At Pobal, we are committed to protecting and respecting your rights under data protection law. We respect your trust in us.
In this notice, we explain how we collect personal information about you, how we use it and how you can interact with us about it.
This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR). The GDPR, together with associated Irish data protection law, places enhanced accountability and transparency obligations on organisations when using your information. The GDPR also gives you greater control over your personal information, including a right to access, amend or erasure your personal information.
Please take time to read this notice carefully. If you have any questions about how we use your information, please contact our Data Protection Officer at email@example.com
This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information. You can get more detailed information by viewing the relevant programme Privacy Notice. The list of programmes which Pobal provide management and support services to on behalf of government can be viewed at: https://www.pobal.ie/programmes/
Who we are
Pobal works on behalf of Government to support communities and local agencies toward achieving social inclusion outcomes. Pobal does this by managing funding and providing supports for relevant Government funded programmes.
Information we collect about you
To meet our regulatory and statutory obligations in the administration and delivery of government programmes, we will collect some personal information directly from you (such as data to identify you and your contact information), and information about you from other third parties (such as, for example, the Office of the Revenue Commissioners, Department of Social Protection (DSP).
Further personal and special categories of personal information is collected depending on the contract or programme you are involved with, such as:
- Your financial details / financial circumstances / economic status
- PPSN numbers
- Information relating to recruitment and appointment, pension, trade union membership and other Industrial Relations / Human Resource processes
- Your gender, date of birth / age band
- Your ethnic/cultural background
- Demographic information such as geographic location
- Personal details of your child(ren)
- Medical and health information
- Information about you provided by others e.g. Office of the Revenue Commissioners and DSP
- Login and password credentials
- Photographic images (e.g. for publications or staff cards)
How we use your information
As Pobal works on behalf of government, we are legally required to hold information to fulfil regulatory and statutory obligations. We use information about you to: • Carry out our obligations arising from any contracts or programme services entered by you
- Process a grant or job application
- Comply with our obligations as an employer
- Notify you of any changes relevant to your contract or programme services
- Send you communications which are relevant to your contract or programme services
- Collect and analyse programme data and demographic information to enhance service delivery and support government policy
- Seek your views or comments on the supports we provide
- Create summary statistics, which allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally help us to make our site more user friendly
Lawful bases for processing your data
In order for the use of personal data to be lawful it should be processed on the basis of either the consent of an individual concerned or another legal basis, set out in the General Data Protection Regulation or in the Data Protection Act 2018.
In conjunction with the various government agencies, Pobal will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection and will process personal data under various legal bases depending on the purpose for which the data is collected.
We are aware that under the GDPR it is your right to withdraw, at any time, your consent to process your personal data.
Therefore, in case you intend to withdraw your consent, and we cannot rely on another lawful processing bases, we guarantee to promptly interrupt any processing activity concerning your personal data.
The lawful bases and Pobal’s data protection designation varies depending on the government programmes as outlined in the following table. The designation of data controller is the public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor processes personal data on behalf of the controller.
|Programme||Government Department/Agency (Data Controller)||Pobal’s Data Protection Designation|
Early Learning and Care
|Access and Inclusion Model (AIM)||Department of Children, Equality,|
Disability, Integration and Youth
|Better Start||DCEDIY||Data Processor|
|Comhairle naÓg Development Fund||DCEDIY||Data Processor|
|Community Childcare Subvention (CCS)||DCEDIY||Data Processor|
|County/City Childcare Committees (CCC)||DCEDIY||Data Processor|
|Early Childhood Care and Education (ECCE)||DCEDIY||Data Processor|
|Early Learning and Care and School Age Capital Programmes||DCEDIY||Data Processor|
|Learner Fund||DCEDIY||Data Processor|
|National Childcare Scheme (NCS)||DCEDIY||Data Processor|
|Training and Employment Childcare Programmes (TEC)||DCEDIY||Data Processor|
|Voluntary Childcare Organisations (VCO)||DCEDIY||Data Processor|
Social Inclusion and Equality
|Ability||Department of Social Protection (DSP)||Data Processor|
|Dormant Accounts Fund (DAF) – KickStart||Probation Service; Department of Justice||Joint Data Controller|
|Dormant Accounts Fund (DAF) – Measure 1: Social Enterprise – developing capacity in social organisations||DRCD||Data Processor|
|Dormant Accounts Fund (DAF) – Measure 2: Training and Support for Carers||DSP||Data Processor|
|Dormant Accounts Fund (DAF) –|
Measure 3/4 – Women Refugees
|Department of Justice (DJE)||Data Processor|
|Healthy Ireland Fund (HIF)||Department of Health||Data Processor|
|LEADER||Department Rural and Community Development (DRCD)||Data Processor|
|Scheme to Support National Organisations (SSNO)||DRCD||Data Processor|
|Seniors Alert Scheme (SAS)||DRCD||Joint Data Controller|
|Sláintecare Integration Fund (SIF)||Department of Health||Data Processor|
|SICAP||DRCD||Joint Data Controller|
Inclusive Employment and Enterprise
|Community Services Programme (CSP)||DRCD||Joint Data Controller|
|Rural Social Scheme (RSS)||DSP||Data Processor|
Pobal as an Organisation
|Employment and Business purposes||Pobal||Data Controller|
How long we retain your information
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or for as long as is set out in any relevant contract you hold with us.
