Three Steps is committed to respecting and protecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of our privacy statement to explain to you the information practices of Three Steps in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- Three StepsLtd
- Contact details are:
o Office Address: Millrace Lodge, Old Athlumney Road, Navan, Co.Meath
o Phone Number: 0469059560
o Email: please contact us via the contactform
- When we refer to ‘we’ it is ThreeSteps
This statement carefully sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
We are a limited company registered in Ireland (CRO number 424526) and operating since 2008. We are a medium to long term therapeutic service providing both Mainstream residential services and Disability residential services.
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
- Elaine Lowry, OperationsManager
Purpose for processing your data
When you make an enquiry via the Three Steps website, we need to collect information about you to respond to your enquiry. This information includes, but is not limited to, details such as your name, email address and telephone number.
Why are we processing your data? Our legal basis
For us to respond to your query made via our ‘Make a referral’ or ‘Contact Us’ forms Three Steps need to collect personal data. Our reason (lawful reason) for processing your data under the GDPR is:
- Your details are required for us to contact you and provide you with the information you haverequested
In any event, Three Steps are committed to ensuring that the information we collect, and its use is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will Three Steps use the personal data it collects about me?
Three Steps will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than isnecessary.
When you use our contact form the information you submit is stored in our website database (encrypted) as a back-up for a period of 15 days after which it is deleted automatically. The original enquiry is sent to our offices by email and falls under our emails retentionpolicy.
We have taken additional steps to ensure the data you provide us with is dealt with in a safe manner:
- Our site is hosted on SSL (Secure Socket Layer) which means communications between the site and server are fully encrypted (for instance when you submit a contactform)
- Emails sent to us by our website are sent via TLS (Transport LayerSecurity)
Statistics: we use statistics on the website which provide us with essential information such as most visited pages, where users are coming from (search engines, links etc.) These are not set up to track your full IP address and therefore do not collect personal information.
Please note that:
- Our website is hosted inIreland
- Our emails are hosted by Microsoft 365 within theEU
Who are sharing your data with?
In the case of enquiries, we do not share your data.
Data subject rights:
Three Steps facilitate your rights in line with our data protection policy and the subject access request procedure. This is available on request.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate orincomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from ourrecords.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to anotherorganisation.
- Right to object: you have the right to object to certain types ofprocessing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing orprofiling.
- Right to judicial review: in the event that Three Steps refuses your request under rights of access, we will provide you with a reason as towhy.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Additional information we are providing you with to ensure we are transparent and fair with our processing
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Three Steps will process personal data in accordance with our retention schedule. This retention schedule has been governed by our internal governance.
In the event that you wish to make a complaint about how your personal data is being processed by Three Steps or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Three Steps data protection representatives Data Protection Officer / GDPR Owner.
Your privacy is important to us. If you have any queries, questions, or comments regarding this Statement, please do not hesitate to contact us.