1. Introduction: Who We Are
This section introduces Timebank Ireland and our commitment to your privacy. We are the Data Controller for your information, meaning we are responsible for it.
Who We Are
This policy is for hOUR Timebank CLG T/A Timebank Ireland. We are a registered national charity in Ireland.
Our Contact Details
Address: 21 Páirc Goodman, Skibbereen, Co. Cork, P81 AK26
Email: [email protected]
Our Commitment
Your privacy is at the core of our mission. This policy explains what data we collect, why, and how you can control it. We are governed by the GDPR and Ireland’s Data Protection Act 2018.
Digital Age of Consent: Our services are for individuals aged 16 and over.
2. The Personal Data We Collect
We collect information in three ways: data you provide, data from your activity, and technical data. This section details the specific types of data we process.
Member Profile Data
Your name, email address, phone number, and general location (e.g., county or town).
Timebanking Data
The skills you offer (e.g., “Gardening”) and the services you request (e.g., “Help with shopping”).
Transaction Data
A record of your time swaps, hours you give, and hours you receive.
Communications Data
Any emails or messages you send to us or to other members through our platform.
Special Category (Sensitive) Data
We recognise that to support our mission, members may need to share information about their health, accessibility needs, or other sensitive personal circumstances.
You do not have to provide this information. If you choose to, we will only process it with your explicit consent, which we will ask for separately. This data is used only to help match you with a suitable service or volunteer. You can withdraw this specific consent at any time.
3. How We Use Your Data and Our Legal Basis
We must have a valid legal reason (“lawful basis”) for using your data. This table outlines why we use your data and our legal justification for each activity.
| Our Purpose (Why we do this) | Personal Data We Use | Our Lawful Basis (Our legal justification) |
|---|---|---|
| To register you as a member and create your account. | Member Profile Data (Name, Email, Contact Details). | Performance of a Contract: We need this data to create your account. |
| To facilitate your time swaps (i.e., connect you with other members). | Member Profile Data, Timebanking Data. | Performance of a Contract: The core service you requested. |
| To manage your time credits and record exchanges. | Transaction Data (Hours given/received). | Performance of a Contract: To ensure the system is fair and accurate. |
| To communicate with you about your account and essential service updates. | Member Profile Data (Email, Phone). | Performance of a Contract: To send notifications about swap requests, etc. |
| To provide specific community support (where requested). | Special Category Data (e.g., health information). | Explicit Consent (Article 9): We only process this if you explicitly agree. |
| To send you our community newsletter and stories. | Member Profile Data (Name, Email). | Legitimate Interest: To build community. You can opt-out. |
| To improve our service and report on social impact. | Anonymised and aggregated Data. | Legitimate Interest: To measure our impact. This cannot identify you. |
| To comply with legal obligations (e.g., charity laws). | Financial records, safeguarding records. | Legal Obligation: We are required by Irish law to keep certain records. |
| To keep our platform secure and prevent fraud. | Technical Data (IP Address, logs). | Legitimate Interest: To protect our service and members. |
4. Who We Share Your Data With
We will never sell your data. This section explains the limited circumstances in which we share it.
Other Timebank Members
The essential function of our service. When you agree to a swap, we will share your name, relevant skills, and necessary contact details with that member so you can arrange the exchange.
Our Service Providers (Data Processors)
We use trusted partners to operate our service. They are bound by legal agreements to keep your data safe. They include:
- Microsoft Azure
- Gmail and MailChimp
- Google Analytics
Legal and Safeguarding Obligations
We may be required to disclose your information to comply with a legal obligation, or if we have a genuine concern for your safety or the safety of another person (“vital interest”).
International Data Transfers
We store data in the EEA. Some providers (e.g., Google Analytics) may transfer data outside the EEA, but we ensure it is protected by EU-approved legal mechanisms (like SCCs).
7. How Long We Keep Your Data
We only keep your data for as long as we need it. This schedule details how long we keep different types of data and why.
| Type of Data | Retention Period | Reason (Justification) |
|---|---|---|
| Active Member Profile & Swap History | For as long as your account is active. | Performance of a Contract |
| Inactive/Closed Member Account Data | 3 years after account closure. | Legitimate Interest (dispute resolution) |
| Unsuccessful/Incomplete Member Applications | 2 years after application date. | Legitimate Interest (follow-up queries) |
| Special Category (Sensitive) Data | Deleted immediately upon account closure or withdrawal of consent. | Consent (no basis to hold) |
| Anonymised Statistical Data | Indefinitely. | Legitimate Interest (statistical reporting) |
| Financial Records (e.g., donations) | 7 years. | Legal Obligation (Revenue/company law) |
| Safeguarding or Serious Incident Reports | Indefinitely (Permanent). | Legal Obligation / Public Interest |
8. Your Data Protection Rights: Your Control
You have full control over your personal data. This section details your 8 rights under GDPR and how to exercise them.
1. The Right to Be Informed
You have the right to be told how we use your data. This policy is our way of doing that.
2. The Right of Access
You can request a copy of all the personal data we hold about you.
3. The Right to Rectification
If your data is inaccurate or incomplete, you can ask us to correct it (or update it in your account).
4. The Right to Erasure
You can ask us to delete your personal data (unless we have a legal reason to keep it).
5. The Right to Restrict Processing
You can ask us to stop processing your data (but not delete it) in certain circumstances.
6. The Right to Data Portability
You can request a copy of your data in a common, machine-readable format (like a .csv file).
7. The Right to Object
You have the absolute right to object to us using your data for direct marketing (our newsletter).
8. Rights on Automated Decision-Making
We do not use your data for any automated decision-making or profiling.
9. How to Exercise Your Rights & Complain
We hope to resolve any concerns directly, but you have the right to complain to the Data Protection Commission (DPC).
Exercise Your Rights
To make a request regarding your data, please email us at:
[email protected]We will respond within one month, as required by law.
Lodge a Complaint with the DPC
If you are not satisfied, you can contact the Irish supervisory authority:
Website: www.dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.