Childline Privacy Notice

Protecting Your Data: The Childline by ISPCC Privacy Notice

 

Childline is a confidential listening service provided to all children and young people by The Irish Society for the Prevention of Cruelty to Children, Ireland’s national children’s charity. Our purpose is to be there for all children and young people in Ireland – to listen, empower them, strengthen their resilience and enable them to live their best possible lives.

Childline provides confidential and preventative phone and webchat services directly to children and young people. We communicate children’s concerns and views with a range of stakeholders and are fortunate to benefit from thousands of donations each year from individuals and organisations. We are committed to doing this while also keeping your data safe. Please note there are some limits to confidentiality described below, for example when children and young people are at risk, when translation is required in other languages to provide chat services to young people arriving from Ukraine, etc.

The ISPCC is a registered charity, and our charity registration number is 20007225.

Our Privacy Notice explains why we collect data, what data is collected, what we do with it, what we don’t do with it, and what you can do to exercise your rights as a data subject or to seek further information. Please refer to the ISPCC’s full Privacy Notice on the ISPCC website for further details.

The controller (as defined in the GDPR) of your personal data for all purposes outlined in this policy is the ISPCC, Unit 3, Block 3, Harbour Square, Crofton Road, Dun Laoghaire, Dublin. We can be contacted by post at ISPCC, PO Box 13552, Dublin 8, or by telephone at 01 2342000  and email at [email protected]

XpertDPO are the designated Data Protection Officer for the ISPCC and can be contacted directly at [email protected]

Personal data is defined in the General Data Protection Regulation (GDPR) as:

‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’

‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

A ‘controller’ is defined as ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law’.

Childline relies on a number of legal bases for processing personal data, for example:

  • Childline must by law report to Gardaí and/or social workers in Tusla – The Child and Family Agency if it believes that a young person is at risk. This involves complying with the legal obligations outlined in Children First legislation. It may also be in a child or other person’s vital interests that Childline collects personal data to assist them if they are at risk.
  • Childline has a legitimate interest to share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them. These case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.

We will collect and process the following data:

  • For each call we record your age, gender, the reason for the call and risk level.
  • If you are at risk and want Childline to help you, then we may need further personal information about you. It is your choice whether to give us further information or not.
  • If you do tell us your name and address (or another way that we could identify you) and we think you might be at risk or are worried that you were in some kind of danger we keep a record of this and tell someone who may be able to help you (Gardaí or a social worker).
  • We collect this data because we must do so by law if you are at risk and give us information that tells us who you are and where you live or are located. In these cases, we may need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.
  • Although Childline does not see your phone number when you call, Gardaí may on rare occasions during an investigation ask us and other organisations such as telecommunications companies for personal information, including phone numbers, that could identify you.

Your data will be used in the following way:

  • To provide a high quality listening service to all children.
  • To collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • To share anonymised case studies that cannot be linked back to individual children with policy makers and the media to help increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.

We hope that collecting your data in this way, will:

  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC Childline to improve policies and services, thereby making life better and safer for you and for all children and young people.

We will collect and process the following data:

  • A nickname you would like to use when chatting, your age and gender.
  • A record of your conversations will be kept in line with our retention policy.
  • If you provide identifying information and are at risk, we may by law need to pass our concerns on to a statutory body such as the Gardaí or Tusla – the Child and Family Agency.

 Your data will be used in the following way:

  • To help Childline provide a better listening service to you and measure the quality of the service we offer to children and young people.
  • We also use your data to collect statistical information that cannot be related back to individuals to help us improve Childline and advocate for children all over the country.
  • Conversation transcripts may be analysed for research purposes to benefit children and young people once personal data has been removed from them.
  • We share case anonymised studies that cannot be linked back to individual children with policy makers and the media to help them increase awareness and understanding of what young people are experiencing and things that are important to them. These statistics and case studies can also be shared with others to promote Childline as a charity and to help raise funds for Childline.
  • In the course of a Garda investigation, Gardaí may on rare occasions ask us and other organisations such as telecommunications companies for personal information that could identify you.

We hope that collecting your data in this way, will:

  • Offer you a friendly and non-judgemental listening ear anytime you want to talk to Childline.
  • Help you to get the support that you need if you are at risk.
  • Enable ISPCC to raise vital funds to continue to provide the Childline service to you 24 hours a day, 365 days a year.
  • Enable ISPCC to improve policies and services, thereby making life better and safer for you and for all children and young people.

We will collect and process the following data:

Any personal data included in a question will be removed before it is published on the website for others to read.

Your data will be used in the following way:

Personal data will be removed so that selected questions can be answered and shared publicly on the website for all children and young people to read.

We hope that collecting your data in this way, will:

  • Give children and young people an opportunity to seek advice without speaking to someone directly if they do not wish to do so.
  • Allow Childline to publish questions and answers that may help other children and young people seeking advice on a variety of subjects.

Childline will use Google Translate to translate from the service user’s language into English and vice versa. Because we will be sharing your questions and our conversation with Google, we cannot ensure the same level of confidentiality as when these services are provided through English language only. Google’s Terms of Service and Privacy Policy apply to text translations and personal data may be processed outside the European Economic Area.

