This is the Privacy Statement for the Health Management Institute of Ireland (HMI). It tells you which personal/sensitive information we collect about you and the reasons why. We only collect the minimum information that is necessary to allow us to subscribe you as a member, process your query, your booking, or to process requests for the services or products which you have purchased. We understand that the privacy of your data is important to you and to us. The administration of our organisation is managed our behalf by our partners SHRC Limited, who have access to your data in order to conduct our business lawfully and appropriately. This includes our membership management, activities associated with our training and other events and our annual conference. We will treat your data with respect and not share it with other third parties without your prior consent.
- When do we collect information about you?
- What types of information we collect and how we use it?
- Your rights
- Other websites
- Changes to our privacy statement
- How to contact us
When do we collect information about you?
We collect information about you at different times:
- When you visit our website
- When you submit an application for membership
- When you enquire about any of our services or products, either online or via email or telephone
- When you book to attend and pay for a course, buy a product or service
- When you book to attend a regional meeting or other event
- When you book and pay to attend the annual conference
- When you subscribe to our online journal Health Manager or to receive updates via email
- When you complete a customer or learner feedback form, either manually or online
- For QQI certification
- For HR/Employment Law case details
- When conducting surveys
What types of information we collect?
We collect information;
- When you make an application for membership: we collect name, preferred email address, contact number and address. We also collect employment details and education details. This is to facilitate the membership committee to make a decision about an application. We retain this information until you are no longer a member.
- When we respond to a query made online or via email or telephone: we collect name, email address, organisation and a contact number in order to forward a response to your query.
- When you book to attend and pay for a course, buy a product or service; we process different sets of data to deliver our service to you.
- Contact details to allow us to provide the service: name, email, contact number, preferred address, employer details if applicable. We retain this information for a year following the completion of the course or transaction.
- Payment processing details: invoicing details/card payment details/electronic fund transfer details. If payment is made online, this is processed via PayPal. All payments are processed using secure payment gateways, either PayPal or WAVE. Both services employ encryption protocols to keep your personal data secure. We are not responsible for any data breach that may occur on these sites. You can check their privacy statements on their respective websites. We retain payment processing details in accordance with our legal obligations. Any data taken manually is destroyed once the payment has been processed electronically.
- Online learner data: our partners SHRC Limited use a learning management system which is a secure Moodle based system available at https://learn.thelearningrooms.com Within Moodle, learners complete our online courses and participate in online discussion forums. Learner data is collected and reported on for certification purposes. Some data is available to other learners enrolled in the same course. The personal data collected includes: name, email address, completion data, discussion forum posts. We retain this data for a year following completion of courses.
- When you complete a feedback form: on the completion of a course, all participants are requested to complete a feedback form. The purpose of this is to evaluate the training delivered and to make improvements to course delivery if necessary. On occasion, we may use quotations from our courses on our promotional materials. Such use is always anonymised. If we require a direct quotation, we will always contact the person for permission. We retain this information for a year following completion of the course.
- For QQI certification: some of our training courses lead to a QQI qualification and for this we are required to look for additional information on behalf of QQI. We collect this information via our Education Form. This includes your PPS number and your date of birth and the signifier of Male or Female. These must match the name on the QQI database. In the event that a difficulty arises, proof of identity will also be sought, e.g. copy of passport or driving licence etc. These are destroyed once the matter is resolved with QQI. We also look for relevant work details including any education qualifications attained in order to assess that the participant is suitable to undertake the course in question. We retain Education Forms for a year following certification.in order for course participants to be submitted for certification with QQI, they are required to complete assessments relevant to their particular course of study. These must be posted to us for marking by our internal assessor. These assessments are held for one year following receipt of certification and are then destroyed in accordance with SHRC Limited policy. We also retain results sheets for each cohort of participants, which list, name, PPS number, mark and grade obtained. These sheets along with participant marking sheets are retained indefinitely.
- When you book to attend one of our events: we collect name, email, work address and contact number to keep you informed about the meeting.
- When you book to attend our annual conference: we collect different sets of data.
- Contact details to allow us to provide information and updates about the conference: name, email, contact number, preferred address, employer details if applicable. We retain this information for a year following the conference.
- Payment processing details: invoicing details/card payment details/eft details. If payment is made online, this is processed via PayPal. All payments are processed using secure payment gateways, either PayPal or WAVE. Both services employ encryption protocols to keep your personal date secure. We are not responsible for any data breach that may occur on these sites. You can check their privacy statements on their respective websites. We retain payment processing details in line with our legal obligations. Any data taken manually is destroyed once the payment has been processed electronically.
- When you subscribe to our online journal Health Manager: to subscribe to Health Manager, we require your name and email address. We retain this data until you no longer wish to receive Health Manager. You can unsubscribe at any time by selecting the unsubscribe link at the bottom of all emails.
- For HR/Employment Law Case Information: if we undertake a case on your behalf, or offer advice, we may need to collect data of a highly sensitive and confidential nature. All information is gathered on a case by case basis, but only on a needs must basis. We have procedures in place where access to such information is on a need to know basis, both internally and with relevant external parties. This applies to both digital and manual files. We abide by the lawful timelines in relation to retention of this data.
- Surveys: Data and information received in response to a client organisation survey are treated on a highly confidential basis. All responses are anonymised and aggregated when being returned to the organisation. The results are treated in line with our service level agreement and shared only with relevant personnel, both internally and externally. We use the electronic survey tool, SurveyMonkey to gather data and to assist us in analysing it.
Part of our role as a membership organisation is to keep members up to date with our training courses, products and services. We would like to send this information to other who are interested. If you have consented to receive such marketing information, you may opt out at a later date. You have a right at any time to ask us not to contact you for marketing purposes. If you no longer wish to be contacted for marketing purposes, you can email us at firstname.lastname@example.org or by clicking the unsubscribe button on the bottom of an email you have received from us.
Under GDPR, as a Data subject you have a number of rights regarding your personal information. These include:
- The right to request a copy of any personal data we hold about you. If you wish to have a copy of this, please email email@example.com and we will forward a Data Request Form. Alternatively, you can write to us indicating relevant dates, courses attended, etc. to assist us in locating the correct data. We will forward a copy within 30 days. You can email us at firstname.lastname@example.org or write to us at HMI, Unit 7, 78 Furze Road, Sandyford, Dublin D18 YW20.
- The right to be forgotten. You can ask us to delete any personal information that we hold about you in any format.
- The right to accuracy. You have the right to ensure that any data we have is correct and accurate and to have it rectified if necessary.
- In certain instances, you have the right to object to processing, for example, marketing purposes. This will not otherwise impact on you receiving any of our products or services.
Changes to our privacy statement
How to contact us?
If you have any questions about this privacy statement or about any information we may have about you, you can:
- Email us at email@example.com
- Write to us at HMI, Unit 7, 78 Furze Road, Sandyford, Dublin D18 YW20