DIOCESAN PRIVACY STATEMENT & POLICY - The Diocese of Ardagh And Clonmacnois

ARDAGH & CLONMACNOIS DIOCESAN PRIVACY STATEMENT & POLICY

HEALTH & BENEDICTION IN THE LORD

The Diocese of Ardagh & Clonmacnois has published this Privacy Statement and Policy to demonstrate our commitment to protecting and respecting your personal data.
This Privacy Statement and Policy explains how we process information, in particular the personal data that we receive from you. Please read the following carefully to understand our practices regarding your personal data and how we treat it.

Who we are:
The mission of the Diocese of Ardagh & Clonmacnois, is exercised under the invocation of [Agent insert appropriate term, such as God Most High; Our Lord Jesus Christ; the Most Holy and Undivided Trinity; Our Blessed Lady; etc. which is of historical resonance locally] and the patronage of St Mel (Mél or Moel) and St Ciarán (Ciarán mac an tSaeir).
The Diocese is entrusted to the pastoral care of The Most Rev. Dr. Paul Connell, DD, Bishop of Ardagh & Clonmacnois, who was consecrated bishop in June, 2023.
This Privacy Statement and Policy is applied by the diocesan bishop, for the time being and from time to time, duly appointed by the canonically elected Supreme Pontiff, and in the event of the episcopal office being vacant or impeded, the person who under Canon Law has power to perform the administrative duties of the bishop in any interim period before the appointment of a successor as bishop or until the impediment ceases, as the case may be, the person with this power being a diocesan administrator or an apostolic administrator.
This policy relates to this website. You may find links on our websites to other websites over which this Diocese does not have control. Once you have used these links to leave this website, any information you provide to these third parties is not covered by this Privacy Statement & Policy.
In addition, the Diocese may operate social media accounts on other websites for example,
Facebook and X (Twitter). You will need to consult the privacy polices of those websites for
information on how these platforms utilise your personal data.
The Ardagh & Clonmacnois Diocese may be contacted through:
The Diocesan Secretary,
Ardagh & Clonmacnois Diocesan Curia,
Diocesan Office,
St Michael’s Templemichael,
Ballinalee Road,
Longford
Telephone: +353 (0)43 3346432
E-Mail: [email protected]

The Diocese of Ardagh & Clonmacnois is committed to protecting your privacy. This Privacy
Statement & Privacy Policy explains our data processing practices and your options regarding the ways in which your personal data is used. This Privacy Statement & Privacy Policy is reflective of our
compliance with Data Protection legislation in Ireland, to include the European General Data Protection Regulation (GDPR) and the Data Protection Acts, (as amended).
For the purpose of the General Data Protection Regulation (GDPR), the Data Controller for the Diocesan Curia and offices and is the diocesan bishop with an address as above. For information held in parishes the Parish Priest is the Data Controller.

Our Data Protection Officer
The Data Protection Officer for our Diocese can be contacted at [email protected]

What information might we collect about you?
The Diocese receives personal data about you in various ways including directly from the individual and sometimes from a parish, a family member, other diocese, schools, employers, revenue, medical professionals, CCTV and webcams. The personal data that is collected may include:
– Information relating to the celebration of the Sacraments of Baptism, Holy Communion,
Confirmation, Marriage or Holy Orders;
– Information relating to financial donations (requirements of the Charities Acts and also to assist parishes claim tax back on donations);
– Safeguarding information as required by the National Safeguarding Office and the Vetting Bureau of An Garda Síochána na hÉireann and/or other justice service, which may include data relating to criminal convictions and/or offences;
– Depending on your relationship with us we may also collect a range of different information about you including your name, contact details, date of birth, nationality, PPS number (where required by law), financial information (such as bank details), educational information, employment data and qualifications, information about your current involvement with the diocese, information on volunteer, CCTV recordings and photographs;
– Information collected through your use of this website such as IP addresses, dates and times of website visits, type of browser and cookie information;
– Special category data which reveals your religious beliefs may also be collected and processed. Please understand that this list is not exhaustive.

Processing of personal information
The Diocese collects and processes information about you in a number of ways, including face to face meetings, correspondence, email, phone conversations, from parishes and via forms sent by the Diocesan Curia and offices.

