Skip to main content
Diocesan coat of arms

Diocese of GalwayKilmacduagh & Kilfenora

Deoise na GaillimheChill Mac Duach & Chill Fhionnúrach

Privacy Statement

1. Introduction

For the purposes of this Privacy Statement and Policy, the Roman Catholic Diocese of Galway, Kilmacduagh and Kilfenora (“Diocese”) should be taken to refer to the administration and operations of the following registered charity with offices at Galway Cathedral, Gaol Road, Galway:

The Galway Diocesan Trustees Unlimited

This charity, its activities and its administration are generally known as the “Diocese of Galway, Kilmacduagh and Kilfenora”. “Bishop” means the Roman Catholic Bishop of the Diocese for the time being and from time to time, duly appointed by the canonically elected Supreme Pontiff, and - in the event of the office being vacant or impeded - the person who under Canon Law has power to perform the administrative duties of the Bishop in any interim period before the appointment of a successor as Bishop or until the impediment ceases, as the case may be, the person with this power being a diocesan administrator or an apostolic administrator. The Bishop has published this Privacy Statement to demonstrate his commitment and that of the Diocese to protecting and respecting your personal data.

The Diocese fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with us. Any personal information you provide to the Diocese will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018.

This Privacy Statement explains how the Diocese processes information, in particular the personal data that we receive from you. Please read the following carefully to understand our understanding and practices regarding your personal data and how we treat it.

2. Relationship between the Diocese and Parish

If you have given your personal data to the Diocesan Office (or central administration of the Diocese), it is the Diocese directly that will usually be the data controller of that information.

If you have given your personal data to a parish within the Diocese, the parish (and not the Diocese) will usually be the data controller of such information. You will need to contact the parish directly in relation to any queries you have regarding that personal data.

In certain circumstances, the central administration of the Diocese may process data on behalf of the parish.

3. What information does the Diocese collect about you?

The Diocese receives personal data about you in various ways including directly from the individual and sometimes from a parish, a family member, other diocese, schools, employers, revenue, medical professionals, CCTV and webcams. The personal data that is collected may include:

  • Information relating to the sacraments of Baptism, Holy Communion, Confirmation, Marriage and Holy Orders (Ordination)
  • Information relating to financial donations (requirements of the Charities Acts and also to assist parishes claim tax back on donations)
  • Safeguarding information as required by the National Safeguarding Office and the Garda Vetting Bureau

Depending on your relationship with the Diocese, we may also collect a range of different information about you including -

  • Your name
  • Contact details
  • Date of birth
  • Nationality
  • PPS number (where required by law)
  • Financial information (such as bank details)
  • Employment data and qualifications
  • Information about your current involvement with the Diocese
  • Information on your volunteering
  • CCTV recordings and photographs

Special-category data which reveals your religious beliefs may also be collected and processed.

This list is not exhaustive.

4. Processing of personal information

The Diocese collects and processes information about you in a number of ways including face-to-face meetings, email, phone conversations, from parishes and via forms sent by the diocesan offices.

The Diocese must have a lawful basis for processing your information. This will vary according to the circumstances of how and why we have your information, but typical examples include evidence that:

  • the activities are within the legitimate interests of the Diocese in advancing and maintaining the Roman Catholic religion, in providing information about the activities of the Diocese or any Diocesan Parish, and to raise charitable funds;
  • you have given consent for the Diocese to process your information which can be withdrawn at any time by contacting the Diocese using the details below;
  • the Diocese is carrying out necessary steps in relation to a contract to which you are party or prior to you entering a contract
  • the processing is necessary for compliance with a legal obligation;
  • the processing is necessary for carrying out a task in the public interest; and
  • the processing of data is necessary to protect your vital interest.

If the Diocese processes any Special Categories of Personal Data, we must have a further lawful basis for the processing. This may include:

  • where you have given explicit consent;
  • where the processing is necessary to protect the vital interest of the Diocese or someone else’s vital interests;
  • where the processing is carried out in the course of the legitimate interests of the Diocese working with and supporting the current and former members of the Roman Catholic Church, and the information is not shared outside the Roman Catholic Church with anyone else without your consent;
  • where you have made the information public;
  • where the processing is necessary for the establishment, exercise or defence of legal actions and/or claims;
  • where the processing is necessary for carrying out the employment and social security obligations of the Diocese; or
  • where the processing is necessary for reasons of substantial public interest.

5. Baptism Registers and other Sacramental Registers

The Bishop is the sole controller of the personal data and special-category data contained in the Baptism Registers held in Parishes of the Diocese with respect to storage and retention of data, standard and special annotation of data and alteration of data. The Bishop, along with the Parish Priest/Administrator assigned to the Parish which holds the Baptism Register, are each a joint controller of the personal data and special-category data with respect to collecting and recording of data in the Baptism Register.

