This privacy statement explains how GMIT (the Institute) collects, uses and shares your personal data. It also explains your rights in relation to the data we hold.
As a staff member, retiree, former staff member or job applicant some of your personal data will be processed by the Institute. The Institute is the Data Controller, and all personal data that it holds and processes is subject to data protection legislation.
During the recruitment process, throughout your employment with us, and when your employment ceases GMIT collects, uses & stores (i.e. processes) your personal data. This data is collected from a variety of sources, mainly from yourself, but may also come from other sources e.g. your former employer(s), or your manager. During the course of your employment, and after you retire, additional information may be added to your record.
The Institute may share information between different internal departments for operational reasons only as is necessary & proportionate for the purposes intended.
THE INFORMATION WE PROCESS ABOUT YOU
The types of personal data collected by GMIT include, inter alia:
- Name, date of birth, nationality, telephone number
- Addresses (current and past)
- Staff ID Number
- PPS Number
- Email Address
- Next of kin/emergency contact details
- Marital/Civil Partnership status
- Details of previous employers
- Previous salary
- Previous pension details
- Schools/colleges attended
- Job application details
- Work Permit number
- Financial information, including bank details (BIC, IBAN, Name & Address of Bank/Building Society), PRSI class, tax details
- Leave records
- Disability information
- Health information, including medical certificates
- Details of criminal convictions as provided through Garda Vetting
- Image in CCTV footage/photography/filming
- Disciplinary/grievance records
- New employer (for leavers who enter another public service employment)
- CV (academic qualifications, professional & industry experience, professional development, membership of professional bodies)
- IP address and the type of device you are using when visiting the GMIT website on a mobile device
- Car registration number if you apply for a parking permit
- Call logs from work extension numbers
Some of the information about you that the Institute holds, such as health details, is classified as special category data, or sensitive personal data. This sensitive personal data is collected to monitor whether our equal opportunities policies are working and to carry out our obligations as an employer. In addition to the normal standards of confidentiality, we also carefully control access to sensitive data within the Institute so that it is only available to those staff who require it to perform their duties.
HOW YOUR INFORMATION IS USED
The Institute holds your personal data for normal employment purposes. The information we hold & process is used for our management & administrative duties. We keep and use it to enable us to fulfil our obligations as an employer, and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, while you are employed by us, at the time when your employment ends, and after you have left.
Under data protection law, we are required to ensure that there is an appropriate legal basis for the processing of your personal data, and we are required to let you know what that basis is. The primary bases that we use are:
- processing that is necessary for the performance of our contract with you;
- processing that is required under applicable law;
- processing that is necessary in the public interest; and
- processing where we have your consent.
Where the processing of your personal data is based on your providing consent, you have the right to withdraw consent at any time by contacting the department or service who obtained that consent, or the Institute’s Data Protection Office (contact details below).
The purposes for which GMIT may process your personal information include:
- Staff administration, including recruitment, appointment, training, promotion, disciplinary matters, health, pensions & other employment related matters
- To administer Trade Union subscriptions
- Accounting & financial purposes, including pay, workforce planning & other strategic planning activities
- Internal & external auditing purposes
- To meet health & safety obligations and equality of opportunity monitoring obligations
- To comply with statutory reporting requirements
- To support the professional accreditation of programmes
- To produce reports and aggregated statistics for management and research purposes in order to plan & improve services
- To maintain a proportionate CCTV system for the specific purposes outlined in the CCTV Policy
- To assist with law enforcement where required or authorised by law
- To respond to requests for information made under Data Protection legislation or Freedom of Information legislation.
THIRD PARTIES WITH WHOM WE SHARE YOUR DATA
Below are some examples of when the Institute will release data about you to third parties (i.e. outside GMIT) where we have a legitimate reason in connection with your employment/potential employment/former employment to do so.
GMIT may share your relevant personal data with bodies including the following:
- Data Processors (sub-contractors used by GMIT in order to carry out a function for the Institute, e.g. cloud services provider Microsoft, Occupational Health Service, etc)
- Former employers
- Department of Social Protection
- Revenue Commissioners
- Interview Board members
- Governing Body members
- Department of Public Expenditure & Reform
- Professional accreditation bodies
- Comptroller & Auditor General
- External Auditors
- Accounting firms for actuarial advice regarding pensions
- Research funding bodies
This is not an exhaustive list and any other disclosures to third parties not listed here are made only where there is legitimate reason to do so and in accordance with the law.
You have the following rights, subject to certain exemptions, in relation to your data:
- The right to be informed about the data processing the Institute does
- The right to request access to your personal data held by the Institute
- The right to rectification – to have inaccurate or incomplete personal data rectified
- The right to erasure of personal data where there is no legitimate reason for the Institute to continue to process your personal data. If you exercise this right the Institute will continue to hold some personal data which, for employees/former employees, will include name, date of birth, unique identification number, service record & pay history. We may also continue to hold some financial records about you for statutory purposes
- The right to restrict the processing of personal data – you have the right to block the processing of your personal data in specific situations
- The right to data portability - you have the right to request that the Institute provides some elements of your information (e.g. employment history) in a commonly used machine readable format in order to provide it to other organisations
- The right to object – you can object to the processing of your personal data by the Institute in certain circumstances, including the sending & receipt of direct marketing material
- The right to object to automated decision making & profiling – you have the right to object to decisions taken by automatic means without human intervention in some circumstances.
- If you have provided consent for the processing of any of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. This can be done by contacting the department or service who obtained that consent, or the Institute’s Data Protection Office (contact details below).
The Institute will retain your personal data in accordance with our retention policy in our data inventories. The policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data varies depending on the type of personal data.
The Institute will hold some of your data indefinitely in order to maintain accurate financial & employment records.
We are committed to ensuring that your personal data is secure with us and with the data processors who act on our behalf. We are continuously taking technical and organisational steps to better protect your information. Data Protection training has been made available to all staff.
You have a responsibility for any personal data relating to other people that you may access while employed by the Institute. This responsibility is in addition to any obligations arising from professional ethics or the GMIT Code of Conduct for Staff.
It is a breach of Data Protection legislation for staff to knowingly and recklessly disclose personal data to anyone who is not entitled to receive it or to seek to obtain data to which they are not entitled.
HOW GMIT WILL CONTACT YOU
We may contact you by telephone, email or post.
QUESTIONS & COMPLAINTS
If you are unhappy with the Institute’s handling of your personal data, or believe that the requirements of data protection legislation may not be fully complied with, you should contact the Institute’s Data Protection Office in the first instance. You also have the right to submit a complaint to the Data Protection Commissioner.
HOW TO CONTACT US
Please contact us if you have any questions about the information we hold about you or to request a copy of that information:
By email: firstname.lastname@example.org
In writing: Data Protection Office, Room 1063, GMIT Galway Campus, Dublin Road, Galway
Galway Mayo Institute of Technology, Galway Campus, Dublin Road, Galway
Tel: +353 91 753161
Changes to this privacy statement
We will update this privacy statement from time to time. Please visit this page periodically for updates.
Updated on 13 December 2018