A privacy or transparency notice is a statement made to data subjects describing how the Service collects, uses, retains and discloses their personal information.
We may collect and use information when people come to our Parliament campus, correspond with us, attend our events, use our websites, follow our social media accounts or download our app.
Transparency notices provide details of the legal basis for processing of personal data, details on data subject rights and the contact information for the Service's data protection officer.
Enquiries Office transparency notice
- Who is issuing this notice and why?
-
The Houses of the Oireachtas Commission is a statutory corporate body and is independent in the performance of its functions. It is the governing body of the Houses of the Oireachtas Service. The Houses of the Oireachtas Service is the public service body that administers the National Parliament of Ireland (the Houses of the Oireachtas) on behalf of the Houses of the Oireachtas Commission. In this Privacy Notice, the two are generally referred to as the Service unless the context requires one or other entity to be specified. The address of the Service is Leinster House, Dublin 2. The Service is issuing this Transparency Notice because of its duties under the General Data Protection Regulation.
- Scope
-
Personal information about an individual means any information about an individual from which the person can be identified. This Transparency Notice tells you how the Service uses personal information you give it when you input information into the visitor/enquiries system on visiting Leinster House.
- What kinds of information does the Service collect?
-
When you register on the visitor/enquiries system the following categories of personal data are collected: Name, Organisation , Location, Name of your Host, Time of Visit and Departure Time. Your personal data is collected when you enter Leinster House and you are asked to fill out the fields on the visitor system.
- Data controller
-
The Service decides how and why your personal information is dealt with and is, accordingly, the controller of those personal data in accordance with the GDPR.
- Purpose
-
The Service deals with your personal information in order to record your attendance at Leinster House, to control access to the national parliament and its offices (and the offices of Members of the Houses), and for related security purposes.
- Legal basis
-
Your personal data is collected for security purposes to ensure the health and safety of staff and visitors. The processing of your personal data is necessary and proportionate for the performance of a task carried out in the public interest or in the exercise of official authority. If you do not provide the personal information in question, the Service will not be able to grant you access to Leinster House.
- Recipients and further processing
-
The Service retains processors to provide information technology necessary for administering the visitors/enquiries system. They are bound by data processing agreements that secure your rights with regard to your personal information in accordance with the GDPR.
The Service will deal with your personal information where this is necessary to establish (including investigate), exercise, or defend a legal claim, including by disclosing it to its legal advisers and in proceedings before any relevant court, tribunal, arbitrator, mediator, or similar entity. Rarely, it may be necessary to share your personal information with An Garda Síochána. The Service will deal with your personal information if this is necessary in order to comply with a request under the Freedom of Information Act. The Service will also need to deal with your personal information if you exercise rights under data protection law. The Service will also need to deal with your personal information if you exercise rights under data protection law.
- Retention
-
Your personal information will only be retained as long as necessary to fulfil the purposes it was collected for. Unless required for some specific purpose, it will be retained no longer than 6 years, and will then be disposed in accordance with the House of the Oireachtas File Plan and Retention Schedule.
- Third country
-
Your personal information is not transferred outside the EEA (ie the EU, Iceland, Liechtenstein and Norway).
- Your rights about your personal information
-
The following are the principal data rights applicable in the circumstances of this Privacy Notice. You may ask the Service for a copy of your personal information. You may ask the Service to supplement or correct your personal information if it is incomplete or incorrect (including out of date). You may be able to ask the Service to delete personal information, especially if the Service no longer needs it, or not to deal with it for the time being, for example, if you think it is incorrect. You may object at any time to the Service’s dealing with personal information it is dealing with in the exercise of official authority or in the public interest, although this entitlement is subject to many legal qualifications depending on the personal information and why the Service is dealing with it. The Service must then cease dealing with the personal information unless it can show compelling grounds for continuing to do so.
- Redress
-
If you are not content with how the Service is dealing with your personal information, you may bring your dissatisfaction to the attention of the Data Protection Commission: see www.dataprotection.ie.
- Data protection officer
-
The Service’s Data Protection Officer (DPO) is Jennifer McGrath and is your point of contact regarding this transparency notice. Her office number is +353 (1) 618 4712 and her email is dataprotection@oireachtas.ie.
- Variation of transparency notice
-
This Transparency Notice is regularly kept under review. Any updates will be placed on the Plinth and notified to you. The Transparency Notice was last updated in 2023.
CCTV transparency notice
- Introduction
-
This notice is issued by the Houses of the Oireachtas Commission which is the governing body of the Houses of the Oireachtas Service. The Houses of the Oireachtas Service is the public service body that administers the National Parliament of Ireland (the Houses of the Oireachtas) on behalf of the Houses of the Oireachtas Commission. In this notice, the two are generally referred to as the Service. The Service is responsible for the operation of a CCTV system which monitors the Oireachtas Complex (see Appendix 1).
