News giftDonate

Cystic Fibrosis Ireland Privacy Policy

Cystic Fibrosis Ireland (CFI) is the national charity for people living with Cystic Fibrosis (CF) in Ireland. We are a registered charity and a company limited by guarantee. CFI commit to protecting the privacy and personal data of our members and supporters. You can read the policy on this page or download by clicking the link below. 

Friday 19th DecemberCFI Privacy Policy Dec 2025 Download

CFI PRIVACY POLICY 

This Privacy Policy covers: 

The purpose of the Privacy Policy 

This statement tells you how CFI collects, uses, stores and manages the personal data you provide to us. Please read this statement careful to understand completely how CFI: 

  • act in relation to your data privacy rights 

  • treat your information and data you share with us 

  • how you can withdraw consent at any time.  

By giving us your information and visiting www.cfireland.ie and all sub-domains you are accepting and consenting to the practices described in this statement. 

The information in this document may change. Please review before supplying any information. 

What data CFI collects about you 

CFI collects details provided by you for different reasons including but not limited to; 

  • becoming a registered member 

  • receiving updates as a registered member 

  • making donations 

  • benefitting from CFI support 

  • applying for a CFI grant 

  • subscribing to our quarterly magazine 

  • subscribing to other email updates 

  • sponsoring someone taking part in an event 

  • purchasing goods  

  • making a direct debit 

  • applying for a job, volunteer or research opportunity. 

CFI promise to handle your personal data and information in a legal, fair, and clear way so you always know how it is used. This is our obligation and responsibility set out by Data Protection Legislation in Europe*.  CFI will use your information to manage your membership or support, and to keep you updated about CFI’s activities, events, and news. 

How CFI collects your data 

Depending on how we are given or get your details, we will use them for different things. For example, sending you the information you asked for, handling a donation or giving you a receipt. 

 Some examples of how we gather your data include but are not limited to; 

  • when you give it to us directly 

  • when we collect it as part of your website visit 

  • when you have given it to a third party and you have provided permission to pass your information onto us 

  • From publicly available sources. 

You may share personal details with us when you ask about our work, fill in forms on our website, or contact us by phone, email, or social media. This could include details such as your name, address, email, phone number, date of birth, payment details, your story, how you’d like us to contact you, your feedback, or even a photo.  We collect this information when you contact us directly (by email, phone, or text) or when you fill out forms online or on paper, for example: 

  • membership form 

  • conference registration 

  • volunteer/ambassador application   

  • testimonial form         

  • donation form        

  • shop order      

  • subscription to e-zine          

  • newsletter subscription         

  • contact request       

  • event registration   

  • job application 

  • use or view our website via your browser’s cookies 

  • survey submissions 

How CFI uses your data 

We keep and use your personal information for CFI’s work only, and always in line with European data protection laws* 

Operational purposes 

We may process your personal information to help run our day‑to‑day work, including, but not limited to: 

  • using your information to meet our commitments under any contracts with you and to give you the services or information you’ve asked for. 

  • providing you with information about other opportunities to support CFI where you do not object to receiving such information 

  • creating a Customer Relationship Management (CRM) / database entry  

  • creating an account or CRM entry for you if you register with us as a supporter 

  • using your information to support our charity’s goals, including raising funds 

  • sharing information with you — or allowing trusted partners to do so — about products or services we think you’ll find useful 

 CFI will use your information to manage our connection with you as a supporter or member. We’ll also use it to share updates about CFI’s activities, events, and news, and will contact you using the details you give us. 

CFI may share your information with trusted third parties to carry out the activities you have agreed to, like printing and posting Spectrum. The data you give us will always be handled carefully and securely. 

How CFI stores your data 

CFI takes and will continue to take all reasonable steps, including technical and organisational measures, to protect the information you share with us. We will only use your data for the purpose you agreed to. 

Once we receive your information, we use security measures to prevent anyone from accessing, misusing, or sharing your personal data without permission. 

When you make an online payment, we don’t see or store your full card details. Payments are processed through the platforms listed below: 

  • SEPA Monthly Payments – ask your bank or credit institution for a copy of their privacy policy 

If you pay by card and want to know how your personal data is handled, please check the card company’s own website for their privacy policy. 

