At Pobal, we are committed to protecting and respecting your rights under data protection law.  We respect your trust in us.

In this notice, we explain how we collect personal information about you, how we use it and how you can interact with us about it.

This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR).  The GDPR, together with associated Irish data protection law, places enhanced accountability and transparency obligations on organisations when using your information.  The GDPR also gives you greater control over your personal information, including a right to access, amend or erasure your personal information.

Please take time to read this notice carefully.  If you have any questions about how we use your information, please contact our Data Protection Officer at dataprotection@pobal.ie

This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information. You can get more detailed information by viewing the relevant programme Privacy Notice.  The list of programmes which Pobal provide management and support services to on behalf of government can be viewed at: https://www.pobal.ie/programmes/

Who we are

Pobal works on behalf of Government to support communities and local agencies toward achieving social inclusion outcomes. Pobal does this by managing funding and providing supports for relevant Government funded programmes.

Information we collect about you

To meet our regulatory and statutory obligations in the administration and delivery of government programmes, we will collect some personal information directly from you (such as data to identify you and your contact information), and information about you from other third parties (such as, for example, the Office of the Revenue Commissioners, Department of Social Protection (DSP).

Further personal and special categories of personal information is collected depending on the contract or programme you are involved with, such as:

  • Your financial details / financial circumstances / economic status
  • PPSN numbers
  • Information relating to recruitment and appointment, pension, trade union membership and other Industrial Relations / Human Resource processes
  • Your gender, date of birth / age band
  • Your ethnic/cultural background
  • Demographic information such as geographic location
  • Personal details of your child(ren)
  • Medical and health information
  • Information about you provided by others e.g. Office of the Revenue Commissioners and DSP
  • Login and password credentials
  • Photographic images (e.g. for publications or staff cards)

How we use your information

As Pobal works on behalf of government, we are legally required to hold information to fulfil regulatory and statutory obligations. We use information about you to: • Carry out our obligations arising from any contracts or programme services entered by you

  • Process a grant or job application
  • Comply with our obligations as an employer
  • Notify you of any changes relevant to your contract or programme services
  • Send you communications which are relevant to your contract or programme services
  • Collect and analyse programme data and demographic information to enhance service delivery and support government policy
  • Seek your views or comments on the supports we provide
  • Create summary statistics, which allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally help us to make our site more user friendly

Lawful bases for processing your data

In order for the use of personal data to be lawful it should be processed on the basis of either the consent of an individual concerned or another legal basis, set out in the General Data Protection Regulation or in the Data Protection Act 2018.

In conjunction with the various government agencies, Pobal will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection and will process personal data under various legal bases depending on the purpose for which the data is collected.

We are aware that under the GDPR it is your right to withdraw, at any time, your consent to process your personal data.

Therefore, in case you intend to withdraw your consent, and we cannot rely on another lawful processing bases, we guarantee to promptly interrupt any processing activity concerning your personal data.

The lawful bases and Pobal’s data protection designation varies depending on the government programmes as outlined in the following table. The designation of data controller is the public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor processes personal data on behalf of the controller.

Programme Government Department/Agency (Data Controller) Pobal’s Data Protection Designation
Early Learning and Care
Access and Inclusion Model (AIM)Department of Children, Equality,

Disability, Integration and Youth

(DCEDIY)

Data Processor
Better StartDCEDIYData Processor
Comhairle naÓg Development FundDCEDIYData Processor
Community Childcare Subvention (CCS)DCEDIYData Processor
County/City Childcare Committees (CCC)DCEDIYData Processor
Early Childhood Care and Education (ECCE)DCEDIYData Processor
Early Learning and Care and School Age Capital ProgrammesDCEDIYData Processor
Learner FundDCEDIYData Processor
National Childcare Scheme (NCS)DCEDIYData Processor
Training and Employment Childcare Programmes (TEC)DCEDIYData Processor
Voluntary Childcare Organisations (VCO)DCEDIYData Processor
Social Inclusion and Equality
AbilityDepartment of Social Protection (DSP)Data Processor
Dormant Accounts Fund (DAF)  – KickStartProbation Service; Department of JusticeJoint Data Controller
Dormant Accounts Fund (DAF) –  Measure 1: Social Enterprise – developing capacity in social organisationsDRCDData Processor
Dormant Accounts Fund (DAF) –  Measure 2: Training and Support for CarersDSPData Processor
Dormant Accounts Fund (DAF) –

