Terms of Service

Appendix A: hOUR Timebank CLG (T/A Timebank Ireland) Terms of Service

hOUR Timebank CLG (T/A Timebank Ireland) — TERMS OF SERVICE Last Updated: 10/11/2025

Welcome to Timebank Ireland. These Terms of Service (“Terms”) constitute a legally binding agreement between you (“you,” “the Member”) and hOUR Timebank CLG (“the Organisation,” “we,” “us”), a Company Limited by Guarantee registered in Ireland (Company Number: 716638, Registered Charity Number: 20162023)  trading as Timebank Ireland.

By registering as a Member or using our Platform, you agree to comply with and be bound by these Terms. If you do not agree to these Terms, you must not use our services.

1. Definitions

• “Exchange”: An arrangement between two or more Members where a service is provided and Time Credits are transferred.
• “General Member”: A Member who is registered for general, low-risk Exchanges.
• “Member”: An individual who has registered with the Organisation and agreed to these Terms.
• “Organisation”: hOUR Timebank CLG (T/A Timebank Ireland).
• “Platform”: The website, software, and systems provided by the Organisation to facilitate Exchanges.
• “Relevant Work”: As defined by the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012-2016, this means any work or activity, a necessary and regular part of which consists mainly of the person having access to, or contact with, children or vulnerable persons.
• “Time Credit”: The unit of exchange. One hour of service provided earns one Time Credit.
• “Verified Member (Garda Vetted)”: A General Member who has successfully completed the Garda Vetting process through the Organisation and is approved to engage in Relevant Work.
• “Vulnerable Person”: A person (other than a child) who:
  • (a) is suffering from a disorder of the mind, whether as a result of mental illness or dementia, or
  • (b) has an intellectual disability, or
  • (c) is suffering from a physical impairment, whether as a result of injury, illness or age, or
  • (d) has a physical disability,
  • which is of such a nature or degree as to restrict the capacity of the person to guard themselves against harm (whether physical or financial), or to prevent them from being exploited.

2. Our Role and Your Membership

2.1. Our Role: The Organisation acts as a facilitator or “platform.” We provide the means for Members to connect, offer skills, and request services. The Organisation is not a party to any Exchange or agreement between Members. Exchanges are personal arrangements between the Members involved.

2.2. No Employment: Your membership does not create any employment, partnership, agency, or contractor relationship between you and the Organisation. You are not an employee, volunteer of the Organisation, or agent of the Organisation.

2.3. Membership Tiers:

• (a) General Member: Upon registration, you are a General Member. You may participate in general, low-risk Exchanges. You are expressly prohibited from engaging in any Exchange that constitutes “Relevant Work.”
• (b) Verified Member (Garda Vetted): To engage in Relevant Work, you must apply for and be approved as a Verified Member. This requires you to consent to and successfully complete the Garda Vetting (eVetting) process as mandated by Irish law. This status is granted at the sole discretion of the Organisation, subject to a satisfactory vetting disclosure.

3. Member Conduct and Responsibilities

3.1. Good Faith: You agree to act honestly, fairly, and respectfully in all dealings with other Members and the Organisation.

3.2. Your Safety: You are responsible for your own health and safety during any Exchange. You must not put yourself or any other person at risk. You have the right to refuse any Exchange request you feel is unsafe, or that you are not qualified or comfortable to perform.

3.3. Prohibited Conduct: You must not:

• (a) Use the Platform to post any content that is defamatory, obscene, discriminatory, hateful, or promotes illegal activity.
• (b) Harass, abuse, or harm another person.
• (c) Breach any applicable laws or regulations during an Exchange.
• (d) Ask for or accept money, gifts, or tips for a service (Time Credits are the only unit of exchange).
• (e) Misrepresent your skills, qualifications, or your “Verified Member” status.

3.4. Your Insurance: The Organisation’s insurance does not cover your personal activities. You are solely responsible for obtaining and maintaining any insurance appropriate to the services you offer, including but not limited to:

• (a) Motor insurance (if you offer transport/lifts).
• (b) Professional indemnity insurance (if you offer professional advice, e.g., legal, financial, or therapeutic).
• (c) Home insurance (to cover any risks associated with a Member visiting your home).

