Privacy Policy

 1. Introduction 

The Maynooth Community Council is a voluntary organisation. It focuses on matters of general local interest including planning. It is composed of representatives of Residents Associations, and social, cultural, artistic, sporting and other local organisations. 

The Council and the Executive Committee work with local representatives, voluntary bodies and other organisations and individuals to deliver on projects and objectives. 

In order to carry out its tasks, Maynooth Community Council needs to process personal data. Examples of this include processing data in order to make payments; processing responses to submissions to public consultations; processing contact details in the course of communicating with the Council’s stakeholders; requests for information; processing connected to procurement and contractual agreements with service providers, etc. 

This Data Protection Policy sets out Maynooth Community Council’s commitment to protecting the rights and privacy of individuals and details how we will ensure compliance with the General Data Protection Regulation (GDPR) and Irish data protection legislation. 

2. Scope and purpose 

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); 

an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location 

data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

This policy applies to all personal data processing activities undertaken by Maynooth Community Council. 

This policy should be read in conjunction with the Maynooth Community Council Privacy Statement. 

3. Responsibility for this policy 

Maynooth Community Council is committed to compliance with all relevant EU and Irish laws in respect of personal data, and to the protection of the rights and freedoms of individuals whose information it collects and processes. 

All members of Maynooth Community Council have a responsibility to comply with the Data Protection Policy. 

4. Data protection principles 

All processing of personal data must be conducted in accordance with the data protection principles set out in relevant legislation. 

Maynooth Community Council aims to ensure that personal data shall be: 

4.1 processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); 4.2 collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 

4.3 adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); 

4.4 accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); 

4.5 kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; 

4.6 processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). 

5. Rights of Individuals whose data is collected 

Maynooth Community Council provides for data subjects to exercise their rights as follows: 

5.1 Right of access 

5.2 Right to rectification 

5.3 Right to erasure (right to be forgotten) 

5.4 Right to restriction of processing 

5.5 Right to data portability 

5.6 Right to object 

5.7 Right not to be subject to automated decision making 

5.8 Right to complain 

6. Responsibilities of Maynooth Community Council 6.1 Ensuring appropriate technical and organisational measures: Maynooth Community Council implements appropriate technical and organisational measures to ensure the security of personal data. 

6.2 Maintaining a record of data processing: Maynooth Community Council maintains a record of its data processing activities. The record is reviewed and signed off by the Data Protection officer, on an annual basis. 

6.3 Arrangements with third parties: Maynooth Community Council does not share personal data with third parties. 

6.4 Transfers of personal data outside of the European Economic Area Maynooth Community Council does not transfer the personal data of its data subjects outside of the European Economic Area. 

6.5 Data protection by design and by default: Maynooth Community Council will continue to implement technical and organisational measures in a way that safeguards privacy and data protection principles right from the start (‘data protection by design’). 

6.6 Data protection impact assessments: Maynooth Community Council will implement a Data Protection Impact Assessment if required. 

6.7 Personal data breaches: Maynooth Community Council defines a ‘personal data breach’ as meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed (e.g. the most common breach incidents that can occur are correspondence issuing to an unauthorised third party). Maynooth Community Council deems any loss of personal data in paper or digital format to be a personal data breach. Maynooth Community Council may notify a breach to the Data Protection Commission and to data subjects where this is deemed necessary. 

6.8 Freedom of Information: The Freedom of Information Act of 2014 does not apply to the Maynooth Community Council. Data subjects may request access to their information under the General Data Protection Regulation. 

6.9 Governance: Maynooth Community Council monitors compliance with relevant data protection legislation. 

7. Queries 

Maynooth Community Council acknowledge their responsibility to comply with this Data Protection Policy. 

Members who wish to request more information about data protection should contact: 

Data Protection Officer, 

Maynooth Community Council, 

maynoothcommunitycouncilexec@gmail.com