Privacy notice

This Notice provides you with information regarding the personal data about you which is held by the Referendum Commission. 

The Referendum Commission fully respects your right to privacy.  Your personal data will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (“Data Protection legislation”). 

This Notice uses certain words or terms which have a particular meaning under GDPR and Data Protection legislation.  See the Definitions section of this Notice for an explanation or definition of the words.

The role of the Referendum Commission is to communicate factual information about referendums in a neutral and impartial manner. Your personal data is held by the Referendum Commission (or ‘the Commission’ in this notice) which is the data controller for the purposes of Data Protection legislation. 

The Commission is independent in the performance of its functions and is supported by a secretariat from the Office of the Ombudsman. Certain ‘in house’ services or facilities are jointly shared by the Commission and the Office of the Ombudsman – these services include, for example, corporate services, finance and ICT.  The Office of the Ombudsman is therefore a joint controller in so far as personal data relating to such shared services is concerned.

We may be contacted at:

Referendum Commission, 6 Earlsfort Terrace, Dublin 2, DO2 W773. 

Telephone: (01) 639 5695

Email:  refcom@refcom.ie

Our Data Protection Officer may be contacted at:

Email:  dataprotection@ombudsman.ie

Telephone: (01) 639 5760

Postal Address: 6 Earlsfort Terrace, Dublin 2, DO2 W773.    

The Data Protection Officer is designated for the Office of the Ombudsman, OIC, OCEI, SIPOC, CPSA and the Referendum Commission.

A large amount of the personal data which we hold about you is provided by you in your phone calls, letters, emails or other communications with the Commission. 

We also hold personal data which has been provided by third parties.  Where this occurs, further details are provided below.

The personal data we hold and where it comes from will depend on the type of interaction you have with the Commission. 

People who make an enquiry

We hold information (personal data) about people who contact the Commission to make an enquiry.  This personal data includes, for example, your name and contact details, details relating to your enquiry or the purpose of your contact and any other personal data which you provide. 

Groups applying to become approved bodies

We hold information (personal data) about people who contact the Commission to make an application on behalf of groups to become approved bodies for the purpose of the referendum.  This personal data includes, for example, your name and contact details, details relating to your application and any other personal data which you provide. 

This information is shared with the Department of Housing, Planning and Local Government for the purpose of notifying the referendum returning officer and Irish Oifigiúil for the purpose of publishing the results of applications, as required by the legislation.

Visitors to our website

When someone visits refcom.ie we collect standard internet log information and details of visitor behaviour patterns. We do this for statistical purposes to find out things such as the number of visitors to the various parts of the site.

We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information through our website and will explain what we intend to do with it.

Emailing our office 

We are part of the Government Services network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used.

Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Statutory requests to this office

We hold personal data about people who make statutory requests to the Commission, including for example people who make an FOI request or Data Protection access request looking for records or information held by the Commission.  The personal data includes your name and contact details and information relating to the statutory request. 

If a statutory request is still ongoing on dissolution of the Commission, control of the records transfers to the Standards in Public Office Commission.

These statutory requests made to the Commission could also include personal data about someone other than the person making the request.  Whether they contain personal data and, if so, the type of personal data, will depend on the request.  This information comes from the person making the request.

Suppliers / service providers / other people in contact with this office

We hold personal data about you where there has been contact between the Commission and yourself in relation to various matters, for example, contact regarding the supply of goods or services. This personal data includes your name, contact details and information relating to the provision of goods or services. It comes from your interactions with us.

Webinars & video conferences

When the Office hosts webinars or video conferences, it will require the name, contact number and email address of attendees to facilitate their attendance. Delegate lists will not be published by the Office but attendees' names may be visible to others during the event. We request that attendees use their work contact information where possible, to avoid the unnecessary collection of personal contact details. Similarly, attendees should avoid sharing personal data in any shared ‘chat’ facility as that data may be processed by the service provider.

 The Office may record webinars for information purposes. It will provide advance notification when an event is being recorded. Recorded events capture the image and audio of any presenters. Attendees may have the option of sharing their image and audio during the session. If they choose to do so, this will also be captured in the recording. Where events feature a moderated Q&A, attendees who choose to interact with the Q&A may have their comments published and viewed by others at the event and they will also form part of the recording.