4. Data Protection and Privacy

4.1. Data Controller: For the purpose of the Data Protection Acts 1988-2018 and the GDPR, hOUR Timebank CLG is the “Data Controller” for the personal data you provide.

4.2. Use of Your Data: We process your personal data in accordance with our Privacy Policy.

4.3. Lawful Basis: We process your data on the following bases:

• (a) To fulfil our contractual agreement with you (i.e., these Terms) to provide the Platform.
• (b) Based on your Consent for marketing or other non-essential processing.
• (c) To comply with a Legal Obligation, specifically our mandatory requirement to conduct Garda Vetting for all “Verified Members” under the National Vetting Bureau Acts.

5. Disclaimer of Warranties

hOUR Timebank CLG makes no representations or warranties about the services provided by Members. We do not guarantee:

• (a) The quality, safety, legality, or suitability of any service offered by a Member.
• (b) The truth or accuracy of a Member’s listings or statements.
• (c) The identity or character of any Member (beyond the statutory Garda Vetting check for “Verified Members” undertaking “Relevant Work”).

You engage with other Members at your own risk. Any background check, such as Garda Vetting, is not a guarantee of a Member’s future conduct.

6. Limitation of Liability

6.1. To the fullest extent permitted by the laws of Ireland, hOUR Timebank CLG (including its trustees, officers, staff, and agents) shall not be liable for any indirect, incidental, special, or consequential damages, or for any loss of profit, loss of data, personal injury, or property damage arising out of or in connection with:

• (a) Your use of the Platform or your inability to use the Platform.
• (b) Any Exchange or interaction between you and another Member.
• (c) Any conduct, action, or omission of another Member, whether online or offline.

6.2. This limitation of liability does not apply to liability for death or personal injury caused directly by the Organisation’s gross negligence, or for fraud or fraudulent misrepresentation by the Organisation.

6.3. The Organisation’s total liability to you for any and all claims arising from your use of the Platform shall be limited to €100.

7. Indemnity

You agree to indemnify and hold harmless hOUR Timebank CLG (and its trustees, officers, staff, and agents) from and against any and all claims, liabilities, damages, losses, and expenses (including legal fees) arising out of or in any way connected with:

• (a) Your breach of these Terms or the Member Conduct rules.
• (b) Any service you provide or receive through an Exchange.
• (c) Your interactions with any other Member.
• (d) Your violation of any law or the rights of a third party.

8. Dispute Resolution

8.1. Member-to-Member: You agree to first attempt to resolve any dispute with another Member informally and in good faith.

8.2. Internal Process: If a dispute cannot be resolved informally, you may submit a formal written complaint to the Timebank Coordinator. The Organisation will, at its discretion, offer an informal mediation process to facilitate a resolution. This process is not a legal arbitration.

8.3. No Obligation: The Organisation is not obligated to mediate or resolve disputes between Members and will not adjudicate on any such dispute.

9. Termination

9.1. By You: You may terminate your membership at any time by providing written notice to the Organisation.

9.2. By Us: We reserve the right to suspend or terminate your membership and access to the Platform, with or without notice, if:

• (a) You materially breach these Terms.
• (b) We are required to do so by law.
• (c) A Garda Vetting disclosure provides information which, in our sole discretion, makes you unsuitable for membership or for engagement in Relevant Work.
• (d) Your continued membership, in our reasonable opinion, poses a risk to the Organisation, its Members, or the public.

10. General Provisions

10.1. Amendments: We may amend these Terms from time to time. We will notify you of any material changes. Your continued use of the Platform after such notification constitutes your acceptance of the new Terms.

10.2. Governing Law & Jurisdiction: These Terms shall be governed by and construed in accordance with the laws of Ireland. You agree to submit to the exclusive jurisdiction of the Irish courts for the resolution of any disputes.

10.3. Entire Agreement: These Terms, together with the Privacy Policy, constitute the entire agreement between you and the Organisation.

By clicking “Register” or otherwise creating an account, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.

