This is a statement of the practices of Trinity College Dublin, The University of Dublin (the "University") of College Green, Dublin 2, Ireland in connection with the capture and the use of personal data and the steps taken by the University to protect your personal data and respect your right to privacy.
The University fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the University. Any personal information which you volunteer to the University will be treated with the highest standards of security and confidentiality, in accordance with Irish and European Data Protection legislation. The University shall process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018.
The privacy notice explains the following
- How we collect and use personal data?
- The purpose and legal basis for collecting personal data
- How we store and secure personal data?
- Details of third parties with whom we share personal data
- What are your rights?
How and why we collect personal data?
The data we collect from you will be used by the University in accordance with the purposes outlined in this privacy notice. We collect personal data via website forms, written application forms and documents, email and phone enquiries and surveys. We also collect information via third parties such as the CAO and international affiliates.
We collect the data we need to register you as a student, for the administration of student services and the publication of awards. Detailed privacy information for students is available on the Academic Registry website and will be included with the student’s terms and conditions at registration. Personal data and occasionally sensitive personal data may be collected directly from students who avail of specific services e.g. College Health Centre, Counselling or Disability Services. If you provide the University with your data for these purposes then detailed privacy information will be provided at the point of collection.
We collect personal data for the purposes of recruitment and for the formation and administration of the contract of employment and employee relationship. The detailed privacy notice for staff is available on the Human Resources website and is provided to new members of staff with their contract. Additional data may be collected from staff when they register to use other services within the University e.g. Sports or Health Centre.
One of the objectives of The University as defined in the Universities Act, 1997 is to carry out and support research. Where personal data is processed by the University for the purposes of research, detailed information about how personal data will be used will be provided to research participants prior to the collection of the relevant personal data or shortly after if the data is obtained from a third party. Where possible personal data collected for research purposes will be pseudonymised so that the participant is no longer identifiable. The use of personal data for research will often involve sensitive personal data including health or genetic data and will therefore be subject to higher standards of security and protection.
Members of the Public and Consumers
We collect data from members of the public in order to respond to enquiries, process transactions, administer services and accept bookings for events. We may add your personal data to a relevant mailing list if you have made an enquiry in relation to a service, if a transaction has taken place or if you have specifically requested to be added to a mailing list in order to receive information which is of interest to you. In the event that we do record your data on a mailing list you will be provided with the opportunity to opt out from the outset and in all our communications with you and we will only send you information relevant to your initial enquiry or transaction.
Information on internet traffic is collected routinely by the University and also at other points along the route in the internet (e.g. HEAnet). This technical information is used to ensure the smooth running of the computer network in the University and for statistical or administrative purposes. It is NOT used to gather identifiable personal information on individual website visitors, except in so far as this is permitted by law and may be necessary in order to prevent or detect problems or offences in relation to the operation of the website.
We sometimes collect data from children under the age of 18. Children's data is collected for the purposes of providing information on courses and admissions. We will also collect children's data when they access services such as the Sports Centre, College Day Nursery and camps such as the Trinity Walton Club. Further information on processing will be provided on the applicable University website or at the point of collection.
CCTV cameras are in operation on Campus in consultation with the Gardai in order to provide enhanced protection for students, staff and visitors as well as University buildings and facilities in the context of an open campus.
You can find more information in our CCTV policy here.
Photographs or videos of staff and students may be taken on Campus at official events such as graduation ceremonies. As a number of public events also take place on Campus the University will frequently take photographs or video at these events which may be shared on the University website or social media accounts. Where the use of photographs or video may not be reasonably expected by individuals the University will seek consent to publish photographs or video where it is practical to do so. Individuals have the right to object to the use of their photograph and should contact the event organiser in the first instance or the University Data Protection Officer, see contact details below.
We use information gathered from cookies to help improve your experience of tcd.ie. Some cookies are essential so you can move around the website and use its features.
The purpose and legal basis for collecting your data
In order for the use of personal data to be lawful it should be processed on the basis of either the consent of an individual concerned or another legal basis, set out in the General Data Protection Regulation or in the Data Protection Bill 2018.
The University will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection and will process personal data under various legal bases depending on the purpose for which the data is collected.
