INTO SubSearch Data Privacy Policy

1. General

INTO SubSearch is committed to processing all personal information in accordance with the General Data Protection Regulation (EU) (2016/679) (herein GDPR), Irish Data Protection Laws and any other relevant data protection laws and codes of conduct (herein collectively referred to as ‘the data protection laws’).

2. Who we are

SubSearch is an online service provided by the Irish National Teachers' Organisation (INTO) to help qualified teachers find substitute work in primary schools. The INTO is a data controller under the data protection laws.

3. What is data privacy and why is it important?

Respecting your data’s privacy is essential to us. Therefore, we have set out in this Data Privacy Policy how INTO SubSearch treats users' personal data.

Please read this statement carefully to understand the views and practices of INTO SubSearch regarding personal data.

When you share personal data with us or when we collect personal data about you by using INTO SubSearch, we will use it in line with this Privacy Policy. If you have any questions or concerns about this privacy policy, please contact us a dpo@into.ie.

This policy is under regular review. Please check this page for any policy updates.
Should INTO SubSearch need to process your data in a new way, we will only do so after conducting a Data Privacy Impact Assessment.

4. What personal data do we collect from you and how do we use it?

The collection of personal data is a fundamental part of providing the service offered by INTO SubSearch and we therefore have specific measures and controls in place to ensure that we comply with the conditions outlined in the data protection laws.

INTO SubSearch must have a lawful basis to collect and use personal information. These legal bases are explained below:

INTO SUBSEARCH’S LEGITIMATE INTERESTS

We use your personal information for our legitimate interests as outlined below. You have a right to object to this processing at any time:

  • To help teachers find substitute work and to help principals find qualified, available substitute teachers in their area;
  • To improve this service – to ensure it matches user needs;
  • To prevent fraud – so nobody may take your virtual personality and to prevent fraudulent activity on our websites;
  • To secure our tools – to keep our tools (websites/apps/devices) safe and secure and working properly without security breaches.

NECESSARY FOR THE PERFORMANCE OF A CONTRACT

We need to collect and use your personal data for you to:

  • As a Substitute Teacher - make your availability and location known to Principals and allow Principals to contact you through email and text.
  • As a Principal - search for available substitutes in your area.

5. What personal data do we collect?

The personal data collected from you when you sign-up to the INTO SubSearch website includes:

FOR SUBSTITUTE TEACHERS:

  • Teaching Council Registration Number
  • Name
  • E-mail
  • Mobile Number
  • College attended & Qualification details
  • Teaching role
  • Gaelscoil
  • Location

FOR PRINCIPALS:

  • Teaching Council Registration Number
  • Name
  • E-mail
  • Mobile Number
  • School Roll Number
  • School Location

6. How do we use your personal data?

The uses, for the personal data INTO SubSearch collect, are outlined below:

FOR SUBSTITUTE TEACHERS:

  • Manage your search for schools
  • Manage your availability
  • Manage your location preferences
  • Allow you to manage your preferences
  • Search our website and protect you against fraud

 

FOR PRINCIPALS:

  • Manage your search for substitutes
  • To update the INTO membership database
  • Allow you to manage your preferences
  • Search our website and protect you against fraud

Furthermore, we use cookies for the following purposes:

  • To make this Site easier to use
  • To support the provision of information and functionality to you
  • To provide us with information about how this Site is used so that we can make sure it is as up to date, relevant and error free as we can
  • To enable the User to save their login password in their browser
  • To allow our websites to function properly
  • To ensure our websites are secure and safe, and to protect you against fraud or misuse of our websites or services, for example through performing troubleshooting
  • To run statistics, that is to:
  • avoid visitors being recorded twice;
  • To monitor and improve our apps and devices; and/or
  • To run analytics and statistics.

None of this information is associated with the user as an individual. Please read our Cookies Policy for further details.

7. Consent and how to withdraw consent

If we process your personal data based on consent, you have the right to withdraw that consent at any time.

All SubSearch users can opt out at any stage by deactivating their account and sending a request to subsearch@into.ie to have the account deleted.

Alternatively, please contact us as follows:

  • By writing to: Data Protection Officer, INTO, 35 Parnell Square, Dublin 1 - DO1 ET35
  • By emailing: dpo@into.ie
  • By telephoning: 01 8047732

8. Automated decision making including profiling

Currently we do not employ Automated Decision Making including Profiling.