---

Appendix B: Internal Policy: Verified Member & Garda Vetting Procedure

DOCUMENT TITLE: P-GOV-002: Verified Member & Garda Vetting Policy FOR: Internal Use by Board of Trustees, Staff, and Liaison Person APPROVED BY: Board of hOUR Timebank CLG DATE:

1. Purpose & Policy Statement

This policy ensures hOUR Timebank CLG (“the Organisation”) complies with its legal obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012-2016.

The Organisation facilitates exchanges that constitute “Relevant Work” with children and vulnerable persons. As a “Relevant Organisation” , we are legally required to conduct Garda Vetting for any Member undertaking this work.

This policy outlines the Risk-Based Verification Model to manage this obligation.

2. Definitions

• “Relevant Work”: Any activity involving access to or contact with children or vulnerable persons. This includes, but is not limited to:
  • Transport/lifts for children or vulnerable persons.
  • Any in-person “befriending,” “mentoring,” or “emotional support” exchanges.
  • Any exchange with a person known to the Organisation to be a “Vulnerable Person” (e.g., referred by a health team).
  • Childcare, tutoring, or coaching.
• “General Member”: A Member restricted to low-risk exchanges not constituting “Relevant Work.”
• “Verified Member (Garda Vetted)”: A Member who has successfully completed the eVetting process and is approved for “Relevant Work.”
• “Liaison Person”: The named individual registered with the National Vetting Bureau (NVB) who is responsible for administering the eVetting process.
• “eVetting”: The online Garda Vetting application system.
• “Disclosure”: The official vetting report returned by the NVB to the Liaison Person.

3. Procedure: Risk-Based Verification Model

3.1. Level 1: General Member Onboarding

1. A new applicant registers on the Platform.
2. The applicant provides a name and email, and must positively affirm (tick a box) that they have read and agree to the Terms of Service.
3. The applicant is now a “General Member.”
4. Crucially: Their profile and the Platform must make it clear they are NOT permitted to view or accept any exchange request identified as “Relevant Work.”

3.2. Level 2: Application for “Verified Member (Garda Vetted)” Status

1. A General Member who wishes to engage in “Relevant Work” must apply for “Verified Member” status through the Platform.
2. The Timebank Coordinator or Liaison Person initiates the eVetting process.
3. Step 1: The Member is sent the Vetting Invitation Form (NVB 1). They must complete this and return it with proof of identity (totalling 100 points, as per NVB guidelines ) and proof of address.
4. Step 2: The Liaison Person validates the Member’s identity and sends them the eVetting Application Form (NVB 2) link via email.
5. Step 3: The Member completes the full application online, detailing all previous addresses, etc.
6. Step 4: The Liaison Person reviews the submitted form and submits it to the National Vetting Bureau.

4. Handling of Vetting Disclosures

4.1. The NVB will process the application and issue a “Vetting Disclosure” directly to the Liaison Person’s secure NVB account.

4.2. Case A: “NIL DISCLOSURE”

• If the disclosure is “NIL DISCLOSURE” (i.e., no criminal record or specified information) , the Liaison Person shall:
  1. Approve the Member’s application.
  2. Change their status on the Platform to “Verified Member (Garda Vetted).”
  3. Notify the Member of their approval and provide them with a copy of their disclosure, as required by the Act.

4.3. Case B: DISCLOSURE WITH INFORMATION

• If the disclosure contains details of convictions, prosecutions, or specified information, the Liaison Person must escalate this to the Disclosure Assessment Panel (to be comprised of at least two Trustees and the most senior staff member).
• The Panel must assess the information fairly, considering:
  1. The nature and seriousness of the offence(s).
  2. The relevance of the offence to “Relevant Work” (e.g., theft, violence, sexual offences).
  3. The time elapsed since the offence.
• Decision: The Panel will make a determination (Approve or Deny) in the best interests of the Organisation and its members, particularly vulnerable persons. This decision is final.
• The Liaison Person will notify the Member of the decision and provide them with a copy of their disclosure.

