Diocese of Ossory Privacy Statement
The Diocese of Ossory fully respects your right to privacy and your personal data will be treated with the highest standards of security and confidentiality, in accordance with the Data Protection Acts 1998, 2003 and the Data Protection Regulations (GDPR) 2018. For the purposes of GDPR, the Data Controller for the Diocese, is the Bishop of Ossory, located at the Diocesan Office, James’ Street, Kilkenny. For information held in the parishes, the Parish Priest/Administrator is the Data Controller.
This Privacy Statement explains how we process personal information, in particular the data that we receive about you.
What Information we collect about you?
The Diocese of Ossory receives personal data about you in various ways, including directly from the individual, family members, other parishioners, other dioceses, schools, groups you are involved in, employers, revenue, charities, medical professionals, cctv and web cameras, An Garda Siochana, social services and other law enforcement bodies. The personal data that is collected may include;
• Information about the Sacraments of Baptism, Holy Communion, Confirmation and Marriage and Ordinations.
• Information in relation to donations to a parish, certain information about you will be shared with the Diocese under the requirements of the Charities Act or to claim tax rebates on donations.
• Safeguarding information as required by the National Safeguarding Office.
• Information gathered for the furtherance of faith development services and supports.
• Depending on the particular circumstances, we may collect and hold a range of different information about you. This may include name, address, phone number, age, date of birth, e-mail address, family status, nationality, PPS number (where authorised by law), financial information (such as bank details), employment data and qualifications, information about your current involvement with the diocese, information on volunteers, cctv recordings and photographs.
• Special category information such as that which reveals your religious beliefs may also be collected and processed.
• We may also hold information as a result of background checks for volunteers.
This list is not exhaustive.
Processing of personal information and the lawful bases for processing your data?
Personal Information may be collected in a number of ways including face to face meetings, e-mail, by phone and by forms sent to the Diocesan office. There are six lawful bases by which we can hold your personal data;
• Consent: You have given consent to process your data and consent can be withdrawn at any time.
• Legitimate Interest: This includes any activities that involve advancing and maintaining the Roman Catholic Religion, providing information about the activities of the diocese, raising charitable funds etc.
• Contract: If you have a contract with an individual and in order to fulfil the contract you need to process their personal data.
• Legal Obligation: Processing of data is necessary to comply with a legal obligation
• Public Interest: Processing of data is necessary to carry out a task in the public interest
• Vital Interest: Processing of data is necessary to protect your vital interest.
What do we use the Information for?
• To celebrate baptisms, confirmations, marriages, ordinations and funerals and for general pastoral and spiritual care
• To provide information that you request from us
• To process various application forms
• For tax or donation requests
• Communication in relation diocesan events
• To process job applications
• Dealing with complaints and enquiries
• To administer, support, improve and develop the administration of the Diocese’s work and operations and to keep the Diocese’s accounts and records up to date
• For auditing and statistical purposes
• As required by any law applicable to us or arising from your interaction with us
• Technical details in connection with number of visits to the Diocesan website and may be logged on the Diocesan Server
• CCTV recordings for security purposes and to help create a safer environment for the clergy members, staff, parishioners, volunteers and visitors.
• In the case of web cameras, to stream mass to allow those who are unable to attend the opportunity to watch the service.
The Diocese of Ossory does not use automatic decision- making software and does not engage in profiling.
How and whom do we share your information?
The information that you provide to the Diocese of Ossory is only used in accordance with the purpose for which you provide the information and with your consent. This information will only be retained for as long as required and for the purposes for which it was gathered.
• Information may be shared with statutory or church bodies for tax relief purposes or law enforcement agencies for the prevention and detection of crime.
• Information may be only shared with third parties who assist us with our work.
• Information where permitted by law or to meet a legal obligation, we reserve the right to release personal data without your consent and or with/without consulting you.
Where is your information stored?
We store your information in hard copy or electronic format, in storage facilities that we own and operate ourselves or that are owned and operated by our service providers.
How long is your information retained?
Your information is retained for as long as is necessary with regard to the purpose for which it was collected or lawfully processed or for as long as necessary in light of our legal obligations.
How is your information kept safe and accurate?
The Diocese of Ossory is committed to keeping your information safe and secure. To prevent unauthorised access or disclosure, a number of suitable physical and electronic procedures are in place to safeguard your data. The Diocese has technical and organisational security measures in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We constantly review our security measures in line with technological advances.
We seek to ensure that your personal data is accurate and up to date. However, you are responsible for informing us of any changes to your personal data and other information.
No personal identifiable information is collected on our website from people who browse the site.
If you wish to obtain any data stored about you, you can make a written request by filling out a Subject Access Request Form. Forms can be obtained by contacting the Ossory Diocesan Office, James’ Street, Kilkenny, tel. 056-7762448 or e-mail [email protected]
What are your rights?
Under the GDPR, you have the right to request access to the personal information held about you. Any requests should be addressed to the Diocesan Office (contact details above). Requests will be dealt with, within 30 days of receipt, unless there is a reason for the delay, which is justifiable.
You have the following rights;
• Right of Access – You have the right to access information we hold about you.
• Right of Correction – You have the right to correct information that is inaccurate or incomplete.
• Right of Erasure – In certain circumstances you can ask for data that we hold about you to be erased i.e. the right to be forgotten.
• Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data
• Right of Portability – Subject to certain circumstances, you have the right to have any data that we hold about you transferred to another organisation where we hold it in electronic form.
• Right to Object – You have the right to object to certain types of processing of data.
• The Right to lodge a complaint with the Data Protection Commissioner’s Office.
Cookies and web analytics
Review and amendment of our privacy statement
Further information and contact details
To exercise any relevant rights, queries or complaints or make a subject access request please contact the Ossory Diocesan Office, James’ Street, Kilkenny, tel. 056-7762448 or e-mail [email protected]
You may also contact the Data Protection Commissioner Office on 00-353-57-8684800 or Lo-call 1890-252-231 or by e-mail [email protected] or by Post to; Data Protection Commissioner, Canal House, Station Road, Portarlington R32 AP23 Co. Laois or the Dublin Office, 21 Fitzwilliam Square, Dublin 2 D02 RD28.