MyISCP Hub← Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

MyISCP Hub ("we," "our," or "us") is operated by Headcase on behalf of the Irish Society of Chartered Physiotherapists (ISCP). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our volunteer event management platform.

2. Data Controller

Irish Society of Chartered Physiotherapists

Royal College of Surgeons in Ireland
123 St. Stephen's Green
Dublin 2, D02 YN77
Ireland

Email: info@iscp.ie

3. Information We Collect

3.1 Personal Information You Provide

  • Registration Data: Name, email address, ISCP membership number
  • Profile Information: Professional qualifications, areas of interest, volunteer preferences
  • Event Data: Event registrations, attendance records, feedback submissions
  • Communications: Messages sent through the platform, support requests

3.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: See our Cookie Policy for detailed information

4. How We Use Your Information

We process your personal data for the following purposes:

  • Event Management: To register you for events, send event updates, and track attendance
  • Platform Functionality: To provide access to resources, manage your volunteer profile, and enable platform features
  • Communication: To send important updates about events, platform changes, and ISCP volunteer opportunities
  • Analytics: To understand how volunteers use the platform and improve our services
  • Legal Compliance: To comply with legal obligations and protect our rights

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Legitimate Interests: Processing is necessary for our legitimate interests in operating the volunteer platform
  • Legal Obligation: Processing is necessary to comply with the law

6. Data Sharing and Disclosure

We share your personal data only in the following circumstances:

  • ISCP Staff: Authorized ISCP personnel who need access to manage volunteer programs
  • Service Providers: Supabase (database hosting), Vercel (platform hosting) - all GDPR-compliant
  • Event Organizers: Other ISCP volunteers organizing events you register for (name and contact info only)
  • Legal Requirements: When required by law or to protect our rights

We do not sell, rent, or share your personal data with third parties for marketing purposes.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Active Volunteers: Data retained while you are an active ISCP volunteer
  • Event Records: Attendance records kept for 7 years for reporting purposes
  • Inactive Accounts: Accounts inactive for 3 years will be deleted after email notification

8. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Request transfer of your data to another organization
  • Right to Object: Object to our processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us at privacy@iscp.ie

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Access controls and authentication (magic link authentication)
  • Regular security assessments and updates
  • GDPR-compliant hosting infrastructure (EU data centers)

10. International Data Transfers

Your personal data is stored and processed within the European Economic Area (EEA). We use Supabase and Vercel, both of which maintain GDPR-compliant EU data centers. Any data transfers outside the EEA will be protected by appropriate safeguards such as Standard Contractual Clauses.

11. Children's Privacy

MyISCP Hub is intended for use by qualified physiotherapy professionals and students. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a prominent notice on the platform. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@iscp.ie

You also have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.dataprotection.ie

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

ISCP Data Protection Officer
Email: privacy@iscp.ie
Phone: +353 1 402 2148

Back to Home