Staff Privacy Statement

How GMIT uses the personal data of staff members
Staff Privacy Statement


As a member of staff of GMIT (“the Institute”), your personal data is processed by the Institute for various reasons. As part of the transparency principle of the GDPR, you have the right to be fully informed about the uses of your personal data by GMIT. This privacy notice outlines the types of personal data we process, the purposes for which that personal data is required, third parties with whom we’ll share your data, how long your data will be retained by us, etc.

Your personal data is processed in line with data protection legislation and GMIT’s Data Protection Policy.



The types of personal data we process about you include, inter alia:

  • Name, date of birth, nationality, telephone number, addresses, email addresses
  • Staff ID Number
  • PPS Number
  • Next of kin/emergency contact details
  • Gender
  • Marital/Civil Partnership status
  • Nationality/citizenship
  • Previous employment details
  • Current employment details
  • Academic history
  • Other CV-type information e.g. professional & industry experience, professional development, membership of professional bodies, publications, exhibitions, community/public service, entrepreneurial achievement
  • Work Permit number
  • Financial information, including bank details (BIC, IBAN, Name & Address of Bank/Building Society), PRSI class, tax details
  • Disability information
  • Health data including medical certificates & COVID-19 related information
  • Details of criminal convictions as provided through Garda Vetting
  • Image in CCTV footage/photography/filming
  • Voice in lecture/meeting recordings
  • Disciplinary/grievance records
  • New employer (for leavers who enter another public service employment)
  • IP address and the type of device you are using when visiting the GMIT website on a mobile device
  • Car registration number if you apply for a parking permit
  • Call usage is monitored for billing, auditing, fraud prevention and reporting purposes. Data captured includes extension number, name, incoming/outgoing call details including duration, destination and cost. There is no systematic recording of calls by GMIT. Individuals may choose to record calls, in which case parties are notified either visually or with an audio prompt. 

Your data is stored in a variety of platforms including HR management systems and Institute email. 


We obtain your personal data directly from you, for example when you submit expense claims, or indirectly through your engagement with the Institute.

We also obtain your personal data from others, including former employers.

We also process personal data about you through your use of our website – please read our Website Privacy Policy for more details.



  • For contractual purposes as a GMIT staff member e.g. for appointment, pay, training, promotion & disciplinary matters; health, pensions & other employment related matters
  • For compliance with legal obligations e.g. Institutes of Technology Acts 1992 to 2006; and legislation including taxation, social protection, equality, health & safety and SIPO.
  • For the performance of tasks in the public interest e.g. to track progress in achieving the criteria for designation as a Technological University via the Connacht-Ulster Alliance (CUA); contact tracing & to prevent the spread of COVID-19 in the workplace.
  • For the performance of tasks to which you have given your explicit consent e.g. photography for media promotion.
  • For the legitimate interests of GMIT and third parties e.g. to respond to and defend against legal claims; for CCTV purposes.



Your personal data is held securely by us and access is restricted to those GMIT staff members who need the personal data for one of the purposes set out above.

The Institute will share your personal data, where necessary and relevant, with third parties (outside GMIT) in the following circumstances:

  • Where we engage a third party to process data on our behalf, for example software service providers (e.g. CoreHR), Occupational Health Service, CCTV companies, etc, and
  • Where required to do so by law e.g. Revenue Commissioners, DPER, HEA, Auditors, Insurance companies, SIPO, etc.
  • Where it's required as part of your contract e.g. with interview panel members, Governing Body members, professional accreditation bodies, accounting firms for actuarial advice regarding pensions, research funding bodies, etc.
  • Where it's in the public interest e.g. with relevant CUA Project Team personnel in respect of metrics for TU designation; HSE for COVID-19 contact tracing purposes.  

This is not an exhaustive list and any other disclosures to third parties not listed here are made only where there is legitimate reason to do so and in accordance with the law.

In so far as is practicable, GMIT endeavours to hold all your personal data within the European Economic Area (EEA). Where your personal data is transferred outside of the EEA, it is done only when appropriate safeguards are in place.



In so far as is practicable, GMIT endeavours to hold all personal data within the EEA. Where we transfer data outside the EEA, we ensure that there is an appropriate mechanism for doing so that complies with all relevant legislation and also ensure that your data receives the same level of protection as it is afforded within the EEA.



You have the following rights under data protection law, although your ability to exercise these rights may be subject to certain conditions:

  • The right to receive a copy of and/or access the personal data that GMIT holds about you, together with other information about our processing of that data;
  • The right to request that any inaccurate data that is held about you is corrected and incomplete data updated;
  • The right, in certain circumstances, to request that we erase your personal data;
  • The right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or to object to our use of your personal data or the way in which we process it;
  • The right, in certain circumstances, to transfer your personal data to another organisation;
  • The right to object to automated decision making and/or profiling; and
  • the right to complain to the Data Protection Commissioner.

In order to exercise any of the above rights please contact us using the contact details set out below.



We store your personal data for as long as is necessary for the purposes set out above and according to our data retention schedule.



We are committed to ensuring that your personal data is secure with us and with the data processors who act on our behalf.  We are continuously taking technical and organisational steps to better protect your information.  Data Protection training has been made available to all staff.

You have a responsibility for any personal data relating to other people that you may access while employed by the Institute. This responsibility is in addition to any obligations arising from professional ethics or the GMIT Code of Conduct for Staff.

It is a breach of Data Protection legislation for staff to knowingly and recklessly disclose personal data to anyone who is not entitled to receive it or to seek to obtain data to which they are not entitled.



If you are unhappy with the Institute’s handling of your personal data, or believe that the requirements of data protection legislation may not be fully complied with, you should contact the Institute’s Data Protection Office in the first instance.  You also have the right to submit a complaint to the Data Protection Commissioner.



Please contact us if you have any questions about the data we hold about you or if you wish to exercise any of your rights:

Data Protection Officer, Email:



Galway Mayo Institute of Technology, Galway Campus, Dublin Road, Galway

Tel: +353 91 753161




Changes to this privacy notice

We will update this privacy statement from time to time. Please visit this page periodically for updates.

Updated on 23 July 2021