This document is a notice about the CCTV system and applies to the parliamentary community. The "parliamentary community" includes Members of the Houses of the Oireachtas, the staff employed by Members and by Political Parties, interns and those on work placements, political correspondents working in the Houses and the staff of the Houses of the Oireachtas Service (Service staff). The notice also applies to visitors and members of the public.
The purpose of this notice is to set out how and why your personal data is collected on CCTV cameras, on what legal basis it is collected, how CCTV footage is managed by the Service and what your rights are in respect of CCTV footage containing your personal data.
- Scope
-
This document applies to CCTV cameras that are managed by or on behalf of the Service (the CCTV system). This includes CCTV cameras that are located within buildings and on the exterior walls of buildings in the Oireachtas Complex. The Oireachtas Complex includes the buildings within the Leinster House Campus which are managed by the Office of Public Works and buildings outside the Leinster House Campus which are controlled by the Service (See Appendix 1 for full explanation of “Oireachtas Complex” and “Leinster House Campus”).
Not all the CCTV cameras within the Oireachtas Complex are managed by the Service and therefore this document does not apply to all CCTV footage recorded in the Complex.
CCTV cameras operated by An Garda Síochána are beyond the scope of this document, and any queries in relation to same must be directed towards An Garda Síochána. The Service may request access to such footage if it has an operational requirement to do so, but any such request is at the discretion of An Garda Síochána.
The CCTV system captures images only. It does not record sound or use facial recognition software.
Furthermore, the CCTV system captures images presented only. As a result, the CCTV system does not capture special category data1 save where the data subject makes this data apparent, for example, where the data subject is wearing an item of clothing which may indicate that they hold a specific religious belief.
- Purpose and legal bases of CCTV system
-
The primary use of the CCTV system is as a physical security measure to deter, detect and assist in the investigation of any suspected or actual unauthorised access, security threat and/or criminal activity, including domestic and international terrorism, both within and external to the Oireachtas Complex, as well as assisting in the investigation of accidents and incidents, including the defence or prosecution of any resultant legal action. (The Service does not use the CCTV system to conduct general or ongoing monitoring of Service staff productivity, behaviour, or attendance.)
When CCTV is being used for the purpose outlined above, there are a number of lawful bases upon which the Service relies:
- The Service has legal obligations, including obligations to protect Service staff (including established and unestablished civil servants, and State industrial workers) (the Safety, Health and Welfare at Work Act 2005) and, in respect of premises of which it is the occupier, visitors from harm (section 3 of the Occupiers’ Liability Act 1995);
- The Houses of the Oireachtas Commission Acts 2003 to 2021 (including but not limited to section 4(1)(a) of the 2003 Act) provide for the functions of the Service. These include a duty to provide for the running of the Houses of the Oireachtas which, in turn, includes ensuring the physical security of parliament;
- Performance by the Service of its tasks in the public interest and exercise of official authority – and, where relevant, in pursuit of its legitimate interests – to prevent, detect, and bring to an end matters that might affect safety or security or that might amount to violations of the law;
- The Service’s advancement of its legitimate interests, and where relevant its duties under the Houses of the Oireachtas Commission Acts 2003 to 2021, by establishing, exercising or defending legal claims;
- The need to protect the vital interests of the parliamentary community, visitors and members of the public.
All camera placements are designed to protect and safeguard security in or around the Oireachtas Complex.
- Data controller and processor
-
Data controller
The Service is the data controller of footage captured by the cameras which are ‘in-scope’ of this document. Designated members of Service staff have responsibility for managing the operation, maintenance, and monitoring of the CCTV system, to ensure that it continues to promote the safety, security and operational needs of a modern parliament. In addition, other Service staff may be granted access to the CCTV system / footage in the course of their duties where this complies with the Service’s data protection obligations.
Data processor
Third-party security service providers licensed by the Private Security Authority (PSA) have been engaged to operate, maintain and monitor ‘in-scope’ cameras on behalf of the Service.
- Signage
-
Signs have been erected to ensure that data subjects are properly informed of the presence and use of CCTV cameras in the Oireachtas Complex and the contact details of the Service’s Data Protection Officer (see below).
- Retention
-
CCTV footage is held in a secure environment for 30 days from the date of recording and then automatically overwritten. Situations may arise where it is necessary to retain particular CCTV recordings for longer periods. In such a situation, the retained data will be logged and destroyed once the purpose for which it was retained has passed.
