Data Protection & Privacy

The data protection declaration of Youth Suicide Prevention Ireland Publications Limited is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our supporters and business partners. To ensure this, we explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

• Personal data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
• Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
• Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
• Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.
• Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
• Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller for the purposes of the GDPR and other data protection laws:

Youth Suicide Prevention Ireland Publications Limited
83A New Street, Killarney, Co Kerry V93 FR59, Ireland
Phone: 1800 828 888
Email: data@yspi.ie
Website: https://skydive.yspi.ie

Data Protection Officer:

Mr Ger Foley
Youth Suicide Prevention Ireland Publications Limited
83A New Street, Killarney, Co Kerry V93 FR59, Ireland
Phone: 1800 828 888
Email: data@yspi.ie

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Our website uses cookies to provide core functionality and to help us understand how our website is used. Cookies are small text files placed on your device by your browser.

• Necessary session cookies: these are essential to make our site work (for example, remembering your selections during a donation process, maintaining form security and session integrity). They are set automatically and cannot be switched off via the consent banner.
• Analytics cookies: these help us measure and improve performance by collecting information on how visitors use the site. Analytics cookies are optional and will only run if you give consent using our cookie consent banner.

You can change your cookie preferences at any time using our consent banner, or by adjusting your browser settings to block or delete cookies. If you disable necessary cookies, some parts of the website may not function correctly.

Our website uses a cookie consent banner to give you control over how your information is used. The banner is displayed when you first visit the site and whenever your consent choices expire.

You can make the following choices:

• Accept All: allows the use of necessary and optional cookies, including analytics.
• Necessary Only: allows only essential cookies required for the website to function.
• Refuse: no cookies are set beyond those strictly necessary. Your refusal is logged securely without storing non-essential cookies.

Your decision is recorded and you can change your consent at any time by reopening the banner. If you refuse consent, you may still use our website, but some features may not work as expected.

This system ensures that we meet the requirements of the General Data Protection Regulation (GDPR) and the Irish Data Protection Commission regarding prior consent for non-essential cookies.

We do not knowingly collect or process personal data relating to individuals under the age of 18 without appropriate parental or guardian consent. If we become aware that a child has provided us with personal data without such consent, we will delete that information immediately. Parents or guardians who believe that their child has provided us with personal data should contact us at data@yspi.ie.

When a data subject or an automated system accesses the website, a series of general data and information is collected and stored in server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages, (5) the date and time of access, (6) an IP address, (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

We do not draw conclusions about the data subject from this information. The information is needed to (1) deliver the content of our website correctly, (2) optimise our website and its content, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with information necessary for criminal prosecution in case of a cyber-attack. Anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Registration/newsletters. Users may subscribe to our newsletter. We operate a double opt-in procedure. During registration, we store the IP address used at the time of registration, as well as the date and time. This is necessary to prevent misuse of an email address and to evidence consent. Newsletter subscriptions are managed via Brevo (Sendinblue). You can unsubscribe at any time using the link provided in each newsletter or by contacting us.

Newsletter tracking. Our newsletters may contain so-called tracking pixels that enable a statistical analysis of campaigns (for example, whether an email was opened and which links were clicked). We use this information to improve future newsletters. You can opt out by unsubscribing at any time.

Contact forms and email. If a data subject contacts us by email or via a contact form, the personal data transmitted are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties unless required by law or necessary for the handling of the enquiry.

We use reputable payment processors to handle donations and payments securely. When you donate, necessary data are transmitted to the relevant processor for payment processing and fraud prevention.

Stripe. Card donations and recurring payments are processed by Stripe Payments Europe, Ltd. Personal data such as name, email address, billing address, and payment details may be processed by Stripe in accordance with their privacy policy. Stripe may transmit limited data to financial institutions, regulators, or fraud prevention agencies as required by law.

PayPal. One-off donations and online payments may be processed by PayPal (Europe) S.à.r.l. & Cie. S.C.A. PayPal may process personal data including name, email, address, IP, and payment details as necessary for payment processing and fraud prevention, and may share limited data with credit institutions or authorities where legally required.