We will collect and process the following personal data:

  • Logged into Childline Webchat
    • Each time you webchat to Childline, you might chat about the same thing or maybe it’s about something different every time. At the end of your chat with us, Childline records your age and gender and describes what your chat was about. Say your chat was about a friend that was annoying you, Childline might say that the chat with you was about “Relationship with Friends”.
    • Sometimes we add up all the chats from all the children and young people who contacted Childline and see how many chatted about “Relationship with Friends”. We use this information to tell everyone else about the types of things children and young people contact Childline about. It helps us to tell the Government what they should be doing to help all the children in Ireland.
    • Sometimes we use the types of reasons people contact us to tell stories about the reasons children contact Childline. We never use the exact information or stories people tell us, but we use examples from different people to make sure that individual stories could not be identified.

How do we use Cookies?

The ISPCC Childline Website uses first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Third parties serve cookies through our Websites for analytics and other purposes. This is described in more detail in our Cookie Policy.

You can select the cookies you want to allow and change your preferences at any time by clicking on the cookie settings shield icon on your screen.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Occasionally, it may be necessary to limit an individual’s access to our services. For example:

  • If we suspect that you are an adult abusing services dedicated to children and young people.
  • If we believe you are abusing our service or are abusive towards our employees and volunteers, we may use our system to block your calls or messages from getting through.
  • If you contact us a lot in a short period of time we may need to manage your access to our service to ensure that others are able to get through to us.

If you would like to appeal a decision to limit your access to our services, please email us at [email protected].

If you are abusive or threaten our employees or volunteers when you contact Childline, we may report you to the Gardaí.

For the security of our employees and volunteers, our premises are monitored by CCTV and if you are abusive or threaten our employees or volunteers on or in the vicinity of our premises, CCTV images, where available, may also be shared with Gardaí.

Childline will retain personal data in accordance with our data retention schedule and will not keep it for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed. We review our data retention periods for personal information on a regular basis.

Currently personal data is kept live on the ISPCC digital portal for 30 days.  Programmatic backups and audit logs of all data are kept securely  by a third party for up to 6 months for the purposes of troubleshooting and restoring data in the event of an IT systems failure.

Childline will not sell or rent User Data to any third party without your prior permission. Where it is using Google Translate to translate conversation transcripts, user data may be made commercially available to Google without your prior permission.

We may disclose your personal information to third parties such as An Garda Síochána and Tusla, The Child and Family Agency if we are legally obliged to for the purposes of meeting our statutory child safeguarding obligations under Children First legislation. This only happens where we are concerned a child may be at risk or for the investigation of a crime.

We may also share your personal data with trusted organisations who provide services to Childline to enable us to provide services to children and young people. They too are required to keep your data safe and confidential. For example, Livechat Inc. allows us to provide chatline services. Livechat’s processing of conversation transcripts takes place in the US using EU standard contractual clauses.

We may share personal data with funders or statutory regulators only where lawfully required to do so for audit or investigation purposes. We are also required by our insurer to retain written details of allegations or complaints for the purpose of handling potential future insurance claims.

The ISPCC Childline has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information.

We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.

Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure. 

Under certain circumstances, and dependent on legal basis under which your personal data is processed, by law you have the following rights:

Right to be informed: We will provide you with a privacy notice to tell you how we are using your personal data.

Right of access: You have the right to obtain access to your own personal data at any time. Information will be supplied within one month of receipt of the request.  This can be extended by a further two months where requests are complex or numerous. This will be provided free of charge unless you ask for multiple copies or the request is manifestly unfounded or excessive. We can also refuse your request if it adversely affects the rights and freedoms of others or is manifestly unfounded or excessive.

Right of rectification:  You have the right to have your personal data rectified if it is inaccurate or incomplete.  

Right of erasure: You have the right to request the deletion of personal data where there is no compelling reason for its continued processing or if we are processing it in an unlawful manner – for example, if we are using it for a different purpose than originally stated. 

Right to restrict data processing:  Under certain circumstances, you have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it.

Right to data portability:  You can obtain and reuse your personal data in a structured, commonly used and machine-readable format for your own purposes across different services. This right applies where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.

Right to object:  You have the right to object on grounds relating to your particular situation to: 

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • Direct marketing (including profiling); and
  • Processing for purposes of scientific/historical research and statistics.

We must stop processing the personal data unless: 

  • We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • The processing is for the establishment, exercise or defence of legal claims.

Right in relation to automated decision making and profiling: Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Please contact us at [email protected] if you wish to exercise any of your data protection rights.

We will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.

Upon successful verification of your identity you are entitled to obtain the following information about your own personal data: 

  1. The purposes of the processing
  2. The categories of personal data concerned
  3. The recipients or categories of recipients to whom your personal data has been or may be disclosed, along with the location of those recipients
  4. The envisaged period of storage for your personal data or the criteria for determining the storage period
  5. The sources of the personal information, if it was not obtained from you
  6. The use of any automated decision-making and/or profiling.

We will keep this Privacy Notice under review.  Please check our website for the most recent version of our Privacy Notice. This privacy notice was last updated in May, 2023.

If you require further information about the way your personal data will be used or if you are unhappy with the way we have handled your personal data and wish to contact us, please submit your concerns to [email protected].  

The [email protected] mailbox is managed by the ISPCC DPO function and all correspondence received will be addressed accordingly, including support from the designated ISPCC Data Protection Officer.

You have the right to lodge a complaint with the Office of the Data Protection Commissioner. To contact the Office of the Data Protection Commissioner, you may use the webform link on their website or the following details:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28 

Helpdesk Telephone: 01 7650100 or 1800 437737