Attendees should ensure that they follow their own organisational policies and guidelines for video-conferencing, so they know what rules to follow and steps to take to minimise data protection risks. They should also familiarise themselves with the online service provider’s privacy policy to inform themselves as to how that provider processes personal data.

Others

We have described above all the main categories of people whose personal data we hold.  We can hold data about people who do not fall within these categories.  For example, from time to time we hold personal data about people attending meetings or events with the Commission.  We confirm that all personal data is treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and Data Protection legislation. 

Functions under the Referendum Act

We use the information about you so that the Commission can carry out our functions under the Referendum Act 1998 as amended by the Referendum Act 2001.

In other words, we will have to process your data in order to carry out our role to:

• explain to people what the referendum proposal means
• make sure people know a referendum is being held
• encourage people to vote in the referendum

 

In legal terms, our use of personal data is:

• necessary for the performance by the Commissioner of a task carried out in the public interest or in the exercise of official authority vested in the Commissioner
• necessary for reasons of substantial public interest, on the basis of the Data Protection legislation which is proportionate, respects the essence of the right to data protection and provides suitable and specific measures to safeguard your fundamental rights and interests.

General administration & compliance with legal obligations

We also hold information about you for the purpose of responding to statutory requests made to the Commission (such as access requests under the FOI Act 2014, the Data Protection Act and the Access to Information on the Environment Regulations).  Doing this is necessary for compliance with the Commission’s legal obligations. 

We also publish statistics, but not in a form which identifies anyone.

Personal contact information from groups applying to become approved bodies is shared with the Department of Housing, Planning and Local Government for the purpose of notifying the referendum returning officer and Irish Oifigiúil for the purpose of publishing the results of applications, as required by the legislation.

If a statutory request is still ongoing on dissolution of the Commission, control of the records transfers to the Standards in Public Office Commission.

Joint controller: As explained above, the Office of the Ombudsman is joint controller of certain data relating to such services as corporate services, finance and ICT.  For data protection purposes your personal data is considered to be shared with the Office of the Ombudsman.

In addition to the sharing of data with the Office of the Ombudsman as joint controller, your data is shared by the Commission as set out below.

On occasion, we share your information with service providers, including, for example, translators

Our Records Retention Policy sets out the time periods for different types of record.  See the table below for further details:

 

 

Under Data Protection legislation you have certain rights in relation to personal data about you which is held by the Commission.  These rights arise in certain circumstances and are subject to certain restrictions.  The rights are:

• right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
• right to rectification – you have the right to request that inaccurate personal data be corrected and that incomplete personal data be completed
• right to erasure (or right to be forgotten) – you have the right to request that personal data be deleted
• right to restriction of processing or objection to processing – you have the right to request that our use or processing of your data be restricted or to object to our processing of your data. You do not have the right to object to the processing of personal data relating to your political opinion by the Commission.
• right to data portability – you have the right to request that personal data be given to you or another person in a transferable or machine readable form.
• if your personal data is held by us on the basis of your consent (or explicit consent), you have the right to withdraw that consent at any time.

If you would like to exercise any of your rights, please contact:

The Data Protection Officer

Email:  dataprotection@ombudsman.ie

 

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

You also have the right to lodge a complaint with the Data Protection Commission.  The Data Protection Commission may be contacted at:

Website: www.dataprotection.ie

Email:  info@dataprotection.ie

Telephone:  (0761) 104 800; Lo-Call 1890 25 22 31. 

Postal Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28. 

This privacy notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of the Commission’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Please feel free to contact us. 

We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set, and are not deleted by the tool. You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

Data Protection Act 2018  Amongst other things, this Act gives further effect to the GDPR (see below) in areas where Member State flexibility is permitted. 

Data Protection Officer  The GDPR requires some organisations to designate a Data Protection Officer (DPO).  Article 39 of the GDPR states that the data protection officer “shall have at least the following tasks:

1. to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
3. to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
4. to cooperate with the supervisory authority;
5. to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.”

Data Subject means the identified or identifiable natural person to whom the personal data relates – see also the definition of personal data below.

The General Data Protection Regulations (GDPR) is an EU Regulation relating to data protection which came into force on 25 May 2018. 

Joint Controller.  Where two or more controllers (see above) joint determine the purposes and means of processing, they are joint controllers.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject ’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.