- Security
-
The Service carefully secures all CCTV and takes significant operational and technical measures to prevent unauthorised access, interference and/or dissemination. The Oireachtas CCTV system is on a closed network and not connected to the internet. Recordings can only be accessed by a select number of Service staff and third-party security staff, with recordings being held in a location that cannot be accessed without appropriate clearance. All staff with access to CCTV have been trained and subject to Garda vetting prior to employment. CCTV footage may be observed live by trained and vetted staff; live monitoring is strictly limited to authorised personnel from the Office of the Superintendent. The security arrangements in place are kept under ongoing review in conjunction with our partners.
- Recipients / data sharing
-
An Garda Síochána
An Garda Síochána may request the Service to provide CCTV footage to assist with the investigation of a criminal matter. If An Garda Síochána requests a copy of CCTV footage, it must:
- be set out in writing on An Garda Síochána headed stationery;
- state that An Garda Síochána is investigating a criminal matter;
- be signed by a Garda of Inspector rank or higher;
- set out the details (date(s), time(s), duration and location) of the CCTV recording required; and
- cite the legal basis for the request; the legal basis for the transfer of CCTV footage to An Garda Síochána is set out in section 41(b) of the Data Protection Act 2018, namely: “preventing, detecting, investigating or prosecuting criminal offences”.
In urgent situations, a verbal request for CCTV footage may be sufficient. However, any such verbal request must be followed up with a formal written request. A log of all Garda requests for CCTV footage is maintained by the Office of the Superintendent.
Other Recipients within the EU
In the event that it becomes necessary to provide any other recipients, for example, external investigators, with access to CCTV footage, the Service will do so only to the extent that it complies with the Service’s data protection obligations.
Transfer of CCTV footage to a third country
CCTV footage captured by the Service is not in the normal course of events transferred to a third country. In the unlikely event that it becomes necessary to transfer CCTV footage to a third country, this will only be done after the Service has expressly given permission. The Service will do so only to the extent that it complies with the Service’s data protection obligations which include making sure that the appropriate measures are in place to ensure the security of the data.
- Data subject rights
-
The rights available to data subjects under the GDPR are listed and discussed in the general data protection policy of the Service (available here). No automated decision-making is conducted using CCTV. It is the policy of the Service to confirm a requester’s identity before providing personal data; a request for identification stops time running for the purposes of the 30-day time limit set by the GDPR.
The most common data protection right exercised by data subjects in relation to CCTV is the right of access, which, depending on the circumstances, can be met by the provision of copies of video footage or stills, or the arrangement of a viewing. Given the size of the Oireachtas Complex, and the fact that CCTV cameras can capture data relating to multiple data subjects at any one time, the co-operation of data subjects is required to identify appropriate materials in relation to a request for access. For instance, the Service would need to be informed where and at what times a data subject was within those grounds. Where third parties are present in CCTV footage, the Service may have to seek the consent of those persons before supplying the material or redact or pixilate their images.
An access request may be refused in whole or in part where, for example, one or more of the restrictions in section 60 of the Data Protection Act 2018 applies. This may occur where, in particular, it is necessary and proportionate:
- to safeguard cabinet confidentiality, parliamentary privilege, national security, defence and the international relations of the State;
- for the prevention, detection, investigation and prosecution of criminal offences and the execution of criminal penalties; or
- in contemplation of or for the establishment, exercise, or defence of, a legal claim, prospective legal claim, legal proceedings or prospective legal proceedings whether before a court, statutory tribunal, statutory body or an administrative or out-of-court procedure.
All data protection rights requests in relation to CCTV should be made to the Service’s Data Protection Officer, Jennifer McGrath. Her office number is +353 1 618 4712 and her email is dataprotection@oireachtas.ie. The postal address of the Service is Leinster House, Kildare Street, Dublin 2, D02 XR20.
- Appendix 1
-
Oireachtas Complex includes the following:
Leinster House
Leinster House 2000
Kildare House
Agriculture House
91-93 Merrion Square West
1966 Block
Engineering Block
1932 Annex
Ministerial Block
Setanta House
Frederick House
Blocks C & D (Dáil chamber)
34-41 Lower Mount Street
Leinster House Campus includes the following:
Leinster House
Leinster House 2000
Blocks C & D (Dáil chamber)
1932 Annex
1966 Block
Engineering Block
Ministerial Block
These lists may be subject to change and will be reviewed at regular intervals.
Customer charter and action plan policy for responding to unreasonable behaviour transparency notice
- Who is issuing this notice and why?
-
This Privacy Notice is issued by the Houses of the Oireachtas Service (the “Service”). The Service is issuing this Privacy Notice because of its duties under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. For more information about the Service please click here.
- Customer Charter and Action Plan
-
This Privacy Notice tells you how the Service, as data controller, deals with (including by way of collection, use, or disposal) your personal information when you are a customer of the Service, including when you make a complaint under its Customer Complaints Procedure.
