GDPR

Parish Privacy Statement

Who are we?

The Parish of Kilnamanagh and Castleview is part of the Catholic Archdiocese of Dublin.  The parish is a registered charity (charity no. CHY7424) and our address Parish Office C/O St Kevin’s Church, Treepark Road, Kilnamanagh, D24 HW80.  The Parish Priest/Administrator/Moderator is the data controller for the parish, in other words he is the person responsible for making sure your data is safe and secure.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be through the information alone or in conjunction with other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation or the GDPR and the Data Protection Act (2018).

Who does this Privacy Notice apply to?

This Privacy notice is for all those whose personal information is dealt with in any way by the parish including parishioners, clergy, staff, volunteers, contractors, suppliers and visitors and there may be others.

What is the lawful basis for processing your personal data?

The GDPR requires specification in the Privacy Notice of the lawful basis for processing personal data.  Below are the lawful bases which are relevant to our processing activities;

  • Where consent has been obtained. This can be withdrawn at any time.
  • Compliance with a legal obligation
  • Performance of a contract, or to take steps to enter into a contract
  • To protect a person’s vital interests
  • Legitimate interests – this includes any activities that involve advancing and maintaining the Roman Catholic religion.
  • Where processing is carried out by a not-for-profit body with a religious aim provided: –
    • the processing relates only to members of the congregation or former members (or those who have regular contact with it in connection with those purposes); and
    • there is no disclosure to a third party without consent.

What personal data do we process?

The parish will process some or all of the following types of data, where necessary to perform our duties;

  • Names;
  • Contact details – telephone numbers, addresses, email addresses;
  • Information about the Sacraments of Baptism, Confirmation, Marriage and Holy Orders;
  • Information relating to donations as required for audit purposes and the Charities Act (2009 & 2016);
  • Safeguarding information on staff, clergy and volunteers as required by the National Safeguarding Office;
  • Information relating to gender, age, date of birth, marital status;
  • Information gathered for the furtherance of faith development supports and services;
  • Information relating to education/work histories, academic professional qualifications;
  • Some of the personal data we process will fall under the category of sensitive personal data as it will identify your religious belief. There may be other categories of sensitive personal data processed including information on health (e.g. pilgrimage requirements), details of injuries (e.g. legal claim), trade union membership (for a staff member).

How does the Parish process personal information?

We use your personal data for purposes included among the following;

  • to enable us to meet all legal and statutory obligations;
  • to deliver the Church’s mission to our parish community and to carry out other voluntary/charitable activities for the benefit of our parish community;
  • to minister to our parishioners and provide you with pastoral and spiritual care (such as visiting the sick or the bereaved);
  • to organise and facilitate ecclesiastical liturgies for our parishioners including baptism, confirmations, weddings and funerals;
  • to promote and assist the mission and growth of the Church in the Diocese of Dublin;
  • to carry out comprehensive Safeguarding procedures in accordance with best; safeguarding practice with the aim of ensuring that all children and vulnerable adults are provided with safe environments;
  • for those involved in the management of the parish we use the personal information you provided to enable both the parish and you to carry out your role effectively (e.g. members of the pastoral council, finance committee etc.);
  • for lay people who assist in all aspects of parish life including the creation of rosters, being involved in parish sacramental teams etc., we use your information to assist you in your various roles. Without such information it would not be possible for you to function effectively in your role in our parish;
  • To fundraise and promote the interests of the parish and process donations e.g. information supplied by donors to use in supporting our work
  • To maintain our own accounts and records e.g. putting agreements in place, invoicing and making payments. Personal data held in this regard forms part of our contractual arrangements with you;
  • To send you the parish newsletter; please fill in the parish register form to set your preferences on if/how to receive the newsletter in accordance with GDPR.
  • To deal with your request;
  • To manage our staff, volunteers and contractors;
  • Our processing may also include the taking of photographs, live streaming via the webcam, or capturing images in our CCTV;
  • On occasion the parish has to share your personal data with the Diocesan offices. To enable this to happen compliantly a Data Processing Agreement has been put in place which is signed by the Parish Priest/Administrator/Moderator and counter-signed by the Archbishop. Examples of this sharing include contact with Chancellery in relation to sacramental issues; HR in relation to employment issues; Finance in relation to tax on donations and other areas affected by the Charities Regulation; Child Safeguarding for Vetting and Safe-guarding issues; Office for Liturgy regarding workshops/seminars that maybe of interest to Ministers of the Word/Eucharist/Choirs; Education Secretariat regarding Boards of Management and training events; Lourdes Pilgrimage in relation to parishioners travelling with them for the September pilgrimage; Evangelisation regarding those taking place in events such as Faithfest, World Youth Day and other seminars and workshops; and Archives in relation to GDPR request. The information will never be used for any purpose other than what it was gathered for. 

Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared where appropriate;

  • Information may be shared with statutory or church bodies for tax relief purposes or for law enforcement agencies for the prevention and detection of crime;
  • Information may be shared with third parties who assist us with our work;
  • We reserve the right to release personal data without your consent where permitted by law or to meet a legal obligation.

How long do we keep your personal data?
We keep your personal data for as long as it is need and in line with our Retention/Disposition schedule.  Some records are permanently kept and these will be placed in the Parish/Diocesan Archives.

How is our information kept safe and secure?

The Parish complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Your rights and your personal data 

Unless subject to an exemption under the GDPR you have the following rights with respect to your personal data: –

  • Right of Access – you can request a copy of your personal data from the Parish;
  • Right of Correction – you have the right to request that the Parish corrects any personal data if it is found to be inaccurate, incomplete or out of date;
  • Right of Erasure – You have the right, in certain circumstances, to ask for the data we hold on you to be destroyed. This is known as the Right to be Forgotten;
  • Right to Restriction of Processing – where certain conditions apply, you have the right to restrict the processing of your personal data;
  • Right to Data Portability – you can request that the Parish transfer your data directly to another data controller where we hold the data in an electronic format;
  • Right to Object –you have the right to object to certain types of processing;
  • Right to Lodge a Complaint with the Office of the Data Protection Commission.

When exercising any of the above rights and in order to facilitate your request, we may need to verify your identification for security purposes.

Transfer of Data Abroad

We do not transfer personal data abroad.

Further processing

This Parish reserves the right to review and amend this statement at any time without notice.

Contact Details

Please contact the Parish if you have any questions about this Privacy Statement or the information we hold about you or to exercise all relevant rights, queries or complaints.

Parish Office,

C/O St Kevin’s Church,

Treepark Road,

Kilnamanagh,

D24 HW80.

01-4515570

kcparishoffice@gmail.com

You can contact the Data Protection Commissioners Office on 00353 57 8684800 or Lo-Call 1890 252 231 or by email at info@dataprotection.ie.

The postal addresses are:

Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23 Co. Laois

Dublin Office

21 Fitzwilliam Square
Dublin 2
D02 RD28
Ireland

____________________________________________________________________________________________

PARISH OF KILNAMANAGH-CASTLEVIEW

Livestreaming Webcam Notice

  • The cameras installed inside this church facilitate livestreaming of masses and ceremonies from this church.
  • Livestreaming allows homebound people, people in hospitals and in nursing homes or those who live abroad to watch live masses, ceremonies and other celebrations or services and, thereby facilitates parishioners to stay connected with this parish and with their families and friends through these services.
  • Church Media TV (CMTV) provides the facilities for livestreaming and recording of services requested by the parish administrators.
  • No livestreaming is recorded unless it is requested.
  • No images are stored if a recording has not been requested.
  • If services are recorded, the footage will be held securely for 90 days or otherwise as requested by the parish administrator. All recordings are stored on a secure server within the European Economic Area (EEA).
  • Notices of recordings due to take place can be viewed daily here:

https://churchmedia.tv/camera/st-kevins-church-kilnamanagh

(recordings are displayed in red in the schedule) or please contact the parish for more details.

_______________________________________________________________________________

CCTV Policy

CCTV (Close Circuit Television) captures images of identifiable living people (data subjects), whether for security, monitoring or health and safety purposes. Identifiable imagery is considered as personal data under the GDPR and therefore, at a data protection level, requires the same level of care that is paid to paper and electronic files.

“Surveillance camera system” means

(a) closed circuit television

(b) any other systems for recording or viewing visual images for surveillance purposes

(c) any systems for storing, receiving, transmitting, processing or checking images or information obtained by systems falling within paragraph (a) or (b)

(d) any other systems associated with, or otherwise connected with, systems falling within paragraph (a), (b) or (c).

The GDPR requires the processing of personal data to be lawful, fair and transparent. CCTV is in use in our parish for security purposes only.

