Updated Parish Privacy Statement

 

Who are we?

This parish is part of the Catholic Archdiocese of Dublin. The parish is a registered charity

(charity no. CHY7424). The Parish Priest/Administrator/Moderator is the data controller for the

parish, in other words he is the person responsible for making sure your data is safe and secure.

 Baptism Registers

The Archbishop is the sole controller of the personal data and special category data contained in

the Baptism Registers held in Parishes of the Archdiocese with respect to storage and retention

of data, standard and special annotation of data and alteration of data. The Archbishop, along

with the Parish Priest/Administrator/Moderator assigned to the Parish which holds the Baptism

Register, are each a joint controller of the personal data and special category data with respect to

collecting and recording of data in the Baptism Register.

 

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification

can be through the information alone or in conjunction with other information in the data

controller’s possession or likely to come into such possession. The processing of personal data is

governed by the General Data Protection Regulation or the GDPR and the Data Protection Act

(2018).

Who does this Privacy Notice apply to?

This Privacy notice is for all those whose personal information is dealt with in any way by the

parish including parishioners, clergy, staff, volunteers, contractors, suppliers and visitors and

there may be others.

What is the lawful basis for processing your personal data?

The GDPR requires specification in the Privacy Notice of the lawful basis for processing

personal data. Below are the lawful bases which are relevant to our processing activities;

 Where consent has been obtained. This can be withdrawn at any time.

 Compliance with a legal obligation

 Performance of a contract, or to take steps to enter into a contract

 To protect a person’s vital interests

 Legitimate interests – this includes any activities that involve advancing and maintaining the

Roman Catholic religion.

 Where processing is carried out by a not-for-profit body with a religious aim provided: –

o the processing relates only to members of the congregation or former members (or

those who have regular contact with it in connection with those purposes); and

o there is no disclosure to a third party without consent.

 

Baptism Registers held in Parishes of the Archdiocese

Where personal data and special category data is processed in the Baptism Registers held in

Parishes of the Archdiocese, the Archbishop relies on the legitimate interests in preserving the

information contained in Baptism Registers because such registers consist of a record of the

administration of certain sacraments in the Roman Catholic Church. It is essential that the

Archbishop maintains a record of certain sacraments which may only be administered once in

the Roman Catholic Church. As personal data contained in the Baptism Registers is special

category personal data, the Archbishop must have an additional lawful basis for processing. The

Archbishop relies on processing carried out in the course of his legitimate activities with

appropriate safeguards and the processing relates solely to members or former members of the

Roman Catholic Church, and personal data is not disclosed outside the Roman Catholic Church

without the consent of the member/former member concerned.

 

What personal data do we process?

The parish will process some or all of the following types of data, where necessary to perform

our duties;

 Names;

 Contact details – telephone numbers, addresses, email addresses;

 Information about the Sacraments of Baptism, Confirmation, Marriage and Holy Orders;

 Information relating to donations as required for audit purposes and the Charities Act

(2016);

 Safeguarding information on staff, clergy and volunteers as required by the National

Safeguarding Office;

 Information relating to gender, age, date of birth, marital status;

 Information gathered for the furtherance of faith development supports and services;

 Information relating to education/work histories, academic professional qualifications;

 Some of the personal data we process will fall under the category of sensitive personal

data as it will identify your religious belief. There may be other categories of sensitive

personal data processed including information on health (e.g. pilgrimage requirements),

details of injuries (e.g. legal claim), trade union membership (for a staff member).

 

How does the Parish process personal information?

We use your personal data for purposes included among the following;

 to enable us to meet all legal and statutory obligations;

 to deliver the Church’s mission to our parish community and to carry out other

voluntary/charitable activities for the benefit of our parish community;

 to minister to our parishioners and provide you with pastoral and spiritual care (such as

visiting the sick or the bereaved);

 to organise and facilitate ecclesiastical liturgies for our parishioners, including funerals;

 facilitate the sacraments of Baptism, First Holy Communion, Confirmations and

Marriage;

 

 to promote and assist the mission and growth of the Church in the Diocese of Dublin;

 to carry out comprehensive Safeguarding procedures in accordance with best;

safeguarding practice with the aim of ensuring that all children and vulnerable adults are

provided with safe environments;

 for those involved in the management of the parish we use the personal information you

provided to enable both the parish and you to carry out your role effectively (e.g.