- Policy for Responding to Unreasonable Behaviour
-
This Privacy Notice also tells you how the Service, as data controller, deals with (including by way of collection, use, or disposal) your personal information when implementing its Policy for Responding to Unreasonable Behaviour. This Privacy Notice applies to any information supplied to the Service on your behalf. For the more general principles governing how the Service deals with your personal information to comply with the GDPR and the Data Protection Act 2018, please consult the Service’s General Data Protection Policy, which also explains some of the terms used in this Privacy Notice. In respect of that personal information, the Service is the data controller.
- Rights common to most uses of personal information
-
The Service’s General Data Protection Policy sets out certain information common to most uses of personal information, including your rights in respect of your personal information, such as access and rectification, the Service’s duties in respect of transfer of data to a country outside the EEA, what you may do if you have a complaint about how your personal information is being, or has been, dealt with by the Service, and details of the Service’s Data Protection Officer.
- In the context of this privacy notice, what kinds of information does the service collect?
-
For the purposes and on the legal bases set out below, the Service may collect personal
information as follows:Customer Charter and Action Plan
When you are a customer of the Service, it may collect personal information including your name, your telephone number, your email address and/ or your postal address. The Service may also hold other personal information which may be disclosed by you in your communications with it. This personal information may be collected by the Service and used for the purpose of delivering customer services to you. The Service may also collect the above types of personal information if you provide comments or feedback on its performance in the delivery of customer services to you. The Charter also includes the Service’s Customer Complaints Procedure. When you make a complaint under the Customer Complaints Procedure, the Service requests that you provide your name, your telephone number, your email address and/ or your postal address. Other personal information may also be provided by you when setting out the grounds for your complaint. This personal information is collected by the Service and used for the purpose of processing your complaint in accordance with the procedure outlined in the Customer Complaints Procedure.
Policy for Dealing with Unreasonable Behaviour
When the Service is implementing its Policy for Responding to Unreasonable Behaviour, it may collect personal information including your name, your telephone number, your email address and/ or your postal address. The Service may also hold other personal information which may be disclosed by you in your communications with the Service. This personal information may be collected by the Service and used for the purpose of implementing its Policy for Responding to Unreasonable Behaviour.
Special categories of personal information
Certain types of personal information are subject to particular limits and protections for you in accordance with data protection law. These are known as special categories of data and relate to personal information about your race, ethnic background, political opinions, religion, philosophical beliefs, membership of a trade union, health, sex life or sexual orientation.
Customer Charter and Action Plan
The Service will not request you to furnish any of the above special categories of personal information when you are its customer. However, it is possible that in some situations, special categories of personal information may be disclosed by you when you contact the Service. The Charter also includes the Service’s Customer Complaints Procedure. The Service will not request you to furnish any of the above special categories of personal information when making a complaint under the Customer Complaints Procedure. However, it is possible that in some situations, special categories of personal information may be disclosed to the Service by you as part of your complaint.
Policy for Responding to Unreasonable Behaviour
The Service will not collect special categories of personal information when implementing its Policy for Responding to Unreasonable Behaviour however in some situations it is possible that such special categories of personal information may be disclosed by you in your communications with the Service.
- Criminal offence data (Data Protection Act 2018, s. 55; GDPR, Article 10)
-
For the purposes and on the legal bases set out below, you may disclose to us personal information about allegations you have committed a crime, criminal convictions you have sustained, any security measures you are subject to related to criminal offending or convictions. These may be described as criminal offence data and our dealing with them is subject to particular limits and protections for you in accordance with data protection law. If you disclose to the Service special category personal information or criminal offence data in respect of another person, you acknowledge and confirm that you have the written consent of that person to disclose that information or data on his or her behalf.
Your personal information will not be used for marketing, nor for automatic profiling.
- Purpose
-
Customer Charter and Action Plan
The Service deals with your personal information for the purpose of providing you with customer services. Your personal information will be used by the Service in order to communicate with you and to deliver customer services to you. When you provide the Service with comments or feedback, your personal information may also be used for the purpose of evaluating the Service’s performance against the standards of service outlined in the Customer Charter and improving our performance. The Charter also includes the Service’s Customer Complaints Procedure. When you make a complaint, the Service will deal with your personal information for the purpose of examining your complaint against the standards of service outlined in its Customer Charter. Your personal information will also be used by the Service in order to communicate with you in relation to your complaint and to issue our response to you following the examination of your complaint. The Service will also deal with your personal information for the purpose of any request you make for a review into the handling of your complaint. Your personal information will be used by the Service to carry out this review, communicate with you and issue our response to you at the conclusion of the review.
