The purpose of this document is to set out the privacy entitlements of Data Subjects, as defined in the General Data Protection Regulation (GDPR), of living persons. Privacy can only apply to information that is not already in the public domain and GDPR only applies to such personal data.
The General Data Protection Regulation (GDPR) is a European Union Regulation that sets out the data entitlements of data subjects and the obligations of those who process the personal data of data subjects. GDPR seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU.
As a public representative I have a copy of the database that is the Electoral Register for the Constituency of Dublin South Central, this is my home constituency, supplied to me through the Houses of the Oireachtas.
When a resident within the constituency contacts me to make a representation on their behalf I store that information within that database. The data stored is a copy of our correspondence, and any correspondence I receive on your behalf. This keeps a record in the event that you contact me again and I need to reference previous representations. I do keep special category data and criminal offence data as a result of some of the content that is supplied to me in the course of making a representation. For example I have data about health issues when I am making a representation to the Department of Health.
For the sake of clarity: SPECIAL CATEGORY DATA means personal information about a person’s: • race • ethnic background • political opinions • religion • philosophical beliefs • membership of a trade union • genes (biological inheritance) • biometric data (such as fingerprints on a passport) • health • sex life • sexual orientation.
I do not keep a database of voter preferences, neither do I keep a record of them.
CRIMINAL OFFENCE DATA means personal information about a person’s: • alleged commission of criminal offences • criminal convictions • being subject to security measures related to criminal offences or convictions
As a Senator I also receive data from individuals outside of this Constituency, indeed from all around the country. I store this data within an online filing system under the heading of the subject matter of the enquiry. For example, I have a file entitled Mother and Baby Home and in that file I have all of the correspondence I have engaged in related to this matter.
If you contact me on a constituency related matter and you are not from Dublin South Central I will refer your query to the relevant Fine Gael Oireachtas Member to take up the enquiry on your behalf. I will then delete your data.
My office staff have access to that data and conduct aspects of representations on your behalf. When you first make contact with me, I will ask you to complete a GDPR consent form, and this is kept on the constituency database also.
I also keep a record of the contact details for community groups, organisations, businesses and representatives in the constituency. Many of these are generic email addresses, but some contain the contract details of the person with whom my office engages.
Lastly we have a database of the members of Fine Gael within our Constituency and keep in regular contact with them.
All of our data is all held on the Oireachtas server. The IT staff in the Oireachtas on occasion may have access to the content of our computers for the purposes of rendering IT assistance. There is a data processing agreement between me and the Oireachtas ICT.
Our IT system has the Oireachtas level of security which means it is password protected and only authorised persons have access to the data. All Oireachtas staff of Public Representatives are Garda Vetted and have been reference checked.
Data Minimisation Principle: We will only collect the information we need so that we can ensure adequate processing of information relevant to your enquiry. We do not sell or broker your data. We do not transfer it to any centralised database, nor outside of the country.
Data may inadvertently cross borders in the operation of certain software applications where the operation of the software is controlled from the US. These transfers are provided for in the standard contractual clauses within GDPR.
LEGAL BASIS FOR PROCESSING ANY PERSONAL DATA
I rely on the following grounds to process data:
Information is gathered from you as a data subject with your express and explicit consent. Through agreeing to this privacy notice you are consenting to us processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing mary.seeryk[email protected]
Performance of a Statutory or Legal Obligation
I may come into possession of data that has a mandatory reporting obligation, that might include sensitive data. In such instances I will notify the relevant Body and share whatever data I am obliged to.
A necessity of my making a representation on your behalf is that I share your name and as much detail as I am obliged to give with the party to whom I am making the representation on your behalf.
Data will be retained until I am no longer a public representative, when it is deleted and certified as so by the Houses of the Oireachtas IT or until you instruct me to delete it.
Data is held on the Oireachtas server.
YOUR RIGHTS AS A DATA SUBJECT
For the entirety of the time that I am in possession of personal data, data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
These rights may on occasion need to be modified/curtailed by statutory or competing obligations. In such an instance we will give a very clear reason as to why this has occurred.
YOU CAN REQUEST THE FOLLOWING INFORMATION:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of our company or a third party such as one of its clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
TO ACCESS WHAT PERSONAL DATA IS HELD, IDENTIFICATION WILL BE REQUIRED
My office will accept the following forms of ID when information on your personal data is requested: a copy of your public services card, driving license or passport – photo ID; and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to [email protected] or by writing to me office at Senator Mary Seery Kearney, Seanad Eireann, Leinster House, Dublin 2. Or telephone (01) 6183735
In the event that you wish to make a complaint about how your personal data is being processed by my office you have the right to make a complaint to me or to the offices of the Data Protection Commission at www.datacommission.ie