Here you can find information on:
- When the Houses of the Oireachtas may deal with your personal information
- How the personal information will be dealt with
- Your rights about your personal information
- Social media and third party websites
- Sensitive personal information
Who is issuing this notice and why
The Houses of the Oireachtas Commission is the statutory body that manages and supports the work and services that are necessary for the Houses of the Oireachtas to operate. The Houses of the Oireachtas Service is, broadly, the work and services that are performed on behalf of the Houses of the Oireachtas Commission and the people who perform them. In this page, the two are generally referred to as "the Service". The address of the Service is Leinster House, Dublin 2. The Service’s data protection officer will be your usual point of contact about the matters that this privacy notice relates to.
The Service is issuing this privacy notice because of its duties under the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. This privacy notice applies from that date.
Data protection officer
If you have any concerns or queries about how your personal data is processed via this website, please do not hesitate to contact our data protection officer, Jennifer McGrath.
Houses of the Oireachtas Service
+353 1 618 4712
Controller and processor explained
To describe what will happen to your personal information when you use the website Oireachtas.ie, the Service needs to tell you about a couple of legal terms.
Usually the Service decides what happens to your personal information, and how it is dealt with. The Service is then known as the controller of the personal information. The Service is the controller of your personal information if, for example, you provide the personal information to book a tour of the Houses, make a query to the Press Office, make a query to the Library & Research Service, or subscribe to our email alerts.
But sometimes the Service deals with your personal information on someone else’s behalf. Then the Service is known as a processor. The Service is a processor for most of the personal information you provide when, for example, you click an email link to a Deputy, Senator or Committee to send them a message by email. To find out more about what the Deputy, Senator or Committee will do with your personal information, you need to consult the privacy notice of the person or Committee in question. For example, the Joint Committee on Public Petitions has a Privacy Notice about petitions submitted to it.
As you will see below, the Service also retains processors to deal with personal information on its behalf. Indeed, sometimes these sub-contract to so-called sub-processors. Each of these is bound by contract with the Service to safeguard your personal information, and your privacy and other rights associated with it.
The Service is setting out in this privacy notice the grounds on which it will deal with personal information belonging to you and to other people, along with some common examples. The Service is also letting you know what conditions apply (often to protect your privacy) to how it can deal with personal information. If unusual circumstances arise not covered by this privacy notice, the Service will communicate with you specifically about these.
When you visit the Houses of the Oireachtas website
When you visit Oireachtas.ie some information is automatically retrieved about your visit to the website. The information that may be retrieved includes:
- your IP address (this is the identifying details for your computer (or your internet company's computer), expressed in internet protocol (IP) code (for example 192.168.72.34). Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.
- the search terms you used
- the pages you accessed on the website and the links you clicked
- the date and time you visited the site
- the referring site (if any) through which you clicked through to this site
- your operating system (for example, Windows or Mac)
- the type of web browser you use (for example, Chrome, Internet Explorer, Mozilla Firefox)
- other information like your screen resolution and the language setting of your browser.
This statistical information will be viewable by Service staff, contractors or third parties who provide administration and/or support services for the website. The information is used to produce summary reports on usage and performance of the Service’s online services, and to help it to analyse and improve the website content and functionality. The Service does not use any of the information above to identify visitors personally. The information is used in aggregate form only.
When you provide email details to the Service
When you provide your email address to the Service in connection with something that the Service can do for you as controller (look above for some illustrations), the Service will only use that personal information for the purpose described on the website.Stricter rules apply to some types of personal information which may be described as sensitive personal information. The type of personal information you are likely to give the Service will tend not to be sensitive. But it might arise where, for example, a tour is booked in the name of a denominational school, or a query is raised or subscription taken on behalf of a trade union or political party, or where an intending visitor has special access needs.
These principles apply in general terms to you too. You will sometimes be a controller of personal information jointly with the Service (for example when you book a tour on behalf of a tour party). We expect that personal information we receive will also be consistent with the purpose for which the email link is provided. If it is not, we will usually deal with it by deleting it.
In the overwhelming majority of instances where the Service deals with your personal information because you use the website, the Service will deal with that personal information on the basis of your consent. If you are asking the Service to deal with sensitive personal information, the Service will usually need your consent to be very specific and in writing. You may consent on behalf of a person under the age of 18 if you have parental responsibility for that person (this includes, for example, a legal guardian). You are allowed to withdraw your consent at any time. This won’t affect how the Service has already dealt with the personal information, but the Service won’t be able to deal with the personal information any more. In the case of email alerts, you will always have a clear mechanism to remove yourself from future mailings. You can withdraw your consent at least as easily as the way you gave it (for example, if you gave consent electronically, you may withdraw it electronically).