Policy for Responding to Unreasonable Behaviour
The Service deals with your personal information for the purposes of managing any form of unreasonable behaviour by you in line with this Policy. The Service will deal with your personal information for the purposes of implementing this Policy, responding to instances of unreasonable behaviour and whenever it is considering the placing of restrictions on your access to the Service.
The Service deals with your personal information for the purposes of communicating with you in relation to any form of unreasonable behaviour under the Policy and when notifying you of any restrictions it is proposed to place on your access to the Service. Your personal information will also be used by the Service during any subsequent correspondence with you in relation to the management of your unreasonable behaviour and in the event that restrictions are put in place on your access to the Service. The Service will deal with your personal information for the purposes of filling in any incident forms which are completed in line with the Policy. Any such incident forms will be held by the Head of Safety in the Service. Your personal information will also be recorded in a restrictions log maintained by the Service in the case of any restrictions imposed under the Policy on your access to the Service. Access to the restrictions log is limited to heads of business units within the Service and appropriate staff members for the purpose of ensuring adherence to any restrictions that have been imposed in line with the Policy. - Legal basis
-
The Service relies on the following legal bases to deal with your personal information under both the Customer Charter and Action Plan and the Policy for Responding to Unreasonable Behaviour:
Customer Charter and Action Plan (including complaints under the Customer Complaints Procedure)
- The Service has legal obligations, including under The Houses of the Oireachtas Commission Acts 2003 to 2021 (including but not limited to section 3A of the 2003 Act), which provide for the functions of the Service. These functions include the provision of support services to the Houses of the Oireachtas. Supporting the Houses of the Oireachtas requires the provision of customer services to customers of the Service which in turn means that customers must be able to avail of a complaints procedure.
- The performance by the Service of its tasks in the public interest and exercise of official authority and, where relevant, in pursuit of its legitimate interests, including the provision of customer services (together with a complaints procedure) in line with the standards outlined in the Customer Charter.
- The need to protect the vital interests of the parliamentary community, visitors and members of the public as customers of the Service.
Policy for Responding to Unreasonable Behaviour
- The Service has legal obligations, including obligations to protect Service staff and to ensure their safety and well-being in the workplace (including established and unestablished civil servants, and State industrial workers) (the Safety, Health and Welfare at Work Act 2005).
- The need to protect the vital interests of the parliamentary community, visitors and members of the public as customers of the Service.
- Safeguards
-
The Service carefully secures all personal information and takes significant operational and technical measures including suitable and specific measures, such as anonymisation, to prevent unauthorised access, interference and/ or dissemination of the personal information to which this Privacy Notice relates. Personal information is recorded securely within filing systems which are necessary for the operation of the Service’s functions. These systems are protected by safeguards such as access control, encryption and the Service’s firewalls. Access to these systems is limited to authorised members of staff only.
- Recipients/Data sharing
-
The Service retains data processors to assist it in processing data. They are bound by data processing agreements that secure your rights with regard to your personal information in accordance with the GDPR.
- Further dealing with your personal information
-
The Service rarely deals with the personal information to which this Privacy Notice applies for other purposes. Some generally permitted further uses are described in the Service’s General Data Protection Policy.
- Retention
-
Your personal information will only be retained so long as is necessary to fulfil the purposes it was collected for. Personal information collected by the Service with respect to complaints under the Customer Complaints Procedure will be retained for a period of 8 years. In the case of personal information collected in connection with the implementation of the Policy for Responding to Unreasonable Behaviour (including any personal information recorded in the restrictions log), this will be retained for a period of 8 years from the date of the last communication between the Service and you arising under the Policy.
- Variation of privacy notice
-
This Privacy Notice will be reviewed at regular intervals and updated as necessary.
Social and commemorative events for former staff members of the Houses of the Oireachtas Commission transparency notice
- Who is issuing this notice and why?
-
From time to time social and commemorative events such as an annual former staff members’ dinner are organized. The organization of such events is currently undertaken on an event-by-event basis by individual organizers or an organizing committee convened for the particular purpose (in either instance in this Notice described as "Organizers"). These Organizers are "controllers" of relevant personal information for the purposes of the General Data Protection Regulation ("GDPR").
Being “controllers” means that the Organizers decide what happens to your personal information, and how it is dealt with. The Organizers generally avail of ICT facilities provided by the Houses of the Oireachtas Commission (the "Commission"), your former employer. The Commission is a "processor" of your personal information since it deals with your personal information on the Organizers’ behalf pursuant to a contract that ensures the security and lawful use of that information. Different Organizers are likely to be co-controllers with each other, either as joint controllers or independent controllers.
This Transparency Notice is being issued to facilitate the Organizers’ compliance with their duties under the GDPR and the Data Protection Act 2018. It tells you how the Organizers deal with (including by way of collection, use, or disposal) personal information you give them to enable them to let you know about events they are organizing and invite you to attend. The Transparency Notice applies to any information duly supplied to the Organizers on your behalf.
