A

Languages

Intro Text 

Data Protection and Dun Laoghaire-Rathdown County Council

Data Protection Statement

1.  Who are we?

Dun Laoghaire-Rathdown County Council (the Council) is a democratically elected unit of Local Government within County Dublin and is responsible for providing a range of services to meet the economic, social and cultural needs of our citizens and  communities in partnership with our stakeholders.

In order to provide the most effective and targeted services to meet the needs of the citizens, communities and businesses we will be required to collect, process and use certain types of information about people and organisations. Depending on the service being offered, information sought may include ‘personal data’ as defined by the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988 to 2018 and may relate to current, past and future service users; past; current and prospective employees; suppliers; and members of the public who may engage in communications with our staff.

In this context the Council is a data controller under the GDPR and Data Protection Acts and is obliged to comply with a range of requirements under these legislations. “Data controllers” are organisations who determine the purposes for which, and the manner in which, any personal data is processed, who make independent decisions in relation to the personal data and/or who otherwise control that personal data. Where the Council is providing services involving the collection of personal data for another agency or Government Department it may act as a data processor or joint controller. 

Data in this policy document means both personal data and special category personal data. Given the range of services and activities conducted by the Council full details of personal data for each process cannot be specified in this statement, however the personal data that you may typically be asked to supply can be categorised as follows;

  • Contact details to allow for efficient communication
  • Details of your personal circumstances which you are required by law to supply as part of your application for a service offered by the Council
  • Your own financial details which you are required by law to supply as part of your application for a service offered by the Council

In addition, staff may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest.

In compliance with the GDPR the Council maintains records of processing regarding personal data received and collected for its functions.

2.  What is the purpose of this Data Protection Statement?

The Council is committed to meeting all relevant data protection, privacy and security requirements, whether originating from legal, regulatory or contractual obligations and is committed to protecting the rights and privacy of individuals in accordance with current data protection legislation. This statement should be read in conjunction with the GDPR and  the Data Protection Acts.

This statement has been created to demonstrate the Council’s commitment that the personal data you may be required to supply is in order to access services, will be processed in accordance with data protection principles, which state that personal data will be;

  • Obtained lawfully, fairly and in a transparent manner
  • Obtained for only specified, identified and legitimate purposes
  • Processed for purposes which we have identified or purposes compatible with the purposes that we have identified
  • Adequate, relevant and limited to what is necessary for purpose for which it was obtained
  • Personal data collected and processed must be accurate and (where necessary) kept up to-date
  • Kept only for as long as is necessary for the purposes for which it was obtained
  • Processed in a manner that ensures the appropriate security of the personal data including protection against unauthorised or unlawful processing

3.  High level statement implementation of GDPR Principles

The following is intended to provide a summary of activities of the Council to ensure that its management of personal data adheres with the principles of GDPR. These principles require that personal data shall be:

  1.            Processed lawfully, fairly and in a transparent manner.

The Council is developing a transparency programme to endeavour to ensure that at the earliest practical point in the collecting or processing of personal data that the individual is provided with written details, or made aware of how to access, a written statement of their privacy rights. We currently have a Privacy Statement that is available here https://www.dlrcoco.ie/sites/default/files/atoms/files/privacy_statement.pdf

  1.            Collected for specified, explicit and legitimate purposes

The Council processes personal data using a lawful basis as set out in Article 6 of the GDPR.

  1. Adequate, relevant and limited to what is necessary for the purpose for which it was obtained

The Council endeavours to ensure that personal data sought is minimal and aligned to the purpose or activity for which it is required.

It should however be noted that staff may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest. This may extend to sharing or disclosure of personal data to other bodies to comply with our statutory obligations.

  1. Accurate and, where necessary, kept up to date

The Council will provide reasonable opportunities for individuals to ensure personal data that is inaccurate can be deleted or corrected as required.
In practical terms this can often relate to changes in customers addresses and contact details. If you find that personal data we have about you is inaccurate or needs to be updated (for instance, you may have changed your name, address, contact details etc.) then please contact the Data Protection Co-ordinator (details at paragraph 6 below) so that we can correct it.