This is subject to legislation and regulatory rules we must follow as set out by our government departments.
Who we share your personal information
Pobal may pass your information onto government departments, who are the data controllers of the programmes we administer on their behalf, such as the Department of Rural and Community Development, the Department of Children, Equality, Disability, Integration and Youth, the Department of Social Protection, the Department of Health/HSE and the Probation Service.
We may on occasion pass your information to third party service providers, agents, subcontractors and other associated organisations for the purpose of completing tasks and providing services to you. For example, information to banks/financial institutions in order to make payments; information to insurance companies, pension trustees and administrators, legal advisors, trade unions etc. We will only disclose the personal information necessary to the task at hand and where possible will have a contract in place that requires them to keep your information secure.
In any case, we guarantee that we will not sell or rent your personal information to third-parties and neither we will share them for marketing purposes.
How we keep your information safe
Pobal takes our security responsibilities seriously, employing the most appropriate organizational, physical and technical measures to safeguard your personal data, and regularly review these measures. All our webpages are secure using the latest Secure Sockets Layer (SSL) security standards. When you are on a secure page, a lock icon will appear within the address bar.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Like many organisations, we use technology on our websites to collect information that helps us enhance your experience and our services. Cookies are small text files that are placed on your computer by websites that you visit. The cookies we use allow our websites to work, or work more efficiently, as well as help us understand what information is most useful to our visitors.
What are your rights
The General Data Protection Regulation (GDPR) has introduced new rights to individuals in relation to their personal data.
Accordingly, we have implemented efficient procedures that enable you to easily and fully exercise those rights. As available and except as limited under applicable law, the rights afforded to individuals are:
- Right of Access – the right to be informed of and request access to the personal data we process about you;
- Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete;
- Right to Erasure – the right to request that we delete your personal data;
- Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data;
- Right to Object – the right, at any time, to object to us processing your personal data on grounds relation to your particular situation;
- the right to object to your personal data being processed for direct marketing purposes.
How to exercise your rights
Where to forward your request
If you want to exercise any of your rights as outlined above, please contact our Data Protection Officer at firstname.lastname@example.org or by writing to us at:
DPO, Pobal HQ, 2nd Floor Ormond Building,
31-36 Upper Ormond Quay,
When we will answer your request
It is our responsibility to respond to each of the above-mentioned requests within one month from their receipt.
Nevertheless, it may occur, where requests are particularly complex or that we have received a high number of such requests, that we may require additional time to respond you. In this case, we assure to provide you the reasons of such delay and to reply within a maximum of three months.
What are the costs of the request
As prescribed by the law, you will not be charged for any of the actions taken to fulfil your data protection rights.
What information the request should contain
Any requests must meet the following requirements:
- It must be in writing
- It should contain a valid proof of your identity
- It should provide a description of the specific personal data you wish to:
How to Make a Complaint
If you have a complaint about the use of your personal information, please let us know to give us the opportunity to put things right as quickly as possible.
You can make a complaint by emailing us at: email@example.com
Please be assured that all complaints received will be fully investigated. We ask that you supply as much information as possible to help our staff resolve your complaint quickly.
However, if you intend to direct your complaint/concerns to the Office of the Data Protection Commission the contact details are:
Telephone: 076 110 4800 or 057 868 4800
Postal address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
Updates to this Notice
We will make changes to this notice from time to time, particularly when there is a change to how we use your information, when new programmes come on stream or when there are changes to our technology.
You can always find an up-to-date version of this notice when you log onto our website.
This notice was last updated in November 2020.