Firewall Security:

  • One of the security measures we do employ is to filter our email and internet traffic through Firewall systems.
  • The security systems do not give us information on individuals who email us and the only automatic decision it makes is whether to block or allow an email to pass into the system. This is in line with industry standards.
  • We do not use the information to deny anyone access to our services.

9. How and where do we get your personal information from?

We get your personal data directly from you when you create a profile on the SubSearch website.

For more information in relation to INTO’s use of Cookies please read our Cookies Policy.

10. Who may access your personal data?

As set out above, INTO is committed to respecting the privacy of your personal data, and to processing such data in accordance with the data protection laws. It is important to know we do not sell your personal data.

11. Your personal data may also be processed on our behalf by our trusted third-party suppliers

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We will always use our best efforts to make sure that all third parties we work with will keep your personal data secure. Examples include:

  • Third parties that assist and help us in providing digital and e-commerce services such as membership database, web analytics and search engine
  • Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications

The legal basis for this sharing is our legitimate interests as outlined below:

  • To improve our products and services – to ensure they match your needs;
  • To prevent fraud – so nobody may take your virtual personality and to prevent fraudulent activity on our websites;
  • To secure our tools – to keep our tools (websites/apps/devices) safe and secure and working properly without security breaches.

12. We may also disclose your personal data to third parties

The INTO may disclose information when legally compelled to do so; in other words, when, in good faith, it is believed that the law requires it or for the protection of the INTO’s legal rights.

In other circumstances we may disclose if we have your consent or we are permitted to do so by law.

13. Do we transfer your personal data outside of the European Economic Area (EEA)?

In general, the personal data that we collect from you is not transferred to, accessed in, nor stored at a destination outside the European Economic Area (EEA). However, in certain cases it may be necessary for us to transfer data to servers located outside of the EEA. The privacy protections in these jurisdictions may not be equivalent to those in Europe. We will only transfer personal data outside of the EEA where permitted to do so by European law and we will take steps to ensure that the personal information continues to enjoy appropriate protections.

14. How long do we keep your personal data?

SubSearch holds all personal data of active accounts until the account has been deactivated. Deactivated SubSearch accounts or Inactive accounts are deleted in August of each year.

15. Is your data secure?

INTO takes data privacy seriously. We are committed to keeping your personal data secure and taking all reasonable precautions to do so. We deploy appropriate organisational and technical security measures to keep personal information secure and we contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security to try to prevent unauthorised access.

Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while the INTO strives to protect all Users’ personal information, the INTO cannot ensure or warrant the security of any information transmitted to the INTO via the Internet, Users do so at their own risk. Once the INTO receives Users’ transmissions, we take all practicable steps, in accordance with high standards of security, to ensure its security on the INTO’s system.

16. What are your rights?

You have the following rights with regards to the personal data we hold on you:

  • The right to access the personal data we hold about you
  • The right to access details about how your data are processed
  • The right to have incorrect and incomplete personal data we hold about you updated;
  • The right to request that we erase the information we hold about you where INTO has no legitimate reason to retain your data;
  • The right to withdraw consent at any time for personal data processing that is based on consent;
  • The right to ask us to stop contacting you with direct marketing;
  • The right to restrict the processing of your personal data;
  • The right to data portability by receiving your personal data in a structured, commonly used format;
  • The right to object to automated decision making / profiling where this is utilised;
  • The right to lodge a complaint with a supervisory authority (see below).

To exercise these rights please contact INTO at the contact details outlined below. Please include details to assist us to locate your personal data e.g. your name, school roll number and INTO membership number.

17. How do you exercise your rights?

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights as outlined above, please contact our Data Protection Officer at dpo@into.ie or by writing to us at:

Irish National Teachers’ Organization
Data Protection Officer
35, Parnell Square
Dublin 1 - DO1 ET35

INTO will endeavour to address any data related concerns or complaints that you may have, however, if you would like to direct your complaint/concerns to the Data Protection Commissioner (for Republic of Ireland) or Information Commissioner’s Office (for Northern Ireland), the contact details are:

Data Protection Commissioner – Republic of Ireland
Canal House – Station Road
Portarlington
R32 AP23 Co Laois

Dublin Office
21 Fitzwilliam Square
Dublin 2 - DO2 RD28

Telephone: 057 8684800/0761 104 800
Email: info@dataprotection.ie
Visit: https://dataprotection.ie

18. Changes to our Privacy Policy

We may change this Privacy Policy at any time. Please, note the version number and date legend at the end of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we make the revised Privacy Policy available on or through the Site.

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

 

Version 1.2 11.09.18