  1.            Kept only for as long as is necessary for the purposes for which it was obtained.

The National Retention Policy for Local Authority Records is under review. The revised Policy will provide information on the criteria for determining retention, archival and deletion or end dates for Council records in all the functions it operates.

  1. Processed in an appropriate manner to maintain security

The Council, taking into account the nature, scope, purposes and related risks of processing, employ appropriate physical, technical and organisational measures to secure personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. We also maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:

  • Confidentiality means that only people who are authorised to use the data can access it.
  • Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
  • Availability means that authorised users should be able to access the data if they need it for authorised purposes.

In addition, the Council provides support, assistance, advice and data protection awareness training, which includes physical and IT security training for staff to ensure compliance with the legislation, and to ensure a secure environment for your personal data.

4.  Compliance with GDPR and with the Data Protection Acts

The Council has designated a Data Protection Officer in accordance with requirements of the GDPR. Contact details are provided at the end of this document. The Data Protection Officer’s role is:

  • to inform and advise the Council and the employees who carry out processing of their obligations pursuant to the GDPR;
  • to monitor compliance with GDPR, regarding the policies of the Council in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
  • to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
  • to cooperate with the supervisory authority - the Office of the Data Protection Commissioner;
  • to act as the contact point for the Office of the Data Protection Commissioner; on issues relating to processing, and to consult, where appropriate, with regard to any other matter.

5.  Disclosure to third parties

It should be noted that staff of the Council may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest. This may extend to sharing or disclosure of personal data to other bodies to comply with our statutory obligations.

Typically, disclosure requests will involve requests from law enforcement/investigation agencies for purposes involving preventing, detecting or investigating offences, apprehending or prosecuting offenders or assessing or collecting any tax, duty or other monies owed or payable to the State, a local authority and/or to prevent injury or other damage to the health of a person or serious loss of or damage to property.

There are certain other limited circumstances where disclosures may be made.
Council officials who perform statutory duties involving preventing, detecting or investigating offences, apprehending or prosecuting offenders or assessing or collecting any tax, duty or other monies owed or payable to the Council, may also access personal data where relevant to the performance of such duties. Access of this nature is confined to those staff performing such functions.
 

6.  The Rights of the Data Subject

Individuals have the right to apply to:

  • obtain from the data controller confirmation as to whether personal data concerning him or her are being processed, and, where that is the case, access to the personal data
  • obtain from the data controller without undue delay rectification of inaccurate personal data concerning him or her
  • obtain from the data controller the erasure of personal data concerning him or her without undue delay
  • obtain from the data controller restriction of processing
  • object, on grounds relating to his or her situation, to processing of personal data concerning him or her, in certain circumstances.

There are restrictions to these rights. The Council will examine each request to ensure that requests that can be granted are granted and where we are obliged to apply a restriction to a request, under the Acts, that we do so. On this basis general guidance on likely outcomes cannot be provided and requests from individuals seeking to exercise their rights will be assessed on a case-by-case basis against the various criteria to determine applicability. Full details of data subject rights and restrictions are outlined in Chapter 3 of the GDPR.

Please note that in respect of Data Subject Access Requests and other rights of the data subject as outlined in paragraph 6 please contact the Data Protection Co-Ordinator at:

Postal Address Corporate, Communications and Governance Department

Dun Laoghaire-Rathdown County Council,
County Hall,

Marine Road,

Dun Laoghaire
Co Dublin. A96 K6C9.

Phone +353 1 205 4360
E-mail dataprotection@dlrcoco.ie

In relation to data subject access requests, we take steps to verify your identity before granting access to personal data. When making a data subject access request you will be asked to provide proof of your identity.

Data Protection Officer – Dun Laoghaire-Rathdown County Council

Our Data Protection Officer (DPO) advises and guides the staff of the Council in how they collect, use, share and protect your information to ensure your rights are fulfilled in compliance with the GDPR and Data Protection Acts. The DPO also acts as the contact point for individuals with concerns about the processing of their personal data and is also the liaison between the Council and the Office of the Data Protection Commissioner.