We must have a lawful basis for processing your information. This will vary according to the
circumstances of how and why we have your information but typical examples include:
– That the activities are within our legitimate interests in advancing and maintaining the teachings of Christ in the Christian religion of the Catholic Church, in providing information about the activities of the Diocese or any diocesan parish, and to raise charitable funds;
– You have given consent for us to process your information which can be withdrawn at any time by contacting us using the details below;
– We are carrying out necessary steps in relation to a contract to which you are party to or prior to you entering a contract;
– The processing is necessary for compliance with a legal obligation;
– The processing is necessary for carrying out a task in the public interest;
– The processing of data is necessary to protect your vital interest.
Should we process any Special Categories of Personal Data, we must have a further lawful basis for the processing. This may include:
– Where you have given explicit consent;
– Where the processing is necessary to protect the vital interest or someone else’s vital interests;
– Where the processing is carried out in the course of our legitimate interests of the Catholic Faith, working with and supporting our current and former members and the information is not shared outside the Diocese and/or any Catholic ecclesiastical body enjoying canonical jurisdiction or powers
of governance as detailed in the Code of Canon Law or in the Apostolic Constitution Pastor Bonus without your consent;
– You have made the information public;
– Where the processing is necessary for the establishment, exercise or defence of legal actions and /or claims;
– Where the processing is necessary for carrying out the Diocese’s employment and social security obligations; or
– The processing is necessary for reasons of substantial public interest.
These are examples only, please contact us should you require further information.

Sacramental Registers/Deeds (eg. Baptismal Registers)
The Bishop of Ardagh & Clonmacnois is deemed the sole controller of personal data and special category data contained in parish held Baptismal Registers with respect to the storage, retention, standardisation, special annotation and addition of data. The Bishop of Ardagh & Clonmacnois, along with the parish pastor (Parish Priest/Administrator/Moderator) assigned to the parish which holds
the Baptismal Register, are each deemed together to be a joint-controller of the personal data and special category data in respect to the collection and recording of data in Baptismal Registers and other Sacramental Registers.

Regarding personal data and special category data that is held to be processed in Baptismal
Registers and other Sacramental Registers/Deeds retained in parishes: the Bishop of Ardagh & Clonmacnois relies on the data protection principal of legitimate interest in preserving the information contained in Baptismal Registers and other Sacramental Registers/Deeds as such registers record the administration of certain Holy Sacraments of the Catholic Church, which the Church teaches must only be administered once in the lifetime of a Christian. As personal data recorded in Baptismal Registers and other Sacramental Registers/Deeds would be considered special
category personal data, the following is the legal basis for processing such information: the Bishop of Ardagh & Clonmacnois relies on processing carried out in the course of the legitimate activities of the diocese with appropriate safeguards and such processing relates solely to those who have received the Sacrament of Baptism into the Church and/or Married in the Church. Personal data is not disclosed outside the Catholic Church without the consent the data subject. Baptismal Registers and other Sacramental Registers/Deeds retained in parishes of the Diocese are held in perpetuity of the lifetime of the party, following which such records are archived: such
records deemed personal data and special category data are so retained in order to achieve the
purpose of the correct administration of certain Holy Sacraments. Upon the administration of certain Holy Sacraments, the Baptismal Register is annotated, such as on receipt of the Sacraments of Confirmation, Marriage or Holy Orders. Such annotation is necessary to ensure that the aforementioned Holy Sacraments with Baptism are administered no more than once in the lifetime of a baptised person.

For what purpose do we use your information?
We use your information for a range of different purposes including:
– To facilitate the reception of the Holy Sacraments of Baptism, Most Holy Communion,
Confirmation, Marriage and/or Holy Orders, and in connection with our other activities;
– To general pastoral and spiritual care;
– To provide information you request from the Diocese;
– To process various application forms;
– For Tax on Donations requests;
– Communicating with you about Diocesan events
– Dealing with complaints and enquiries
– To administer, support, improve and develop the administration of the work of the Diocese and
operations and to keep the accounts and records of the Diocese up to date;
– For auditing and statistical purposes;
– As authorised or required by any civil or criminal law applicable to us or arising from your
interaction with us;
– To process job applications;
– Technical details in connection with visits to this website may be logged on the Diocesan server.
Information collected by cookies is not used to identify you personally;

– CCTV recordings for security purposes and to help create a safer environment for our staff,
members of the faithful, clergy, volunteers and visitors.
The Diocese neither uses automatic decision making software nor does it engage in profiling.

