The Office of the Director of Authorised Intervention (“we”, “us”, or “our”) is committed to protecting your privacy. We are very aware of the importance and sensitivity of the personal data that you share with us. Any personal information which you provide us will be treated with the highest standards of security and confidentiality, in accordance with data protection legislation.
This Privacy Statement explains the following:
- How we communicate with you
- What personal data we collect
- The purpose and legal basis for processing your personal data
- How we securely store your personal data
- Details of third parties with whom we share personal data
- How long we retain your data
- Transfer of personal data
- Your rights under data protection legislation
How We Communicate with You
When you contact the office with a query, we will need to communicate with you in writing. Depending on your preferences, this contact will either be through our email or by registered post. If you wish, you can also provide us with your phone number, so that we can contact you by phone, if needed, about your query.
Any post from ODAIT will be sent by registered post, in an envelope which will not contain any identifying markers.
Please be aware that we will never ask you for your bank details on the phone.
What Personal Data We Collect
“Personal data” means any information about an individual from which that person can be identified. We do not collect personal information through our website, but such information can be collected with your consent through email correspondence or by phone.
The categories of personal data we process about you for the purposes of carrying out our functions include, in particular: (a) your name, (b) your date of birth, (c) your address and other contact details; (d) your status as a birth relative, parent, grandparent, aunt, uncle, niece, nephew, grandniece or grandnephew, guardian, care-giver or friend; (e) the names of birth parent(s), birth relative(s) (where applicable and known); (f) the place at which care was provided (where applicable and known); (g) your contact preferences; (h) any other information you share with us, which may include health data; genetic data; religious beliefs; marital status; and other types of information either relating to you or your birth relative (i) the identification documents provided by you; (j) details of the birth relative(s) and (k) other information which the Minister for Children, Equality, Disability, Integration and Youth may require us by regulation to record on the DNA Database Register.
The Purpose and Legal Basis for Processing your Personal Data
The personal data we collect from you will be processed lawfully, fairly and in a transparent manner in keeping with the principles of the General Data Protection Regulation (GDPR).
How we Securely Store your Personal Data
Personal data may be stored electronically on our internal ICT systems, and on the ICT systems or our processors and shared service providers. These systems are fully protected by anti-virus and anti-malware software.
Access to personal data is restricted to those staff members who need the information to carry out their official duties. Access is controlled to ensure staff members have the minimum permissions necessary to allow them to work in a secure environment and to only access the personal data that they need.
Where the Office holds paper records containing your personal data, these are stored on individual files which are secured on our premises and where only our staff can access them.
Inactive and legacy files may be maintained in secure off-site storage, under contract. A limited number of staff have access, and the movement of files between the Office and off-site storage is done according to protocol and under strict supervision.
Details of Third Parties with whom we Share Personal Data
The Office may share your data, only where legally permissible with organisations including Government Departments, Tusla, regulatory or supervisory authorities; I.T. Consultants, Consultants, Forensic Science Ireland.
How Long we Retain your Data
We will retain your personal data only for as long as necessary for the purposes for which it was collected, as required by law.
Transfer of Personal Data
Your personal data will generally not be stored outside the European Union or the European Economic Area (EEA – EU 27, plus Iceland, Norway, and Liechtenstein). To the limited extent that it is necessary to transfer personal data outside of the European Economic Area (“EEA”), we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, which may include an adequacy decision under Article 45 of the GDPR, or by putting in place standard contractual clauses under Article 46.2 of the GDPR. Please contact us at dpo@dait.ie if you wish to obtain more information concerning these safeguards.
Your Rights Under Data Protection Legislation
All data subjects engaging with the Office and its processors have certain rights under EU (GDPR) and Irish data protection legislation. Guidance on the rights of individuals is available on the Data Protection Commission website and can be accessed via www.gdprandyou.ie. Your rights are summarised below:
1. Right of Access
You can make a formal request for a copy of your personal data being processed by the Office. We will need you to confirm your identity first, as we cannot give your personal data to others (except by specific request and your full consent). Once we have verified your identity, we will seek to get the information that you have requested as soon as possible, but at the latest within one month of receipt of the request.
For complex requests, or where there are large numbers of requests, we can extend our time to respond to you by a further two months, but we must tell you we are going to do this within the first month, together with the reason for the delay. If we are not going to respond to your request, we must tell you this within one month. We must remind you that that you have the option of submitting a complaint to the Data Protection Commission. If you make an electronic request, we may be required to respond to you electronically, unless you prefer otherwise.
Anything we do in response to your request and any information we give you must be free. If you make excessive requests (e.g. make the same one repeatedly) or your requests have no basis in fact, we may either charge you a fee or refuse to act on it. We may ask you to clarify your request. You can help us to fulfil your request by being as specific as possible about your dealings or contacts with us. A separate Data Subject Rights Policy and Subject Access Request Form is available on the Office’s website at link or on request
2. Right to Rectification
The Office is committed to holding accurate data about you and will implement processes and procedures to ensure that you can rectify your data where inaccuracies have been identified.
3. Right to Erasure (Right to be Forgotten)
Where the Office receives a request from you looking to exercise your right of erasure, the Office will carry out an assessment of whether the personal data can be erased without affecting the ability of the Department to provide on-going services to you.
4. Right to Restriction of Processing
The Office will implement and maintain appropriate procedures to assess whether your request to restrict the processing of your data can be implemented. Where the request for restriction of processing is carried out, the Office will write to you to confirm the restriction has been implemented and when the restriction is lifted.
5. Right to Data Portability
Where the Office has collected your personal data by consent or by contract, you have a right to receive the data in electronic format to give to another data controller. Exercising this right will depend on the feasibility of the request.
6. Right to Object
You have a right to object to the processing of your personal data in specific circumstances. Where such an objection is received, the Office will assess the case on its merits.
7. Rights Relating to Automated Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, where such decisions would have a legal or significant effect on you. The Office will ensure that where systems or processes utilise automated decision-making or profiling, an appropriate right of appeal is available to you.
8. Right to Complain
If you are unhappy with how the Office has processed a request made by you, we will endeavour to assist you in resolving any issues raised. In such circumstances you should contact the Data Protection Officer. You also have the right to complain directly to the Data Protection Commission (DPC). The DPC can be contacted as follows: –
By post: Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
By e-mail: info@dataprotection.ie
By phone: 0761 104 800 or lo-call number 1890 252 231
How to Get in Touch
If you have any queries about this policy, please contact the Data Protection Officer (DPO). The DPO for the Office can be contacted at dpo@dait.ie. Our Data Protection Officer is available to answer any data protection and privacy related questions you may have. We will do our best to promptly resolve any concerns you may have about how we protect your privacy and personal data.
How can you Exercise your Rights?
You are entitled to exercise the rights outlined above. You can make a request under any of these rights by contacting the Department’s Data Protection Unit at this address:
By e-mail: dpo@dait.ie
By post: Data Protection Officer, The Office of the Director of Authorised Intervention Tuam, Custom House, Flood Street, Galway, H91XV2C.
Changes to this Privacy Statement
We may change this Privacy Statement from time to time. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on our website prior to the change becoming effective. Please review this Privacy Statement periodically for updates.