6. Baptism Registers and other Sacramental Registers held in parishes of the Diocese

Where personal data and special-category data is processed in the Baptism or other Sacramental Registers held in Parishes of the Diocese, the Bishop relies on the principal of legitimate interest in preserving the information contained in those Registers because such registers consist of a record of the administration of certain sacraments in the Roman Catholic Church. It is essential that the Diocese maintains a record of certain sacraments which may only be administered once in the Roman Catholic Church. As personal data contained in the Baptism or other Sacramental Registers is special-category personal data, the Bishop must have an additional lawful basis for processing. The Bishop relies on processing carried out in the course of his legitimate activities with appropriate safeguards and the processing relates solely to members or former members of the Roman Catholic Church, and personal data is not disclosed outside the Roman Catholic Church without the consent of the data subject.

7. For what does the Diocese use your information?

We use your information for a range of different purposes including:

  • To facilitate the reception of the Sacraments of Baptism, Holy Communion, Marriage and Holy Orders (Ordination)
  • To facilitate general pastoral and spiritual care
  • To provide information you request from the Diocese
  • To process various application forms
  • For the purposes of processing requests for Tax Rebates on Donations received
  • For the purposes of communicating with you about diocesan events
  • To respond to complaints and enquiries
  • To administer, support, improve and develop the administration of the work and operations of the Diocese and to keep accounts and records of the Diocese up to date
  • For auditing and statistical purposes
  • As authorised or required by any law applicable to us or arising from your interaction with us
  • To process job applications

In addition:

  • Technical details in connection with visits to this website may be logged on the Diocesan server
  • CCTV recordings for security purposes and to help create a safer environment for our staff, members of the faithful, clergy, volunteers, and visitors

The Diocese does not use automatic decision-making software and does not engage in profiling.

8. Practical examples of how we process your Personal Data

We will only process your Personal Data in line with our ministry and the services we provide. This information may include your name, address, email address, phone number, etc. as provided by you for the provision of a service, e.g.:

  • Making contact or application in relation to liturgies (including reception of Sacraments), retreats and/or pilgrimages
  • Signing up for a newsletter or event
  • Signing up for volunteer or fundraising activities
  • Contacting us with a query in relation to information posted on our website.

Any data processed on our behalf by contracted third party service providers, e.g. for the purpose of enhancing the services we provide to you, will be bound by the same privacy standards. We will not disclose Personal Data to any other third parties unless we have consent to do so.

We will disclose Personal Data if it is believed in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

You can choose to opt out of receiving information from us at any time by contacting the Diocesan Secretary at the contact details given here.

9. Transfer of your personal data outside the European Economic Area (“EEA”)

We do not usually transfer your data outside the EEA. However, there may be some limited circumstances where this is necessary (e.g. where you are marrying in a country outside the EEA). Some of these countries do not have laws which provide the same level of protection to your personal data as laws within the EEA. We will either obtain your consent before transferring your personal data to such a country or otherwise transfer such data in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act (as amended).

10. Cookies

“Cookies” are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. The website of the Diocese uses cookies to improve navigation and to enable traffic monitoring. Non-registered visitors of the site may be sent anonymous cookies to keep track of their browsing patterns and build up a demographic profile.

Whilst you do not need to allow your browser to accept cookies in order to browse much of our web site or to access many of our services, you must have cookies enabled if you wish to access any areas reserved for registered users. Most browsers allow you to turn off the cookie function. If you want to know how to do this, please look at the help menu on your browser. As described above this will restrict the services you can use on our website.

11. With whom does the Diocese share your information?

The information you give us is used by the Diocese only in accordance with the purpose for which you provided the information. This information will only be retained for as long as required for the purpose for which it was gathered.

The Diocese may share your information with government bodies for tax relief purposes or law enforcement agencies for the prevention and detection of crime.

Information will only be made available to third parties who assist the Diocese with our work. The Diocese may share information with service providers but only when an appropriate Service Provider Agreement/contract is in place outlining exactly what they are permitted to do. Any data processed in the course of such services is processed in compliance with the GDPR and national data protection law.

Where permitted by law, the Diocese reserves the right to release personal data without your consent and/or without consulting you, including when we believe that this is appropriate to comply with our legal obligations.

12. Where does the Diocese store your information?

The Diocese may store your information in hard copy or in electronic format, in storage facilities owned or operated by the Diocese, or that are owned and operated by its service providers.

13. How long does the Diocese retain your information?

The Diocese retains your personal information for as long as necessary with regard to the purposes for which it was collected or lawfully further processed, or for as long as may be necessary in light of our legal obligations. All information held is in accordance with the diocesan retention policy to ensure its compliance with GDPR.

