Operation Smile Ireland Data Protection Policy (Privacy and Cookies Policy)

Operation Smile Ireland is committed to protecting personal information and being transparent about what information we hold on anyone who has been in contact with Operation Smile. We recognise that you, as a visitor to our website, may be concerned about the information you provide to us, and how we treat that information. We also understand that privacy is a human right that benefits us all. Using data fairly is important to us as is using it securely.

Date Adopted/Reviewed: November 2019 Review Date: September 2022 (3 years)


The purpose of having a Privacy and Cookies Policy is to give a clear explanation about why and how Operation Smile Ireland collects and uses any personal information. We ensure that we follow strict guidelines as per the EU General Data Protection Regulations 2017. Our aim is to ensure that by respecting the privacy of our data subjects this will bring about benefits to them and in turn Operation Smile Ireland.


This policy applies to all activities undertaken by Operation Smile Ireland (OS Irl) within Ireland and abroad. OS Irl collects data to meet its objects as per its Memorandum and Articles of Association 2011 and defined strategic goals and objectives. The processing of data will be handled securely and sensitively to the best of our abilities and in line with our data classification.

Our data subjects

Our subjects include:

  • Beneficiaries
  • Donors
  • Volunteers
  • Employees
  • Applicants
  • Suppliers/Customers

Vulnerable person’s policy

We are committed to protecting vulnerable people and adhere to the following:

  • Noting references in correspondence e.g. being forgetful, family concerns about their charitable spend or simply their handwriting and responding appropriately to these issues.

Under 18’s

We are particularly respectful of the privacy of our young supporters. With regards to the use of the internet we encourage parents/guardians to monitor their children’s internet activities and help us protect their privacy by instructing them never to provide personal information on this or any other site without permission. We will in all circumstances try only to extract necessary information required to undertake our objective.

We have strict policies with regards to our marketing/email communication. We will not knowingly mail or email anyone under the age of 18 with any marketing related content. Communications to under 18s will be limited, and if related to fundraising will be in accordance with that as agreed with the minor and his/her legal guardian. If you are under 18 and wish to fundraise for Operation Smile Ireland please ensure you have consent from a parent or guardian before giving us your personal information.

If you have any questions about our Privacy and Cookies Policy or queries on how we use or have used your information please contact the Data Protection Officer:

By Post: Operation Smile Ireland 31 Pembroke Road Dublin 4

By Phone: 1800 849 061

By Email: Email: info@operationsmile.ie with the subject/reference: DATA PROTECTION

Operation Smile Ireland is incorporated as a Company Limited by Guarantee in the Republic of Ireland (No. 380841). It is also registered as a Charity with the Revenue Commissioner (CHY15661).

This policy will be reviewed periodically and may be changed/updated to reflect the review. Please ensure that you stay up to date by visiting our website and checking.

Information collections and use

OS Irl as Data Controller, and like most website owners receives and records information from various sources. The type of information we and/or our third party providers collect depends on the interaction between you and us. This could be when making a donation, applying for a job/to volunteer or through an online purchase. We gather information through postal communications, visits to our websites or apps, participation with our business/corporate partners, electronic communications, volunteering or communications through social media. We and/or our third party providers may also collect information publicly available through third party platforms (such as online social media platforms), online databases, or that which is otherwise legitimately obtained.

Type of information collected

The type of information collected is also related to the interaction. This may include:

  • Your name and bank/card details
  • Postal address or email address
  • Phone number
  • Education
  • Employment History
  • Medical history
  • Tax status/Tax Back Scheme eligibility
  • Consent
  • Mode of communication preference(s)

We also collect information through cookies and similar technologies. This information is usually de-identified information such as how you arrived at our website, pages you visited or general location. It may further collect information e.g. the device you use to browse our website or apps, the IP Address and related information, browsing history on our website and apps, how you search our

website or if you communicated with us. Personal information is only collected if you for instance apply a ‘remember me’ identification for any reason.

OS Irl is the sole owner of any information collected either as an organisation or by third party on its behalf, web based or not.

This information is used for the purposes of meeting our object/objectives and meeting your objective for contacting us. We will not sell, share, or rent this information to others except as in meeting our objectives through for example third party outsource contracts/data processors or to the extent as required by law. Third party contractors are expected to meet our standards and are required to abide by our policies.

We will endeavour to undertake privacy impact assessment whenever there is fundamental change in the way we process data, implement suitable records management systems, and log data security incidents. This will enable us to keep rigorous control of information held and your privacy.



Consent will depend on the mode of communication and OS Irl will at all times deem consent is given for contact via emails/phone albeit even if implied as in providing your email/telephone (mobile) number when accessing ‘products/services’ on our website.

We will only contact you with regards to the ‘product/service concerned or similar’. For all other email/phone contact we will seek expressed consent via post before communicating with you. Therefore, if you received an email from us, your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving email communications from us, or you have donated to us, purchased from us or otherwise have an existing relationship with us and have consented to receiving communications from us via email/phone.

Legitimate interest
Consent is deemed given if, having obtained a postal address, communication is sent by post and that the correspondence is related to OS Irl’s ‘legitimate interest in pursuance its objects/aims and objectives’. The opportunity to opt in/out will

thereby be given to the addressee when this initial correspondence is sent out. Options will then be noted in accordance with your response/choice(s). From time to time we my contact you again via post to enable any changes to be registered if we have not already been informed.