If the Organizers get in touch with you using the contact details you provide, they will identify themselves clearly in respect of the particular event they are organizing and in which they believe you may be interested. In respect of the collection of contact details to which this Transparency Notice applies, the current Organizer is the Private Secretary to the Clerk of the Dáil; however, the Private Secretary collects the data as Organizer rather than in the course of that employment.
- In the context of this transparency notice, what kinds of information do the organisers collect?
-
The only personal information with which this Transparency Notice is concerned is those contact details you provide to the Organizers with your consent so that they can notify you about forthcoming events organized by them for former members of Oireachtas staff. The Organizers do not collect or deal with any sensitive types of personal information in the context of this Notice. Your personal information will not be used for marketing. A different Transparency Notice may be appropriate and necessary in respect of the event itself.
Depending on the contact details you wish to provide, these may extend to name, personal address, email address, and various types of telephone number. Given that the purpose of collection is social and commemorative the Organizers would advise that details that in the context might be considered less relevant, such as a current work address or telephone number, should not be provided.
- Purpose and legal basis
-
Among the principles of lawful dealing with personal information are that it must only be dealt with for purposes consistent with those for which it was collected and that it must be kept accurate and up to date. It is therefore important for the Organizers to have available to them your most recent contact details so that no question might arise of notice of an event going to the wrong address or of communication being addressed to a former member of staff after they have died. The Organizers believe that
- their identity is distinct from that of the Commission as your former employer and from the Department of Public Expenditure and Reform as the authority responsible for paying your pension (if applicable), and
- the purpose of notifying you of forthcoming events is different from the purposes for which the Commission dealt with your contact details and payment of any pension by that Department.
Accordingly, they believe it would be more appropriate if they collected your contact details for the purpose of notifying you of forthcoming events further to a separate and specific consent given by you. Naturally, therefore, they will only use those details to notify you of those events if you decide to give that consent.
Withdrawal and renewal of consent
You may withdraw your consent to the Organizers’ dealing with your personal information as governed by this Transparency Notice at any time and the Organizers will forthwith, but without prejudice to the validity of dealing with the information before that withdrawal, stop dealing with that information. You will be provided with means that allow the withdrawal of consent as easily as those by which you provided it. Naturally, if you do withdraw consent, that will mean that Organizers will not be able to let you know of events you might potentially be interested in.
In order to ensure that your personal information in the form of contact details at which you may be notified of events is accurate and up to date, any consent to which this Transparency Notice applies will be treated as valid until 31 December in the year in which it is first given, and after that for 24 months (unless you withdraw the consent sooner). The relevant Organizer will write to you before the consent expires asking if you wish to renew your consent for a further 24 months. If that Organizer does not receive a response within 21 days of the date of the communication, your contact details will be securely deleted.
- Safeguards
-
Your contact details will be dealt with on behalf of the Organizers by the Commission as processor and will therefore be protected by the technical measures addressing online security, risk of data loss, alteration of data, or unauthorized access applicable to parliamentary and administrative data processed by the Commission in the performance of its statutory functions. These include logging restrictions in the form of frequently changed passwords, logging records, appropriate data protection training, and prompt and regular deletion of outdated, superfluous, or redundant information. Access to the database will be controlled as an organizational measure so as to be limited to Organizers who have need of your information for the purposes set out in this Transparency Notice from time to time, and then only from devices that assure against the compromising of that security, including the risks or unauthorized engagement with the information already mentioned.
- Sources, recipients and data sharing
-
The Organizers obtain personal information relevant to this Transparency Notice from you or from persons who you have duly authorized to provide information on your behalf. The Commission retains data sub-processors to assist it in processing data; these are bound by data processing agreements that secure your rights with regard to your personal information in accordance with the GDPR. Apart from this, and any recipients covered by “Further dealing” below, the only recipients will be Organizers who are in charge of specific events in which you may wish to participate. Participation may involve passing your personal information on to other third persons (for example, to process a payment or gain access to particular premises) but information about this in connection with particular events will be available from a further Transparency Notice drawn up for the event in question.
- Further dealing with your personal information
-
The Service rarely deals with your personal information to which this Transparency Notice applies for other purposes; for example, in principle It is conceivable that your personal information could be disclosed to a legal adviser retained by the Organizers, or, where this is legally required, to another public authority.
- Transfers to third countries
-
Personal information the Association deals with and to which this Transparency Notice applies will be kept within the EU.
- Retention
-
Personal information to which this Transparency Notice applies will be securely deleted forthwith if you withdraw your consent to the Organizers’ dealing with it or at the end of the current interval for which you afforded consent if you decline to renew your consent, or do not reply within the 21 days mentioned, as contemplated at "Withdrawal and renewal of consent" above. This paragraph is subject to any legal requirement that requires longer retention or retention for purposes of "Further dealing" as set out above.
