Who we are
The type of information we have
The Diocese holds personal data relating to the following:
- Current or former members of religious orders;
- Employees and former employees;
- Volunteers and former volunteers;
- Service users and former service users;
- Boards of Management of schools of which the Bishop is Patron;
- Certain staff of certain schools in limited circumstances;
- Those who have received sacraments in the Diocese.
The personal data which the Diocese holds about you will depend on why you interact with us. A more detailed privacy notice for each category of data subject listed is available on request. However, the personal data which the Diocese holds about data subjects may include the following: –
- Name and contact details;
- Gender, age, date of birth, nationality;
- PPS number (where legally required);
- Marital status, family status and information about dependants;
- Information about your current involvement in Diocesan activities and events;
- Financial information, in particular where you have made a financial donation;
- Information about your education or employment history;
- CCTV recordings and photographs;
- Sacramental information regarding Baptisms, Confirmations, Marriages, Holy Orders,
First Holy Communion;
- Data relating to Garda vetting applications and disclosures;
- Data relating to safeguarding matters.
We may also collect and process the following special category personal data: –
- Data about your race, ethnicity or religious beliefs;
- Data about your health and wellbeing.
Our Safeguarding Office and Vetting Service may also process data relating to criminal convictions and offences.
- Baptism Registers
As outlined above, the Bishop may process your personal and special category data if you receive sacraments in the Diocese. In particular, if you receive the sacrament of Baptism in a parish of the Diocese, certain personal data will be recorded and stored in the relevant Baptism register, this includes your name, date of birth and date of Baptism. The Bishop is the sole data controller of the data held in Baptism registers in the parishes of the Diocese with respect to storage and retention of data, standard and special annotation of data and alteration of data. The Bishop and the Co Parish Priest/Vicar Forane assigned to the Parish/Pastoral Area which holds the Baptism register, are each a joint controller of the personal data and special category data with respect to collecting and recording of data in the Baptism register.
How we collect the data we hold about you
The Diocese collects the data we hold about you in a number of ways:
- When you use the “contact us” facility on our website;
- When you contact the Diocesan office by phone, email or letter and provide data to us;
- Through face to face meetings with you;
- Sometimes from a parish or other third party;
- When you attend Diocesan training or an event or use another Diocesan service;
- When you receive certain sacraments;
- When you use the vetting service;
- You have applied for a job or to volunteer with the Diocese;
- When you apply to or become a member of Diocesan clergy.
Why we process your data and the lawful basis for processing your data
The Bishop must have a lawful basis for processing your data. The lawful basis will vary depending on the circumstances and the type of data involved. The lawful basis include:
- Our legitimate interests of advancing and upholding the Roman Catholic religion;
- You have consented to the processing of your information. (Where consent is relied on as a ground for processing your data, it can be withdrawn at any time by contacting the Diocesan office.)
- The performance of a contract to which you are a party;
- The processing is necessary for compliance with a legal obligation;
- The processing is necessary in order to protect your or another person’s vital interests (i.e. where there is a risk to life or serious health risk to you or another);
- The processing is necessary for carrying out a task in the public interest.
The above are examples only, you will need to contact us for further information on the legal basis for processing your personal data.
The Bishop must have an additional lawful basis for processing special category data. These are set out in the GDPR but here are some examples: –
- You have given us your explicit consent;
- Processing is necessary for the purposes of our or the Bishop’s obligations and rights in employment, social security and social protection law;
- Processing is necessary to protect your or another person’s vital interests (i.e. where there is a risk to life or serious health risk to you or another);
- Processing is carried out in the course of our legitimate activities of advancing and upholding the Roman Catholic religion where the processing relates solely to members or to former members and the personal data is not disclosed outside the Diocese without your consent;
- Processing relates to personal data which you have made public;
- Processing is necessary for the establishment, exercise or defence of legal claims;
- Processing is necessary for reasons of substantial public interest.
The above are examples only, please contact us if you require further information.
Baptism Registers held in Parishes of the Diocese
Individuals may only receive certain sacraments once and it is necessary for the Catholic Church to retain a record of the administration of these sacraments so that this rule is complied with. The record of the sacrament of Baptism is kept in the Baptism register of the parish where the sacrament was received. Baptism registers are annotated upon administration of the Sacraments of Confirmation, Marriage or Holy Orders. Where an individual receives any of these sacraments, a note will be made in the Baptism register entry for that individual. Annotations are necessary as it ensures the sacraments of Confirmation, Marriage or Ordination are only undertaken once during a person’s lifetime. The Bishop relies on the fact that it is in the legitimate interests of the Catholic Church to process the data held in the Baptism registers. As the data contained in the Baptism registers is special category personal data, the Bishop must also have an additional lawful basis for processing this data.
