This Notice provides you with information regarding the personal data about you which is held by the Commission for Public Service Appointments.
The Commission for Public Service Appointments fully respects your right to privacy. Your personal data will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and Data Protection legislation.
This Notice uses certain words or terms which have a particular meaning under GDPR and Data Protection legislation. See the Definitions section of this Notice for an explanation or definition of the words.
Your personal data is held by the Commission for Public Service Appointments (or ‘the CPSA’ in this notice) which is the data controller for the purposes of GDPR and Data Protection legislation purposes. The Ombudsman is a member of the CPSA. Certain ‘in house’ services or facilities of the CPSA are jointly shared with the Office of the Ombudsman – these services include, for example, corporate services, finance and IT. The Office of the Ombudsman is therefore a joint controller in so far as data relating to such shared services is concerned.
We may be contacted at:
6 Earlsfort Terrace, Dublin 2. DO2 W773.
Telephone: (01) 639 5750
Email: info@cpsa.ie
Our Data Protection Officer may be contacted at:
Email: dataprotection@ombudsman.ie Telephone: (01) 639 5645
Postal Address: 6 Earlsfort Terrace, Dublin 2, DO2 W773.
The Data Protection Officer is designated for the Office of the Ombudsman, OIC, OCEI, SIPOC, CPSA and the Referendum Commission.
A very large amount of the personal data which we hold about you is provided by you in your phone calls, letters, emails or other communications with us.
We also hold personal data which has been provided by someone else or by someone on your behalf. Where this occurs, further details are provided below.
The personal data we hold and where it comes from will depend on the type of interaction you have with us.
We hold personal data about requesters under Section 8 of the Code of Practice. The type of data we hold will depend on the particular case but can include your: contact details; application information; interview/assessment notes; employment history; qualifications; references; HR records (PMDS, cases brought under the Bully and Harassment Policy and/or grievance procedures); legal cases taken against employers; complaints pursued through the WRC. It can also include such health data, data relating to religious or political beliefs and data relating to criminal convictions or offences as may be disclosed.
This data is provided by the data subject (the person to whom the information relates) or by the public body.
We hold personal data about other persons involved in a selection process which has been the subject of a complaint under Section 8 of the Code of Practice. This can include other applicants, selection board members and staff of the public body involved in the administration of the process.
The data we hold can include your: contact details; interview/ assessment notes; application information; employment history; qualifications; references. It can also include such health data, data relating to religious or political beliefs and data relating to criminal convictions or offences as may be disclosed.
This data is provided by either the person who has made the complaint or the public body to which the complaint refers.
We hold personal data about persons involved in a selection process which has been the subject to audit under Section 3 of the Code of Practice. This can include other applicants, selection board members and staff of the public body involved in the audit.
The data we hold can include your: contact details; interview/ assessment notes; application information; employment history; qualifications; references. It can also include such health data, data relating to religious or political beliefs and data relating to criminal convictions or offences as may be disclosed.
This data is generally provided by the public body subject to which the audit refers. On occasion is may be provided by a third party that has disclosed information to the CPSA.
We hold personal data about persons who are subject to a request for an excluding order under Section 11 of the Act. The type of data will depend on the particular case but can include your: name, contact details, employment history; qualifications.
This data is provided by the public body responsible for the making the request.
We hold personal data about staff of public bodies in relation to their administration of matters relating to the CPSA. This includes the administration of matters relating to the CPSA’s:
The personal data we hold includes the name, contact details, grade/role of the staff member and information relating to the performance of their functions. This personal data comes from the public body or the staff member who is in contact with the CPSA and includes personal data in the communications regarding the handling of the CPSA matter or other communications with us.
We hold personal data about staff in recruitment agencies, which includes contact details, qualifications and employment histories. It is provided to us by the recruitment agencies.
We hold personal data about people making enquiries in relation to the CPSA’s various functions under the Act. This can include queries in relation to the CPSA’s:
This data is provided by you, the person making the enquiry, or by your representative.