Measure 3/4 – Women Refugees

Department of Justice (DJE)Data Processor
Healthy Ireland Fund (HIF)Department of HealthData Processor
LEADERDepartment Rural and Community Development (DRCD)Data Processor
Scheme to Support National Organisations (SSNO)DRCDData Processor
Seniors Alert Scheme (SAS)DRCDJoint Data Controller
Sláintecare Integration Fund (SIF)Department of HealthData Processor
SICAPDRCDJoint Data Controller
Inclusive Employment and Enterprise
Community Services Programme (CSP)DRCDJoint Data Controller
GatewayDSPData Processor
Rural Social Scheme (RSS)DSPData Processor
TúsDSPData Processor
Pobal as an Organisation
Employment and Business purposesPobalData Controller

How long we retain your information

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or for as long as is set out in any relevant contract you hold with us.

This is subject to legislation and regulatory rules we must follow as set out by our government departments.

Who we share your personal information

Pobal may pass your information onto government departments, who are the data controllers of the programmes we administer on their behalf, such as the Department of Rural and Community Development, the Department of Children, Equality, Disability, Integration and Youth, the Department of Social Protection, the Department of Health/HSE and the Probation Service.

We may on occasion pass your information to third party service providers, agents, subcontractors and other associated organisations for the purpose of completing tasks and providing services to you. For example, information to banks/financial institutions in order to make payments; information to insurance companies, pension trustees and administrators, legal advisors, trade unions etc.  We will only disclose the personal information necessary to the task at hand and where possible will have a contract in place that requires them to keep your information secure.

In any case, we guarantee that we will not sell or rent your personal information to third-parties and neither we will share them for marketing purposes.

How we keep your information safe

Pobal takes our security responsibilities seriously, employing the most appropriate organizational, physical and technical measures to safeguard your personal data, and regularly review these measures.  All our webpages are secure using the latest Secure Sockets Layer (SSL) security standards.  When you are on a secure page, a lock icon will appear within the address bar.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Cookie Notice

Like many organisations, we use technology on our websites to collect information that helps us enhance your experience and our services. Cookies are small text files that are placed on your computer by websites that you visit. The cookies we use allow our websites to work, or work more efficiently, as well as help us understand what information is most useful to our visitors.

You can view our cookie notice here.

What are your rights

The General Data Protection Regulation (GDPR) has introduced new rights to individuals in relation to their personal data.

Accordingly, we have implemented efficient procedures that enable you to easily and fully exercise those rights. As available and except as limited under applicable law, the rights afforded to individuals are:

  • Right of Access – the right to be informed of and request access to the personal data we process about you;
  • Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete;
  • Right to Erasure – the right to request that we delete your personal data;
  • Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data;
  • Right to Object – the right, at any time, to object to us processing your personal data on grounds relation to your particular situation;
  • the right to object to your personal data being processed for direct marketing purposes.

How to exercise your rights

Where to forward your request

If you want to exercise any of your rights as outlined above, please contact our Data Protection Officer at dataprotection@pobal.ie or by writing to us at:

DPO, Pobal HQ, 2nd Floor Ormond Building,

31-36 Upper Ormond Quay,

Dublin 7

When we will answer your request

It is our responsibility to respond to each of the above-mentioned requests within one month from their receipt.

Nevertheless, it may occur, where requests are particularly complex or that we have received a high number of such requests, that we may require additional time to respond you.  In this case, we assure to provide you the reasons of such delay and to reply within a maximum of three months.

What are the costs of the request

As prescribed by the law, you will not be charged for any of the actions taken to fulfil your data protection rights.

What information the request should contain

Any requests must meet the following requirements:

  • It must be in writing
  • It should contain a valid proof of your identity
  • It should provide a description of the specific personal data you wish to:
  • Access
  • Rectify
  • Erase
  • Object

How to Make a Complaint

If you have a complaint about the use of your personal information, please let us know to give us the opportunity to put things right as quickly as possible.

You can make a complaint by emailing us at: complaints@pobal.ie

Please be assured that all complaints received will be fully investigated. We ask that you supply as much information as possible to help our staff resolve your complaint quickly.

However, if you intend to direct your complaint/concerns to the Office of the Data Protection Commission the contact details are:

Telephone: 076 110 4800 or 057 868 4800

Email: info@dataprotection.ie

Webform: https://forms.dataprotection.ie/contact

Postal address:  Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28

Updates to this Notice

We will make changes to this notice from time to time, particularly when there is a change to how we use your information, when new programmes come on stream or when there are changes to our technology.

You can always find an up-to-date version of this notice when you log onto our website.

This notice was last updated in November 2020.