Who we are
The Catholic Diocese of Cork and Ross is a registered charity (with charity number CY 7112). Its offices are at Redemption Road, Cork, Ireland. The Diocese is a controller of certain personal data for the purposes of the General Data Protection Regulation (EU 2016/679 (the “GDPR”).
The Catholic Diocese of Cork and Ross is committed to ensuring that your personal data is properly and securely managed in accordance with the GDPR and the Data Protection Acts 1988 to 2018 (the “Acts”) and believes this is an important part of achieving trust and confidence between the Diocese and those with whom it interacts. This policy is to let you know how the Diocese will look after your personal data.
In addition, the Diocese may operate social media accounts on other websites for example, Facebook and Twitter. You will need to consult the privacy polices of those websites for information on how they use your personal data.
Relationship between Diocese and parish
- If you have given your personal data to the Diocese, the Diocese will usually be the data controller of that information.
- In certain circumstances, the diocese may process data on behalf of the parish.
Please contact us if you require further information on this. The relevant contact details are below.
The type of information we have
The personal data which we hold relating to you may include the following:
- Name and contact details;
- Gender, age, date of birth, nationality;
- PPS number;
- Marital status, family status and information about dependants;
- Information about your current involvement in Diocesan activities and events;
- Financial information;
- Information about your education or employment history;
- CCTV recordings and photographs;
- Information which we collect through your use of our website such as IP addresses, dates and times of site visits, type of browser and cookie information;
- Data relating to Garda vetting applications and disclosures;
- Data relating to safeguarding matters.
We may also collect and process the following special category personal data: –
- data about your race, ethnicity or religious beliefs;
- data about your sex life or sexual orientation may be processed by our Safeguarding Office due to the nature of its functions;
- data about your health and wellbeing.
Our Safeguarding Office may also process data relating to criminal convictions and offences.
The above lists are not exhaustive.
How we collect the data we hold about you
The Diocese collects the data we hold about you in a number of ways:
- When you access our website;
- By you using the “contact us” facility on our website;
- By you contacting the diocesan office by phone, email or letter and providing data to us;
- Through face to face meetings with you;
- Sometimes from a parish or other third party;
- When you attend diocesan training;
- When you use the vetting service.
Why we process your data and the lawful basis for processing your data
We must have a lawful basis for processing your data. The lawful basis will vary depending on the circumstances and the type of data involved. One lawful basis is where you have given your consent to us processing your data. (This consent can be withdrawn by contacting us.) Other examples are where the processing is necessary for one of the following: –
- our legitimate interests of advancing and upholding the Roman Catholic religion;
- the performance of a contract to which you are a party;
- compliance with a legal obligation to which the Diocese is subject;
- in order to protect your or another person’s vital interests;
- the performance of a task carried out in the public interest.
The above are examples only, you will need to contact us for further information on the legal basis for processing your personal data.
We must have a different lawful basis for processing special category data. These are set out in the GDPR but here are some examples: –
- You have given us your explicit
consent to processing the information;
- Processing is necessary for the purposes of our or your obligations and rights in employment, social security and social protection law;
- Processing is necessary to protect your or another person’s vital interests;
- Processing is carried out in the course of our legitimate activities of advancing and upholding the Roman Catholic religion where the processing relates solely to our members or to former members and the personal data is not disclosed outside the Diocese without your consent;
- Processing relates to personal data which you have made public;
- Processing is necessary for the establishment, exercise or defence of legal claims;
- Processing is necessary for reasons of substantial public interest;
- Processing is necessary for the purposes of preventive or occupational medicine;
- Processing is necessary for reasons of public interest in the area of public health;
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
The above are examples only, please contact us if you require further information.
What we do with the information we have
We use your information for a number of purposes including:
- in connection with our activities;
- to provide pastoral and spiritual care;
- to administer sacraments;
- to respond to queries and complaints;
- to communicate with you in relation to news about the activities, events and initiatives taking place in our Diocese;
- to process application forms;
- to process donations and to administer applications under the Charitable Donations Scheme;
- to administer, support, improve and develop the administration of the Diocese’s work;
- for auditing, statistical, archiving or historical research purposes;
- as authorised or required by law;
- in the case of CCTV images, for safety and security reasons;
- if you are a job applicant, to assess your suitability for the position you have applied for;
- to obtain and retain a Garda vetting disclosure, where required;
- to process safeguarding complaints in accordance with legal requirements;
- in the case of information gathered through cookies, to measure and analyse information on visits to the website. Information collected by cookies is not used to identify you personally.