In relation to the Baptism or other Sacramental Registers held in the Parishes of the Diocese, personal data and special-category data are retained in perpetuity, in order to achieve the purpose of correctly administering certain sacraments that may only be undertaken once in a person’s lifetime.

14. Data protection principles

We promise to follow the following data protection principles:

  • Processing is lawful, fair, transparent. Our processing activities have lawful grounds. We always consider your rights as a Data Subject before processing personal data. We will provide you information regarding processing upon request.
  • Processing is limited to the purpose for which data was gathered.
  • Processing is carried out using the minimum amount of personal data required for any purpose.
  • We will not store your personal data for longer than needed.
  • We will do our best to ensure the accuracy of data.
  • We will do our best to ensure the integrity and confidentiality of data.
  • We will use all reasonable means to avoid Breaches of Data. Where a Data Breach occurs, we will notify the relevant authority and follow their instructed next steps.

15. How does the Diocese keep your information safe and accurate?

The Diocese is committed to ensuring your information is secure. In order to prevent unauthorised access or disclosure the Diocese has put in place suitable physical, electronic and managerial procedures to safeguard and secure your information. The Diocese uses technical and organisational security measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. These security measures are continuously adapted in line with technological developments.

The Diocese seeks to ensure that we keep your personal data accurate and up to date. However, you are responsible for informing the Diocese, or its relevant offices, of any changes to your personal data and other information.

Baptism Registers are annotated upon administration of the Sacraments of Confirmation, Marriage or Holy Orders to an individual. Where an individual receives any of these sacraments, a note will be made in the Baptism Register entry for that individual. Annotations are necessary as it ensures the sacraments of Confirmation, Marriage or Ordination may only be undertaken once during a person’s lifetime.

No personally identifiable information is collected on this website from visitors, staff, clergy and volunteers that browse the website for information on our activities. The Diocese reviews these measures regularly.

Unfortunately the transmission of information via the internet is not completely secure. Although the Diocese does its best to protect your personal data, any transmission via our website is ultimately at your own risk. Once we have received your information we will use strict procedures and security features to try and prevent unauthorised access to, or unlawful processing or disclosure of, such data.

In terms of the internet, this Privacy Statement and Policy relates to the website/domain of the diocese and/or the parish only. In the event that you use links on our websites to visit other web-sites over which the Diocese has no control, and you provide information to such third-part websites, any such data is not covered by this Privacy Statement and Policy.

In addition, the Diocese may operate social media accounts on other websites (e.g. Facebook, Twitter, etc.). You will need to consult the privacy polices of those websites for information on how your personal data is used by such social media providers.

On written request the Diocese will inform you about the data stored about you. Requests for access, rectification, erasure or blocking of personal data will be processed on the basis of applicable legal provisions. Please contact the Data Protection Officer, St Mary’s, Temple Street, Sligo, F91KTX2 or dpo@elphindiocese.ie.

16. What are your rights?

You have many rights under Irish Data Protection legislation with regard to the processing of your data.

Right of Access – You have the right to access information the Diocese holds on you. No fee will apply for your first request for access to personal data. We may charge a reasonable fee for two or more personal data requests. Any access requests will need to be requested in writing or by email. Evidence of identification will be required as this makes sure that the personal information is not given to the wrong person. Information will be sent within 1 month of receipt of the written request.

Right of Correction – you have the right to have any inaccurate or incomplete data rectified by the Diocese.

Right of Erasure – In certain circumstances you can request the erasure of the data the Diocese holds on you i.e. the right to be forgotten.

Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data.

Right of Portability – Subject to certain circumstances, you have the right to have any data the Diocese holds on you transferred to another organisation where it is held in electronic form.

Right to Object – You have the right to object to certain types of data processing.

The Right to Lodge a Complaint with the Data Protection Commission.

17. Review

This Privacy Statement explains the privacy policy of the Diocese, approved by the Bishop. The Diocese reserves the right to review and amend this Statement at any time without notice and you should check this page regularly to view the most up to date Privacy Statement.

18. Further information & contact details

Further information on your data privacy rights is available on the website of the Data Protection Commissioner, www.dataprotection.ie.

If you have any questions relating to the processing of personal data please email dpo@elphindiocese.ie or contact the Data Protection Officer, St. Mary’s, Temple Street, Sligo, F91KTX2.

19. How to contact the appropriate Data Protection authority

Should you wish to report a complaint, or you feel that we have not addressed your concern in a satisfactory manner, you may contact:

Office of the Data Protection Commissioner
21 Fitzwilliam Square South
Dublin 2
Ireland
D02 RD28

Telephone: 01-7650100 (calls from within Ireland) or +353-1-7650100 (calls from outside Ireland)


Bishop Michael Duignan
October 2023