CFI will do everything reasonably possible to keep your personal data safe and use it only as explained in this Privacy Policy. 

Disclosure of your information  

 We may share your personal information with third parties in certain situations: 

  • If we are legally required to, or if it’s necessary to protect the rights, property, or safety of CFI, our supporters, service users, or others. This can include sharing information with other organisations for national security, fraud prevention, or reducing credit risks. 

  • If we use third‑party services, they are bound by proper contracts and must handle your data in line with GDPR rules. For example, this might happen when printing and mailing large batches of letters. 

How long we hold your data for 

We keep your information only for as long as we need it, or as required by law. If you choose to stop supporting CFI or ask us not to contact you, we’ll keep some basic details to make sure we don’t send you unwanted messages or accidentally duplicate records. Your consent will be considered valid for seven years from your last interaction with us, such as your last message, event participation, or donation. 

How we will communicate with you 

Depending on what contact options you selection, CFI may contact you in different ways: 

  • Email, phone and text marketing: If you share your email or phone number and agree, we may send you marketing messages. By subscribing, you allow us to use your email and phone number for marketing and/or targeted ads. 

  • Email follow‑ups: If you become a member or ask us for advice or support, we may contact you to check in or follow up. 

  • Post or phone marketing: If you give us your postal address, we may send you letters about our work, unless you tell us not to. 

  • Your choice: You decide if you want to hear from us about our work, fundraising, or ways to get involved. You can set your preferences when we collect your details. 

  • Opting out: If you don’t want certain types of communication, you can tell us how you’d like us to contact you—or not contact you at all. Every marketing email will also give you the option to unsubscribe. 

Children 

If you are under 18, you must get permission from your parent, guardian, or caregiver before sharing any personal information with CFI or on our website. We will not and do not knowingly market to anyone under 18. Sometimes we may use a child’s photo or story in fundraising or advocacy campaigns, but only with a parent or guardian’s consent. We also encourage the child to read the age‑appropriate privacy policy, so they understand how their data is used. If a child’s information is shared in a public campaign, we will do our best to protect their identity—for example, by only publishing their first name and county 

Marketing 

CFI may send you updates about our work, the projects we support, and ways you can get involved—like campaigns, volunteering, or fundraising. If you would prefer not to receive these messages, you can unsubscribe from any marketing email or contact us to change your preferences as is your right under GDPR. 

Social Media 

We want to keep our marketing affordable and give our supporters the best experience. To do this, we share tailored content and ads through our website, social media, and other channels. 

Sometimes we use the information you’ve given us on one platform (like our website, email, or social media) to send you personalised messages on another. For example, we might use website cookies in a way that doesn’t identify you personally or run ads on social media. 

We’ll only use your data to show you ads on social media if you’ve agreed to it. However, you may still see our ads on social media in general, since we can’t always control who sees them. 

If you interact with CFI or our team on social media, please check that platform’s Privacy Policy and adjust your privacy settings to match what you’re comfortable sharing with us. 

Website Privacy  

When you use our website (www.cfireland.ie), you’re agreeing that we can collect and use it as explained in this privacy policy. You also agree that we can share your details with other organisations if they need them to complete your order or respond to your query. 

Cookies 

We use cookies to learn how people use the CFI website and services so we can make them better. Some cookies are essential for the site to work properly—for example, to remember what you put in your shopping cart or to keep the site secure. Each time you visit our website, we may automatically collect certain information. 

  •  Cookies are small files saved on your computer or phone when you visit websites. They keep track of how you use the site so we can give you a more personalized experience. 

When you visit the CFI website, we may automatically collect: 

  • Technical details like your IP address, login information, browser type and version, time zone, plug-ins, operating system, and platform. 

  • Information about your visit, such as the pages you clicked on, products you viewed or searched for, how quickly pages loaded, any errors, how long you stayed on certain pages, and how you interacted with them. 

Because we respect your privacy, you can choose not to accept some cookies. Only the cookies that are strictly necessary (like those that keep the site secure or remember your shopping cart) are required. When you first visit our site, a cookie notice will appear, giving you the option to reject some or all non-essential cookies. 

