This Privacy Notice (the “Notice”) provides you with information regarding the personal data about you which is held by the Standards in Public Office Commission (the “Commission”) under the following legislation:
The Commission fully respects your right to privacy. Your personal data will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (“Data Protection Legislation”).
This Notice uses certain terms which have a particular meaning under Data Protection Legislation. See the Definitions section of the Notice for an explanation or definition of the relevant terms.
The Standards Commission oversees the administration of legislation in four distinct areas:
What does the Standards Commission do?
The Standards Commission is supported in its work by a Secretariat, led by the Head of Ethics and Lobbying Regulation. Secretariat staff are provided by the Office of the Ombudsman.
Certain ‘in house’ services or facilities are jointly shared by the Ombudsman and the Office of the Information Commissioner, the Commissioner for Environmental Information, the Standards in Public Office Commission, the Commission for Public Service Appointments, and the Referendum Commission. These services include accommodation, finance, human resources, communications, legal and information technology (ICT). The Commission and the Office of the Ombudsman are joint controllers in so far as personal data relating to such shared services is concerned.
We may be contacted at:
Office of the Ombudsman, incorporating the Ombudsman and the Office of the Information Commissioner, the Commissioner for Environmental Information, the Standards in Public Office Commission, the Commission for Public Service Appointments, and the Referendum Commission.
6 Earlsfort Terrace, Dublin 2, DO2 W773.
Telephone: (01) 639 5600.
We have appointed a Data Protection Officer who can be contacted in relation to the details of the Notice. The Data Protection Officer may be contacted at:
Telephone: (01) 639 5760
Postal Address: 6 Earlsfort Terrace, Dublin 2, DO2 W773.
The Data Protection Officer is designated for the Office of the Ombudsman, and has responsibility for data requests for the Office of the Ombudsman, the Office of the Information Commissioner, the Commissioner for Environmental Information, the Standards in Public Office Commission, the Commission for Public Service Appointments, and the Referendum Commission
The personal data we hold and where it comes from will depend on the type of interaction you have with the Commission.
A large amount of the personal data which we hold about you is provided by you in your phone calls, letters, emails or other communications with the Commission.
We also hold your personal data where it has been provided by someone else or by someone on your behalf, known as third parties or representatives, respectively. Further details on this are provided below.
We hold information (personal data) about people who contact the Commission. This personal data includes, for example, your name and contact details, details relating to the purpose of your contact and any other personal data which you provide.
Prescribed Civil and Public Servants; Special Advisers; Members of the Oireachtas; Attorney General; Appointees to Senior Office; Witnesses of Statutory Declarations
We hold personal information (personal data) about the persons described above. This personal data includes, for example: name; contact details; statements of interests (which can include details of occupational income, shares, directorships, land, gifts, property and services, travel facilities, remunerated positions and contracts); tax clearance certificates; statutory declarations; certain forms of identifiers such as passport numbers; and driving licence numbers. The personal data can include special category personal data. The information provided is prescribed by statute.
This data is provided by: you; persons required to register; complainants; persons making enquiries; corporate donors; and publicly available information from the websites of other regulators, including the Companies Registration Office.
TDs; Senators; MEPs; appropriate officers of political parties; responsible persons of third parties; responsible persons of accounting units; responsible persons of corporate donors; national agents of political parties; election agents; and candidates at elections
We hold personal data about the persons described above. This personal data includes, for example: name; contact details; bank account details; details of Stripe or Go Fund Me accounts; statements of accounts, statutory declarations, donors, copies of invoices/receipts/VAT numbers. This personal data can include special category personal data. The information provided is prescribed by statute.
Complainants / Individuals Making Enquiries
We hold personal data about people who contact the Commission to make complaints or enquiries. This personal data includes, for example, your name and contact details, details in relation to your enquiry or the purpose of your contact and any other personal data which you provide, which can include special category personal data.
The Commission has power to carry oversee compliance and to carry out inquiries and investigations under the legislation (the Ethics in Public Office Act 1995 (as amended by the Standards in Public Office Act 2001); the Electoral Act 1997, as amended; the Oireachtas (Ministerial and parliamentary Offices) (Amendment) Act 2014, and Part 15 of the Local Government Act 2001.)
