Print Print Page | A | A | A

Staff Privacy Notice

Staff Privacy Notice

Introduction
This privacy notice explains how Institute of Technology Blanchardstown processes staff personal data, and explains your rights in relation to your personal data. For further information please refer to the ITB Data Protection Policy.
Institute of Technology Blanchardstown is the data controller of your personal data and is subject to the Data Protection Acts 1988 to 2018 and General Data Protection Regulation 2016/679.

Principles of Data Protection
The Data Protection Bill 2018 replaces the previous 8 rules of Data Protection with the following 6 Principles:
The Data must be...
• Processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (except for archiving).
• Adequate, relevant and limited to what is necessary in relation to the purposes.
• Accurate and, where necessary, kept up to date.
• Kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes.
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Definition of Personal Data
Personal data means
“any data relating to an identified or identifiable natural person (data subject);
an identifiable natural person is one who can be identified, directly or indirectly,
in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

How and when we process your personal data.
We process personal data from you, for example, when you provide it as part of the recruitment and selection process, and as a staff member of ITB. We also collect personal data when it is provided from Garda Vetting Bureau, or medical report providers to whom you provided your personal data or from third parties who provide references, and through the use of CCTV and access control records. We process personal data to identify you from your image on your staff ID Card.

Legal basis for processing your personal data.
To use your data lawfully, we rely on one or more of the following legal bases:
• Performance of a contract
• Legal obligation
• Protecting the vital interests of you or others
• Public interest
• Our legitimate interests
• Your consent.

The Institute processes your personal data for purposes of the administration of our legal contractual obligations to you. This includes:
Recruitment, selection, appointment, promotion and progression
Maintenance of employee staff records, absence or sick leave
Administration of Maternity, Paternity and other leave and benefits
Payment of salary, pension, and other payments
Conduct, grievance, disciplinary, complaints and workplace investigation issues
Training and development
Providing and obtaining references - including Garda vetting
Providing library, IT and information services
Management planning
Curriculum planning and organisation, timetabling
Research and statistical analysis
Administration of the Institute’s codes of practice and policies.
Production of published staff lists including the telephone and e-mail directories for both internal and external use.
Production of Staff Identity Cards.
Production of photographs of staff for display within the Institute or on the web.
Monitoring the use of Institute resources.
Safeguarding and promoting the welfare safety and security of staff, including the use of CCTV and access control systems and parking systems.
Provision of wellbeing and support services.
Making required statutory returns to the HEA and other statutory bodies.

What personal data is processed?
Personal data that we process may include:
• Your name and staff number
• Address(es)
• Telephone Number(s)
• Gender
• Next of Kin contact details
• Employment contract, salary, pension details.
• Images (for staff ID Cards and from CCTV)
• Date of Birth
• PPSN
• Country of Birth
• Nationality
• Email Address(es)
• Staff Card with image
• Previous employment details
• Education History and Qualifications
• Medical Records
• Garda Vetting details
• Professional Development Planning Records
• Professional Training Courses attended
• Access control records.

How we share your personal data
We have a legal obligation to share your personal data with other organisations such as the HEA and other statutory bodies as required by law, for crime prevention or detection purposes, in order to comply with the Institute’s legal or statutory obligations, or with your consent.

How we protect your personal data
Any data which you provide to ITB will only be used for the purpose for which it is provided. Your personal data will not be disclosed to any third parties, unless required by law to do so. We protect your data with security measures under the laws that apply. We keep our computers, files and buildings secure. When you contact us to ask about your data, we may ask you for other data to confirm your identity.

How long we keep your personal data
To meet our legal obligations, we hold your data for the duration of your employment with us and for a period of time after that, in accordance with our data retention policy. We do not hold it for longer than necessary.

Your Rights
As a staff member of ITB, you have the following rights in relation to your personal data:
To access your data
To have inaccuracies corrected
To have information erased
To object to direct marketing
To restrict the processing of your data
To export your personal data to another data controller (data portability)
To not be subject to automated decision making, including profiling
To be notified of a data security breach
To make a complaint to the Data Protection Commissioner
To sue the data controller or data processor for material or non-material damages resulting from a breach

Who to contact
If you wish to access a copy of your personal data please complete the Data Access Request Form and email to the Compliance Officer at the address below.
The Compliance Officer
Institute of Technology Blanchardstown, Blanchardstown Road North, Dublin 15
Email:  cora.bracken@itb.ie
Date: 18th May 2018