Privacy Policy

RCN: 20009458/CRO Number: 86021


1. Introduction

1.1 The board of charity trustees of The Friends of St. Luke’s Hospital (Dublin) (“FOSL”) is committed to complying with the Charities Regulator’s “Guidelines for Charitable Organisations on Fundraising from the Public” (the “Guidelines”), which forms the basis for this Privacy Policy (this “Policy”). This is the privacy policy of FOSL which is referred to as “us” or “we” throughout this Policy.

1.2 This Policy provides details of the ways in which we process personal data in line with our obligations under data protection law including the General Data Protection Regulation (No 2016/679) (“GDPR”).

2. Background and Purpose

2.1 The purpose of this Policy is to explain what personal data we process and how and why we process it. For the purposes of this Policy, personal data means any information relating to an identified or identifiable person.

In addition, this Policy outlines our duties and responsibilities regarding the protection of such personal data. The manner in which we process data will evolve over time and we will update this Policy from time to time to reflect changing practices and law.

2.2 We may incorporate this Policy by reference into various points of data capture used by us and may provide additional information where relevant.

3. FOSL as a Data Controller

3.1 We will act as a data controller in respect of personal data provided to us by various
individuals in connection with the operation and administration of FOSL’s activities. Such individuals may include the following:

(a) employees, trustees and members of the board;
(b) volunteers;
(c) subscribers/event attendees/donors;
(d) corporate sponsors and partners; and
(e) website visitors.

Further details on the data we may possess are set out in Annex 1.

3.2 Personal data is processed by us for the following purposes:

(a) administration purposes;
(b) the organisation, promotion and running of events and fundraising;
(c) maintaining details of donors / volunteers / contributors and communicating with them; and
(d) publication of newsletters, emails and text messages which may include publication of photographs or details of individuals.

4. Individual Data Subject Rights

4.1 Data protection law provides certain rights in favour of data subjects (the “Data Subject Rights”), including the right:

(a) of a data subject to receive detailed information on the processing (by virtue of the transparency obligations on the controller);
(b) of access to personal data;
(c) to rectify or erase personal data (right to be forgotten);
(d) to restrict processing;
(e) of data portability;
(f) to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
(g) to object to automated decision making, including profiling, and where we rely on its legitimate interests to process personal data (for example, for marketing purposes).

4.2 FOSL acknowledges that a data subject may make a request to us to exercise any of the Data Subject Rights by contacting FOSL. FOSL undertakes to deals with any such requests in accordance with data protection law.

5. Data Security and Data Breach

5.1 Certain technical and organizational measures are in place to protect personal date from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal data and information is held using IT security messages with access restricted through approvals and passwords.

5.2 Certain data is stored electronically on a network belonging to St Luke’s Hospital. The data is stored and maintained in accordance with the HSE’s data protection policy guidance which is applied by St Luke’s Hospital. A copy of this policy has been made available to FOSL. This data is not available to employees of St Luke’s Hospital or anyone outside FOSL and remains subject to the protections FOSL has in place.

5.3 The GDPR obliges data controllers to notify the relevant data protection supervisory authority and affected data subjects in the case of certain types of personal data security breaches. Any data breaches identified in respect of personal data controlled by us will be dealt with in accordance with data protection law.

6. Engaging Data Processors

6.1 Where we engage service providers to perform certain services on our behalf which may involve the collection and processing of personal data, and such engagement gives rise to a data controller and data processor relationship, we will endeavor to confirm that such relationship is governed by a contract which includes the data protection provisions prescribed by data protection law.

6.2 Our website uses for accepting credit card payments. FOSL does not record credit card details used on our website as details and payments are processed by Stripe. More information about Stripe can be found here:

6.3 FOSL does not collect unique information about users of its website. General operational statistics are collected, but these are limited to country of origin, new versus repeat users, most popular pages etc. Where users submit personal details either by email or on the FOSL website, this data is not shared with any other party, nor used for marketing purposes and is maintained as outlined above.

7. Disclosing Personal Data

7.1 From time to time, we may disclose personal data to third parties, or allow third parties to access personal data which we process (for example where a law enforcement agency or regulatory authority submits a valid request for access to personal data).

8. Data Retention

8.1 We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data are processed. The retention period depends on a number of factors including statutory limitation periods, consents provided by users and other legal requirements.

9. Further Information

Should you have any questions, please contact us as follows:

  • Address: The Friends of St. Luke’s Hospital (Dublin), Highfield Road, Rathgar, Dublin 6
  • Telephone: +353 (1) 406 5314
  • Email:


Types of Personal Data
Categories of Data Subject Type of Personal Data
Volunteers / Event Participants Name, contact details including email and phone
Staff Name, contact details, address, PPS number and other tax and social security information and information linked to their employment.
Board Members Name, address, contact details including email and
phone number.
Corporate Sponsors and Partners Name, address, contact details including email and
phone number.
Website Visitors No unique information about users is retained.
Where personal data is retained, it is retained in a confidential manner as outlined in this Policy.