members of the pastoral council, finance committee etc.);

 for lay people who assist in all aspects of parish life including the creation of rosters,

being involved in parish sacramental teams etc., we use your information to assist you in

your various roles. Without such information it would not be possible for you to function

effectively in your role in our parish;

 To fundraise and promote the interests of the parish and process donations e.g.

information supplied by donors to use in supporting our work

 To maintain our own accounts and records e.g. putting agreements in place, invoicing

and making payments. Personal data held in this regard forms part of our contractual

arrangements with you;

 To send you the parish newsletter;

 To deal with your request;

 To manage our staff, volunteers and contractors;

 Our processing may also include the taking of photographs, live streaming via the

webcam, or capturing images in our CCTV;

 On occasion the parish has to share your personal data with the Diocesan offices. To

enable this to happen compliantly a Data Processing Agreement has been put in place

which is signed by the Parish Priest/Administrator/Moderator and counter-signed by the

Archbishop. Examples of this sharing include contact with Chancellery in relation to

sacramental issues; HR in relation to employment issues; Finance in relation to tax on

donations and other areas affected by the Charities Regulation; Child Safeguarding for

Vetting and Safe-guarding issues. This list is not exhaustive.

Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared where

appropriate;

 Information may be shared with statutory or church bodies for tax relief purposes or for

law enforcement agencies for the prevention and detection of crime;

 Information may be shared with third parties who assist us with our work;

 We reserve the right to release personal data without your consent where permitted by

law or to meet a legal obligation.

How long do we keep your personal data?

We keep your personal data for as long as it is need and in line with our Retention/Disposition

schedule. Some records are permanently kept and these will be placed in the Parish/Diocesan

Archives.

 

In relation to the Baptism Registers held in the Parishes of the Archdiocese, personal data and

special category data are retained in perpetuity, in order to achieve the purpose of correctly

administering certain sacraments that may only be undertaken once in a person’s lifetime.

 

How is our information kept safe and secure?

We comply with its obligations under the “GDPR” by keeping personal data up to date; by

storing and destroying it securely; by not collecting or retaining excessive amounts of data; by

protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring

that appropriate technical measures are in place to protect personal data.

Baptism Registers are annotated upon administration of the Sacraments of Confirmation,

Marriage or Holy Orders to an individual. Where an individual receives any of these sacraments,

a note will be made in the Baptism Register entry for that individual. Annotations are necessary

as it ensures the sacraments of Confirmation, Marriage or Ordination may only be undertaken

once during a person’s lifetime.

 

Your rights and your personal data

Unless subject to an exemption under the GDPR you have the following rights with respect to

your personal data: –

 Right of Access – you can request a copy of your personal data from the Parish;

 Right of Correction – you have the right to request that the Parish corrects any personal

data if it is found to be inaccurate, incomplete or out of date;

 Right of Erasure – You have the right, in certain circumstances, to ask for the data we

hold on you to be destroyed. This is known as the Right to be Forgotten;

 Right to Restriction of Processing – where certain conditions apply, you have the right

to restrict the processing of your personal data;

 Right to Data Portability – you can request that the Parish transfer your data directly to

another data controller where we hold the data in an electronic format;

 Right to Object –you have the right to object to certain types of processing;

 Right to Lodge a Complaint with the Office of the Data Protection Commission.

When exercising any of the above rights and in order to facilitate your request, we may need to

verify your identification for security purposes.

Transfer of Data Abroad

We do not transfer personal data abroad.

Further processing

We reserve the right to review and amend this statement at any time without notice.

Contact Details

Please contact the Parish if you have any questions about this Privacy Statement or the

information we hold about you or to exercise all relevant rights, queries or complaints or email

dataprotection@dublindiocese.ie.

 

The diocesan privacy policy can be accessed on http://dublindiocese.ie/privacy-policy.

You can contact the Data Protection Commissioners Office on 00353 57 8684800 or Lo-Call

1890 252 231 or by email at info@dataprotection.ie.

Updated 24 March 2023