- Your rights about your personal information
-
You may ask the relevant Organizer(s) for a copy of your personal information. You may ask the relevant Organizer(s) to supplement or correct your personal information if it is incomplete or incorrect (including out of date). You may be able to ask the relevant Organizer(s) to delete personal information, especially if you have withdrawn consent to its being dealt with or the relevant Organizer(s) no longer need(s) it, or not to deal with it for the time being, for example, if you think it is incorrect. If the relevant Organizer(s) deal(s) with your personal information on the basis of your consent, or because the dealing is necessary for the performance of a contract to which you are party, you can normally require the relevant Organizer(s) to forward it on to some other person named by you.
- Redress
-
If you are not content with how the relevant Organizer(s) is/are dealing with your personal information, you may bring your dissatisfaction to the attention of the Data Protection Commission: see www.dataprotection.ie.
- Variation of transparency notice
-
This Transparency Notice is regularly kept under review. Any updates will be placed on the website www.oireachtas.ie and notified to you. The Transparency Notice was last updated in 2023.
Members' survey transparency notice
- Foreword
-
University College Dublin, the University of Iceland and the University of Essex, in partnership with the Houses of the Oireachtas Commission/Houses of the Oireachtas Service
This Transparency Notice is being issued because of the duties of the Houses of the Oireachtas Service (the “Service”) under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. You will have accessed it through a link in the Information Note about the survey provided by the Research Team who are conducting it with the support and encouragement of the Ceann Comhairle and the Cathaoirleach of the Seanad. Details of the team and further information about the purposes of the survey can be found in the Information Note.
This Notice tells you about how far the Service will determine the means and purposes of dealing with personal information you may supply in answer to the survey. In particular, the Service has proposed some of the questions in the Questionnaires, encourages and facilitates your participation, and uses the anonymized statistical product to enhance how it performs its statutory functions. For more detailed information on the Service’s discharge of its GDPR duties and definition of relevant terms, see the Service’s General Data Protection Policy. If you are not content with how your personal information is being dealt with, you may bring your dissatisfaction to the attention of the Data Protection Commission: see www.dataprotection.ie.
- Data protection responsibilities as between co-controllers
-
University College, Dublin (UCD) has arranged pursuant to Article 26 of the GDPR with the Research Team members to take principal responsibility for compliance with the law about dealing with your personal information and to secure your data protection rights, for example, rights such as data access under Chapter III of the GDPR. The Research Team will provide you with contact details of UCD’s Data Protection Officer. Without prejudice to that arrangement, you may exercise your GDPR rights in respect of and against each of the Research Team and the Service.
- Purposes / Special category data
-
The Research Team deals in the public interest with your personal information for academic and statistical purposes. The Service deals with the anonymized information to enhance how it performs its statutory functions to provide advice and support services to the Houses of the Oireachtas, their Committees, and their Members. For these purposes and on the legal basis set out below, personal information about your political opinions will be collected in conducting the survey. This is known as special category data/information and dealing with it is subject to additional limits and protections for you in accordance with data protection law. In particular, the Consent Forms and Questionnaires will be stored separately, and such technical and organizational measures will be taken in respect of them ("pseudonymization") that no one outside the Research Team, including any data processors, will be able to attribute or link to any Member any set of answers to the Questionnaires or personal information in them.
You will, in the Consent Form, if you participate, expressly agree in writing to your special category information being dealt with in accordance with the Information Note and this Notice. Other than as pseudonymized and set out in that data protection information, the Research Team will not share your personal information with anyone.
- Legal basis
-
- UCD: Articles 6(1)(e), 9(2)(a), 85, and 89 of the GDPR and ss. 42 and 43 of the Data Protection Act 2018 (Ireland).
- University of Iceland: GDPR as applied by Icelandic law and Article 3(7) of Act 90/2018 on Privacy and Processing of Personal Data.
- University of Essex: Data Protection Act 2018 [UK] and the UK General Data Protection Regulation.
In substance, Iceland and the UK form part of the same data protection zone as the EU and your personal information will not be transferred outside that zone. The Service only deals with the anonymized statistical product of the survey which helps it to perform its functions under s. 3a of the Houses of the Oireachtas Commission Act 2003.