Donation and payment records are retained for six years to meet legal and tax requirements.

We maintain pages and may embed content operated by Meta Platforms Ireland Ltd. (Facebook and Instagram). If you are logged in to Facebook or Instagram, these services may associate your visit or interactions with your account in accordance with their privacy policies. For information about how Meta processes data, please consult their published policies.

Art. 6(1)(a) GDPR (consent): where you have given consent for a specific purpose (for example, newsletter subscriptions).

Art. 6(1)(b) GDPR (contract): where processing is necessary for the performance of a contract to which you are party or to take steps at your request (for example, processing a donation).

Art. 6(1)(c) GDPR (legal obligation): where processing is necessary for compliance with a legal obligation (for example, tax and regulatory obligations).

Art. 6(1)(f) GDPR (legitimate interests): where processing is necessary for our legitimate interests or those of a third party, except where overridden by your interests or fundamental rights and freedoms. Our legitimate interests include ensuring website security, preventing fraud, improving services, and communicating with supporters.

Where processing is based on Article 6(1)(f) GDPR, our legitimate interests include carrying out our charitable activities for the benefit of the public, maintaining and improving our services, ensuring the security and integrity of our systems, communicating with supporters, and safeguarding our legal rights.

The criteria used to determine the period of storage of personal data are the respective statutory retention periods and the purposes for which the data were collected. After the applicable retention period has expired, the corresponding data are routinely deleted if no longer necessary.

• Donation and payment records: retained for six years (Irish Revenue requirement).
• Newsletter and email marketing data: retained until consent is withdrawn or you unsubscribe.
• Analytics data: retained for up to 13 months.
• General enquiries: retained for as long as necessary to handle your query and for a reasonable period thereafter.

In part, the provision of personal data is required by law (for example, tax regulations) or may result from contractual provisions (for example, details needed to process a donation). Sometimes it may be necessary, prior to concluding a contract or accepting a donation, that you provide us with personal data. The non-provision of personal data may mean we cannot accept a donation or provide certain services. If you have questions about whether the provision of personal data is required by law or contract, or is necessary for the conclusion of a contract, please contact us.

• Right of confirmation: to obtain confirmation as to whether or not personal data concerning you are being processed.
• Right of access: to obtain information about your personal data and a copy of this information, including purposes, categories, recipients, envisaged storage period, rights, source of data (where not collected from you), and the existence of automated decision-making including profiling.
• Right to rectification: to correct inaccurate personal data concerning you and to have incomplete personal data completed.
• Right to erasure (“right to be forgotten”): to request the erasure of personal data concerning you without undue delay where one of the grounds in Article 17 GDPR applies.
• Right of restriction of processing: to obtain restriction of processing in the cases foreseen by Article 18 GDPR.
• Right to data portability: to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit those data to another controller where processing is based on consent or contract and is carried out by automated means.
• Right to object: to object, on grounds relating to your particular situation, at any time to processing based on Article 6(1)(e) or (f) GDPR, including profiling. Where personal data are processed for direct marketing purposes, you have the right to object at any time.
• Automated individual decision-making, including profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, subject to the exceptions in Article 22 GDPR.
• Right to withdraw consent: you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: you may lodge a complaint with the Data Protection Commission in Ireland (www.dataprotection.ie) or with your local supervisory authority.

As the controller, we have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, access controls, audit logging, and staff training. However, internet-based data transmissions may have security gaps, so absolute protection cannot be guaranteed. You may always contact us via alternative means (for example, by telephone).

As a responsible organisation, we do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

Our charity registration is 20070670 and can be verified with the Irish Charity Regulator. We are a tax-exempt charitable trust approved by the Irish Revenue Commissioners under charity number CHY18438 and are an approved body under the Charities Donation Scheme.

Registered Office: Youth Suicide Prevention Ireland, 83A New Street, Killarney, Co Kerry V93 FR59.
Contact: 1800 828 888 or data@yspi.ie.
Office Hours: Monday to Friday, 10am to 5pm.