Who are we?
The Parish of Athy is a registered charity (Charity no. 20016166) with its offices at Parochial House, Athy, Co Kildare. We have published this Privacy Statement to demonstrate our commitment to protecting and respecting your personal data.
The Parish of Athy fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the Parish. Any personal information you provide to the Parish will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act (2018). For the purpose of the GDPR, the Data Controller for the diocesan offices and Archbishop’s House is the Archbishop of Dublin with an address at Archbishop’s House, Drumcondra, Dublin 9. For information held in parishes the Parish Priest/Moderator is the Data Controller.
This Privacy Statement explains how we process information, in particular the personal data that we receive from you. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
What information do we collect about you?
The Parish receives personal data about you in various ways including directly from the individual and sometimes from a parish, a family member, other diocese, schools, employers, revenue, medical professionals, CCTV and webcams. The personal data that is collected may include;
- Information relating to the sacraments of Baptism, Holy Communion, Confirmation, Marriage and Ordinations;
- Information relating to financial donations (requirements of the Charities Acts and also to assist parishes claim tax back on donations);
- Safeguarding information as required by the National Safeguarding Office and the Garda Vetting Bureau;
- Depending on your relationship with us we may also collect a range of different information about you including your name, contact details, date of birth, nationality, PPS number (where required by law), financial information (such as bank details), employment data and qualifications, information about your current involvement with the diocese, information on volunteer, CCTV recordings and photographs;
- Special category data which reveals your religious beliefs may also be collected and processed.
This list is not exhaustive.
Processing of personal information
The Parish collects and processes information about you in a number of ways including face to face meetings, email, phone conversations, from parishes and via forms sent by the diocesan offices.
We must have a lawful basis for processing your information. This will vary according to the circumstances of how and why we have your information but typical examples include:
- The activities are within our legitimate interests in advancing and maintaining the Roman Catholic religion, in providing information about the activities of the Diocese or any Diocesan Parish, and to raise charitable funds;
- You have given consent for us to process your information which can be withdrawn at any time by contacting us using the details below;
- We are carrying out necessary steps in relation to a contract to which you are party to or prior to you entering a contract;
- The processing is necessary for compliance with a legal obligation;
- The processing is necessary for carrying out a task in the public interest;
- The processing of data is necessary to protect your vital interest.
If we process any Special Categories of Personal Data, we must have a further lawful basis for the processing. This may include:
- Where you have given explicit consent;
- Where the processing is necessary to protect the vital interest or someone else’s vital interests;
- Where the processing is carried out in the course of our legitimate interests as a Roman Catholic diocese working with and supporting our current and former members and the information is not shared outside the Diocese with anyone else without your consent;
- You have made the information public;
- Where the processing is necessary for the establishment, exercise or defense of legal claims;
- Where the processing is necessary for carrying out the Diocese’s employment and social security obligations; or
- The processing is necessary for reasons of substantial public interest.
What do we use your information for?
We use your information for a range of different purposes including;
- To facilitate the reception of the Sacraments of Baptism, Holy Communion, Marriage and Ordinations;
- To general pastoral and spiritual care;
- To provide information you request from us;
- To process various application forms;
- For Tax on Donations requests;
- Communicating with you about diocesan events
- Dealing with complaints and enquiries
- To administer, support, improve and develop the administration of the Diocese’s work and operations and to keep the Diocese’s accounts and records up to date;
- For auditing and statistical purposes;
- As authorised or required by any law applicable to us or arising from your interaction with us;
- To process job applications;
- Technical details in connection with visits to this website may be logged on the Archdiocesan server;
- CCTV recordings for security purposes and to help create a safer environment for our staff, members of the faithful, clergy, volunteers and visitors.
The Parish of Athy does not use automatic decision making software and does not engage in profiling.
How who do we share your information?
The information you give us is used by the Parish only in accordance with the purpose for which you provided the information and with your consent. This information will only be retained for as long as required for the purpose for which it was gathered.
We may share your information with government bodies for tax relief purposes or law enforcement agencies for the prevention and detection of crime.
Information will only be made available to third parties who assist us with our work. We may share information with service providers but only when an appropriate Service Provider Agreement/contract is in place outlining exactly what they are permitted to do. Any data processed in the course of such services is processed in compliance with the GDPR.
Where permitted by law, we reserve the right to release personal data without your consent and/or without consulting you, including when we believe that this is appropriate to comply with our legal obligations.
Where do we store your information?
We may store your information in hard copy or in electronic format, in storage facilities we own and operate ourselves, or that are owned and operated by our service providers.
How long do we retain your information?
We retain your personal information for as long as necessary with regard to the purposes for which it was collected or lawfully further processed, or for so long as may be necessary in light of our legal obligations. All information held is in accordance with the diocesan retention policy which is currently being amended to ensure its compliance with GDPR.
How do we keep your information safe and accurate?
The Parish is committed to ensuring your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your information. The Parish uses technical and organisational security measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously adapted in line with technological developments.
We seek to ensure that we keep your personal data accurate and up to date. However, you are responsible for informing us of any changes to your personal data and other information.
No personally identifiable information is collected on this website from visitors, staff, clergy and volunteers that browse the website for information on our activities. We review these measures regularly.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, any transmission via our website is ultimately at your own risk. Once we have received your information we will use strict procedures and security features to try and prevent unauthorised access to, or unlawful processing or disclosure of, such data.
On written request we will inform you about the data stored about you. Requests for access, rectification, erasure or blocking of personal data will be processed on the basis of applicable legal provisions. Please contact the Data Protection Co-ordinator, Holy Cross Diocesan Centre, Clonliffe Road, Dublin 3 or email email@example.com
What are your rights?
You have many rights under Irish Data Protection legislation with regard to the processing of your data.
- Right of Access – You have the right to access information we hold on you.
- Right of Correction – you have the right to have any inaccurate or incomplete data rectified by us.
- Right of Erasure – In certain circumstance you can request the erasure of the data we hold on you i.e. the right to be forgotten.
- Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data.
- Right of Portability – Subject to certain circumstances, you have the right to have any data we hold on you transferred to another organisation where we hold it in electronic form.
- Right to Object – You have the right to object to certain types of data processing.
- The Right to Lodge a Complaint with the Data Protection Commission.
Further Information and Contact Details
Further information on your data privacy rights is available on the website of the Data Protection Commissioner www.dataprotection.ie
If you have any questions relating to the processing of personal data please email firstname.lastname@example.org or contact the Data Protection Co-ordinator, Holy Cross Diocesan Centre, Clonliffe Road, Dublin 3.