5. Data Protection & Confidentiality

5.1. All Vetting data (applications, disclosures, notes) is classified as Highly Sensitive Personal Data. 5.2. All vetting data must be stored securely, with access strictly limited to the Liaison Person and the Disclosure Assessment Panel. 5.3. Vetting data must be processed only for the purpose of assessing suitability for “Relevant Work” and for no other purpose. 5.4. Disclosures must be retained only for as long as is necessary to manage the Member’s status, in line with the Organisation’s Data Retention Policy and the Data Protection Act 2018. 5.5. All individuals involved in handling vetting data must adhere to the strictest confidentiality

×

Privacy Policy

Timebank Ireland Privacy Policy

Last Updated: 11/11/2025

1. Introduction: Who We Are and Our Commitment to You

Who We Are: This policy is for hOUR Timebank CLG T/A Timebank Ireland (referred to as “Timebank Ireland”, “we”, “us”, or “our”). We are a registered national charity in Ireland. In legal terms, hOUR Timebank CLG is the Data Controller for the personal information we process, meaning we are responsible for deciding how and why your data is used.

Our Contact Details:

Address: 21 Páirc Goodman, Skibbereen, Co. Cork, P81 AK26

Email: [email protected]

Our Commitment: Your privacy is at the core of our mission to build community. This policy explains what data we collect, why we collect it, and how you can control it. We are governed by the EU’s General Data Protection Regulation (GDPR) and Ireland’s Data Protection Act 2018.

Digital Age of Consent: Our services are intended for individuals aged 16 and over. We do not knowingly collect data from children under 16 without verifiable parental consent, in line with Irish law.

2. The Personal Data We Collect

We collect information in three ways:

• Data You Provide Directly: When you register, create your profile, or contact us.

• Data Created by Your Activity: When you offer, request, or complete a time swap with other members.

• Technical Data: When you use our website (e.g., cookies).

The data we process includes:

• Member Profile Data: Your name, email address, phone number, and general location (e.g., county or town).

• Timebanking Data: The skills you offer (e.g., “Gardening,” “Computer Help”) and the services you request (e.g., “Help with shopping”).

• Transaction Data: A record of the time swaps you complete, the hours you give, and the hours you receive.

• Communications Data: Any emails or messages you send to us or to other members through our platform.

Special Category (Sensitive) Data:

We recognise that to support our mission of “eliminating loneliness” and “improving wellbeing”, members may need to share information about their health, accessibility needs, or other sensitive personal circumstances.

You do not have to provide this information. If you choose to, we will only process it with your explicit consent, which we will ask for separately. This data is used only to help match you with a suitable service or volunteer. You can withdraw this specific consent at any time.

3. How We Use Your Data and Our Legal Basis

We must have a valid legal reason (a “lawful basis”) for using your data. The table below outlines our processing activities and the corresponding legal basis, as required by the DPC’s SME checklist and GDPR Article 6.

Table 1: Timebank Ireland’s Data Processing Activities

Our Purpose (Why we do this)	Personal Data We Use	Our Lawful Basis (Our legal justification)
To register you as a member and create your Timebank Ireland account.	Member Profile Data (Name, Email, Contact Details).	Performance of a Contract: We need this data to create your account and provide the service you signed up for, which includes access to the community platform and its features.
To facilitate your time swaps (i.e., connect you with other members).	Member Profile Data (Name, Contact), Timebanking Data (Skills, Requests, Availability).	Performance of a Contract: The core service you requested is to be matched with other members. We cannot do this without using and sharing this data between the members involved in the swap and making your skills visible to the community.
To provide our community platform features (e.g., activity feed, member directory, groups).	Member Profile Data, User-Generated Content (e.g., posts, comments).	Legitimate Interest: Our legitimate interest is to build our community, foster connection, and fulfil our mission of ‘eliminating loneliness’. Members can control their participation by choosing not to post.
To enable member-to-member communication via private messaging.	Communications Data.	Legitimate Interest: To allow members to communicate privately and securely to arrange swaps and build community support.
To manage your time credits and keep a record of your exchanges.	Transaction Data (Hours given/received).	Performance of a Contract: To ensure the “give an hour, get an hour” system is fair and accurate.
To communicate with you about your account and essential service updates.	Member Profile Data (Email, Phone).	Performance of a Contract: To send you notifications about swap requests, account issues, or changes to our terms.
To provide specific community support (where requested).	Special Category Data (e.g., health or accessibility information you choose to provide).	Explicit Consent (Article 9): We will only ever process this sensitive data if you explicitly agree, allowing us to find a suitable match.
To send you our community newsletter and stories.	Member Profile Data (Name, Email).	Legitimate Interest: Our legitimate interest is to build our community and keep members engaged. You can opt-out (object) at any time using the “unsubscribe” link.
To improve our service and report on our social impact.	Anonymised and aggregated Transaction & Timebanking Data.	Legitimate Interest: To measure our impact (e.g., “1% Feel More Socially Connected,”) and improve our service. This data is anonymised and cannot identify you.
To comply with legal obligations (e.g., financial or charity laws).	Financial records (if you donate), safeguarding records.	Legal Obligation: We are required by Irish law to keep certain records (e.g., for Revenue or charity regulation).
To keep our platform secure and prevent fraud.	Technical Data (IP Address, logs).	Legitimate Interest: To protect our service, our members, and our data from malicious activity.