We inform the parishioners, staff, volunteers and visitors (data subjects) of the existence of CCTV by placing signs near entrances and other areas where the cameras are located.  The signs are easy to read and contain the name of the security operator and their contact details.  The signs state the CCTV is being used for security purposes only.

The images are captured onto a secure server which is only accessible to the Parish Priest or those whom he authorises for security purposes.  The images are deleted every 28 days.  In instances where a crime had been committed the images may need to be retained longer as evidence.  If An Garda Siochana ask to take copies of CCTV footage they have to provide us with a written authorisation from the local Superintendent.  This ensures the chain of evidence is not compromised if the images are needed for legal purposes.  It is permitted to allow An Garda Siochana to view the footage if a crime has been committed and this does not pose any data protection issue.

As with any other aspect of personal data, data subjects have a right to access any images captured of them.  A Subject Access Request Form needs to be completed and if possible information should be gathered from the individual on dates/times their image may have been captured. The parish and the security operators will need to ensure that the requester is present in the footage and that by supplying the footage they do not disclose any personal data of another data subject. This may involve blurring parts of the footage such as figures or license plates.

Any act of storage or access is considered processing and it is imperative that the Parish and security operators uphold the confidentiality and integrity of any footage. Screens displaying live or recorded footage should only ever be viewed by authorised individuals and not members of the public who stray past a security guard post or CCTV operation room.

Back-up tapes/discs should be stored in a secure environment with an access log maintained. Access should be restricted to authorised personnel only.  [If back-ups are being stored on the Cloud then you need to know where the Cloud data centre is based.  If it is in an EU country there is no problem but if it is located outside of the European Union then you will have to get your system operators to move it].


Subject Access Request

The Parish of Kilnamanagh-Castleview has procedures in place to ensure that data subjects will have the right of access to their personal data which was collected concerning him/her and can exercise that right easily and free of charge, in order to be aware of, and verify, the lawfulness of any processing which is being conducted.  The Parish must respond within one calendar month of receiving the written, valid request.

Every Data Subject has the right to know from the Data Controller:-

  • Who processed their personal data
  • When was it processed
  • How was it processed
  • Why was the data processed
  • For how long was the data processed
  • The recipient of the personal data
  • Where applicable, the logic involved in automatic processing, including profiling and the consequences of such processing

The Data Subject is entitled to a copy of their personal information.  Where a third party is processing the information on behalf of the Data Controller, the Data Controller needs to ensure the Data Processor contract covers any circumstance where the third party will be obliged to assist in responding to a Subject Access Request. There can be no delay in getting this information.

As with previous Data Protection laws some exemptions apply to Subject Access Requests.

To make a Subject Access Request the data subject must apply in writing to the Parish Priest Fr. Michael Murphy St Kevin’s Church, Treepark Road, Kilnamanagh, Dublin 24 (D24 HW80), using the application form.

Subject Access Request Form

(Please complete in BLOCK CAPITALS)

Name & Address

Phone No.

Email

Is the information about you? If yes, you will need to provide a copy of photographic ID, bearing your signature, for example, a passport or driving licence.  Please do not send original documents and copies should be sent by registered post to ensure their safety.

Please describe what information you require with any additional facts that may help us with the search. This will help us greatly in responding to you in the allotted time.

Declaration to be completed by all applicants.

I, _______________________________________ (name), certify that the information given on this application to Parish Kilnamanagh-Castleview is correct.  I understand that it is necessary for the Parish Kilnamanagh-Castleview to confirm my identity and it may be necessary to obtain more detailed information in order to locate the correct personal data.

Signed ______________________________                 Date ________________

Note: The Parish of Kilnamanagh-Castleview must respond to your request within one calendar month.  This time frame will not begin until your identity has been established and any relevant details obtained.

Please return the completed form and any necessary documentation to the Parish Priest Fr Michael Murphy, St Kevin’s Church, Treepark Road, Kilnamanagh, Dublin 24 (D24 HW80).

Documents which must accompany this application include evidence of identity and stamped address envelope for return of the above mentioned documents.  Please do not send original documents.

 The Parish will process the personal information included on this form in accordance with the Data Protection Act (1988) and Amendment Act (2003) and from 25th May 2018 in accordance with the General Data Protection Regulation.  The information will only be used in order to process your request, will only be shared with those who can provide the information required and will be retained no longer than is necessary.