Privacy Notice

This is a statement of the practices of Trinity College Dublin, The University of Dublin (‘Trinity College’ / ‘the University’) of College Green, Dublin 2, Ireland in connection with the processing of personal data and the steps taken by the University to protect personal data and safeguard an individual’s right to privacy.

Trinity College actively seeks to preserve the privacy rights of those individuals who share information with the University. The personal data which you provide to Trinity College will be processed in compliance with Irish and European Data Protection legislation, specifically the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the Data Protection Act 1988, and in accordance with the University Data Protection Policy.

The privacy notice explains the following

  • How and why we collect and use personal data.
  • The purpose and legal basis for processing personal data.
  • How we store and secure personal data.
  • Details of third parties with whom we share personal data
  • Your rights under data protection law

How and why we collect and use personal data

The data we collect from you will be used by the University in accordance with the purposes outlined in this Privacy Notice. We collect personal data via website forms, written application forms and documents, email and phone enquiries, research studies and surveys. We also collect information via third parties such as the Higher Education Authority, CAO, SUSI, research partners and international affiliates.

Students

We process data relating to students as detailed in the table below. Additional information for students is available from the Academic Registry website and is included with the Student Terms and Conditions at registration. Personal data and special categories of personal data may be collected directly from students who avail of specific services  e.g. the Trinity Disability Service, Trinity Sport, College Health Service or Student Counselling. If you provide the University with your data for these purposes, then specific information on data protection will be provided at the point of collection.

In light of COVID-19 restrictions the University has implemented a hybrid approach to education and utilises approved and supported software solutions for the purposes of online teaching, learning and assessment. For further information on these products and their use at Trinity College please visit here.

Purpose for processing personal data

Category

Legal basis for processing

  • Admission and registration.
  • Administration of your education.
  • Administration of University policies.
  • Administration and provision of IT and Library services.
  • Provision of data to the Higher Education Authority and Department of Education.
  • The provision of data to the Department of Justice to support visa applications for international students.
  • To provide student ID cards and TCard services.

Administrative

Necessary to carry out the objects and functions under the Universities Act 1997.

Performance of a contract.

Statutory requirements.

  • Face-to-Face and Online synchronous teaching and learning (hybrid learning).
  • Audio and Video recording of University classes, including lectures, tutorials, seminars, workshops and practicals.
  • Academic assessment and supervision and monitoring of attendance, including remote assessment and supervision.
  • Graduation and granting of awards, including online graduation.
  • Processing of appeals, complaints and disciplinary issues.
  • Administration of research programmes and funding.
  • Administration of placements.
  • Surveys and student feedback

Academic

Necessary to carry out the objects and functions under the Universities Act 1997

  • The provision of medical, counselling and disability and equality services
  • The provision of reasonable accommodations.
  • The provision of careers services and mentorship.
  • The use of sports and recreational facilities.
  • The provision of University accommodation.

Student Services

Consent or explicit consent.

Vital interests of the individual.

Necessary to carry out the objects and functions under the Universities Act 1997.

Performance of a contract.

Statutory requirement – Disability and Equality legislation.

  • If necessary due to a medical emergency.
  • The protection of vital interests.
  • The protection of public health.

Duty of Care

Vital interests of the individual.

Statutory requirement.

  • Processing and recovery of fees and payments
  • Administration of TCard

Financial

Necessary to carry out the objects and functions under the Universities Act 1997.

  • The administration of campus CCTV for security.
  • Provision of a safe environment for educational activities.

Health & Safety

Protection of Assets

Legitimate interest of the University.

Statutory requirement.

  • Garda Vetting for placements on specific courses.
  • For the purposes of criminal investigations. when requested by An Garda Síochána.
  • Exercise or defence of legal claims.

Legal

Statutory requirement.

Legal claims.

  • Provide information about University events and activities.

Communication and Promotion

Necessary to carry out the objects and functions under the Universities Act 1997.

Legitimate interest of the University.

  • Retention of academic data and data of archival value in the public interest.

Archives

Necessary to carry out the objects and functions under the Universities Act 1997.

Permitted by section 42 of the Data Protection Act 2018.

  • Provision of education and contact data to Trinity Development & Alumni for the purposes of alumni engagement and fundraising.

Alumni

Necessary to carry out the objects and functions under the Universities Act 1997.

  • Sharing of health data of students on clinical placement with the HSE and with placement providers as required by the HSE in order to comply with Public Health Advice.

Health & Safety

Necessary to carry out the objects and functions under the Universities Act 1997.

  • Provision of contact data to the Students Union.

Students Union

Necessary to carry out the objects and functions under the Universities Act 1997.

Processing is necessary for reasons of public interest in the area of public health.

Staff

We collect personal data for the purposes of recruitment and for the formation and administration of the contract of employment and employee relationship. The detailed privacy notice for staff which includes updates in light of COVID-19 restrictions is available on the Human Resources website and is provided to new members of staff with their contract. Additional data may be collected from staff when they register to use other services within the University, such as Trinity Sport or the College Health Service.