Specific information on the legal basis for processing your personal data will also be provided at the point of collection of personal data. These may include:
- Where the processing of personal data is a statutory function of the University as a public authority. The statutory functions of the University are set out in sections 12 and 13 of the Universities Act 1997.
- Where the University is required to process personal data by law including the sharing of data with the Higher Education Authority or for complying with employment law.
- Where the processing of personal data is necessary for the formation of a contract with you;
- Where the processing of personal data is not related to the official functions of the University we may sometimes process personal data based on legitimate interests e.g. for the administration of events, purchasing of tickets and the use of our services.
- Generally when using sensitive personal data the University will seek explicit consent for the processing of data except where another condition applies e.g. employment law, legal claims or medical diagnosis when using the College Health Centre.
How we store and secure your data
Any data we collect from you will be stored confidentially and securely as required by the University Information Security Policy. The University is committed to ensuring all accesses to, uses of, and processing of University data is performed in a secure manner.
In keeping with the data protection principles we will only store your data for as long as is necessary and in accordance with our Records Management Policy and Records Retention Schedule which you can find on our website.
When we store your personal data on our systems the data will primarily be stored either on the University premises and secure IT platforms within the European Economic Area (EEA) which are also subject to European data protection requirements.
We may store or share your data outside the EEA in the following circumstances:
- For processing international applications and sharing data with partner Universities.
- When using cloud services for the secure storage of data. Some cloud service providers store data in international data centres e.g. the US. The University will only use services which are compliant with the European General Data Protection Regulation and who satisfy the conditions for processing personal data outside the EEA.
- For research projects with other research partners where we have your consent to do so.
- If we are required to do so by law.
Details of third parties with whom we share personal data
The University will share your data with third parties where necessary for purposes of the processing and where there is a legal basis to do so. The University may share relevant personal data with the following categories of third parties:
- State or regulatory bodies including the Higher Education Authority, CAO, Department of Education and Skills, Department of Justice and Equality, Department of Social Protection.
- IT or cloud service providers that provide essential services to the University e.g. Microsoft.
- Firms that provide professional services to the University such as legal firms and auditors.
- Firms that provide archiving and storage and disposal of confidential waste.
- Research and academic partners.
When we share your data with the third parties outlined here the University will endeavour only to share the data that is needed, that the data is only processed according to our specific instructions and that the same standards of confidentiality and security are maintained. Once the processing of the data is complete any third parties with whom data was shared will be required to return the data to the University save where they are required to retain it by law.
One of the functions of the University is the curation of the University Archives, which comprise the University’s administrative, legal and historical records of archival value. This collection – whose earliest record is the foundation charter of 1592 – represents the corporate memory of TCD, and is of important historical value. The University will process personal data of archival value in accordance with section 42 of the Data Protection Act 2018 which permits that personal data of archival value in the public interest may be retained. Personal data retained by the University for archival purposes in the public interest will be stored and secured in accordance with the principles of data protection.
What are your rights?
You have the following rights over the way we process your personal data.
Right of Access
You have the right to request a copy of the personal data we are processing about you and to exercise that right easily and at reasonable intervals.
You have the right to withdraw your consent where that is the legal basis of our processing.
You have the right to have inaccuracies in personal data that we hold about you rectified.
You have the right to have your personal data deleted where we no longer have any justification for retaining it subject to exemptions such as the use of anonymised data for scientific research.
Object and Restrict
You have the right to object to processing or restrict the processing of your personal data if:
- We have processed your data based on a legitimate interest which you believe to be unfair to you.
- The personal data was processed unlawfully;
- You need the personal data to be deleted in order to comply with legal obligations;
Where it is technically feasible you have the right to have a readily accessible electronic copy of your data transferred or moved to another data controller if we are processing your data based on your consent and if that processing is carried out by automated means.
If you have any queries relating to the processing of your personal data or if you wish to make a complaint or escalate an issue relating to any of your rights you can contact the Data Protection Officer at firstname.lastname@example.org or at:
Data Protection Officer
Secretary’s Office, Trinity College Dublin,
Dublin 2, Ireland.
+353 1 896 8486
Finally is you are not satisfied with the information we have provided to you in relation to the processing of your data or you can also make a complaint to the Data Protection Commissioner via the link in their website Making a Complaint to the DPC.