If you have any complaint about the processing of your personal data by the Council you may contact the Data Protection Officer at dataprotectionofficer@dlrcoco.ie. Please note that all requests for the access of your personal data should be made to the Data Protection Co-ordinator whose details are set out above.

Right of Complaint to the Data Protection Commissioner

If you are not satisfied with the outcome of the response received from the Council or the Council’s DPO you are entitled to make a complaint to the Data Protection Commissioner who may investigate the matter for you.  The Data Protection Commissioner’s website is www.dataprotection.ie or you can contact their Office at:

Postal Address Data Protection Commission,

          21 Fitzwilliam Square South

          Dublin 2, D02 RD28

Phone +353 578 648 800 or +353 761 104 800

E-mail info@dataprotection.ie

https://www.dlrcoco.ie/sites/default/files/atoms/files/general_data_protection_regulation_data_access_request_-_print_only_version_0.pdf

7.  Statement on management of CCTV

The Council is developing a policy on the use of CCTV and details of this policy will be provided on the Council’s web site shortly.

8.  Security and Confidentiality

 

We protect your information with procedural, physical and technological measures and controls to ensure (in so far as it is possible) a safe and secure location for your personal data. The Council is committed to securing personal data through a range of measures aimed at minimising risks of the following outcomes relating to personal data.

  • Alteration
  • Loss
  • Damage
  • Unauthorised processing
  • Unauthorised access.

In determining security measures, the Council first have regard to risks related to:

  • the nature of the personal data (for example special category personal data should have less access and higher security arrangements);
  • the context in which data is collected – for example whether there are risks related to how the data is collected – i.e. public areas etc.

Based on this assessment we then proceed to identify suitable organisational or technological options to address security, while having regard to the related cost of employing solutions.

9.  Governance, Monitoring and Review

The Council has regard to the significant requirements under the GDPR and the Data Protection Acts and on this basis operates a governance structure to underpin compliance with its varied obligations.

Dun Laoghaire-Rathdown County Council will review this statement and supporting policies and actions periodically in light of its operation and in terms of new legislative or other relevant factors such as publication of guidance from the Office of the Data Protection Commissioner.

 

 

 

 

 

FAQS

All requests for personal details must be made in writing, either by post or email.  The Council shall respond to your request within one month.  You may be asked for evidence of your identity.  This is to make sure that personal information is not given to the wrong person.  Please address your request to:

Data Protection Co-Ordinator
Dún Laoghaire-Rathdown County Council
Marine Road
Dún Laoghaire
County Dublin
Email: dataprotection@dlrcoco.ie
Phone: +353 01 2054827

In your request, you should give any details that will help the Council to identify you and find your data e.g. any previous address and/or date of birth.  Also, be clear about which details you are looking for if you are only looking for certain information. 

You will receive these details within one month of your request however if the request is complex, and the Council is of the opinion that it requires additional time to consider the request, it may once only extend the time, by notice in writing to you, by a further period not exceeding two months.
 

General Data Protection Regulation Data Access Request - Print Only Version

In general No.

However section 93(4) of the Data Protection Act 2018 provides if a request is manifestly unfounded or excessive in nature, a reasonable charge may be imposed having regard to the administrative cost of complying with the request.

If you feel the Council is not respecting your data protection rights, you should contact the organisation's Data Protection Officer.  

Data Protection Officer
Dún Laoghaire-Rathdown County Council
Marine Road
Dún Laoghaire
County Dublin
Email: dataprotectionofficer@dlrcoco.ie
Phone: +353 01 2054827

If you are then not satisfied with our response, you may contact the Office of the Data Protection Commissioner – details as follows:

The Office of the Data Protection Commissioner
Canal House
Station Road
Portarlington
Co Laois
R32 AP23
LoCall:  1890 252 231     Tel:  +353 0761 104 800     Fax:  +353 57 868 4757
Email:  info@dataprotection.ie
Website:  www.dataprotection.ie

Back