Research Participants

One of the objectives of Trinity College as defined in the Universities Act 1997 is to carry out and support research. Where personal data is processed by the University for the purposes of research, detailed information about how personal data will be used will be provided to research participants prior to the collection of the relevant personal data or shortly after if the data is obtained from a third party. Where possible personal data collected for research purposes will be pseudonymised so that the participant is no longer identifiable. The use of personal data for research will often involve sensitive personal data including health or genetic data and will therefore be subject to higher standards of security and protection.

Detailed information, College-approved templates and guidance on the processing of personal data for research purposes, including the processing of personal data for the purposes of health research pursuant to the Health Research Regulations 2018 and associated compliance requirements is available here.

Members of the Public and Consumers

We collect data from members of the public in order to respond to enquiries, process transactions, administer services and accept bookings for events. We may add your personal data to a relevant mailing list if you have made an enquiry in relation to a service and opted in to receive communications or if a transaction has taken place. In the event that we do record your data on a mailing list you will be provided with the opportunity to opt out from the outset of engagement. Moreover, in all our communications with you we will only send you information relevant to your initial enquiry or transaction.

Website Users

Information on internet traffic is collected routinely by the University and also at other points along the route in the Internet (e.g. HEAnet). This technical information is used to ensure the smooth running of the computer network in the University and for statistical or administrative purposes. It is not used to gather identifiable personal information on individual website visitors, except in so far as this is permitted by law and may be necessary in order to prevent or detect problems or offences in relation to the operation of the website.

Cookies

We use information gathered from cookies to help improve your experience of tcd.ie. Some cookies are essential so you can move around the website and use its features. Our website also contains third party cookies which are listed in our Cookie Register. For further information and control options in respect of the use of cookies please see the University Cookie Policy. Further information on cookie consent is available here. You can adjust your individual cookie settings at any stage by clicking the ‘Cookie Settings’ link at the bottom of this web page.

Children

We sometimes collect data from children under the age of 18. Children's data is collected for the purposes of providing information on courses and admissions. We will also collect children's data when they access services such as Trinity Sport, College Day Nursery, Trinity Access Programmes (TAP) and camps such as the Trinity Walton Club. Further information on processing is provided on the relevant University website or at the point of data collection.

CCTV and Access Controls

CCTV cameras are in operation on Campus in consultation with the Gardai in order to provide enhanced protection for students, staff and visitors as well as University buildings and facilities in the context of an open campus. For further information please see the University CCTV Code of Practice and Estates and Facilities Privacy Statement.

Personal data is collected directly from individuals when accessing College-controlled facilities via an Access Control System. This system is employed to provide a safe and secure environment at Trinity College for the Trinity Community. Data processed by the system is also collected from other secure systems under the control of Trinity College. Only the minimum and necessary data is processed for the purposes of the system. For further information please see the Access Control System Privacy Statement.

Photography

Photographs or videos of staff and students may be taken on Campus at official events such as graduation ceremonies, including online ceremonies. As a number of public events also take place on campus the University will frequently take photographs or video at these events which may be shared on the University website or social media accounts. Where the use of photographs or video may not be reasonably expected by individuals the University will seek consent to publish photographs or video where it is practical to do so. Individuals have the right to object to the use of their photograph and should contact the event organiser in the first instance or the University Data Protection Officer.

The purpose and legal basis for collecting your data

In order for the use of personal data to be lawful, it should be processed on the basis of a legal basis as set out under Articles 6 and 9 GDPR.

Trinity College will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection and will process personal data under various legal bases depending on the purpose for which the data is collected.

Specific information on the legal basis for processing your personal data will also be provided at the point of collection of personal data. These may include:

  • Where the processing of personal data is a statutory function of the University as a public authority. The statutory functions of the University are set out in sections 12 and 13 of the Universities Act 1997.
  • Where the University is required to process personal data by law including the sharing of data with the Higher Education Authority or for complying with employment law.
  • Where the processing of personal data is necessary for the formation of a contract with you.
  • Where the processing of personal data is not related to the official functions of the University we may sometimes process personal data based on legitimate interests e.g. for the administration of events, purchasing of tickets, gift shop purchases and the use of our services.
  • Generally, when processing special categories of personal data Trinity College will seek explicit consent for the processing of data except where another condition applies e.g. employment law, legal claims or medical diagnosis when using the College Health Service.

How we store and secure your data

Any data we collect from you will be stored confidentially and securely as required by the University Data Protection Policy, Information Systems Security Policy and IT and Network Code of Conduct. The University is committed to ensuring that processing of University-controlled data is performed in a secure manner.

In keeping with the data protection principles we will only store your data for as long as is necessary and in accordance with the University Records Management Policy and Records Retention Schedule.

When we store your personal data on our systems the data will primarily be stored either on the University premises and secure IT platforms within the European Economic Area (‘EEA’) which are also subject to European data protection requirements.

We may store or share your data outside the EEA in the following circumstances:

  • For processing international applications and sharing data with partner Universities.
  • When using cloud services for the secure storage of data. Some cloud service providers store data in international data centres e.g. the United States. The University will only use services which are compliant with GDPR and who satisfy the conditions for processing personal data outside the EEA. For further information please see here.
  • For research projects with other research partners where we have your consent to do so.
  • If we are required to do so by law.