The Bishop relies on the fact that the processing is carried out in the course of his legitimate activities and that (i) there are appropriate safeguards in place to protect the data; and (ii) the processing relates solely to members or former members of the Roman Catholic Church; (iii) the data is not disclosed outside the Roman Catholic Church without the consent of the member/former member concerned.
What we do with the information we have
We use your information for a number of purposes including:
- To enable us to comply with legal and statutory obligations;
- In connection with our activities;
- To provide pastoral and spiritual care;
- To administer sacraments including Baptism, Marriage, Confirmation and Holy Orders;
- To respond to queries and complaints;
- To communicate with you in relation to news about the activities, events and initiatives taking place in our Diocese;
- To process application forms;
- To fundraise and to process donations and to administer applications under the Charitable Donations Scheme;
- To administer, support, improve and develop the administration of the Diocese’s work;
- For auditing, statistical, archiving or historical research purposes;
- As authorised or required by law;
- In the case of CCTV images, for safety and security reasons;
- If you are a job applicant, to assess your suitability for the position you have applied for;
- To obtain and retain a Garda vetting disclosure, where required;
- To process safeguarding complaints and comply with safeguarding procedures in accordance with legal requirements;
- To manage employees and volunteers;
- To administer and maintain records and accounts.
Who we share your data with
Your personal data will be treated as strictly confidential and will only be shared with third parties outside the Diocese with your consent or, as otherwise permitted by law.
We may share your personal data with the following:
- Entities who provide services to the Diocese or with our professional advisors e.g. recruitment companies, payroll providers, IT consultants, accountants and/or solicitors, where, if necessary, the appropriate data sharing agreements are in place;
- An Garda Síochána in relation to the detection or prevention of a crime or in connection with our vetting services;
- Other Governmental departments or statutory agencies as required by law;
- The Revenue Commissioners in relation to applications under the Charitable Donation Scheme;
- Where we have CCTV in operation, your image may be shared by the company monitoring such CCTV;
- Where we stream or record services, your image may be shared on or with the appropriate streaming platform;
- We may post photos or videos to our social media pages, where appropriate, with your consent
- Your employer/prospective employer in relation to a job reference;
- With your parish in relation to certain issues, for example, matters concerning the sacraments, charities regulation, safeguarding;
- With affiliate organisations where we provide them with a vetting service.
How we store your information
We store your data in both manual and electronic format. We use the following technical and organisational measures to protect your personal data:
- We store your personal data securely;
- Manual files are kept in locked filing cabinets in staff offices. There are no files in public areas and the offices are locked every evening;
- Access to computer systems is password protected;
- All documents containing personal data are shredded before being discarded.
Baptism records (containing personal data and special category personal data) are held in Baptism registers of the parish where the Baptism was received. These registers are stored securely in each Parish and are retained in perpetuity in order to achieve the purpose of correctly administering certain sacraments that may only be undertaken once in a person’s lifetime.
Your data protection rights
You have a number of rights under the GDPR and the Acts. These include the following: –
- Informed – you have the right to be informed about any personal data that we hold relating to you, including information as to the accuracy of the data and the purpose for which it is used;
- Access – you have the right to be given a copy of all of your personal data on request;
- Rectification – you have the right to have any inaccurate data held by us rectified free of charge;
- Restriction – where there is a dispute in relation to the accuracy or processing of your personal data, you can ask for a restriction to be placed on further processing;
- Withdraw – where we rely on your consent to process your personal data, you can withdraw your consent
- Object – you have the right to object to the processing of your personal data;
- Erasure – you have the right to request us to delete your personal data, this is known as the “right to be forgotten”;
- Data portability – you have the right to request us to provide you or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
The above rights are subject to certain exceptions and may be restricted in certain circumstances.
Rights may only be exercised by the individual whose information is being held by the Diocese or with that individual’s express permission. We may request proof of identity for verification purposes before you can exercise any of these rights.
Changes to Policy
Further information relating to your data privacy rights is available at www.dataprotection.ie
A Data Protection Officer has been appointed for all the Dioceses within the Catholic Province of Cashel & Emly (Munster). You may contact our Data Protection Officer at firstname.lastname@example.org
How to complain
If you are unhappy about how we have treated your personal data, you may make a complaint to the Data Protection Commission. Their contact details are as follows: –
Data Protection Commission
21 Fitzwilliam Square South
The Commission may also be contacted via their website at www.dataprotection.ie