Privacy Statement – Cavan County Council

 

Why do we have a privacy statement?

Cavan County Council is committed to protecting your privacy when you use our services. Cavan County Council is a data controller. The Privacy Notice below explains how we use information about you and how we protect your privacy.

The delivery of high quality services remains one of Cavan County Council’s core objectives and is included in our Corporate Plan.

In order to provide the most effective and targeted range of services to meet the needs of the citizens, communities and businesses of County Cavan we collect, process and use certain types of information about people and organisations.

The purpose of this privacy statement is to demonstrate our commitment to privacy and to assure you that in all your dealings with Cavan County Council that we will ensure the security of the personal data you provide to us. This privacy statement is designed to ensure that the personal data you supply to us is;

  • Obtained lawfully, fairly and in a transparent manner
  • Obtained for only specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary for purpose for which it was obtained
  • Recorded, stored accurately and securely and where necessary kept up to date
  • Kept only for as long as is necessary for the purposes for which it was obtained
  • Kept in a form which permits identification of the data subject
  • Processed only in a manner that ensures the appropriate security of the personal data including protection against unauthorised or unlawful processing

 

What is personal data/information?

Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (i.e. location data collected by a mobile phone) or a postal address, online browsing history, images or anything related to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

Certain personal data has been identified as in a “special category”. This includes:

  • Sexuality and sexual health
  • Religious beliefs
  • Ethnicity
  • Physical or mental health
  • Trade union membership
  • Political opinion
  • Genetic/biometric data
  • Criminal history

 

Why do we need your personal data?

We need your personal data to:

  • Fulfil our legal obligations as a local authority to provide a service and support to you
  • Investigate complaints received about our services
  • To keep track of spending by Cavan County Council
  • Comply with Employment Law
  • Comply with Health and Safety law
  • Contact details to allow for efficient & effective communication

 

We only use what we need!

Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement. If we don’t need personal information we won’t ask you for it, and even if we already have your information from something else we will only use it in cases where we have specifically asked for it – you will remain anonymous in all other instances.

If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.

We don’t sell your personal information to anyone else.

The Council has a detailed record retention policy which outlines time periods for which your personal data will be retained and what will happen to it after the required retention period has expired. A copy of the National Record Retention Policy can be accessed via the following link:

http://www.lgma.ie/sites/default/files/2002_national_retention_policy_for_local_authority_records_2.pdf

 

What are your rights in relation to your personal data?

As an individual whose personal data is processed by Cavan County Council you have the following rights to control what personal information is used by us and how it is used by us.

 

The Right to be Informed

This privacy notice provides you with some of the high-level information required.

 

The Right to Access Information

You have the right to ask for all the data/information we have about you and the services you receive from us. When we receive a request from you we must give you access to everything we have recorded on you within one calendar month.

If you wish to make a request to view your records, please email dpo@cavancoco.ie

However, we can’t let you see any parts of your record which contain:

  • Confidential information about other people or
  • Data a professional think will cause serious harm to your or someone else’s physical or mental wellbeing or
  • If we think that giving you the information may stop us from preventing or detecting a crime.

This applies to personal data/information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies).

 

The right to rectification

If your personal data is inaccurate we will correct it without undue delay. Please let us know what the correct information is so we can correct it.

If the personal data we hold on you is incomplete, please provide us with the supplementary information, so we can complete the information we hold.

 

The right to Erasure (right to be forgotten)

In some circumstances you can ask for your personal data/information to be deleted, for example:

  • Where your personal data/information is no longer needed for the reason why it was collected in the first place
  • Where you have removed your consent for us to use your information (where there is no other legal reason for us to use it)
  • Where there is no legal reason for the use of your information
  • Where deleting the information is a legal requirement

Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.

Please note that we can’t delete your information where:

  • We are required to have it by law
  • It is used for freedom of expression
  • It is used for public health purposes
  • It is for, scientific or historical research, or statistical purposes where it would make information unusable
  • It is necessary for legal claims.

 

The right to data portability

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

However, this only applies if we’re using your personal data with consent (not if we are required by law), if the processing is carried out by automated means, or where processing is conducted on the basis of a contract between us.

 

The right to object to processing of personal data

You have the right to object to certain types of processing of your personal data where it is done in the public interest or under official authority. This is the processing that we do in the local authority.

However, if this request is approved this may cause delays or prevent us delivering that service.

 

The right of restriction

You have the right to ask us to stop or restrict what we use your personal data for.

When data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of Ireland.

Where restriction of use has been granted, we will inform you before we carry on using your personal information.

You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.

Where possible we will seek to comply with your request, but we may need to hold or use information because we are required to by law.

 

The right not to be subject to automated decision making, including profiling

You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.

Automated processing is permitted with your express consent, where necessary for the performance of a contract or when authorised by European Union or Irish law.

The Council does not currently use automated processing.

 

Who do we share your information with?

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements, there is always an agreement in place to make sure that the organisation complies with data protection law. The specific privacy notices will detail which organisations we share information with for which purposes and services.

We will often complete a data privacy impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations.

This includes:

  • The courts
  • An Garda Síochana
  • Garda Ombudsman
  • Revenue

We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:

  • In order to find and stop crime and fraud or
  • If there are serious risks to the public, our staff or to
  • Other professionals.

For all, of these reasons the risk must be serious before we can override your right to privacy.

 

How do we protect your information?

We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
  • Pseudonymisation, meaning that we’ll use a different name, so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Controlling access to the building and to the filing cabinets
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

 

Where Can I get advice?

If you have any worries or questions about how your personal information is handled, please contact our Data Protection Officer at Email: dpo@cavancoco.ie or Tel: 049-4378300

You can also get advice on data protection from the Data Protection Commissioner at:

info@dataprotection.ie  or https://www.dataprotection.ie/docs/Home/4.htm  or http://gdprandyou.ie/

 

Right of Complaint to the Office of the Data Protection Commissioner:

If you are not satisfied with the outcome of the response you received from Cavan County Council in relation to your request, then you are entitled to make a complaint to the Data Protection Commissioner in writing who may investigate the matter for you.

The Data Protection Commissioner’s website is www.dataprotection.ie

You can contact their office at:
Lo Call Number: 1890 252 231
E-mail: info@dataprotection.ie

Postal Address:
Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois
R32 AP23