Details of third parties with whom we share personal data

Trinity College will share your data with third parties where necessary for purposes of the processing and where there is a legal basis to do so.

The University may share relevant personal data with the following categories of third parties:

  • State or regulatory bodies including the Higher Education Authority, CAO, Department of Education and Skills, Department of Justice and Equality, Department of Social Protection.
  • IT or Cloud service providers that provide essential services to the University; e.g. Microsoft, Google, Core HR, Blackboard, Panopto, Zoom and Oracle.
  • Firms that provide professional services to the University such as legal firms and auditors.
  • Firms that provide archiving and storage and disposal of confidential waste.
  • Research and academic partners.
  • Organisations including hospitals and public services that provide placements for students.
  • An Garda Síochána when we are required to do so by law.

When we share your data with the third parties outlined here the University will endeavour only to share the data that is needed, that the data is only processed according to our specific instructions and that the same standards of confidentiality and security are maintained. Once the processing of the data is complete any third parties with whom data was shared will be required to return the data to the University save where they are required to retain it by law.

University Archives

One of the functions of the University is the curation of the University Archives, which comprise the University’s administrative, legal and historical records of archival value. This collection – whose earliest record is the foundation charter of 1592 – represents the corporate memory of TCD and is of important historical value. The University will process personal data of archival value in accordance with section 42 of the Data Protection Act 2018 which permits that personal data of archival value in the public interest may be retained. Personal data retained by the University for archival purposes in the public interest will be stored and secured in accordance with the principles of data protection.

Your Rights under Data Protection Law

Individuals are entitled to certain rights under GDPR. These rights apply to the processing of personal data, which is defined under GDPR as ‘any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

You have the following rights over the way we process your personal data.

Right of Access

You have the right to request a copy of the personal data we are processing about you and to exercise that right easily and at reasonable intervals.

Under Article 15 GDPR individuals have the right to access their personal data that is under the control of Trinity College. Responses to access requests will be issued within one month unless an extension is required.

To access your personal data:

  1. Complete the Data Access Request Form. Please give as much information as possible about the data you wish to access.
  2. Include ID (e.g. a copy of your passport, drivers licence or staff/student ID card) with your application.
  3. Send the form to the University Data Protection Officer at dataprotection@tcd.ie.

Consent

You have the right to withdraw your consent where that is the legal basis of our processing.

Rectification

You have the right to have inaccuracies in personal data that we hold about you rectified.

Erasure

You have the right to have your personal data deleted where we no longer have any justification for retaining it subject to exemptions such as the use of anonymised data for scientific research.

Object

You have the right to object to processing your personal data if:

  • We have processed your data based on a legitimate interest or for the exercise of the public tasks of the University if you believe the processing to be disproportionate or unfair to you.
  • The personal data was processed for the purposes of direct marketing or profiling related to direct marketing.
  • We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Restriction

You have the right to restrict the processing of your personal data if:

  • You are contesting the accuracy of the personal data.
  • The personal data was processed unlawfully.
  • You need to prevent the erasure of the personal data in order to comply with legal obligations.
  • You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.

Portability

Where it is technically feasible you have the right to have a readily accessible electronic copy of your data transferred or moved to another data controller if we are processing your data based on your consent and if that processing is carried out by automated means.

For further information regarding your rights under the legislation please see the Trinity College Rights Requests Procedure or contact the University Data Protection Officer.

Data Protection Officer

As a public authority the University is required to appoint a Data Protection Officer.

The role of the Data Protection Officer is:

  • To advise the University and its staff what their responsibilities are under GDPR and the Data Protection Act 2018.
  • To monitor compliance with the GDPR and the Data Protection Act and relevant policies.
  • To provide training and increase awareness among staff.
  • To provide guidance on the completion of Data Protection Impact Assessments.
  • To co-operate and act as the contact point with the Data Protection Commission in relation to complaints, investigations, audits and consultations and any other matter relevant to the legislation.

If you have any queries relating to the processing of your personal data or if you wish to make a complaint or escalate an issue relating to any of your rights you can contact the Data Protection Officer at:

John Eustace
Data Protection Officer
Secretary’s Office
Trinity College Dublin
Dublin 2
Ireland.

Sean Iústás
Oifigeach Cosanta Sonraí
Oifig an Rúnaí
Coláiste na Tríonóide Baile Átha Cliath
Baile Átha Cliath 2
Éire

dataprotection@tcd.ie

https://www.tcd.ie/dataprotection/

If you are not satisfied with the information we have provided to you in relation to the processing of your data you can raise a concern with the Data Protection Commission via their online form or contact the Commission at:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

https://www.dataprotection.ie/

Further Information

Detailed information in relation to the COVID-19 situation and Trinity College is available at the University COVID-19 web pages.

A wide range of templates, guidance documents and support materials, including detailed information on the rights of individuals under data protection law been developed by the University Data Protection Officer and is available at the University Data Protection Website.

Last updated: 11th May 2021.