Who we share your data with
Where we feel it is necessary to share your personal data with a third party, such processing will be carried out in accordance with our obligations under the GDPR and the Acts. This means that we will either have your consent to processing your personal data in this way or there will be another lawful basis for doing so (see above under the heading “Why we process your data and the lawful basis for processing your data”).
We may share your personal data with the following:
- diocesan personnel on a “need to know” basis;
- Any ecclesiastical body enjoying canonical jurisdiction or powers of governance as detailed in the Code of Canon Law or in the Apostolic Constitution Pastor Bonus;
- Entities who provide services to the Diocese or with our professional advisors e.g. recruitment companies, payroll providers, IT consultants, accountants and/or solicitors;
- The Revenue Commissioners in relation to applications under the Charitable Donation Scheme;
- Parishes (either inside or outside the Diocese) or other Arch/Dioceses;
- An Garda Síochána in relation to the detection or prevention of a crime;
- Other Governmental departments or statutory agencies as required by law;
- Your employer or prospective employer in relation to an employment reference;
- We may post photos or videos to our social media pages, with your consent.
How we store your information
We store your data in both manual and electronic format. We use the following technical and organisational measures to protect your personal data:
- We store your personal data on a secure server, access to the server is restricted to a limited number of staff;
- Personal data is shared with authorised diocesan staff on a “need to know” basis;
- Manual files are kept in locked filing cabinets in staff offices. There are no files in public areas and the offices are locked every evening;
- Access to computer systems is password protected;
- All documents containing personal data are shredded before being discarded;
While we use all reasonable endeavours to protect your personal data, the transmission of information via the internet is not completely secure. For this reason, we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.
Transfer of your personal data outside the European Economic Area (“EEA”)
We do not usually transfer your data outside the EEA. However, there may be some limited circumstances where this is necessary. For example, where you are getting married in a country outside the EEA. Some of these countries do not have laws which provide the same level of protection to your personal data as laws within the EEA. We will either obtain your consent before transferring your personal data to such a country or otherwise transfer such data in accordance with the GDPR and the Acts.
Your data protection rights
You have a number of rights under the GDPR and the Acts. These include the following: –
- Informed – you have the right to be informed about any personal data that we hold relating to you, including information as to the accuracy of the data and the purpose for which it is used;
- Access – you have the right to be given a copy of all of your personal data on request;
- Rectification – you have the right to have any inaccurate data held by us rectified free of charge;
- Restriction – where there is a dispute in relation to the accuracy or processing of your personal data, you can ask for a restriction to be placed on further processing;
- Withdraw – where we rely on your consent to process your personal data, you can withdraw your consent
- Object – you have the right to object to the processing of your personal data;
- Erasure – you have the right to request us to delete your personal data, this is known as the “right to be forgotten”;
- Data portability – you have the right to request us to provide you or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
The above rights are subject to certain exceptions and may be restricted in certain circumstances.
Rights may only be exercised by the individual whose information is being held by the Diocese or with that individual’s express permission. We may request proof of identity for verification purposes before you can exercise any of these rights.
We also use privacy preferences. We use a tracking cookie, which is added to your computer, to remember your cookie preferences i.e. if you have allowed or disallowed them.
Changes to Policy
Further information relating to your data privacy rights is available at www.dataprotection.ie
You may contact our Data Protection Officer at firstname.lastname@example.org
How to complain
If you are unhappy about how we have treated your personal data, you may make a complaint to the Data Protection Commission. Their contact details are as follows: –
Data Protection Commission
21 Fitzwilliam Square South
Tel +353 (0)0761 104800
+ 353 (0)57 868 4800
The Commission may also be contacted via their website at www.dataprotection.ie