Three Steps is committed to respecting and protecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of Three Steps in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- Three Steps
- Contact details are:
- Office Address: Millrace Lodge, Old Athlumney Road, Navan, Co. Meath
- Phone Number: 046 9059560
- Email: please contact us via the contact form
- When we refer to ‘we’ it is Three Steps
Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
We are an unlimited company registered in Ireland (CRO number 424526) and operating since 2008. We are a medium to long term therapeutic service providing both Mainstream residential services and Disability residential services.
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
- Lorraine Hayes, HR Manager
- O46 9059560
Purpose for processing your data
When you make an enquiry via the Three Steps website, we need to collect information about you to respond to your enquiry. This information includes, but is not limited to, details such as your name, email address and telephone number.
Why are we processing your data? Our legal basis
In order for us to respond to your query made via our ‘Make a referral’ or ‘Contact Us’ forms Three Steps need to collect personal data. Our reason (lawful reason) for processing your data under the GDPR is:
- Your details are required in order for us to contact you and provide you with theinformation you have requested
In any event, Three Steps are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will Three Steps use the personal data it collects about me?
Three Steps will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
When you use our contact form the information you submit is stored in our website database (encrypted) as a back-up for a period of 15 days after which it is deleted automatically. The original enquiry is sent to our offices by email and falls under our emails retention policy.
We have taken additional steps to ensure the data you provide us with is dealt with in a safe manner:
- Our site is hosted on SSL (Secure Socket Layer) which means communications between the site and server are fully encrypted (for instance when you submit a contact form)
- Emails sent to us from our website are sent via TLS (Transport Layer Security)
Statistics: we use statistics on the website which provide us with essential information such as most visited pages, where users are coming from (search engines, links etc.) These are not set up to track your full IP address and therefore do not collect personal information.
Please note that:
- Our website is hosted in Ireland
- Our emails are hosted by Microsoft 365 within the EU
Who are sharing your data with?
In the case of enquiries we do not share your data.
Data subject rights
Three Steps facilitate your rights in line with our data protection policy and the subject access request procedure. This is available on request.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access: you have the right to request a copy of the information that we holdabout you.
- Right of rectification: you have a right to correct data that we hold about you that isinaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we holdabout you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right torestrict the processing.
- Right of portability: you have the right to have the data we hold about youtransferred to another organisation.
- Right to object: you have the right to object to certain types of processing.
- Right to object to automated processing, including profiling: you also have theright to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Three Steps refuses your request underrights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Additional information we are providing you with to ensure we are transparent and fair with our processing
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Three Steps will process personal data in accordance with our retention policy. This retention policy is covered by our internal governance.
In the event that you wish to make a complaint about how your personal data is being processed by Three Steps or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Three Steps data protection representatives Data Protection Officer / GDPR Owner.
Your privacy is important to us. If you have any queries, questions or comments regarding this statement, please do not hesitate to contact us.