Privacy Policy

hOUR Timebank Ireland is committed to protecting your privacy and ensuring your personal data is handled responsibly in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988-2018.

This policy explains what information we collect, why we collect it, how we use it, and your rights regarding your personal data. We believe in transparency and user control.

The data controller responsible for your personal data is:

• Legal Name: hOUR Timebank CLG (Company Limited by Guarantee)
• Registered Business Name: Timebank Ireland
• Charity Registration: RCN 20162023 (Charities Regulator)
• Registered Address: 21 Páirc Goodman, Skibbereen, Co. Cork, P81 AK26, Ireland
• Data Protection Contact: [email protected]

If you are a member of a Partner Organisation using our platform, that organisation may also be a data controller for data they collect directly from you.

We collect only the information necessary to provide our timebanking services:

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our timebanking services to you
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legitimate Interests: Improving our services, preventing fraud, and ensuring platform security
• Legal Obligation: Complying with Irish and EU legal requirements

Your data is used exclusively for the following purposes:

• Service Delivery: Facilitating time exchanges and community connections
• Communication: Sending important updates, notifications, and messages from other members
• Security: Protecting your account and preventing fraud or abuse
• Improvement: Analysing usage patterns to enhance platform features (anonymised)
• Legal Compliance: Meeting regulatory requirements under Irish and EU law
• Charitable Reporting: Aggregated, anonymised statistics for charity reporting purposes

We do not sell your personal data to third parties. Your information is never shared with advertisers or data brokers.

We may share your data with:

• Other Members: Your profile information is visible to verified members to facilitate exchanges
• Partner Organisations: If you join a specific community, that organisation's coordinators can see your membership details
• Service Providers: Trusted providers who help us operate the platform (hosting, email delivery) under strict data processing agreements
• Legal Authorities: When required by law or to protect our legal rights

All service providers are bound by GDPR-compliant data processing agreements.

We implement robust security measures:

• Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
• Secure Passwords: Passwords are hashed using industry-standard algorithms
• Access Controls: Strict internal policies limit who can access your data
• Regular Audits: We conduct security reviews and update our practices accordingly
• EU-Based Hosting: Your data is stored within the European Union

Under GDPR, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete information
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict: Limit how we process your data in certain circumstances
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

We use cookies to enhance your experience:

• Essential Cookies: Required for login, security, and basic functionality
• Preference Cookies: Remember your settings like theme preference
• Analytics Cookies: Help us understand how people use the platform (anonymised)

We do not use advertising cookies or tracking pixels.

• Active Accounts: Data is kept while your account remains active
• Inactive Accounts: Accounts inactive for 24 months may be anonymised after notice
• Deleted Accounts: Personal data is removed within 30 days of deletion
• Transaction Records: May be retained for up to 7 years for legal/charity reporting

Your data is primarily stored within the European Union. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards (SCCs, adequacy decisions).

Our platform is intended for users aged 18 years and older. We do not knowingly collect data from anyone under 18.

You may lodge a complaint with the Data Protection Commission:

• Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
• Website: www.dataprotection.ie

We may update this Privacy Policy to reflect changes in our practices. We will notify you via email or platform notification for significant changes.

For privacy questions: [email protected]