Privacy Notice
Leitrim County Council is committed to protecting your privacy when you use our services. Leitrim County Council is a data controller. The Privacy Notice below explains how we use information about you and how we protect your privacy.
Our Data Protection Officer makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, Kieran Brett, at dpo@leitrimcoco.ie or by calling 071-9620005 and asking to speak to the Data Protection Officer.
What is personal data/information?
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (i.e. location data collected by a mobile phone) or a postal address, online browsing history, images or anything related to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
Certain personal data has been identified as in a “special category”. This includes:
- sexuality and sexual health
- religious beliefs
- ethnicity
- physical or mental health
- trade union membership
- political opinion
- genetic/biometric data
- criminal history
Why do we need your personal data?
We need your personal data to:
- fulfil our legal obligations as a local authority to provide a service and support to you
- investigate complaints received about our services
- to keep track of spending by Leitrim County Council
- comply with Employment Law
- comply with Health and Safety law.
We only use what we need!
Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement. If we don’t need personal information we won’t ask you for it, and even if we already have your information from something else we will only use it in cases where we have specifically asked for it – you will remain anonymous in all other instances. For example in a survey we may not need your contact details we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We don’t sell your personal information to anyone else.
Your rights
As an individual whose personal data is processed by Leitrim County Council you have the following rights to control what personal information is used by us and how it is used by us.
1. The Right to be Informed
This privacy notice provides you with some of the high level information required. Specific privacy notices are provided on the various functions of the Council.
2. The Right to Access Information
You have the right to ask for all the data/information we have about you and the services you receive from us. When we receive a request from you we must give you access to everything we have recorded on you within one calendar month.
If you wish to make a request to view your records please email dpo@leitrimcoco.ie.
However, we can’t let you see any parts of your record which contain:
- confidential information about other people or
- data a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing or
- if we think that giving you the information may stop us from preventing or detecting a crime.
This applies to personal data/information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies).
3. The right to rectification
If your personal data is inaccurate we will correct it without undue delay. Please let us know what the correct information is so we can correct it.
If the personal data we hold on you is incomplete, please provide us with the supplementary information, so we can complete the information we hold.
4. The right to Erasure (right to be forgotten)
In some circumstances you can ask for your personal data/information to be deleted, for example:
- where your personal data/information is no longer needed for the reason why it was collected in the first place
- where you have removed your consent for us to use your information (where there is no other legal reason for us to use it)
- where there is no legal reason for the use of your information
- where deleting the information is a legal requirement
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for, scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims.
5. The right to data portability
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However, this only applies if we’re using your personal data with consent (not if we are required by law), if the processing is carried out by automated means, or where processing is conducted on the basis of a contract between us.
6. The right to object to processing of personal data
You have the right to object to certain types of processing of your personal data where it is done in the public interest or under official authority. This is the processing that we do in the local authority.
However, if this request is approved this may cause delays or prevent us delivering that service.
7. The right of restriction
You have the right to ask us to stop or restrict what we use your personal data for.
When data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of Ireland.
Where restriction of use has been granted, we will inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we will seek to comply with your request, but we may need to hold or use information because we are required to by law.
8. The right not to be subject to automated decision making, including profiling
You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.
Automated processing is permitted with your express consent, where necessary for the performance of a contract or when authorised by European Union or Irish law.
The Council does not currently use automated processing.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law. The specific privacy notices will detail which organisations we share information with for which purposes and services.
We will often complete a data privacy impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations.
This includes:
- the courts;
- An Garda Síochana;
- Garda Ombudsman;
- Revenue;
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
- in order to find and stop crime and fraud or
- if there are serious risks to the public, our staff or to
- other professionals.
For all of these reasons the risk must be serious before we can override your right to privacy.
How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
- pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- controlling access to the building and to the filing cabinets
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
You can find more details of our Information Security expectations on our online policy.
Where Can I get advice?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at dpo@leitrimcoco.ie or by calling 071-9620005.
You can also get advice on data protection from the Data Protection Commissioner at:
or
The Data Protection, Commissioner, Canal House, Station Road, Portarlington, Co. Laois
Tel: 0761 104 800 or LoCall 1890 252231
or
https://www.dataprotection.ie/docs/Home/4.htm or http://gdprandyou.ie/
Making a Complaint to the Data Protection Commissioner
You have the right to lodge a complaint with the Data Protection Commission if you consider the processing of your personal data is contrary to the GDPR or Data Protection Bill 2018.
Complaints to the Commission should be made in writing and addressed to:
or
The Data Protection, Commissioner, Canal House, Station Road, Portarlington, Co. Laois
Tel: 0761 104 800 or LoCall 1890 252231.