Individual Suppliers, Payees & Grantees
Privacy Statement for Individual Suppliers, Payees & Grantees
The new EU General Data Protection Regulation (GDPR) came into force on the 25th May 2018, replacing the existing data protection framework. The GDPR is concerned with the rights of EU citizens to protect their personal data and emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.
In the discharge of our functions, the Department of Culture, Heritage and the Gaeltacht collects personal data for suppliers, payees and grantees. This data is necessary for the performance of our contracts with you, as a supplier or a grant/payment recipient.
This notice sets out details of the information that we collect, how we process it, and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.
Who controls the use of your personal data?
The Department controls and is responsible for the personal data we collect. Individual business units within the Department process your data for the purposes of managing our grants, payments and suppliers.
The Department is fully committed to keeping all personal data submitted by its customers fully safe and secure during administrative processes. All necessary technical measures have been put in place to ensure the safety and security of the systems that hold this data.
What personal data do we collect?
The personal data that we collect will be provided by you through our application forms, claim forms, supplier set-up forms etc., and through your interactions with us. In order to provide our services to you, we need to process certain personal data in relation to you, including:
- Biographical data – name, address, phone number, email address etc.
- Payment data – IBAN and BIC numbers, name and address of your bank/building society, Tax Reference number, PPS number etc.
Why do we process your personal data?
We require certain information from you in order to be able to enter into a contract with you and to provide you with our services, e.g. grant or compensation payments. Where applicable, we will indicate on relevant forms what personal data is required in order to enter into a contract with you. If you do not provide the information, we will not be able to provide you with our services.
Who do we share your data with?
- In-house: Personal data is shared in-house in the Department between the business unit you provided your details to and the Finance Unit for the purposes of arranging your payments.
- Third Parties: We share your personal data with the Financial Shared Service unit of the Department of Justice as this organisation is part of the Justice Group Finance Shared Service, who provide us with a financial transaction service, i.e. they make payments to suppliers, payees and grantees on the Department’s behalf. We also share personal data with the National Shared Service Office for external Travel & Subsistence purposes.
Retention of personal data
As we only collect personal data for defined business purposes, we assess how long we need to keep personal data for in order to meet our reasonable business purposes, e.g. for the duration of a grant which may be paid in multiple stages; the duration of a contract or compensation scheme; to facilitate auditing by the Comptroller and Auditor General.
When you, as a customer, provide personal data to the Department, you have certain rights available to you in relation to that data. However, it should be noted that not all rights listed shall be applicable in every circumstance. These rights are outlined below and can be exercised by contacting the Data Protection Officer, indicating which right(s) you wish to exercise:
- Access to your personal data – click herefor information on the right to access, including how to submit a Subject Access Request;
- Rectification of your personal data;
- Data portability;
- Restriction of the processing of your personal data;
- Objection to the processing of your personal data;
- Withdrawing consent if previously given to the processing of your personal data;
- Erasure of your personal data;
- Right to lodge a complaint with the Supervisory Authority (Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23 – ie);
In order to exercise any of the above rights, please contact our Data Protection Officer.
The Department has a Data Protection Website with further information, which you can find here.
Questions and Complaints
If you have any queries or complaints in connection with our processing of your personal data, you can contact us as follows:
- Post: Data Protection Officer, Department of Culture, Heritage & the Gaeltacht, 23 Kildare Street, Dublin 2, D02 TD30.
- Email: firstname.lastname@example.org