Introduction

Eden Social Care is committed to protecting the rights, privacy and dignity of all individuals whose personal data we process. This includes children and young people in our care, their families, staff, job applicants, professionals, contractors and members of the public.

This Privacy Notice explains how Eden Social Care collects, uses, shares, stores and protects personal data when you interact with us or visit our website. It is provided in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and reflects regulatory expectations for children’s residential services in Ireland.

Who We Are

Eden Social Care is the Data Controller for personal data processed through this website and our services.

Contact Details:

Address: Eden Social Care, Wexford Road Business Park, Carlow, R93 K260

Email: [email protected]

Data Protection Officer (DPO): Colin Scanlan – [email protected]

Data Compliance Officer (DCO): Ger O’Sullivan – [email protected]

Personal Data We Collect

Through our website and communications, we may collect:

  • Names and contact details (e.g. via enquiry or recruitment forms).
  • Information provided in emails or correspondence.
  • Job application information, including CVs and qualifications.
  • Technical data such as IP address and browser type (where cookies or analytics are used).

We may also process special category personal data, particularly where required for safeguarding, care provision, or employment purposes. This information is handled with a high level of confidentiality and security.

We collect personal data through:

  • Direct contact with individuals (meetings, phone calls, emails).
  • Referrals and placement processes.
  • Recruitment and employment processes.
  • Our website enquiry and application forms.
  • Statutory bodies and professionals such as Tusla, HIQA and the HSE.

How We Use Personal Data

We use personal data to:

  • Provide safe, appropriate and high-quality residential care.
  • Safeguard and promote the welfare of children and young people.
  • Communicate with families, professionals and stakeholders.
  • Recruit, employ and support staff.
  • Meet legal, safeguarding and regulatory obligations.
  • Support governance, auditing and quality assurance processes.

Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Legal obligation – to comply with child care, employment, and regulatory law.
  • Public task – carrying out functions in the public interest relating to child welfare.
  • Contract – employment and service-related arrangements.
  • Vital interests – to protect the safety and well-being of individuals.
  • Consent – where required and appropriate.

Special category personal data is processed in accordance with Article 9 GDPR, including for reasons of substantial public interest and safeguarding.

Website Use and Cookies

Our website may collect limited technical information to help us understand how the site is used and to ensure it functions effectively. This may include IP address, browser type, device information and pages visited.

We may use cookies or similar technologies to support essential website functionality and, where applicable, to gather anonymised usage statistics. Cookies are small text files placed on your device when you visit a website.

Where required, we will seek your consent before placing non-essential cookies on your device. You can manage or disable cookies through your browser settings at any time.

Eden Social Care does not use cookies for advertising or marketing purposes and does not track users across other websites.

Sharing Personal Data

Personal data is shared only where lawful, necessary and proportionate. This may include sharing information with:

  • Statutory (Tusla, HSE, HIQA) and other regulatory or inspection bodies.
  • Health, education and social care professionals.
  • An Garda Síochána or emergency services, where required by law or safeguarding concerns.
  • Trusted IT and administrative service providers acting under contract.

International transfers of personal data outside the EEA are not undertaken unless permitted by GDPR safeguards.

We do not sell personal data or use it for marketing purposes.

Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected and in line with statutory, regulatory and Tusla requirements. Secure disposal methods are used when data is no longer required.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including secure storage, access controls, encryption where appropriate, staff training and incident management procedures.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Have inaccurate data corrected.
  • Request deletion of data, where applicable.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent where processing is based on consent.

Requests can be made by contacting our Data Protection Officer or Data Compliance Officer using the details above.

Complaints

If you have concerns about how your personal data is handled, please contact us in the first instance. You also have the right to make a complaint to the Data Protection Commission (Ireland).

Updates to This Notice

This Privacy Notice may be updated from time to time to reflect changes in legislation or organisational practice. The most recent version will always be available on our website.