Anywhere on the website where you are offered the option of communicating with the Service by email, a link to this privacy notice will precede it, and the email window will contain a notice that by emailing, you confirm that you have read this privacy notice and understand it, and that your consent is informed by that understanding.
Other grounds for dealing with personal information
There are other grounds on which the Service will deal with your personal information, although they are unlikely to arise in the context of using the website. For example, the Service will deal with your personal information where the law requires it to do so. The Service, as a public body, is subject to the Freedom of Information Act and, although the type of personal information you provide in using the website tends to be exempt from disclosure under that Act, exemption can’t be guaranteed. The Service will also need to deal with your personal information if you exercise rights under data protection law. The Service will deal with your personal information where this is necessary to establish (including investigate), exercise, or defend a legal claim, including by disclosing it to its legal advisers and in proceedings before any relevant court, tribunal, arbitrator, mediator, or similar entity. The Service is allowed to deal with a person’s personal information in order to protect the vital interests of the person or of some other person. The Service may deal with personal information in the public interest or in the exercise of official authority.
The type of personal information you give the Service as a controller is normally kept within the Service, but there are exceptions. For example, the Service uses a processor to deal with your personal information where this is needed to deliver to you email alerts to which you have subscribed. That processor currently retains MailChimp as a sub-processor. Rarely, your personal information may be disclosed to the Service’s legal advisers, or to other people or bodies connected with a legal dispute, or to the Garda Síochána.
Transfer of information to third countries
Personal information the Service deals with and to which this privacy notice applies will more often than not be kept within the EU, but the transfer to MailChimp, which is based in the United States, is an exception. There may be others from time to time. Special provision is made in any contract between the Service and a processor outside the EU, or a processor which uses a sub-processor outside the EU, to safeguard your personal information, and your privacy and other rights in respect of it.
Retention of information
The Service will keep personal information only as long as is necessary for the purposes set out in this privacy notice, in accordance with its retention schedule, or as required by law, whichever is the longest. So, for example, personal information you give the Service in connection with email alerts is kept so long as you are a subscriber, but is deleted once you unsubscribe. Media queries are kept for five years.
Further dealing with information
It would be rare for the Service to deal with personal information for a purpose other than the purpose for which it received the information. If the Service does need to deal with the information in any further way, it will let you know before the dealing takes place.
You may ask the Service for a copy of your personal information. You may ask the Service to supplement or correct your personal information if it is incomplete or incorrect (including out of date). You may be able to ask the Service to delete personal information, especially if you have withdrawn consent to the Service’s dealing with it or the Service no longer needs it, or not to deal with it for the time being, for example, if you think it is incorrect. If the Service is dealing with your personal information on the basis of your consent, you can normally require the Service to forward it on to some other person named by you. You may object at any time to the Service’s dealing with personal information it is dealing with in the exercise of official authority or in the public interest, although this entitlement is subject to many legal qualifications depending on the personal information and why the Service is dealing with it. You are entitled not to be subject to automated decision making, including profiling.
If you are not content with how the Service is dealing with your personal information, you may bring your dissatisfaction to the attention of the Data Protection Commissioner.
The Service maintains a presence on several social media platforms including Twitter and Facebook. Any information, communications, or materials you submit to the Service by way of a social media platform is done at your own risk without any expectation of privacy. The Service cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Third party websites
Sensitive personal information means personal information about a person’s
- ethnic background
- political opinions
- philosophical beliefs
- membership of a trade union
- genes (biological inheritance)
- biometric data (such as fingerprints on a passport)
- sex life
- sexual orientation
- alleged commission of criminal offences
- criminal convictions
- being subject to security measures related to criminal offences or convictions
What are cookies?
Cookies are small pieces of information, stored in simple text files, placed on your computer by a website. Some cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the webpage, or a unique identification number so that the website can remember you on your return visit. Other cookies are deleted when you close your web browser and only relate to the working of the website. Generally speaking, cookies do not contain personal information from which you can be identified, unless you have provided personal information to the website.
[A web browser is the piece of software you use to read web pages. Examples are Microsoft Internet Explorer, Mozilla Firefox and Google Chrome.]
- When you first visit Oireachtas.ie you see a message informing you about cookies. If you click the Accept & close button, Oireachtas.ie will set a cookie which records your preference.
- Analytical cookies from Google Analytics are used throughout the website. These cookies collect information that is used in aggregate form to help the Service understand how its website is being used.
Third party cookies
Some cookies that have been set on the Service website are not related to the Houses of the Oireachtas. If you visit a page on the Service website with content embedded from, for example, YouTube, that service provider may use its own cookies. The Service does not control the use of these cookies - they can be accessed only by the party that originally set them. You should check the third party websites for more information about these cookies.