In conducting an investigation we get personal data about complainants, the subject of complaints, legal advisers, witnesses, consultants and service providers. The personal data includes, for example, names, contact details, details as to activities, financial assets or holdings, etc. Information may be obtained from publicly available sources as well as from complainants or other sources. The personal data can also include special category personal data.
In carrying out research, the Commission gets personal data from publicly available sources (such as the Companies Registration Office or media outlets).
This data is provided by the data subject, service providers, witnesses and other public bodies.
When someone visits www.sipo.ie we collect standard internet log information and details of visitor behaviour patterns. We do this for statistical purposes to find out things such as the number of visitors to the various parts of the Commission’s website.
We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.
We are part of Government Networks, which connects public service agencies on a data, voice and video capable network. Any email sent to us, including any attachments, may be monitored and processed by us for security purposes. Email monitoring or blocking software may also be used.
Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We hold personal data about people who make statutory requests to the Commission , including for example, people who make a Freedom of Information (“FOI”) request, a under the AIE Regulations or a data access request looking for records or information from the Commission , or an access request under Access to Information on the Environment(AIE) Regulations . The personal data held includes your name and contact details and information relating to the statutory request you have made.
A statutory request made to the Commission could also include personal data about someone other than the person making the request. Whether they contain personal data and, if so, the type of personal data will depend on the request. This information comes from the person making the request.
We hold personal data where there has been contact between you and the Commission in relation to various matters, including contact regarding the provision of goods or services or invitations to the Commission to make presentations, seminars, or attend conferences. Personal data held includes your name, contact details and information relating to the goods or services, the seminar, conference etc. The personal data is obtained from your interactions with us.
We ask all visitors to sign in and out at reception for security and safety reasons. Closed-circuit television (CCTV) operates in public areas of the building for security purposes.
We have Wi-Fi on site for the use of visitors. We provide the address and password. We record the device address and automatically allocate an IP address whilst on site. We log traffic information in the form of sites visited, duration and date sent/received. We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.
When the Office hosts webinars or video conferences, it will require the name, contact number and email address of attendees to facilitate their attendance. Delegate lists will not be published by the Office but attendees' names may be visible to others during the event. We request that attendees use their work contact information where possible, to avoid the unnecessary collection of personal contact details. Similarly, attendees should avoid sharing personal data in any shared ‘chat’ facility as that data may be processed by the service provider.
The Office may record webinars for information purposes. It will provide advance notification when an event is being recorded. Recorded events capture the image and audio of any presenters. Attendees may have the option of sharing their image and audio during the session. If they choose to do so, this will also be captured in the recording. Where events feature a moderated Q&A, attendees who choose to interact with the Q&A may have their comments published and viewed by others at the event and they will also form part of the recording.
We have described above all the main categories of people whose personal data we hold. We can hold data about people who do not fall within these categories. For example, from time to time we hold personal data about people attending meetings or events with the Office. We confirm that all personal data is treated with the highest standards of security and confidentiality, in accordance with the Data Protection legislation.
We use the information about you so that the Commission can carry out its functions under the Ethics in Public Office Act 1995 (as amended by the Standards in Public Office Act 2001); the
Electoral Act 1997, as amended; the Oireachtas (Ministerial and parliamentary Offices) (Amendment) Act 2014; and Part 15 of the Local Government Act 2001.
In legal terms, our use of personal data is:
We also hold information about you for the purpose of responding to statutory requests made to the Office (such as access requests under the FOI Act 2014, Data Protection legislation, and the Access to Information on the Environment Regulations). Doing this is necessary for compliance with the Office’s legal obligations.
We use the mailing list of people we communicate with in order to inform them of publications, current developments and other matters of interest. We will send you such communications if you consent to us doing so. If you wish to be removed from this list, please let us know and we will remove you from the list without delay.
We also compile and publish statistics showing information like the number of complaints we receive, however, no personal data is contained in such statistics.
In carrying out our functions we share personal data.
Joint controller: As explained above, the Office of the Ombudsman is joint controller of certain data relating to such services as corporate services (including finance) and IT. For data protection purposes your personal data is considered to be shared with the Office of the Ombudsman.