We hold personal data about requesters under the Protected Disclosure Act. This data can include your: contact details; interview/ assessment notes; application information; employment history; qualifications; references; HR records (PMDS, claims under the Bully and Harassment Policy and/or grievance procedures); legal cases taken against employers and complaints pursued through the WRC. It can also include such health data, data relating to religious or political beliefs and data relating to criminal convictions or offences as may be disclosed.
This data is provided by you or your representative.
We hold personal data about people who make statutory requests to the CPSA, including for example people who make an FOI request or Data Protection access request looking for records or information from us. The personal data includes your name and contact details and information relating to the statutory request.
These statutory requests made to the CPSA could also include personal data about someone other than the person making the request. Whether they contain personal data and, if so, the type of personal data will depend on the request. This information comes from the person making the request.
We hold personal data about representatives who make enquiries or who make requests on behalf of someone else. This data includes the name, contact details and details relating to the representative capacity or relationship with the person on whose behalf the enquiry or application is made. It also includes any other personal data which the representative provides.
This data is provided by the data subject (the representative).
When someone visits www.cpsa.ie we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.
We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information through our website and will explain what we intend to do with it.
We are part of the Government Services network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used.
Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We hold personal data about you where there has been contact between the CPSA and yourself in relation to various matters, including e.g. contact regarding the supply of goods or services or invitations to the CPSA to make presentations to seminars, attend conferences etc. This personal data includes your name, contact details and information relating to the goods or services, the seminar, conference etc. It comes from your interactions with us.
When the Office hosts webinars or video conferences, it will require the name, contact number and email address of attendees to facilitate their attendance. Delegate lists will not be published by the Office but attendees' names may be visible to others during the event. We request that attendees use their work contact information where possible, to avoid the unnecessary collection of personal contact details. Similarly, attendees should avoid sharing personal data in any shared ‘chat’ facility as that data may be processed by the service provider.
The Office may record webinars for information purposes. It will provide advance notification when an event is being recorded. Recorded events capture the image and audio of any presenters. Attendees may have the option of sharing their image and audio during the session. If they choose to do so, this will also be captured in the recording. Where events feature a moderated Q&A, attendees who choose to interact with the Q&A may have their comments published and viewed by others at the event and they will also form part of the recording.
Attendees should ensure that they follow their own organisational policies and guidelines for video-conferencing, so they know what rules to follow and steps to take to minimise data protection risks. They should also familiarise themselves with the online service provider’s privacy policy to inform themselves as to how that provider processes personal data.
We have described above all the main categories of people whose personal data we hold. We can hold data about people who do not fall within these categories. For example, from time to time we hold personal data about people attending meetings or events with the CPSA. We confirm that all personal data is treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and Data Protection legislation.
We use the information about you so that the CPSA can carry out its functions under the Act. In other words, in order to carry out these functions, we will have to process your data.
In legal terms, our use of personal data is:
If you would like to exercise any of your rights, please contact: The Data Protection Officer
Email: dataprotection@ombudsman.ie
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
You also have the right to lodge a complaint with the Data Protection Commission. The Data Protection Commission may be contacted at:
Website: www.dataprotection.ie
Email: info@dataprotection.ie
Telephone: (0761) 104 800; Lo-Call 1890 25 22 31.
Postal Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.
This privacy notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of the collection and use of personal data by CPSA. However, we are happy to provide any additional information or explanation needed. Please feel free to contact us.
We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set, and are not deleted by the tool. You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.
Data Subject means the identified or identifiable natural person to whom the personal data relates – see also the definition of personal data below.
The General Data Protection Regulations (GDPR) is an EU Regulation relating to data protection which came into force on 25 May 2018.
Joint Controller. Where two or more controllers (see above) joint determine the purposes and means of processing, they are joint controllers.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject ’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Created: May 2018
Modified: October 2019
Modified: November 2020