You can read our cookies policy on our website www.cfireland.ie

Donation Page 

We care about your privacy and want you to feel safe when making a donation. When you donate, we collect details such as your name, email address, billing information, and the amount you gave. We use this information to process your donation, send you a receipt, and keep in touch with you about your contribution. 

We never sell, rent, or share your personal information with other companies for marketing. Your payment details are handled securely by trusted payment providers and are not stored on our servers. 

  • SEPA Monthly Payments – ask your bank or credit institution for a copy of their privacy policy 

We may use anonymous donation information to create reports and improve our fundraising. If we publicly recognise donors, we will only include your name or other details if you have given us permission. 

If you sign up for our updates, you can unsubscribe anytime by clicking the link in our emails. 

If you have questions about this Privacy Policy or want to update your personal information, please contact us at dpo@cfireland.ie 

Online shop 

When you shop at CFI’s online store, we need to collect some information to process and deliver your order. This is part of our contract with you. 

We may collect: 

  • Technical details about your device, browser, and IP address, plus what products you look at and how you use the store (like search terms). This helps us make sure the store works properly and improve the site for everyone. 

  • Order details such as your name, billing and shipping addresses, payment information, card details, email, and phone number. We use this to process your payment, ship your order, provide customer support, and share information or offers about our products and services. 

All information is handled according to our privacy policy. Some trusted third parties may process your data to help us run the store—for example, Shopify (store platform), Stripe (payments), and An Post (delivery). 

 If would like to understand these privacy policies, please visit  

Information and support services 

As a charity supporting people with Cystic Fibrosis and their families, we take the protection of sensitive information seriously and want to maintain your trust.  You can reach us in different ways if you need information, support or help. Our Member Services team is available by phone or email to answer questions about life with CF, welfare entitlements, rights advice, and grants and more. They also provide support for any other activities run by CFI to help people affected by Cystic Fibrosis (CF) — including adults and children with CF, as well as their friends, family, partners, and carers. 

The privacy policy aims to make clear what information we collect, why we use it, and the rights you have over your data. We follow data protection laws, including GDPR, to ensure your information is handled with care, confidentiality, and respect. 

We may use the details you give to use to provide supports and services, including but not limited to: 

  • Processing application for grants  

  • Providing advice 

  • Providing a listening service 

Engaging with multi-disciplinary teams 

The details you provide are stored in our secure CRM system and/or on our secure server and only kept for as long as you are a member. Organisational and technical security is in place to make sure that your information is safe in our systems. 

Privacy policies of other websites 

Sometimes our site, subdomains, or microsites may include links to websites run by our partners, advertisers, or affiliates. If you click on one of these links, please remember that those websites have their own privacy policies. We are not responsible for how they handle your information, so be sure to read their policies before sharing any personal details. 

Changes to the CFI privacy policy 

 We may update our privacy policy at any time. The latest version will always be available on our website. Please check it from time to time to see any changes. 

By reviewing this page regularly, you’ll know what information we collect, how we use it, and when it may be shared. 

Your Data Protection Rights 

Article 8 of the EU Charter of Fundamental Rights states: 

  • Everyone has the right to the protection of personal data concerning him/her/them. 

  • Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him/her/them, and the right to have it rectified. 

  • Compliance with these rules shall be subject to control by an independent authority. 

This means that every individual is entitled to have their personal information protected, used in a fair and legal way, and made available to them when they ask for a copy. If an individual feels that their personal information is wrong, they are entitled to ask for that information to be corrected. 

Under the General Data Protection Regulation (GDPR), you have the following rights over your personal data: 

  • Right to be informed: You can obtain information about the processing of your personal data. 

  • Right of access: You can obtain access to the personal data held about you. 

  • Right to rectification: You can ask for incorrect, inaccurate or incomplete personal data to be corrected. 

  • Right to erasure: You can request that personal data be erased when it’s no longer needed or if processing it is unlawful. 

  • Right to restriction of processing: You can request the restriction of the processing of your personal data in specific cases. 