In addition to the sharing of data with the Office of the Ombudsman as joint controller, your data is shared by our Office as set out below.
Some returns made under the Ethics and Electoral legislation are published on the website, including for example donation statements and certificates of monetary donation.
On occasion, where necessary, we share your information with service providers, including, for example, translators. The transfer will be done within the requirements of the Data Protection Legislation.
The Standards in Public Office Commission shares resources with the Office of the Ombudsman, the Office of the Information Commissioner, the Commissioner for Environmental Information, the Commission for Public Service Appointments, and the Referendum Commission. These services include accommodation, finance, human resources, communications, legal and information technology (ICT).
Due to the shared ICT resource, a limited amount of your personal data (your contact details only) can be processed by the other bodies listed above.
The Commission will not ordinarily transfer personal data outside of the European Economic Area (EEA) or third countries with an adequacy decision unless, for example, we are corresponding with a customer or person related to an enquiry or complaint who resides overseas. In the event that this position changes, the Ombudsman will comply with its obligations under Article 46 of GDPR by adopting one of the appropriate measures approved by the Data Protection Commission and the European Commission to ensure that such transfers are lawful.
The personal information you have provided will be processed by the Commission for the purposes outlined in the Notice and will be kept according to our retention policy, which can be found on our website. The retention policy sets out the time periods for how long information is kept by the Commission for different purposes, and as a result of our legal requirements. The length of time we hold your personal data for will depend on the type of document or record which contains the personal data.
You have certain rights under Data Protection Legislation. Your rights are:
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
You have the right to ask us to erase your personal information in certain circumstances.
You have the right to ask us to restrict the processing of your information in certain circumstances.
You have the right to object to processing of your personal data under certain circumstances. If your personal data is held by us on the basis of your consent, you have the right to withdraw that consent at any time.
You have the right to request that personal data be given to you or another person in a transferable or machine readable form.
You have the right to object to automated individual decision making (i.e. making a decision solely by automated means without any human involvement) and profiling (i.e. automated processing of personal data to evaluate certain things about an individual). The Commission does not make any decisions using wholly automated means.
Please note the above rights arise in certain circumstances and are subject to certain exemptions. Please note this may restrict the scope of your rights. In particular:
If we cannot comply with your request, we will let you know why this is the case.
If you would like to exercise any of your rights, please contact the Data Protection Officer:
Telephone: (01) 639 5760
Postal Address: 6 Earlsfort Terrace, Dublin 2, DO2 W773.
We try to meet the highest standards when collecting and processing personal information. If you have a query or complaint about the use of your personal information by the Ombudsman, the Data Protection Officer is available to assist you in the first instance.
You also have the right to lodge a complaint with the Data Protection Commission. The Data Protection Commission can be contacted at:
Telephone: (0761) 104 800; Lo-Call 1890 25 22 31.
Postal Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.
It is a statutory requirement for persons subject to the Acts the Commission administers to provide personal data. Failure to comply with the statutory obligations set out in the Acts may be an offence and liable to prosecution.
The Commission has power in certain circumstances to direct the provision of information. Where this power is exercised and a person fails to comply with the direction then that person may be guilty of an offence and liable to prosecution.
The Commission also has the power in certain circumstances to direct discovery of documents in accordance with the Rules of the High Court.
This Notice is does not provide exhaustive detail of all aspects of the Commission’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Please feel free to contact us. Please note the Notice may be updated from time to time.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Protection Act 2018 Amongst other things, this Act gives further effect to the GDPR (see below) in areas where Member State flexibility is permitted. The Act is available online.
Data Protection Officer GDPR requires some organisations to designate a Data Protection Officer (DPO). Article 39 of the GDPR states that the data protection officer “shall have at least the following tasks:
Data Subject means the identified or identifiable natural person to whom the personal data relates – see also the definition of personal data below.
The General Data Protection Regulations (GDPR) is an EU Regulation relating to data protection which came into force on 25 May 2018. The Regulation is available online.
Joint Controller. Where two or more controllers (see above) jointly determine the purposes and means of processing, they are joint controllers.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject ’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Created: May 2018
Modified: October 2019
Modified: November 2020