This is the website of Fusion CPL Company Limited by Guarantee, trading as Fusion CPL (‘we’, ‘us, ‘our’, ‘Fusion CPL’).
This policy governs the online processing activities of this website. For offline processing of personal data, please request a copy of our data protection policy from our Data Protection Manager (contact details below).
We are Fusion CPL, a charity based in Cherry Orchard, Dublin 10. We provide support to individuals with addiction issues either living in the community or incarcerated in prison.
Our Charity Number is 20060701 and our CRO number is 397354.
Fusion CPL is the controller of the personal data it processes. You can contact us in a number of ways, which are set out on the contact us page of our website at www.fusioncpl.com/contact-us/.
We take our responsibility to protect your data seriously and will not collect any personal information about you on this website without your clear knowledge and permission. Any personal information which you volunteer to us will be treated strictly in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018. Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only.
We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you. Communicating via the internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties.
The information we collect
- For general web-browsing certain statistical information is available to us via our internet service provider. This information may include the IP and logical address of the server you are using, the top level domain name from which you access the internet (for example .ie, .com, etc.), the type of browser you are using, the date and time you access our site and the internet address linking to our site. We may also use temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited.
- You have an opportunity to send us information via this website, such as by an email to one of the addresses listed on our “contact us” page. We use the details you provide by email solely for the purpose for which you provided them.
- Information contained within a job application (CV) where that is sent via our website.
The purpose of collecting information
- Website functionality – We analyse website users’ pattern of use to help us to improve, administer and diagnose problems with our server and website.
- Complaint handling – we may use the data you provide to us via email.
- Responding to your query – you may provide us with personal data by email while seeking information about our service.
- Job applications – from time to time jobs may be advertised on our website and potential candidates will submit their personal data (e.g. CV’s) for our review.
Legal basis for processing
We process your personal data based on the following lawful basis:
- Processing necessary for the performance of a contract (e.g. Employment contract)
- Processing necessary for Fusion CPL to pursue its legitimate interests (e.g.
- Processing based on the Data Subject’s consent
- Processing that is required under applicable law (e.g. Revenue/PRSI)
We process sensitive data based on one of the following conditions:
- Explicit consent of the data subject
- In the course of employee management as per Article 52 and Article 73, 1 (vii) of
- DPA 2018
- For the establishment, exercise or defence of legal claims
Under data protection law, data subjects have certain rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data we process.
- The right to be informed about the processing of your personal data
- The right to access your personal data
- The right to rectification of your personal data
- The right to erasure of your personal data
- The right to data portability
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- Rights in relation to automated decision making, including profiling.
- You have the right to complain to the Irish Data Protection Commission (dataprotection.ie ) and to seek compensation through the courts
We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
Restriction of data subject rights in certain circumstances
Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. Further information can be found here.
Who we share your information with
We do not share your information with third parties other than those set out in this policy. We may share your information in the following circumstances:
- Business Transfer: Where some or all of our company and/or its assets may potentially be or have been acquired, we may need to transfer your personal information to the new or prospective owners.
- Other: We will share your information with a third party other than a service provider where you have given your consent for us to do so.
Where we store personal information
We generally store personal information on servers located inside the European Economic Area. However, in certain cases it may be necessary for us to transfer certain information to servers located outside of the EU. It is important to be aware that the privacy protections in certain jurisdictions may not be equivalent to those in Europe but we will only transfer your information outside the EEA where permitted by law and ensuring that it is subject to appropriate protections.
Fusion CPL retains personal data for a range of periods as set out in our Data Retention Policy.
Cookies are small files containing specific information that may be placed on your device when you use a website. Cookies help us to remember your preferences and to tailor our digital content according to your interests. Below is some terminology used to explain cookies.
First Party Cookies
These are cookies that are set and read by our own website. They store information such as your preferences and usage.
Third Party Cookies
Cookies set by another domain which are read by the code on our website. These cookies track your internet use across a number of sites and can be used to profile you for advertising networks.
These are cookies which are only related to a single session (a single visit to our website) and are automatically deleted when you close your web browser – these are typically considered as necessary for our website to function.
These cookies remain on your device after you’ve finished your session.
Other cookies (such as tracking cookies or authentication cookies) are often saved for an extended period of time from days to years, known as persistent cookies. The types of cookies in use on our website can be explained as follows:
- Marketing/Advertising Cookies
Advertising cookies are used to monitor your internet usage and target ads which are more relevant to you. These are mainly third-party cookies from advertiser networks.
Cookies on our site
We use a range of technologies on our website www.fusioncpl.com, some of which are controlled by other organisations (third party).