Data subject rights

Data subjects have the following rights:

  • Right to Erasure
  • Right to Access/Portability Requests
  • Right to Rectification (change or correct personal information)
  • Right to reduction in time limit and fee access removal

For more information on your rights and control of your data please visit: www.dataprotection.ie

Operation Smile will recognise your rights and endeavour to resolve any issues within 28 days.

Please contact the DPO at Operation Smile Ireland at the registered address by post or in person, by phone or by email if you wish to exercise any of these rights.

Mode of communication preference(s)/choices

You can choose how you would like to receive communication including direct marketing mail from us – through postal mail, email, sms and/or telephone. If you choose not to receive direct marketing communications from us we will honour your choice. This will not affect how we communicate with you in other matters. We respect your time and attention by controlling the frequency of correspondence/communication with you.

You may modify your preferences at any time by phone (1800 849 061), post to our registered address or via email (info@operationsmile.ie) or by using the automated (unsubscribe) link as instructed via email.

Controlling your personal information

Personal information is information that can identify a person, such as name, address, telephone number, and email address.

You may choose to restrict the collection or use of your personal information e.g.

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing, phoning or emailing us.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

Other information

Card information security

We care about the safety and security of your transaction. We use high grade encryption and the https security protocol to communicate with your browser software. This method is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept the card information you give us. Companies we work with to process card transactions also use high grade encryption and security protocols.

OS Irl is PCI Compliant and the monitoring of its web access point/ports is monitored by the IT team in Operation Smile Inc. and/or Security Metrics Ltd. Non-compliance is immediately reported to us and we take all necessary steps to fix breaches at the earliest opportunity. We also undertake annual assurances/checks on third party processors by ensuring that they too are PCI Compliant by asking for confirmation of current status.

Accuracy of information

In addition to maintaining privacy and security controls over information you share with us, Operation Smile works continually to accurately process
your information. We employ error checking procedures to ensure that information is processed completely and accurately. These processes/procedures

are reviewed regularly reflecting feedbacks and comments. During business hours, staff is available to answer questions about your financial transaction or personal information on 1800 849 061.

International transfer/VPN and storage/destruction of data

Where it is necessary for OS Irl to transfer information abroad OS Irl is committed to using a safe and secure transfer process including encryption where necessary. We will also seek to ensure that recipients have a data protection policy which meets our requirements or that they adhere to OS Irl’s Data Protection Policy/standards. Virtual logins will be password protected and staff are encouraged to use computerised equipment and software provided by OS Irl. Storage of information is important to us because your privacy is paramount. We will store information in the safest possible way that we can and protect information in transit with suitable access codes/passwords. Risk assessments will be undertaken whenever necessary to guarantee adequate protection/reduce risk of interception by unauthorised ‘persons’. At all times we will endeavour to use administrative, technical and physical measures to protect your personal information. We will take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it. Information will only be held for as long as our policies allow or as required by law. Data held on hardware no longer in use/required by OS Irl will be destroyed by a competent IT Support and Management Service company.


Independent external and internal audits are conducted to ensure the privacy, security and appropriate processing of your information by us.


We have a targeted approach to fundraising to make certain that we are contacting you with the most appropriate content and timing. At times we may use profiling techniques or insight companies to provide us with more general information about you using publically available information. This helps us better understand who supports us and means we can tailor appropriate communication to those supporters.

You may opt out of your data being used for profiling techniques by contacting us and marking any communication for the attention of the Data Protection Officer.

Complaints policy

If you are unhappy with any aspect of our work, have a specific complaint or any comments please do get in touch with us. We will be happy to speak with you and try to resolve any issues.

We will at all times try to convey through induction and annual training an awareness to staff and volunteers of the importance of data protection. We record complaints received, pass this onto the relevant department, have the complaint reviewed and resolved. However, if a resolution cannot be reached you can escalate your complaint to the Charities Regulator.

Breaches will be notified to the Data Protection Commissioner as per regulations.

You may request a full copy of our complaints policy at any time.

External links

Our website and microsites may contain links to other sites. Unless we expressly state otherwise, Operation Smile makes no representations whatsoever concerning the content of those sites. The fact that Operation Smile has provided a link to a site is not an endorsement, authorisation, sponsorship, or affiliation with respect to such site, its owners, or its providers. There are risks associated with using any information, software, or products found on the Internet, and Operation Smile cautions you to make sure that you understand these risks before retrieving, using, relying upon, or purchasing anything via the Internet. In addition, we encourage our users to read the privacy and cookies policies of these linked sites. Operation Smile is not responsible for the privacy practices of other websites.

You may not create a link to this site that incorporates or relies upon, in whole or in part, any content from any page on this website, or that incorporates any copyright or otherwise intellectual property of Operation Smile without written permission from Operation Smile.

Question or suggestions

It is important to us at Operation Smile that we hear what you have to say about our organisation or our policies. If you have any suggestions, questions, concerns, or complaints or want to let us know what you think about our organisation, please contact us at 1800 849 061 or email info@operationsmile.ie.