Practical examples of how we process your Personal Data
We will only process your Personal Data in line with our ministry and the services we provide. This
information may include your name, address, email address, phone number, etc. as provided by you
for the provision of a service, e.g.:
· Signing up for a newsletter or event;
· Signing up for volunteer or fundraising activities;
· Signing up / making contact in relation to upcoming sacred liturgies, retreats and/or pilgrimages;
· Contacting us with a query in relation to information posted on our website.
Any data processed on our behalf by contracted third party service providers, e.g. for the purpose of
enhancing the services we provide to you will be bound by the same privacy standards. We will not
disclose Personal Data to any other third parties unless we have consent to do so.
We will disclose Personal Data if it is believed in good faith that we are required to disclose it in
order to comply with any applicable law, a summons, a search warrant, a court or regulatory order,
or other statutory requirement.
You can choose to opt out of receiving information from us at any time by contacting the Diocesan
Secretary at the contact details given above.

Cookies
“Cookies” are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. The website of the Diocese uses cookies to improve navigation and to enable traffic monitoring. Non-registered visitors of the site may be sent anonymous cookies to keep track of their browsing patterns and build up a demographic profile. Whilst you do not need to allow your browser to accept cookies in order to browse much of our web site or to access many of our services, you must have cookies enabled if you wish to access any areas reserved for registered users. Most browsers allow you to turn off the cookie function. If you want to know how to do this, please look at the help menu on your browser. As described above this will restrict the services you can use on our website.

How who do we share your information?
The information you give us is used by the Diocese only in accordance with the purpose for which you provided the information and with your consent. This information will only be retained for as long as required for the purpose for which it was gathered.

We may share your information with government bodies for tax relief purposes or law enforcement agencies for the prevention and detection of crime.
Information will only be made available to third parties who assist us with our work. We may share information with service providers but only when an appropriate Service Provider Agreement/contract is in place outlining exactly what they are permitted to do. Any data processed in the course of such services is processed in compliance with the General Data Protection Regulation (GDPR) and national data protection law.
Where permitted by law, we reserve the right to release personal data without your consent and/or without consulting you, including when we believe that this is appropriate to comply with our legal obligations.

Where do we store your information?
We may store your information in hard copy or in electronic format, in storage facilities we own and operate ourselves, or that are owned and operated by our service providers.

How long do we retain your information?
We retain your personal information for as long as necessary with regard to the purposes for which it was collected or lawfully further processed, or for so long as may be necessary in light of our legal obligations. All information held is in accordance with the Diocesan retention policy.

Data Protection Principles
We promise to follow the following data protection principles:
– Processing is lawful, fair, transparent. Our processing activities have lawful grounds. We always consider your rights as a Data Subject before processing personal data. We will provide you information regarding Processing upon request;
– Processing is limited to the purpose for which it was gathered;
– Processing is carried out using the minimum amount of Personal Data required for any purpose;
– We will not store your personal data for longer than needed;
– We will do our best to ensure the accuracy of data;
– We will do our best to ensure the integrity and confidentiality of data;
– We will use all reasonable means to avoid Breaches of Data. Where a Data Breach occurs, we will
notify the relevant authority and follow their instructed next steps.

Data subject’s rights:
Those affected by this Privacy Statement & Privacy Policy have the following rights:

– Right to access: the right to request, access and copy of the personal information that we hold on you. We may charge a reasonable fee for two or more personal data requests. A single copy of personal data will be charged at no cost. Any access requests will need to be requested in writing or email. Evidence of identification will be required as this makes sure that the personal information is not given to the wrong person. Information will be sent within 1 month of receipt of the written request.
– Right to rectification: the right to have personal data rectified if it’s incorrect, out of date or incomplete.
– Right to be forgotten: the right to withdraw consent given to process data and the right to request that we delete personal data from our System (subject to compliance with any legal obligations or unless the data is required for any legal claims).
– The right to object how we use the personal data received (e.g. marketing purposes).

Data Transfers outside of the European Economic Area (EEA)
All personal data transferred within the European Union (EU) 1 and the European Economic Area
(EEA) 2 is subject to the General Data Protection Regulation, 2018 (GDPR).
Personal data may be transferred to jurisdictions which are deemed to have similar safeguards in terms of data protection using the same criteria as if transferring within the European Union (EU) and/or the European Economic Area (EEA). Such jurisdictions include the: United States of America [Commercial companies based in the United States of America participating in the EU-US Data Privacy Framework, 2023 (DPF)];
Principality of Andorra; Argentine Republic; Canada; Faroe Islands of the Kingdom of Denmark; United Kingdom of Gt. Britain [under the General Data Protection Regulation, 2018 (GDPR) & the Law Enforcement Directive, 2018 (LED) transposed into Irish law through the Data Protection Act, 2018] the British Crown Dependency of the Bailiwick of Guernsey, the British Crown Dependency of the Bailiwick of Jersey, and the British Crown Dependency of the Isle of Man;
State of Israel;
Japan;
Republic of Korea;
Swiss Confederation (Switzerland);
Oriental Republic of Uruguay.