These technologies include (but are not limited to) cookies, scripts, fonts and images; some of which are considered as necessary for us to be able to deliver the web site to you and others which we use to enhance our understanding of how you use our web site; to assist in our marketing activities and other purposes explained below. Under European law we are required to obtain your consent for any use of these technologies which are not considered as necessary, as well as provide you with clear information as to what these technologies do; and the third parties we work with.
The cookies we use
|Name of Cookie||Domain||Purpose||Cookie Type and Duration|
|_fr||Facebook use this to track which websites you visit for the purpose of delivering behavioral advertising||Third party, persistent, expires after 90 days|
We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.
Governing Law and Jurisdiction
This legal policy and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.
If you have any questions about this policy, our practices relating to the website or your dealing with the website you can contact us at firstname.lastname@example.org.
Changes to this policy
Prepared by Ambit Compliance.
FusionCPL Data Privacy Statement
The FusionCPL Privacy Statement sets out the standards that an individual can expect from FusionCPL when FusionCPL request or hold information about an individual. This Statement covers both ordinary personal data (any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name , an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) and special categories of personal data (Racial or ethnic origin, political opinions, Religious or other beliefs of a similar nature, trade union membership, physical or mental health details, sexual life, genetic data or biometric data).
The FusionCPL Privacy Statement informs individuals how to get access to their personal data and what individuals can do if they think standards are not being met by FusionCPL or third parties processing the data on behalf of FusionCPL. The Statement also explains how personal data is safeguarded and the circumstances in which data may be disclosed. The FusionCPL Privacy Statement will be reviewed annually and updated to take account of any changes in legislation or policy.
The Chief Executive Officer – is responsible for:
1. The Data Privacy Statement implementation.
2. FusionCPL’s risk appetite statement and advising the Risk Committee/Board of any Data Privacy risks and mitigating controls.
3. Ensuring that Data security policies and procedures are reviewed and implemented across FusionCPL and ensuring continuous improvement. These policies/procedures aim to ensure that the requirements of confidentiality, integrity and availability are maintained from data collection through to secure deletion of data.
4. The development and dissemination of data protection training and ensuring that FusionCPL’s release of data is fair, lawful and appropriate.
5. Ensuring that staff are compliant with all relevant policies and procedures and that specific data assets are managed and protected appropriately.
Types of Data
FusionCPL holds both personal and non-personal data in a variety of databases and data information stores. Many of these data stores are critical to FusionCPL’s operational delivery and compliance enforcement but there are also key systems which support FusionCPL’s operational functions such as human resources, facilities management and finance.
How Data is managed
FusionCPL manage, maintain and protect all data according to legislation and FusionCPL policies and procedures and best practice guidance. FusionCPL have appropriate security measures in place to maintain and safeguard the confidentiality, integrity and availability of our systems and the data we hold. All information is stored, processed and communicated and destroyed in a secure manner and access to all data is limited to authorised users.
FusionCPL is also committed to making the data it holds available to authorised individuals.
FusionCPL is aware how important it is to protect individuals’ data privacy and to comply with the General Data Protection Regulation (GDPR). FusionCPL take appropriate technical and organisational measures to protect the personal data we hold against unauthorised or unlawful processing, accidental loss, destruction or damage.
When FusionCPL collect personal data, we will be transparent and:
- Explain why we need the personal data and if we are going to share the personal data with other organisations.
- Only ask for what personal data FusionCPL needs, and not request excessive or irrelevant information.
- Make sure that only authorised users can access the data supplied.
- Only keep the data for as long as is necessary for the purpose that it was collected.
In return, FusionCPL, in order to keep data accurate and up to date, would request that individual’s:
- Provide FusionCPL with accurate information.
- Tell FusionCPL promptly about any changes in personal data, such as a change of name or address.
Access to personal information
Individuals can find out if FusionCPL hold any personal data about them by making a ‘subject access request’ (SAR) under the GDPR. If FusionCPL holds personal data, FusionCPL will provide the following information:
(a) The purpose for processing the data.
(b) The categories of personal data concerned.
(c) To whom the data has been or will be disclosed.
(d) Whether the data has been or will be transferred outside of the EU.
(e) The period for which the data will be stored, or the criteria to be used to determine retention periods.
(f) The right to make a complaint to the Data Protection Commissioner.
(g) The right to request rectification or deletion of the data.
(h) Whether the individual has been subject to automated decision making.
FusionCPL handles all data in a manner that respects the rights of individuals and complies with the GDPR. If an individual would like to make a subject access request, they are requested to write or email FusionCPL providing their full name and postal address:
FusionCPL, Cherry Orchard health Centre, Cherry Orchard Grove, Dublin 10.
FusionCPL will process subject access requests as quickly as possible, and will not take longer than one 1 month. There is scope under GDPR to increase this time frame by a further two months in some cases, where the request is particularly complex, or where many requests have been received at the same time.