The Houses of the Oireachtas Service respects the rights of all users of our online services and we take your privacy very seriously. This privacy policy outlines how we collect and use information when you use our website, social media accounts and app.

Here you can find information on:

Who is issuing this notice and why

The Houses of the Oireachtas Commission is the statutory body that manages and supports the work and services that are necessary for the Houses of the Oireachtas to operate. The Houses of the Oireachtas Service is, broadly, the work and services that are performed on behalf of the Houses of the Oireachtas Commission and the people who perform them. In this page, the two are generally referred to as "the Service". The address of the Service is Leinster House, Dublin 2. The Service’s data protection officer will be your usual point of contact about the matters that this privacy notice relates to.
The Service is issuing this privacy notice because of its duties under the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. This privacy notice applies from that date.

Data protection officer

If you have any concerns or queries about how your personal data is processed via this website, please do not hesitate to contact our data protection officer, Jennifer McGrath.

Houses of the Oireachtas Service
Kildare Street
Dublin 2
D02 XR20
+353 1 618 4712
dataprotection@oireachtas.ie

Controller and processor explained

To describe what will happen to your personal information when you use the website Oireachtas.ie, the Service needs to tell you about a couple of legal terms.

Usually the Service decides what happens to your personal information, and how it is dealt with. The Service is then known as the controller of the personal information. The Service is the controller of your personal information if, for example, you provide the personal information to book a tour of the Houses, make a query to the Press Office, make a query to the Library & Research Service, or subscribe to our email alerts.
But sometimes the Service deals with your personal information on someone else’s behalf. Then the Service is known as a processor. The Service is a processor for most of the personal information you provide when, for example, you click an email link to a Deputy, Senator or Committee to send them a message by email. To find out more about what the Deputy, Senator or Committee will do with your personal information, you need to consult the privacy notice of the person or Committee in question. For example, the Joint Committee on Public Petitions has a Privacy Notice about petitions submitted to it.
As you will see below, the Service also retains processors to deal with personal information on its behalf. Indeed, sometimes these sub-contract to so-called sub-processors. Each of these is bound by contract with the Service to safeguard your personal information, and your privacy and other rights associated with it.

Authority and permission to use personal information - relevant conditions

The Service is setting out in this privacy notice the grounds on which it will deal with personal information belonging to you and to other people, along with some common examples. The Service is also letting you know what conditions apply (often to protect your privacy) to how it can deal with personal information. If unusual circumstances arise not covered by this privacy notice, the Service will communicate with you specifically about these.

When you visit the Houses of the Oireachtas website

When you visit Oireachtas.ie some information is automatically retrieved about your visit to the website. The information that may be retrieved includes:

  • your IP address (this is the identifying details for your computer (or your internet company's computer), expressed in internet protocol (IP) code (for example 192.168.72.34). Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.
  • the search terms you used
  • the pages you accessed on the website and the links you clicked
  • the date and time you visited the site
  • the referring site (if any) through which you clicked through to this site
  • your operating system (for example, Windows or Mac)
  • the type of web browser you use (for example, Chrome, Internet Explorer, Mozilla Firefox)
  • other information like your screen resolution and the language setting of your browser.

This statistical information will be viewable by Service staff, contractors or third parties who provide administration and/or support services for the website. The information is used to produce summary reports on usage and performance of the Service’s online services, and to help it to analyse and improve the website content and functionality. The Service does not use any of the information above to identify visitors personally. The information is used in aggregate form only.

When you provide email details to the Service

When you provide your email address to the Service in connection with something that the Service can do for you as controller (look above for some illustrations), the Service will only use that personal information for the purpose described on the website.Stricter rules apply to some types of personal information which may be described as sensitive personal information. The type of personal information you are likely to give the Service will tend not to be sensitive. But it might arise where, for example, a tour is booked in the name of a denominational school, or a query is raised or subscription taken on behalf of a trade union or political party, or where an intending visitor has special access needs.

These principles apply in general terms to you too. You will sometimes be a controller of personal information jointly with the Service (for example when you book a tour on behalf of a tour party). We expect that personal information we receive will also be consistent with the purpose for which the email link is provided. If it is not, we will usually deal with it by deleting it.

In the overwhelming majority of instances where the Service deals with your personal information because you use the website, the Service will deal with that personal information on the basis of your consent. If you are asking the Service to deal with sensitive personal information, the Service will usually need your consent to be very specific and in writing. You may consent on behalf of a person under the age of 18 if you have parental responsibility for that person (this includes, for example, a legal guardian). You are allowed to withdraw your consent at any time. This won’t affect how the Service has already dealt with the personal information, but the Service won’t be able to deal with the personal information any more. In the case of email alerts, you will always have a clear mechanism to remove yourself from future mailings. You can withdraw your consent at least as easily as the way you gave it (for example, if you gave consent electronically, you may withdraw it electronically).

Anywhere on the website where you are offered the option of communicating with the Service by email, a link to this privacy notice will precede it, and the email window will contain a notice that by emailing, you confirm that you have read this privacy notice and understand it, and that your consent is informed by that understanding.