1 In addition to Ireland, the European Union member states consist of the Republic of Austria, Kingdom of Belgium, Republic of Bulgaria, Republic of Croatia, Republic of Cyprus, Czechia (Czech Republic), Kingdom of Denmark, Republic of Estonia, Republic of Finland, French Republic (France), Federal Republic of Germany, Hellenic Republic (Greece), Republic of Hungary, Italian Republic (Italy), Republic of Latvia, Republic of
Lithuania, Grand Duchy of Luxembourg, Republic of Malta, Kingdom of the Netherlands, Republic of Poland, Portuguese Republic (Portugal), Romania, Slovak Republic (Slovakia), Republic of Slovenia, Kingdom of Spain and Kingdom of Sweden.
2 The EEA includes EU countries and also United Kingdom of Gt. Britain, Iceland, Principality of Liechtenstein
and Kingdom of Norway.

Personal data may only be transferred to other countries outside of the European Union (EU) andthe European Economic Area (EEA) in compliance with the conditions for such transfers laid down in Chapter V of the General Data Protection Regulation, 2018 (GDPR).

The diocese may rely on the following derogations for specific situations when transferring to third countries, including the Holy See:
Article 49.1(a) GDPR the data subject has explicitly consented to the proposed transfer, after
having been informed of the possible risks of such transfers for the data subject due to the
absence of an adequacy decision and appropriate safe-guards;
Article 49.2(b) GDPR the transfer is necessary for the performance of a contract between the data subject and the controller to the implementation of pre-contractual measures taken atthe data subject’s request;
Article 49.2(c) GDPR the transfer is necessary for the conclusion or performance of a
contract concluded in the interest of the data subject between the controller and other
natural or legal person;
Article 49.2(e) GDPR the transfer is necessary for the establishment, exercise or defence of
legal claims. Where a transfer could not be based on a provision in Article 45 or Article 46 GDPR, including the provisions on binding corporate rules, and none of the derogations for a specific situation referred to in the first sub-paragraph of this paragraph is applicable, a transfer to a third country or an international organisation may take place only if the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subjects, and the controller has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. The controller shall inform the data subject of the transfer and the compelling legitimate interests pursued. We rely on this derogation to transfer personal data with the Holy See. Personal data is transferred to the Holy See for very specific and limited purposes e.g. laicisation from the clerical state; Catholic clergy becoming Ministers in the Anglican denomination; the awarding of Bene Merenti and other papal awards and honours; Bi-Ritual faculties; and the alienation of property. Such personal data is hand-delivered to the Apostolic Nunciature to Ireland, the diplomatic mission to the Holy See in Ireland, based in Dublin and sent to the Holy See by Diplomatic Pouch. On some occasions, where the personal data is not of a sensitive nature, documents may be sent via registered post. The Holy See takes every measure to ensure the ongoing security and confidentiality of all documents sent to the Holy See.
Some couples chose to be married in parishes, churches and chapels outside Ireland. To facilitate the celebration of the Sacrament of Marriage abroad, certain documentation must be sent to the local diocese where the couple are planning the celebration of their marriage. In many instances the couples courier such personal data to the parish themselves but on occasion this will be organised by the Diocesan Chancellery. A copy of such papers may be retained by the Diocesan Chancellery. The diocese interacts with dioceses abroad in relation to regular religious and extern priests. The diocese will request documents relating to the visiting priest should that priest be appointed to hold a ministry in the diocese. This information will be retained for the lifetime of the individual regular religious or priest concerned. The diocese participates in World Youth Day. This festival celebrating the faith of young people may
be held in parts of the world outside of the EU and EEA. Where this occurs, explicit consent of the young adult will be requested to facilitate participation in this event. Should the young person be under the age of 18 years, their parent(s)/guardian(s) consent will also be required.
How to contact the appropriate Data Protection authority
Without prejudice to your right to recourse to law, should you wish to report a complaint or you feel
that we have not addressed your concern in a satisfactory manner, you may contact:

Office of the Data Protection Commissioner,
21, Fitzwilliam Square South,
Dublin 2.,
Ireland

Telephone: +353 578 684 800, +353 761 104 800.

Changes to this Privacy Policy
The Diocese reserves the right to make changes to this Privacy Statement & Privacy Policy.

Last updateed on the Feast of St Ciarán of Clonmacnois, 9 th September, 2024

✠ PAUL CONNELL
BISHOP OF ARDAGH & CLONMACNOIS