4. Who We Share Your Data With

We will never sell your data. We only share it in the following, limited circumstances:

• Other Timebank Members (Community Visibility): As Timebank Ireland is a community platform, a basic subset of your profile data (e.g., your name, general location, and the skills you offer) will be visible to all other logged-in members via the member directory to help you connect.

• Other Timebank Members (During a Swap): The essential function of our service requires sharing your data. When you agree to a swap with another member, we will share your relevant skills and necessary contact details (e.g., phone or email) with that member so you can arrange the exchange.

• Our Service Providers (Data Processors): We use trusted third-party partners to help us operate our service. These are “Data Processors” and are bound by legal agreements to keep your data safe. They include:

  • Microsoft Azure

  • Gmail and MailChimp

  • Google Analytics

  • OpenStreetMap Foundation: To provide map services for member and service locations. We have chosen this provider as a privacy-protecting alternative to other mapping services.¹

  • (If Enabled) Social Login Providers (e.g., Google LLC, Meta Platforms, Inc., Apple Inc.): If you choose to register or log in using a third-party social account, we will share and receive data with that provider as described at the point of login.³

• Legal and Safeguarding Obligations: We may be required to disclose your information to comply with a legal obligation, or if we have a genuine concern for your safety or the safety of another person (a “vital interest,”).

5. International Data Transfers

We store all member data within the European Economic Area (EEA) where possible.

However, some of our essential service providers are based outside the EEA, primarily in the United States. When we transfer your data to these providers, we ensure it is protected by EU-approved legal mechanisms, which guarantee a GDPR-equivalent level of protection.

Table 2: Timebank Ireland’s Data Processors & International Transfers

Service Provider	Purpose	Data Transferred Outside EEA?	Safeguard in Place
Microsoft Azure	Secure Cloud & Database Hosting	No (Data stored in “Ireland” region)	N/A (Data remains in EEA)
Gmail (Google LLC)	Staff & Admin Communications	Yes (USA)	EU-US Data Privacy Framework
MailChimp	Community Newsletter	Yes (USA)	EU-US Data Privacy Framework
Google Analytics	Website Traffic Analysis	Yes (USA)	EU-US Data Privacy Framework
OpenStreetMap Foundation 2	Platform Mapping Services	Yes (Global Servers) 4	Standard Contractual Clauses (SCCs)
Google / Apple / Meta 3	(If Enabled) Optional Member Login	Yes (USA)	EU-US Data Privacy Framework

6. How We Keep Your Data Secure

We take the security of your data seriously. We implement appropriate technical and organisational measures to protect it, as recommended by DPC guidance, including:

• Access Controls: Only trained staff and vetted volunteers can access the member database.

• Encryption: We use SSL encryption (HTTPS) on our website, and our databases are encrypted.

• Password Security: All user and staff accounts require strong, regularly changed passwords.

• Physical Security: Any physical (paper) records are kept in locked filing cabinets in a secure office.

7. How Long We Keep Your Data (Data Retention)

This section replaces the vague text from the previous policy with a specific, compliant retention schedule. This schedule is a legal requirement and is based on Irish charity best practices. We only keep your data for as long as we need it for the purpose it was collected. After that, it is securely deleted or anonymised.