  • Right to data portability: You can receive your personal data in a machine-readable format and send it to another controller. 

  • Right to object: You can object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation. 

  • Rights in relation to automated decision-making and profiling: You can request that decisions based on your personal data and that significantly affect you are made by natural persons, not only by computers. 

  • The right to object - You have the right, in certain situations, to object to how CFI uses your personal data. You can ask us to block, delete, or limit the use of your information. If you believe your rights have been affected, you can make a complaint to the Data Protection Commission. 

  • The right to restrict -You have the right, in certain situations, to limit how your personal data  is used. If you choose to restrict processing, your data can still be stored, but most other  actions—like deleting or changing it—will only happen with your permission. 

  • The right to withdraw consent - As a data subject you have the right to withdraw your consent at any time, if your data is being processed using consent as the legal basis 

What if I do not agree with this Privacy Policy? 

If you do not agree to our processing of your data in the manner detailed in this Policy, please do not give any personal data to us.                

How do I keep my details up to date? 

Keeping your information up to date is important to us. If you change your address or believe any of the other information, we have about you is out of date, please get in touch at the details below. 

How to get in touch 

If you have any queries in relation to this statement or to would like to ask for a copy of CFI’s Data Protection Privacy Policy please contact the Data Protection Officer at info@cfireland.ie or phone 01 496 2433. 

Cystic Fibrosis Ireland 

24 Lower Rathmines Road, Rathmines, Dublin 6 

Email:  info@cfireland.ie  

Tel:      01 496 2433 

Email: dpo@cfireland.ie 

How to contact the appropriate authorities 

Data Protection Commission 

To contact the Data Protection Commission, visit www.dataprotection.ie or call 01 7650100 / 1800437 737. 

 

Definitions 

Personal data 

The term ‘personal data’ means any information concerning or relating to an living person who is either identified or identifiable (such a person is referred to as a ‘data subject’). 

An individual could be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as an IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. 

Processing 

The term “processing” refers to any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations. 

Data Controller: CFI  

A “data controller” refers to a person, company, or other body which decides the purposes and methods of processing personal data.  

Data Processor  

For specific purposes, CFI will appoint third party parties to carry out activities on our behalf. This may include print materials for delivery including Spectrum magazine, as well as the storage of Fundraising materials. These third parties are known as Data Processors. To ensure the security of your data, there will always be a formal agreement in place with such organisations.  

Consent 

Some types of processing are carried out on the basis that you have given your consent. Under the GDPR, consent to processing must be freely given, specific, and informed. You cannot be forced to give your consent, you must be told what purpose(s) your data will be used for, and you should show your consent through a ‘statement or as a clear affirmative action’ (e.g. ticking a box). 

Consent is not the only lawful basis on which your personal data can be processed. Article 6 of the GDPR sets out the complete list of lawful reasons for processing personal data as: 

  • Consent. 

  • To carry out a contract. 

  • In order for an organisation to meet a legal obligation. 

  • Where processing the personal data is necessary to protect the vital interests of a person. 

  • Where processing the personal data is necessary for the performance of a task carried out in the public interest. 

  • In the legitimate interests of a company/organisation (except where those interests contradict or harm the interests or rights and freedoms of the individual).* 

  • *It is important to note that Article 6(1)(f) provides that the "legitimate interests" reason is not available to public authorities where the processing is being conducted in the exercise of their functions. 

Profiling 

Profiling is any kind of automated processing of personal data that involves analysing or predicting your behaviour, habits or interests. 

Special categories of personal data 

Certain types of sensitive personal data are subject to additional protection under the GDPR. These are listed under Article 9 of the GDPR as “special categories” of personal data. The special categories are: 

  • Personal data revealing racial or ethnic origin. 

  • Political opinions. 

  • Religious or philosophical beliefs. 

  • Trade union membership. 

  • Genetic data and biometric data processed for the purpose of uniquely identifying a natural person. 

  • Data concerning health. 

  • Data concerning a natural person’s sex life or sexual orientation. 

Processing of these special categories is prohibited, except in limited circumstances set out in Article 9 of the GDPR.