Data Protection and Privacy
Green Party Data Protection Statement
The data protection rights of all EU citizens and citizens subject to EU law have been greatly enhanced following the introduction of the General Data Protection Regulation or GDPR. The Green Party has been advocating for improved data protection rights for many years and the European Greens played a large part in negotiating the GDPR. This data protection statement explains how and why we collect data and provides further information on your rights as a data subject when you supply your personal data to the Green Party. This Data Protection Statement does not affect your rights as a data subject of the Green Party as set out in the GDPR.
1) What data we collect from you and why
As a registered political party in Ireland, the Green Party collects personal data in order to achieve its social, environmental and economic objectives. We collect data from our data subjects, including members, subscribers, supporters, donors, volunteers, staff, constituents and suppliers. This data is generated and received from forms, email communications, letters, telephone conversations, social media and other platforms.
When an individual joins the Green Party, or renews their membership, we will collect their personal data through membership forms on our website or on paper. The data we collect includes personal contact details, including full name, postal address, email address and phone number. We use this data to communicate with party members about their membership, internal party affairs, local party developments, co-ordinate party events and arrange internal selection conventions, for example.
We also collect demographic data, including age and gender, which we use to develop the party and advance our policies through special green groups such as Mná Glasa (Green Women) and the Young Greens. Members can provide additional data about their skills and experience which help us build capacity within the party.
When a member makes a payment to the party we will record the received date and value of the transaction and note if the transaction is an annual subscription or a donation linked. The name and contact details of party donors – whether members or non-members – are collected by the Green Party in accordance with the Standards in Public Office (SIPO) and the party’s donations policy.
The Green Party does not keep credit or debit card data on record. All transactions processed through our website using credit or debit card data are held by Stripe, our payment processor. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
When an individual subscribes to the party we collect their full name and email address. The name and email address are collected so that the party can communicate with supporters by email about the work the party is doing, party news and activities supporters can participate in.
In the case of volunteers and activists their name and email address will be collected for the same reasons. However, mobile numbers and addresses will also be collected for the purpose of organising events and coordinating campaigns. Gender and age data are collected to inform the party of demographics. Volunteers and activists are asked to provide their skills and experience to guide their involvement with the party.
If a constituent or member of the public wishes to raise a constituency matter with an Elected Representative, Candidate for Election or the Green Party we will have a record of their contact details from the correspondence. In order to advance a constituent’s query, it may be necessary to collect further personal data from a constituent so that the case can be fully investigated and a resolution sought.
Website User Data
Where website users access any of our websites we will require their consent to proceed with their use of our websites. The types of data we collect include Usage Data and Tracking and Cookies Data. These data help us understand how users navigate our sites and how we can improve website user experience.
We collect information about how our website and its services are used. This Usage Data may include information such as your computer’s Internet Protocol address (IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
2) How we process your personal data
We record the personal data collected from our data subjects via webforms on our website which are submitted to our database and email accounts. Data is also supplied to us in hardcopy, over the phone, via social media and other communication platforms. These data is used in many ways by the party to advance the social, environmental and economic aims and objectives of the Green Party.
Officers of the party, including Constituency Group Officers, Elected Representatives, Candidates for Election, Returning Officers and Spokespersons view and process personal data in order to communicate with constituency members or members with specific experience or expertise. This data is used, in accordance with the communications preferences of data subjects, to contact members and supporters by email, phone and post.
As a data subject you have the right to withdraw your consent to data processing at any time by informing us that you wish to do so. If you withdraw your consent it will not be possible for you to participate in the party because data processing is necessary for the operational functioning of the party. For a full list of your rights as a data subject under GDPR please refer to point 4.
If individuals wish to engage with the Green Party as a member, supporter or volunteer etc. they must opt-in to email communication as email is the primary communication mode used by the party. It is essential that the party can inform the membership about voting eligibility, selection convention and party development in order to advance its normal aims and objectives. Data subjects can opt-in to internal party newsletters and groups, mobile phone and postal communication.
When a data subject is enrolled in the party database we will use the address data supplied to allocate the member or supporter to their Local Electoral Area, Dáil constituency and European constituency. We also use this data to assign members and supporters to their local Green Constituency/Local Group. This personal data is used by Local Group Officers to contact members and supporters about the local party, green events and campaigns in the area. The same data is available to our Elected Representatives and Candidates for Election to help build capacity and support for election and canvassing campaigns.
The personal data of members will be made available to members of the party acting as Returning Officers when a selection convention is called. Returning Officers are members from outside the constituency who have been appointed to manage a selection convention and ultimately oversee the selection of a Green Party candidate for the constituency. To ensure this process is managed correctly, Returning Officers will examine the personal data of members in the constituency and notify them about the selection convention process.
Where constituents’ queries are concerned, these will be received, stored, analysed and responded to by Elected Representatives and Candidates for Election with or without the involvement of the Green Party centrally in casework. While the Green Party may have queries recorded in its email mailboxes, cases are not stored in a structured fashion in the party’s database. Elected Representatives and Candidates for Election may record constituent’s data in their work databases for the purpose of case tracking, follow-up and communications.
We may use third-party service providers, such as Google Analytics, to monitor and assess how our websites are accessed and navigated by users. Google Analytics is a web analytics tool that tracks and provides data and reports on website usage and traffic. This data is shared with other Google services and may be used by Google to personalise the ads of its own advertising network. You can opt-out of Google Analytics by installing the Google Analytics opt-out browser add-on.