Other grounds for dealing with personal information

There are other grounds on which the Service will deal with your personal information, although they are unlikely to arise in the context of using the website. For example, the Service will deal with your personal information where the law requires it to do so. The Service, as a public body, is subject to the Freedom of Information Act and, although the type of personal information you provide in using the website tends to be exempt from disclosure under that Act, exemption can’t be guaranteed. The Service will also need to deal with your personal information if you exercise rights under data protection law. The Service will deal with your personal information where this is necessary to establish (including investigate), exercise, or defend a legal claim, including by disclosing it to its legal advisers and in proceedings before any relevant court, tribunal, arbitrator, mediator, or similar entity. The Service is allowed to deal with a person’s personal information in order to protect the vital interests of the person or of some other person. The Service may deal with personal information in the public interest or in the exercise of official authority.

How the personal information will be dealt with

The type of personal information you give the Service as a controller is normally kept within the Service, but there are exceptions. For example, the Service uses a processor to deal with your personal information where this is needed to deliver to you email alerts to which you have subscribed. That processor currently retains MailChimp as a sub-processor. Rarely, your personal information may be disclosed to the Service’s legal advisers, or to other people or bodies connected with a legal dispute, or to the Garda Síochána.

Transfer of information to third countries

Personal information the Service deals with and to which this privacy notice applies will more often than not be kept within the EU, but the transfer to MailChimp, which is based in the United States, is an exception. There may be others from time to time. Special provision is made in any contract between the Service and a processor outside the EU, or a processor which uses a sub-processor outside the EU, to safeguard your personal information, and your privacy and other rights in respect of it.

Retention of information

The Service will keep personal information only as long as is necessary for the purposes set out in this privacy notice, in accordance with its retention schedule, or as required by law, whichever is the longest. So, for example, personal information you give the Service in connection with email alerts is kept so long as you are a subscriber, but is deleted once you unsubscribe. Media queries are kept for five years.

Further dealing with information

It would be rare for the Service to deal with personal information for a purpose other than the purpose for which it received the information. If the Service does need to deal with the information in any further way, it will let you know before the dealing takes place.

Your rights about your personal information

You may ask the Service for a copy of your personal information. You may ask the Service to supplement or correct your personal information if it is incomplete or incorrect (including out of date). You may be able to ask the Service to delete personal information, especially if you have withdrawn consent to the Service’s dealing with it or the Service no longer needs it, or not to deal with it for the time being, for example, if you think it is incorrect. If the Service is dealing with your personal information on the basis of your consent, you can normally require the Service to forward it on to some other person named by you. You may object at any time to the Service’s dealing with personal information it is dealing with in the exercise of official authority or in the public interest, although this entitlement is subject to many legal qualifications depending on the personal information and why the Service is dealing with it. You are entitled not to be subject to automated decision making, including profiling.

Redress

If you are not content with how the Service is dealing with your personal information, you may bring your dissatisfaction to the attention of the Data Protection Commissioner.

Social media

The Service maintains a presence on several social media platforms including Twitter and Facebook. Any information, communications, or materials you submit to the Service by way of a social media platform is done at your own risk without any expectation of privacy. The Service cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Third party websites

The website includes links to other websites. These third party websites have their own privacy policies, and are also likely to use cookies. The Service encourages you to carefully read the privacy policy of any website you visit.

Sensitive personal information

Sensitive personal information means personal information about a person’s

  • race
  • ethnic background
  • political opinions
  • religion
  • philosophical beliefs
  • membership of a trade union
  • genes (biological inheritance)
  • biometric data (such as fingerprints on a passport)
  • health
  • sex life
  • sexual orientation
  • alleged commission of criminal offences
  • criminal convictions
  • being subject to security measures related to criminal offences or convictions

Cookie policy

What are cookies?

Cookies are small pieces of information, stored in simple text files, placed on your computer by a website. Some cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the webpage, or a unique identification number so that the website can remember you on your return visit. Other cookies are deleted when you close your web browser and only relate to the working of the website. Generally speaking, cookies do not contain personal information from which you can be identified, unless you have provided personal information to the website.

[A web browser is the piece of software you use to read web pages. Examples are Microsoft Internet Explorer, Mozilla Firefox and Google Chrome.]

When does the Houses of the Oireachtas website use cookies?

Oireachtas.ie uses cookies in a number of places:

  • When you first visit Oireachtas.ie you see a message informing you about cookies. If you click the Accept & close button, Oireachtas.ie will set a cookie which records your preference.
  • Analytical cookies from Google Analytics are used throughout the website. These cookies collect information that is used in aggregate form to help the Service understand how its website is being used.

Third party cookies

Some cookies that have been set on the Service website are not related to the Houses of the Oireachtas. If you visit a page on the Service website with content embedded from, for example, YouTube, that service provider may use its own cookies. The Service does not control the use of these cookies - they can be accessed only by the party that originally set them. You should check the third party websites for more information about these cookies.

Controlling cookies

You have the right to decide whether to accept or reject cookies. To do this you should go to your web browser controls where you can set or amend your cookie preferences. If you choose to reject cookies, you may still use the Service website though your ability to use some areas of the website may be limited. As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser’s Help menu for more information. The following links may help you find out more about how to manage your cookies in the most popular browsers.

Mozilla Firefox

Google Chrome

Internet Explorer

Safari for Mac

Safari for iOS

Google Chrome on Android

 

The Service may change this privacy policy at any time and from time to time.
Last updated: 18 May 2018