Table 3: Timebank Ireland Data Retention Schedule

Type of Data	Retention Period	Reason (Justification)
Active Member Profile & Swap History	For as long as your account is active.	Performance of a Contract: We need it to provide the service to you.
Inactive/Closed Member Account Data	3 years after account closure.	Legitimate Interest: To resolve any disputes over time credits and for follow-up queries.
Unsuccessful/Incomplete Member Applications	2 years after application date.	Legitimate Interest: For follow-up queries and validation.
Special Category (Sensitive) Data	Deleted immediately upon account closure or withdrawal of consent.	Consent: We have no legal basis to hold this data once you leave the service or withdraw consent.
Anonymised Statistical Data	Indefinitely.	Legitimate Interest: For historical and statistical reporting on our social impact. This data cannot identify you.
Financial Records (e.g., donations)	7 years.	Legal Obligation: Required by Revenue and Irish company/charity law.
Safeguarding or Serious Incident Reports	Indefinitely (Permanent).	Legal Obligation / Public Interest: To comply with national safeguarding guidelines for vulnerable persons.

8. Your Data Protection Rights: Your Control

This section details your full rights under GDPR. You have full control over your personal data. Under data protection law, you have the following rights:

How to Exercise Your Rights: To make a request, please email us at [[email protected]]. We will respond within one month, as required by law.

1. The Right to Be Informed: You have the right to be told, in a clear and transparent way, how we use your data. This policy is our way of doing that.

2. The Right of Access: You can request a copy of all the personal data we hold about you.

3. The Right to Rectification: If you believe any data we hold is inaccurate or incomplete, you can ask us to correct it. You can also update most of your profile data directly in your account settings.

4. The Right to Erasure (The “Right to be Forgotten”): You can ask us to delete your personal data. We must do this unless we have a legal reason to keep it (e.g., a “Legal Obligation” or “Safeguarding” reason from our retention schedule). Please note that erasure will anonymise your content on public feeds. Communications you have sent to other members (e.g., private messages) may remain in their inbox, attributed to an anonymised user, to preserve the context of that member’s conversation.

5. The Right to Restrict Processing: You can ask us to stop processing your data (but not delete it) in certain circumstances, such as if you are contesting its accuracy.

6. The Right to Data Portability: You can request a copy of your data in a common, machine-readable format (like a.csv file) to give to another service.

7. The Right to Object: You have the absolute right to object to us processing your data for direct marketing (our newsletter). You can also object to processing based on our Legitimate Interests, and we must stop unless we have compelling, overriding grounds to continue.

8. Rights on Automated Decision-Making: We do not use your data for any automated decision-making or profiling that would have a legal or significant effect on you.

9. Your Right to Complain

This is a mandatory disclosure.

We hope to resolve any of your concerns directly. However, if you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Irish supervisory authority, the Data Protection Commission (DPC).

DPC Contact Details:

Website: www.dataprotection.ie

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

10. Cookies and Tracking

Our website uses cookies. Cookies are small text files placed on your device to help our site provide a better user experience.

• Strictly Necessary Cookies: These are essential for you to move around the website and use its features, such as keeping you logged in. The BuddyBoss platform uses these functional cookies, and they do not require your consent.⁵

• Analytics Cookies: We use Google Analytics to understand how visitors engage with our site (e.g., which pages are most popular). This helps us improve our service. These cookies are non-essential and will only be set if you give us your active, opt-in consent via our cookie consent banner.

• Third-Party Cookies:

  • Mapping: Our map provider, OpenStreetMap, does not set tracking cookies.²

  • Social Logins: If you choose to use a Social Login (e.g., Google, Facebook), that third-party service may set its own cookies. We do not control these.³

Your Control:

You have full control over non-essential cookies. When you first visit our site, you will be shown a consent banner where you can accept or reject analytics cookies. You can change your preferences at any time by clicking the “Manage Cookie Consent” link in the footer of our website.

11. Changes to This Policy

We will review and update this policy regularly, as it is a “dynamic document.” Any changes will be posted on this page and, where significant, we will email all members to notify them.

×