The Green Party has always been an advocate of data protection and the European Greens can be credited with negotiating the GDPR in the European Parliament. We are committed to ensuring your data protection rights as a data subject are upheld and compliant with the GDPR. If you have any concerns with regard to data protection and the Green Party please notify us using the contact details at the top of this document. As a data subject you have the right to lodge a complaint with the Office of Data Protection Commission if you allege your personal data has been processed in contravention with the GDPR.
3) Data Sharing & Data Transfer
Personal data belonging to a data subject is shared with officers of the party; including party staff, Constituency Group Officers, Elected Representatives, Candidates for Elections, Returning Officers and Spokespersons. Data is shared with these officers for the sole purpose of executing the work of the Green Party and for no purposes other than the legitimate, political interests of the party. The Green Party will not share personal data with any other organisation without prior consent from the data subject. At some time we may request your permission to share personal data with another related organisation, such as the European Green Party.
We host our main website www.greenparty.ie and our members’ website my.greenparty.ie, including special category data on an EU server, providing the full purview of protection under the GDPR. Within the members’ website the party holds the records of its membership, which is classified as special category data. Our webhosting and web maintenance is managed by an Information Technology company to ensure maximum compliance and data protection of the website at all times.
Legal Third Party Processing
The Green Party will facilitate the processing of personal data of its data subjects by legal authorities where there is a lawful requirement to do so. For example, if legal proceedings are brought by, or against, the Green Party it may be legally obliged to share personal data for the process of data processing. Other state authorities which may request to view, receive and process personal data held by the Green Party include the Standards in Political Office, responsible for the financial auditing of political parties and the Office of the Data Protection Commissioner, responsible for data protection in Ireland.
Contracted Data Processors
To ensure the effective utilisation of resources, we may employ contractors to provide professional services to the party, such as for database development, website development or other consultancy services. Where the provision of services requires access to the personal data of the party’s data subjects a Data Protection Agreement (DPA) will be signed by both the Green Party as Data Controller and the contractor as Data Processor. This agreement states the legal obligation of the data processor not to disclose personal data or process it in ways that are not agreed with the party. It also explains the security measures and policies implemented by the data processor for data protection.
4) How long we keep your data for
The Green Party will keep personal data belonging to its data subjects for a period of no more than five and a half years. This period is comparable to a term of government and is a regular period during which a political party would be in government, opposition or seeking office. Our data retention policy does not supersede the rights of a data subject under GDPR as set-out under heading 5.
Member Data Retention
In the case of members, the party will retain personal data for five and a half years following the end of the membership period where the data subject has not engaged with the party in a specified way. After an ordinary Green Party membership lapses there is a period of one year in which a member can renew their membership without losing their voting rights, known as the grace period. After this period elapses former members may become party supporters and continue to receive communications from the party in line with their communications preferences, which they can change at any time. They can also choose to independently end their support of the party by unsubscribing.
Supporter Data Retention
While supporters continue to engage with the party through specified activities, we will maintain their personal data on file so that the we can contact them about our work. If after 4.5 years a supporter has not undertaken any specified activities, we shall seek consent to continue contacting the data subject as a party supporter. If there is no response, or the data subject replies negatively their personal data will be anonymised. If the data subject replies positively their records will be kept on file.
Financial Record Retention
The financial records of all data subjects must be kept on file for the purposes of audit, however it will not be possible to identify the benefactor from this data. In some cases the party will be prohibited from anonymising a data subject’s identifiable records. Personal data, including names and addresses must be kept on record where specified by the SIPO guidelines, such as where larger donations are concerned. Similarly, personal data must be retained by the party where there are active or potential legal proceedings.
Where donors are not party members, and there is no legal requirement to keep their personal data on file, non-financial data will be anonymised after a period of five and a half years.
5) Your rights as a data subject under the GDPR
1) You must have easy access to contact information about the organisation collecting your data.
Our contact details are found at the top of this document.
2) Information about where your data was sourced, if not directly from you, must be provided. • We collect your data directly from forms you have filled out or from communications we’ve received from you.
3) You have the right to know what data of yours we hold.• We facilitate your right to access your personal data held by us following our data protection protocol.
4) You have the right to rectify any omissions or errors in your personal data that we have recorded. 5) You have the right to have your personal data erased. The party can erase your personal data from its records following our data protection protocol. However, in accordance with the Electoral Act of 1997 it is a statutory requirement to keep personal data of some donors on file.
6) You have the right to restrict your data being processed in specific circumstances. • Following data protection protocol, when requested we will restrict the processing of your data.
7) Following any requested rectification, or erasure, of your personal data, recipients of this data will be notified of such changes. We will inform any recipients of your data, such as Elected Representatives or Candidates for Elections, of any rectifications or erasures performed on your personal data.
8) You have the right to receive your data in a portable format. • Should you wish to move your data to another location we will be able to provide it to you following our data protection protocol.
9) You have the right to object to your data being processed. Following our data protection protocol we will stop processing your data when requested.
10) Automated decision making, such as profiling, which has significant effects on you is not legal. We will not make decisions that affect you using automated decision-making technology.
6) Changes to this Statement
We may update our Data Protection Statement from time to time. We will notify data subjects of any updates to the statement at this link. Any new version of the statement will additionally be made available to our members and subscribers on our member’s website.