Who we are
The Catholic parish of St Joseph is a parish in the Diocese of Limerick.
The Parish is a data controller of certain personal data for the purposes of the General Data Protection Regulation 2016/676 (the “GDPR”). The Parish is committed to ensuring that your personal data is properly and securely managed in accordance with the GDPR and the Data Protection Acts 1988 to 2018 (the “Acts”) and believes this is an important part of achieving trust and confidence between the Parish and those with whom it interacts. This policy is to let you know how the Parish will look after your personal data.
The parish contact details are as follows: Administrator, St Josephs Church, O’Connell Ave, Limerick.
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information.
What information do we collect
The personal data which the Parish holds relating to you may include the following: –
• Name and contact details.
• Gender, age, date of birth, nationality.
• Sacramental information.
• PPS number.
• Marital status, family status and information about dependents.
• Information about your education or employment history.
• CCTV recordings and photographs.
• Information which we collect through your use of our website such as IP addresses, dates and times of site visits, type of browser and cookie information.
• Data relating to Garda vetting applications.
We may also collect and process the following special category personal data: –
• data about your race, ethnicity, or religious beliefs.
• data about your health and wellbeing.
How we collect the data we hold about you
The Parish collects the data we hold about you in a number of ways, as follows: -
1. By you using the “contact us” facility on our website.
2. By you contacting the Parish by phone, email or letter and providing data to us.
3. By you completing forms for the Parish.
4. Through face-to-face meetings with you.
5. If you have attended or registered to attend an event with the Parish.
6. Sometimes from a third party.
7. If you have applied for a job or volunteered with the Parish.
8. When you use the vetting service.
Why we process your data and the lawful basis for processing your data
We must have a lawful basis for processing your data. The lawful basis will vary depending on the circumstances and the type of data involved. One lawful basis is where you have given your consent to us processing your data. (This consent can be withdrawn by contacting us.) Other examples are where the processing is necessary for one of the following: –
• our legitimate interests.
• the performance of a contract to which you are a party.
• compliance with a legal obligation to which the Parish is subject.
• in order to protect your or another person’s vital interests (e.g. to protect your life);
• the performance of a task carried out in the public interest.
We must have a different lawful basis for processing special category data. These are set out in the GDPR but here are some examples: –
• You have given us your explicit consent to processing the information.
• Processing is necessary for the purposes of our or your obligations and rights in employment, social security and social protection law;
• Processing is necessary to protect your or another person’s vital interests (e.g. to protect your life);
• Processing is carried out in the course of our legitimate activities where the processing relates solely to our members or to former members and the personal data is not disclosed outside the Parish without your consent.
• Processing relates to personal data which you have made public.
• Processing is necessary for the establishment, exercise, or defense of legal claims.
• Processing is necessary for reasons of substantial public interest.
• Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
What we do with the information we have
We use your information for a number of purposes including:
• to fundraise and promote the interests of the Parish.
• to administer records held by us on members of the congregation.
• to maintain accounts and records.
• to provide pastoral and spiritual care.
• to administer sacraments.
• to respond to queries and complaints.
• to communicate with you in relation to news about the Parish/[Arch/Diocese];
• to process application forms.
• to process donations and to administer applications under the Charitable Donations Scheme and to share your details with the [Arch/diocese] to enable the processing of donations (if appropriate);
• to administer, support, improve and develop the administration of the Parish’s work.
• for auditing, statistical, archiving, or historical research purposes.
• as authorised or required by law.
• in the case of CCTV images, for safety and security reasons.
• if you are a job applicant, to assess your suitability for the position you have applied for.
• to obtain and retain a Garda vetting disclosure, where required.
• to process safeguarding complaints in accordance with legal requirements.
• to provide you with information about other services that other Catholic Church organisations offer.
• to manage volunteers and employees of the Parish.
• in the case of information gathered through cookies, to measure and analyse information on visits to the website. Information collected by cookies is not used to identify you personally.
The Parish does not use automatic decision-making software and does not engage in profiling.
Who we share your data with,
We may share your personal data with third parties with your consent or, without your consent, where permitted by law, including where permitted by the GDPR and the Acts.
We may share your personal data with the following:
• The Diocese, if appropriate.
• Entities who provide services to the Parish or with our professional advisors e.g., recruitment companies, payroll providers, IT consultants, accountants and/or solicitors.
• The Revenue Commissioners in relation to applications under the Charitable Donation Scheme.
• An Garda Síochána in relation to the detection or prevention of a crime;
• Other Governmental departments or statutory agencies as required by law.
• We may post photos or videos to our social media pages, with your consent.
How we store your information
We store your data in both manual and electronic format. We use the following technical and organisational measures to protect your personal data:
• We store your personal data on a secure server, access to the server is restricted to a limited number of staff;
• Manual files are kept in locked filing cabinets in staff offices.
• Access to computer systems is password protected.
• All documents containing personal data are shredded before being discarded.
While we use all reasonable endeavors to protect your personal data, the transmission of information via the internet is not completely secure. For this reason, we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.
Transfer of your personal data outside the European Economic Area (“EEA”)
We do not usually transfer your data outside the EEA. However, there may be some limited circumstances where this is necessary. For example, where you are getting married in a country outside the EEA. Some of these countries do not have laws which provide the same level of protection to your personal data as laws within the EEA. We will either obtain your consent before transferring your personal data to such a country or otherwise transfer such data in accordance with the GDPR and the Acts.
Your data protection rights
You have a number of rights under the GDPR and the Acts. These include the following: –
• Informed – you have the right to be informed about any personal data that we hold relating to you, including information as to the accuracy of the data and the purpose for which it is used.
• Access – you have the right to be given a copy of all of your personal data on request.
• Rectification – you have the right to have any inaccurate data held by us rectified free of charge.
• Restriction – where there is a dispute in relation to the accuracy or processing of your personal data, you can ask for a restriction to be placed on further processing;
• Withdraw – where we rely on your consent to process your personal data, you can withdraw your consent
• Object – you have the right to object to the processing of your personal data.
• Erasure – you have the right to request us to delete your personal data, this is known as the “right to be forgotten”;
• Data portability – you have the right to request us to provide you or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
The above rights are subject to certain exceptions and may be restricted in certain circumstances.
Rights may only be exercised by the individual whose information is being held by the Parish or with that individual’s express permission. We may request proof of identity for verification purposes before you can exercise any of these rights.
We also use privacy preferences. We use a tracking cookie, which is added to your computer, to remember your cookie preferences i.e. if you have allowed or disallowed them.
Changes to Policy
Further information relating to your data privacy rights is available at www.dataprotection.ie
A Data Protection Officer has been appointed for all the Dioceses within the Catholic Province of Cashel & Emly (Munster).
You may contact our Data Protection Officer at firstname.lastname@example.org
How to complain
If you are unhappy about how we have treated your personal data, you may make a complaint to the Data Protection Commission. Their contact details are as follows: –
Data Protection Commission
21 Fitzwilliam Square South
Tel +353 (0)761 104800
+ 353 (0)57 868 4800
The Commission may also be contacted via their website at www.dataprotection.ie