- Sources, recipients / data sharing, and retention
-
The Research Team has identified you as an addressee of the survey from public sources, and obtains personal information about you relevant to this Transparency Notice from your Consent Form and replies. The Research Team and Service retain data processors to assist them in processing data. They are bound by data processing agreements that secure your rights regarding your personal information in accordance with the GDPR. In particular, the University of Essex has such a contract with a United States company called Qualtrics International Inc., 333 W River Park Drive, Provo, Utah 84604, (“Qualtrics”). The survey is being carried out electronically using the University of Essex’s Qualtrics platform and Qualtrics’ German-based cloud server. When collection of information is complete, the data will be transferred to and stored on a secure cloud drive operated by the University of Essex, becoming the sole and pseudonymized copy of the dataset and, once the project’s results have been disseminated in publications, the data will be deleted as set out in the Information Note.
Laying documents before the House transparency notice
- Who is issuing this notice and why?
-
The Houses of the Oireachtas Commission is a statutory corporate body and is independent in the performance of its functions. It is the governing body of the Houses of the Oireachtas Service. The Houses of the Oireachtas Service is the public service body that administers the National Parliament of Ireland (the Houses of the Oireachtas) on behalf of the Houses of the Oireachtas Commission. In this Privacy Notice, the two are generally referred to as the Service unless the context requires one or other entity to be specified. The address of the Service is Leinster House, Dublin 2. The Service is issuing this Transparency Notice because of its duties under the General Data Protection Regulation.
- Scope
-
Personal information about an individual means any information about an individual from which the person can be identified. This Transparency Notice tells you how the Service uses personal information you give it when you register to use the Documents Laid system.
- What kinds of information does the service collect?
-
The personal information that you provide when you self-register will be your contact details for your Department, office or place of employment. The categories of personal data the Service collects are as follows: name, grade, work address, and work contact details.
- Data Controller
-
The Service decides how and why your personal information is dealt with and is, accordingly, the controller of those personal data in accordance with the GDPR.
- Purpose
-
The Service deals with your personal information in order to facilitate you in laying documents in accordance with the Standing Orders of the Houses and any applicable legislation.
- Legal basis
-
The processing of your personal data is necessary and proportionate for the performance of a task carried out in the exercise of official authority or in discharge of a legal obligation. Certain documents are laid in accordance with a duty imposed by particular legislation. Under the Houses of the Oireachtas Commission Act 2003, it is the duty of the Commission to provide for the running of the Houses, which includes providing library services. The manner in which a document is to be laid is, in accordance with Part 13 of the Houses of the Oireachtas (Inquiries, Privileges and Procedures Act 2013) that provided for in the Standing Orders of each House.
If you do not provide the personal information in question, the Service will not be able to receive documents from you to be laid, which may put your Department, office or place of employment in breach of a legal obligation.
- How do we use this information?
-
This information will be used for the purposes of administering the Documents Laid process; for example the Service might contact you if there is a problem with a document being laid.
- Recipients and further processing
-
The Service retains processors to provide information technology necessary for administering the Documents Laid system. They are bound by data processing agreements that secure your rights with regard to your personal information in accordance with the GDPR. The Service does not regularly deal with personal information you supply for the purposes set out in this Transparency Notice for any further purposes. One instance where the Service might deal with your personal information for an additional purpose is in order to comply with a request under the Freedom of Information Act. The Service will also need to deal with your personal information if you exercise rights under data protection law. The Service might also exceptionally have to deal with your personal information, for example, if required by law or in order to advance or defend a legal claim, but those exceptions are very unlikely to arise in the context of this Privacy Notice.
- Retention
-
Your personal data will be kept for as long as necessary to fulfil the purpose of administering the Document Laid process.
- Third country
-
Your personal information is not transferred outside the EEA (ie the EU, Iceland, Liechtenstein and Norway).
- Your rights about your personal information
-
The following are the principal data rights applicable in the circumstances of this Privacy Notice. You may ask the Service for a copy of your personal information. You may ask the Service to supplement or correct your personal information if it is incomplete or incorrect (including out of date). You may be able to ask the Service to delete personal information, especially if the Service no longer needs it, or not to deal with it for the time being, for example, if you think it is incorrect. You may object at any time to the Service’s dealing with personal information it is dealing with in the exercise of official authority or in the public interest, although this entitlement is subject to many legal qualifications depending on the personal information and why the Service is dealing with it. The Service must then cease dealing with the personal information unless it can show compelling grounds for continuing to do so.
- Redress
-
If you are not content with how the Service is dealing with your personal information, you may bring your dissatisfaction to the attention of the Data Protection Commission: see www.dataprotection.ie
- Data protection officer
-
The Service’s Data Protection Officer (DPO) is Jennifer McGrath and is your point of contact regarding this Privacy Notice. Her office number is +353 1 618 4712 and her email is dataprotection@oireachtas.ie.
- Variation of transparency notice
-
This Transparency Notice is regularly kept under review. Any updates will be placed on the Plinth and notified to you. The Transparency Notice was last updated on 9th December 2020.