing contracts have been concluded for this purpose. Data will not be passed on to third parties.
The participant data provided will be stored until revoked. The participant can revoke consent to the storage of personal data and its use for sending further political information at any time with effect for the future. A link to this effect is included in every e-mail sent for information purposes. The revocation can also be made by contacting our Data Protection Manager.
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection policy is constantly being revised. Please ensure that you have the latest version.
Access to your Data
Please contact us at any time if you would like to find out what personal data we are storing about you or if you would like to have it corrected or deleted. Furthermore, you have the right to restrict processing (Art. 18 GDPR), the right to object to processing (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). In these cases, please contact us directly.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above mentioned providers name or contact us directly.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our obligations, administrative tasks and duties efficiently and effectively).
If we commission third parties to process data on the basis of a so-called “processing agreement”, this is done on the basis of Art. 28 GDPR.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR), content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (WordPress and Hetzner). The personal data collected on this website is stored on WordPress and Hetzner’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
WordPress and Hetzner is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.
WordPress and Hetzner will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Social Media Functions and Widgets
Within our online offer, functions and widgets of social media platform and networks are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to the relevant social media platform or network. The function or widget then transmits log data to the relevant social media platform or network. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of the relevant social media platform or network,as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer we use Google Analytics. The information generated about the use of the website by the user is usually transferred to Google and stored there.
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server shortened there.
The IP address transmitted by the user’s browser will not be merged with other data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer.
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy . Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
Data Protection Manager
The Workers’ Party `s Data Protection Officer (DPO) is Richard O’Hara and can be reached at firstname.lastname@example.org